> For the complete documentation index, see [llms.txt](https://sec88.0x88.online/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sec88.0x88.online/web-appsec/oauth-misconfigurations.md).
# OAUTH Misconfigurations
## Resources
1. [https://datatracker.ietf.org/doc/html/rfc6749](https://datatracker.ietf.org/doc/html/rfc6749#page-12)
2.
3.
4.
5.
6. OAuth2.0 Protocol Code Flow with PKCE Explained in Arabic:
7. Modern Guide - What is OAuth 2.0 and How Does It Work:
8. OAuth 2.0 explained with examples:
9. OAuth 2.0 flows explained in GIFs:
10. Official Docs:
11. [**YouTube**](https://www.youtube.com/watch?v=_NNPKyAlaIw)**: OAuth2.0 Protocol Code Flow with PKCE Explained | oauth2.0 شرح**
**Mind map**
#### Top OAuth reports from HackerOne:
1. [Shopify Stocky App OAuth Misconfiguration](https://hackerone.com/reports/740989) to Shopify - 514 upvotes, $0
2. [Chained Bugs to Leak Victim's Uber's FB Oauth Token](https://hackerone.com/reports/202781) to Uber - 398 upvotes, $0
3. [Insufficient OAuth callback validation which leads to Periscope account takeover](https://hackerone.com/reports/110293) to X (Formerly Twitter) - 260 upvotes, $0
4. [OAuth `redirect_uri` bypass using IDN homograph attack resulting in user's access token leakage](https://hackerone.com/reports/861940) to Semrush - 224 upvotes, $0
5. [Ability to bypass email verification for OAuth grants results in accounts takeovers on 3rd parties](https://hackerone.com/reports/922456) to GitLab - 223 upvotes, $3000
6. [Unauthenticated blind SSRF in OAuth Jira authorization controller](https://hackerone.com/reports/398799) to GitLab - 222 upvotes, $4000
7. [Stealing Facebook OAuth Code Through Screenshot viewer](https://hackerone.com/reports/488269) to Rockstar Games - 193 upvotes, $0
8. [Stealing Users OAuth authorization code via redirect\_uri](https://hackerone.com/reports/1861974) to pixiv - 183 upvotes, $2000
9. [Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft.](https://hackerone.com/reports/787160) to Rockstar Games - 106 upvotes, $0
10. [User account compromised authentication bypass via oauth token impersonation](https://hackerone.com/reports/739321) to Picsart - 91 upvotes, $0
11. [Incorrect details on OAuth permissions screen allows DMs to be read without permission](https://hackerone.com/reports/434763) to X (Formerly Twitter) - 73 upvotes, $2940
12. [Facebook OAuth Code Theft through referer leakage on support.rockstargames.com](https://hackerone.com/reports/482743) to Rockstar Games - 67 upvotes, $0
13. [CSRF on Periscope Web OAuth authorization endpoint ](https://hackerone.com/reports/215381)to X (Formerly Twitter) - 66 upvotes, $0
14. [Misconfigured oauth leads to Pre account takeover ](https://hackerone.com/reports/1074047)to Bumble - 58 upvotes, $0
15. [Stealing Users OAuth Tokens through redirect\_uri parameter](https://hackerone.com/reports/665651) to GSA Bounty - 52 upvotes, $750
16. [\[auth2.zomato.com\] Reflected XSS at `oauth2/fallbacks/error` | ORY Hydra an OAuth 2.0 and OpenID Connect Provider](https://hackerone.com/reports/456333) to Zomato - 46 upvotes, $0
17. [Ability to bypass social OAuth and take over any account \[d2c-api\]](https://hackerone.com/reports/729960) to Genasys Technologies - 40 upvotes, $0
18. [Gitlab Oauth Misconfiguration Lead To Account Takeover ](https://hackerone.com/reports/541701)to Vercel - 39 upvotes, $0
19. [Mattermost Server OAuth Flow Cross-Site Scripting](https://hackerone.com/reports/1216203) to Mattermost - 38 upvotes, $900
20. [Oauth flow on the comments widget login can lead to the access code leakage](https://hackerone.com/reports/292783) to Ed - 38 upvotes, $0
21. [Stealing Users OAUTH Tokens via redirect\_uri ](https://hackerone.com/reports/405100)to BOHEMIA INTERACTIVE a.s. - 38 upvotes, $0
22. [Broken OAuth leads to change photo profile users .](https://hackerone.com/reports/642475) to Dropbox - 37 upvotes, $512
23. [Race Conditions in OAuth 2 API implementations](https://hackerone.com/reports/55140) to Internet Bug Bounty - 37 upvotes, $0
24. [Twitter iOS fails to validate server certificate and sends oauth token](https://hackerone.com/reports/168538) to X (Formerly Twitter) - 35 upvotes, $2100
25. [Smuggle SocialClub's Facebook OAuth Code via Referer Leakage](https://hackerone.com/reports/342709) to Rockstar Games - 35 upvotes, $750
26. [`account_info.read` scope OAuth app access token can change token owner's account name.](https://hackerone.com/reports/1031240) to Dropbox - 34 upvotes, $1728
27. [Open Redirect on Gitllab Oauth leading to Acount Takeover](https://hackerone.com/reports/677617) to Vercel - 34 upvotes, $0
28. [Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.](https://hackerone.com/reports/655288) to Rockstar Games - 32 upvotes, $0
29. [User session access due to Oauth whitelist host bypass and postMessage](https://hackerone.com/reports/875938) to Mail.ru - 30 upvotes, $0
30. [OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing](https://hackerone.com/reports/136582) to Vimeo - 28 upvotes, $0
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://sec88.0x88.online/web-appsec/oauth-misconfigurations.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.