JR0ch17 accidentally discovered a bug in an OAuth flow where sending constant requests to the token refresh endpoint without a refresh token or authentication, could grant an access token during another user's login process!
Sign up to get updates from us
