iOS auth flaw ala evanconnelly and mrtuxracer
1. Install malicious app and register victim's scheme
2. User approves the evil app to login with attacker.com (ofc, why not)
3. Web view opens, attacker forces redirect to vuln auth flow for victim app w/ prompt=none
4. Auth code sent to attackers app instead bc it initiated auth flow
