Get Google OAuth2 Access Token on Network via Criminal IP

image

1 Like

explain pls

Me too, besides the limit on minimum post length is very uncomfortable! :hot_face:

X-auto-Login is one of HTTP header params. If you login google on Chrome, Chrome get OAuth token from google.

Chrome will redirect to Google’s open id consent page. If you are loggedin at Google already the login to the new site is quite smooth.

These OAuth token exposure risks being hijacked account by CSRF attacks.