Got Nice catch by Google

Missing State Parameter
  1. Open Redirection
  2. Oauth CSRF
  1. Always try to make higher impact and chain multiple bug
  2. Always read carefully about scope Always always always..(Otherwise no bounty)
  3. Never Give up

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store