Leaking a Google OAuth 2.0 Access Token Through Misconfigured Error Handling

I was hacking on a mobile app that lets musicians purchase sheet music for various compositions. After having proxied traffic from my phone to Burp Suite, I didn't find anything that piqued my interes