Story of Abusing a Fully Secured redirect_uri in an OAuth Flow

When it comes to bug hunting, authentication is my first choice. Nowadays, major companies' authentication systems have many implementations and enormous underlying complexity. So when I start testing