posts/oauth-scope-upgrade #58

2025-08-22T05:57:27Z

giscus[bot]
bot Aug 22, 2025

posts/oauth-scope-upgrade

This write-up describes an OAuth flow vulnerability in Todoist where a malicious third-party app could trick users into granting higher privileges than displayed on the consent screen.

http://localhost:4321/posts/oauth-scope-upgrade

mpaujan21 · 2025-08-22T08:04:58Z

mpaujan21
Aug 22, 2025 — with giscus

great!

0 replies

stelcodes · 2025-08-22T17:18:24Z

stelcodes
Aug 22, 2025
Maintainer

Hey @mpaujan21 just a heads up, I've added a giscus.json file at the root of this repository to restrict the origins that can use this repo's discussions to only https://multiterm.stelclementine.com. Giscus is designed to require a unique repo per each website. Make sure to enable Giscus for one of your own repositories and update your project's giscus.json with your own URL.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

posts/oauth-scope-upgrade #58

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

posts/oauth-scope-upgrade #58

Uh oh!

giscus[bot] bot Aug 22, 2025

posts/oauth-scope-upgrade

Replies: 2 comments

Uh oh!

mpaujan21 Aug 22, 2025 — with giscus

Uh oh!

stelcodes Aug 22, 2025 Maintainer

giscus[bot]
bot Aug 22, 2025

mpaujan21
Aug 22, 2025 — with giscus

stelcodes
Aug 22, 2025
Maintainer