Below is a short story about leaked OAuth client id and client secret which I found in the page source that led to generating foreign tokens. Recon: I usually before using any tool or starting the recon process I take a look at the main domain, when I opened the page…