Update OAuth2 URL to X #102

osiastedian · 2025-07-23T02:52:51Z

This should solve security issue when logging in with their X account.

Issue:
Even when user is logged out from Twitter when Oauth 2 Authorization URL is used the session still retains and work. In effect, it bypasses the security of being logged out.

Problem

Say user logged into X and then "Sign in with X" on a Third Party App.
And then they Log out their X account on x.com
On the Third Party App, they try to Sign in with X using the OAuth2 Authorization Code Flow.

Result:

Everything still works as if their session wasn't logged on step number 2.
Third Party app will still be able to get access token

Solution

Change the authorization url to x.com so that when user logged out.
The session in their browser is also revoked/invalidated.

Result

Whenever user logged out and then they try to Sign in with X on a Third Party app.
They will have to sign in to X again.

This should solve security issue when logging in with their X account. Issue: Even when user is logged out from Twitter when Oauth 2 Authorization URL is used the session still retains and work. In effect, it bypasses the security of being logged out. Signed-off-by: Ted Ian Osias <osiastedian@gmail.com>

CLAassistant · 2025-07-23T02:52:57Z

All committers have signed the CLA.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update OAuth2 URL to X #102

Update OAuth2 URL to X #102

Uh oh!

osiastedian commented Jul 23, 2025

Uh oh!

CLAassistant commented Jul 23, 2025 •

edited

Loading

Uh oh!

Uh oh!

Update OAuth2 URL to X #102

Are you sure you want to change the base?

Update OAuth2 URL to X #102

Uh oh!

Conversation

osiastedian commented Jul 23, 2025

Problem

Solution

Result

Uh oh!

CLAassistant commented Jul 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

CLAassistant commented Jul 23, 2025 •

edited

Loading