=== OAuth token compromise

The OAuth 2.0 authorization code grant flow is a secure method of authorizing
a web application to access a third-party service. After the user authenticates
with the third-party service and grants access, the web application is sent a
single-use code. The application must then pass this code and a `client_secret`
value to the service in order to obtain a usable authentication token.

If the `client_secret` value is disclosed, anyone who can intercept the
single-use code can then exchange it for a valid authentication token.