Hi, I found that an attacker is able to steal access_tokens of facebook users via Phabricator App (184510521580034). when users login to phabricator, they can choose to login via Facebook (https://secure.phabricator.com/login/) attaching pic, In this case an attacker is able to exploit this behavior to steal facebook access_tokens via phabricator app. Full Reproduce, Exploit: 1....