Major AI Clients Shipping With Broken OAuth Implementations

The majority of widely used AI clients like: Claude Code Claude Desktop Cursor LibreChat Amazon Q CLI do not implement the critical refresh-token flow of the OAuth standard forcing developers to issue long lived tokens creating a serious security regression in an already solved problem. This write up provides a quick overview of the current state of implementation and provides a reference page for tracking the statuses of 14 major clients. submitted by /u/mhat [link] [comments]Technical Information Security Content & DiscussionRead More