diff --git a/OAuth Misconfiguration.md b/OAuth Misconfiguration.md
index 77d11d0..00be06f 100644
--- a/OAuth Misconfiguration.md	
+++ b/OAuth Misconfiguration.md	
@@ -10,4 +10,7 @@
 9. Try to remove email from the scope and add victim's email manually.
 10. Only company's email is allowed? > Try to replace hd=company(.)com to hd=gmail(.)com
 11.  Check if its leaking client_secret parameter.
-12.  Go to the browser history and check if the token is there.
\ No newline at end of file
+12.  Go to the browser history and check if the token is there.
+
+Reference:
+- https://twitter.com/tuhin1729_/status/1417843523177484292