Logitech: Steal any users `access_token` via open redirect in https://streamlabs.com/global/identity?popup=1&r=

Heyy there, After reading the disclosed report 1178239, I started to look for bypasses but I found that it's restricted to only streamlabs.com and merch.streamlabs.com , providing any other domain or subdomain of streamlabs.com gives an error instead of the 302 redirect. From wayback machine...