OAuth 2.0 Mix-Up Attack is when a malicious Authorization Servers may confuse the OAuth Client into thinking that the malicious Authorization Servers is, in fact, the real Authorization Servers. This can lead to sensitive information like OAuth Client secrets, codes, and tokens getting leaked to the malicious Authorization Server.
OAuth 2.0 Mix-Up Attack is a concern when your deployment has one OAuth Client interacting with multiple Identity Provider (IDP) or Authorization Servers