diff --git a/OAuth-2.0-login-when-Home-Assistant-URL-is-not-homeassistant.local:8123.md b/OAuth-2.0-login-when-Home-Assistant-URL-is-not-homeassistant.local:8123.md
index c9feabb..3eb4a86 100644
--- a/OAuth-2.0-login-when-Home-Assistant-URL-is-not-homeassistant.local:8123.md
+++ b/OAuth-2.0-login-when-Home-Assistant-URL-is-not-homeassistant.local:8123.md
@@ -40,3 +40,6 @@ Change the default URL in the browser address bar to your custom URL and press E
 According to the OAuth 2.0 standard, the redirect URL — used to return the authorization code to the client — must be pre-configured on the authorization server. If users were allowed to modify this URL via an interface, an attacker could craft a malicious client and change the redirect URL to a server under their control. When a user logs in through this forged client, the authorization code would be sent to the attacker’s server, compromising the user’s credentials.
 
 For security reasons, xiaomi_home will not implement this feature.
+
+## Reference
+- [Use a browser extension to redirect to the custom URL.](https://github.com/XiaoMi/ha_xiaomi_home/issues/8#issuecomment-2564939682)
\ No newline at end of file