back
loading skill details...
>-
SKILL: OAuth and OIDC Misconfiguration — Redirects, PKCE, Scopes, and Token Binding AI LOAD INSTRUCTION: Use this skill when the target uses OAuth 2.0 or OpenID Connect and you need a focused misconfiguration checklist: redirect URI validation, state and nonce handling, PKCE enforcement, token audience, and account binding mistakes. 1. WHEN TO LOAD THIS SKILL Load when: The app supports Login with Google, GitHub, Microsoft, Okta, or other IdPs You see authorize, callback, redirect_uri, code, state, nonce, or code_challenge Mobile or SPA clients rely on OAuth or OIDC flows For token cryptography and JWT header abuse, also load: jwt oauth token attacks 2. HIGH-VALUE MISCONFIGURATION CHECKS
don't have the plugin yet? install it then click "run inline in claude" again.