SKILL: OAuth and OIDC Misconfiguration — Redirects, PKCE, Scopes, and Token Binding AI LOAD INSTRUCTION : Use this skill when the target uses OAuth 2.0 or OpenID Connect and you need a focused misconfiguration checklist: redirect URI validation, state and nonce handling, PKCE enforcement, token audience, and account binding mistakes. 1. WHEN TO LOAD THIS SKILL Load when: - The app supports , GitHub, Microsoft, Okta, or other IdPs - You see , , , , , , or - Mobile or SPA clients rely on OAuth or OIDC flows For token cryptography and JWT header abuse, also load: - jwt oauth token attacks 2. HIG…