Performing OAuth Scope Minimization Review When to Use - Annual or quarterly review of third-party application OAuth permissions - After a security incident involving compromised OAuth tokens or unauthorized data access - Compliance audit requiring documentation of third-party data access (GDPR Article 28, SOC 2) - Discovery of shadow IT applications accessing organizational data via OAuth grants - Migration or consolidation of SaaS applications requiring permission cleanup - Implementing least-privilege principle for API integrations Do not use for reviewing first-party application permissio…