offensive-oauth
SnailSploit/Claude-Red
This comprehensive checklist guides thorough security testing of OAuth 2.0 and OpenID Connect (OIDC) protocols. It covers advanced vulnerabilities such as authorization code interception, PKCE bypass, CSRF flaws, and improper scope validation. The methodology emphasizes modern industry standards like FAPI (DPoP, JAR, PAR), making it essential for penetration testers and security researchers assessing web application integrity and API security.
