Use when requests involve OAuth login, social sign-in, OIDC providers, callback flows, token misuse risk, or securing third-party identity integrations. Harden OAuth and OpenID Connect sign-in flows: provider trust boundaries, redirect validation, state and nonce use, PKCE, token handling, scope minimization, account linking, and callback safety.
