OAuth flows and attacks TL;DR: Redirect_uri abuse, state-less requests, leaky code exchange, implicit-flow token leakage. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://portswigger.net/web-security/oauth