Skip to main content
Execute qualquer Skill no Manus
com um clique

oauth-oidc-saml-flaws

Estrelas2
Forks1
Atualizado9 de julho de 2026 às 12:42

SAST detection methodology for federated-auth flaws in OAuth 2.0, OpenID Connect, and SAML (CWE-347/352/601), including missing/replayable state (login CSRF), missing PKCE, weak redirect_uri validation, implicit-flow token leakage, SAML signature wrapping (XSW) and unsigned/comment-injection assertions, unvalidated audience/issuer/nonce on ID tokens, confused-deputy across IdPs, and client_secret exposure. Use when reviewing OAuth/OIDC/SAML login and callback code. Writes confirmed findings to findings/23-oauth-oidc-saml-flaws.md.

Instalação

Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.

SKILL.md
readonly