Security Identity Access

Use this companion overlay with security when the task involves auth stacks, session systems, identity flows, invitation models, or multi-tenant organization boundaries.

Focus areas

• session creation, storage, refresh, invalidation, and revocation behavior
• password reset, email verification, recovery, and callback URL trust
• MFA enablement, verification, backup-code storage, and trusted-device flows
• OAuth/OIDC, SAML/SSO, account linking, passkeys/WebAuthn, device trust, and identity-provider callback handling
• invitation, membership, role, active-organization, and tenant-scoping logic
• origin checks, CSRF defenses, trusted origins, and cross-domain auth flows

Not For