Expert guidance on API security, web application security, authentication, and authorization. Use this skill when working with JWT tokens, OAuth 2.0/OIDC flows, Keycloak configuration, Spring Security implementation, ABAC/RBAC policies, secure API design, vulnerability assessment, security headers, CORS, CSRF protection, or any authentication/authorization architecture decisions. Triggers on questions about securing APIs, implementing auth flows, configuring identity providers, token validation, access control patterns, security best practices, penetration testing concepts, OWASP guidelines, or debugging security issues in Spring/Keycloak environments.