The query "Use of constant state value in OAuth 2.0 URL" (go/constant-oauth2-state) has been promoted from experimental status. This checks for use of a constant state value in generating an OAuth2 redirect URL, which may open the way for a CSRF attack.