oidc-hosted-page-go

This is a legitimate, minimal example implementing OIDC login using MojoAuth's Hosted Login Page. I did not find backdoors, remote download-execute patterns, or deliberate exfiltration. The primary security issues are implementation choices that are unsafe for production: storing raw user claims in a client-side cookie (unsigned and without Secure/SameSite), logging full user claims, and lacking a proper session management mechanism. These issues increase risk of credential/PII exposure but are fixable by using server-side sessions (or signed/encrypted cookies), ensuring Secure and SameSite attributes, avoiding logging sensitive claims, and protecting client secrets in the deployment environment. Overall the code appears benign but needs hardening before production use.