Those are what I called out as OAuth phishing. It's become relatively well known in the security world since Russia started using it around 2015.