oauth
OAuth 2.0 and OpenID Connect implementation patterns. Use when implementing authentication, authorization flows, or integrating with OAuth providers like Google, GitHub, or custom identity providers.
Best use case
oauth is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
OAuth 2.0 and OpenID Connect implementation patterns. Use when implementing authentication, authorization flows, or integrating with OAuth providers like Google, GitHub, or custom identity providers.
Teams using oauth should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/oauth/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How oauth Compares
| Feature / Agent | oauth | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
OAuth 2.0 and OpenID Connect implementation patterns. Use when implementing authentication, authorization flows, or integrating with OAuth providers like Google, GitHub, or custom identity providers.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# OAuth Skill
This skill provides guidance for OAuth 2.0 and OpenID Connect implementations.
## OAuth 2.0 Flows
### Authorization Code Flow (Recommended for web apps)
```
1. User → App: Click "Login with Google"
2. App → Auth Server: Redirect with client_id, redirect_uri, scope
3. User → Auth Server: Authenticate and consent
4. Auth Server → App: Redirect with authorization code
5. App → Auth Server: Exchange code for tokens
6. Auth Server → App: Access token + refresh token
```
### PKCE Extension (Required for SPAs/mobile)
```python
# Generate code verifier and challenge
code_verifier = secrets.token_urlsafe(32)
code_challenge = base64url(sha256(code_verifier))
# Include in authorization request
params = {
"code_challenge": code_challenge,
"code_challenge_method": "S256",
}
```
## Token Management
```python
@dataclass
class TokenSet:
access_token: str
refresh_token: str
expires_at: datetime
token_type: str = "Bearer"
async def refresh_tokens(refresh_token: str) -> TokenSet:
# Exchange refresh token for new access token
pass
```
## Security Best Practices
1. **Always use HTTPS**
2. **Use PKCE for public clients**
3. **Validate redirect URIs strictly**
4. **Store tokens securely** (HttpOnly cookies or secure storage)
5. **Implement token rotation**
6. **Set appropriate scopes** (principle of least privilege)
## OpenID Connect
Extends OAuth 2.0 with identity:
```python
# ID token contains user identity claims
claims = {
"sub": "user123", # Subject (unique user ID)
"email": "user@example.com",
"name": "John Doe",
"iat": 1234567890, # Issued at
"exp": 1234567890, # Expiration
}
```
## Implementation Checklist
- [ ] Use authorization code flow with PKCE
- [ ] Validate state parameter against CSRF
- [ ] Verify ID token signature
- [ ] Check token expiration
- [ ] Implement secure token storage
- [ ] Handle token refresh gracefullyRelated Skills
zod
Zod schema validation patterns and type inference. Auto-loads when validating schemas, parsing data, validating forms, checking types at runtime, or using z.object/z.string/z.infer in TypeScript.
typescript-import-style
Merge-friendly import formatting (one-per-line, alphabetical). Auto-loads when writing TypeScript/JavaScript imports to minimize merge conflicts in parallel development. Enforces consistent grouping and sorting.
setup-mcp-auth
Configure authentication for an existing FastMCP server
fastmcp
FastMCP TypeScript framework patterns for MCP servers. Auto-loads when building MCP servers, creating tools/resources/prompts, implementing authentication, configuring transports, or working with FastMCP in TypeScript.
add-mcp-tool
Add a new tool to an existing FastMCP server with guided configuration
add-mcp-resource
Add a new resource or resource template to an existing FastMCP server
plan-with-team
Validate plan file ownership
privacy-compliance
GDPR, CCPA, and privacy compliance guidance for data protection. Use when handling personal data, implementing consent management, or ensuring regulatory compliance across jurisdictions.
mcp-security
Use when securing MCP servers, preventing prompt injection, implementing authorization, validating user input, or building secure multi-agent pipelines. Provides 5-layer defense architecture patterns.
rag-cag-security
Security patterns for RAG and CAG systems with multi-tenant isolation. Use when building retrieval-augmented or cache-augmented generation systems that require tenant isolation, access control, and secure data handling.
chunking-strategies
Document chunking strategies for RAG systems. Use when implementing document processing pipelines to determine optimal chunking approaches based on document type and retrieval requirements.
review-django-commands
Review Django management commands for proper structure and refactor if needed