Skill

oauth

Provides OAuth 2.0 and OpenID Connect implementation patterns including authorization code flow, PKCE, token management, security best practices, and checklists for auth with Google, GitHub providers.

Oauth

Python

authentication

security

Popularity

Parent stars

Parent forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/security-compliance:oauth

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

This skill provides guidance for OAuth 2.0 and OpenID Connect implementations.

SKILL.md

83 lines · ~550 tokens

Stats

LanguagePython

Parent stars11

Parent forks1

MaintenanceGood

Last CommitFeb 4, 2026

Actions

View Source View Plugin View on GitHub View README

OAuth Skill

This skill provides guidance for OAuth 2.0 and OpenID Connect implementations.

OAuth 2.0 Flows

Authorization Code Flow (Recommended for web apps)

1. User → App: Click "Login with Google"
2. App → Auth Server: Redirect with client_id, redirect_uri, scope
3. User → Auth Server: Authenticate and consent
4. Auth Server → App: Redirect with authorization code
5. App → Auth Server: Exchange code for tokens
6. Auth Server → App: Access token + refresh token

PKCE Extension (Required for SPAs/mobile)

# Generate code verifier and challenge
code_verifier = secrets.token_urlsafe(32)
code_challenge = base64url(sha256(code_verifier))

# Include in authorization request
params = {
    "code_challenge": code_challenge,
    "code_challenge_method": "S256",
}

Token Management

@dataclass
class TokenSet:
    access_token: str
    refresh_token: str
    expires_at: datetime
    token_type: str = "Bearer"

async def refresh_tokens(refresh_token: str) -> TokenSet:
    # Exchange refresh token for new access token
    pass

Security Best Practices

Always use HTTPS
Use PKCE for public clients
Validate redirect URIs strictly
Store tokens securely (HttpOnly cookies or secure storage)
Implement token rotation
Set appropriate scopes (principle of least privilege)

OpenID Connect

Extends OAuth 2.0 with identity:

# ID token contains user identity claims
claims = {
    "sub": "user123",        # Subject (unique user ID)
    "email": "[email protected]",
    "name": "John Doe",
    "iat": 1234567890,       # Issued at
    "exp": 1234567890,       # Expiration
}

Implementation Checklist

Use authorization code flow with PKCE
Validate state parameter against CSRF
Verify ID token signature
Check token expiration
Implement secure token storage
Handle token refresh gracefully

oauth

Popularity

Invocation

Context Preview

SKILL.md

oauth

Popularity

Invocation

Context Preview

SKILL.md

OAuth Skill

OAuth 2.0 Flows

Authorization Code Flow (Recommended for web apps)

PKCE Extension (Required for SPAs/mobile)

Token Management

Security Best Practices

OpenID Connect

Implementation Checklist

Similar Skills

OAuth Skill

OAuth 2.0 Flows

Authorization Code Flow (Recommended for web apps)

PKCE Extension (Required for SPAs/mobile)

Token Management

Security Best Practices

OpenID Connect

Implementation Checklist

Similar Skills