Stats
Actions
Tags
From prodsec-skills
Enforces standard authentication (OAuth, mTLS, Kerberos) for external data source connections from AI systems. Use when integrating or reviewing authenticated access to databases, APIs, or services.
How this skill is triggered — by the user, by Claude, or both
Slash command
/prodsec-skills:authenticationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
External data sources MUST require that the principal (user or service) connecting to them is identified and authenticated. The authentication MUST use standard protocols.
External data sources MUST require that the principal (user or service) connecting to them is identified and authenticated. The authentication MUST use standard protocols.
| Protocol | Use Case |
|---|---|
| OAuth 2.1 / OIDC | Web APIs, REST services, cloud data sources |
| SPIFFE/SPIRE + mTLS | Service-to-service connections within infrastructure |
| SAML | Federated enterprise data sources |
| Kerberos | On-premise databases and services (Active Directory environments) |
| Client certificates (mTLS) | Machine-to-machine data source access |
api_keys/avoid-api-keys)npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skillsEnforces authorization checks for external data source access in AI systems, covering read/write/delete permissions and least privilege principles.
Provides Python patterns for external service authentication using API keys, OAuth, tokens. Includes verification flows, smoke tests, env checks, and error handling with leyline.
Analyzes authentication and authorization patterns (OAuth2, JWT, RBAC/ABAC, MFA), audits security posture against OWASP, and recommends improvements for token lifecycle, permission models, and multi-factor authentication.