What is the WebSpec three-layer authorization model?

It consists of Platform Authorization (gimme.tools account), Session Authorization (specific service connections), and Invocation Authorization (short-lived tokens for specific actions).

How does keychain integration work in WebSpec?

It uses zero-friction discovery to query device keychains for existing credentials, allowing users to connect services using biometric authentication instead of manual password entry.

Can I use this for self-hosted WebSpec deployments?

Yes. While the skill defaults to the gimme.tools domain, the patterns and logic are fully compatible with self-hosted or enterprise WebSpec deployments by substituting the domain.

Does this skill support PKCE?

Yes, it provides implementation patterns for OAuth 2.0 with Proof Key for Code Exchange (PKCE) to ensure secure service connections without implicit flows.

WebSpec Authentication & Authorization

Name: WebSpec Authentication & Authorization
Author: I-m-A-g-I-n-E

byI-m-A-g-I-n-E

0•

Seguridad y Pruebas

Manages secure OAuth 2.0 flows, JWT token structures, and biometric device binding for the WebSpec ecosystem.

This skill provides specialized guidance for implementing and managing the WebSpec three-layer authorization model, covering platform, session, and invocation layers. It assists developers in configuring OAuth 2.0 with PKCE, validating complex JWT claims, and integrating zero-friction keychain discovery for passwordless service connections. By automating the technical details of device binding and progressive onboarding flows, it ensures secure and seamless user authentication across the gimme.tools platform and its various service integrations like Slack and GitHub.

Características Principales

01JWT token structure and claim validation

02Three-layer authorization model management

03Biometric device binding and verification

040 GitHub stars

05OAuth 2.0 + PKCE implementation patterns

06Zero-friction keychain discovery integration

Casos de Uso

01Configuring secure service connections for platforms like Slack or Notion

02Implementing progressive onboarding flows with device-specific security

03Validating and refreshing short-lived invocation tokens for API security

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add i-m-a-g-i-n-e/webspec authentication-authorization

For use in Claude.ai and ChatGPT

Download Skill