How does it help with security compliance?

The skill includes a built-in security checklist that covers token rotation, secure storage, strict redirect URI validation, and state parameter usage to protect against CSRF attacks.

Can I use this for custom identity providers?

Absolutely. While it includes guidance for major providers like Google and GitHub, the patterns are based on the universal OAuth 2.0 and OIDC specifications, making it compatible with any compliant identity provider.

What is the OAuth Claude Code Skill?

It is a specialized capability for Claude Code that provides standardized patterns, best practices, and code snippets for implementing OAuth 2.0 and OpenID Connect authentication flows.

Does this skill support PKCE?

Yes, it specifically provides patterns for Proof Key for Code Exchange (PKCE), which is the industry-recommended standard for securing public clients like SPAs and mobile apps.

OAuth Implementation

Name: OAuth Implementation
Author: jpoutrin

byjpoutrin

•

セキュリティとテスト

Implements secure OAuth 2.0 and OpenID Connect authentication flows using standardized industry patterns and security best practices.

The OAuth skill equips developers with the specialized knowledge required to integrate robust authentication and authorization systems into any application. It provides structured guidance for the Authorization Code Flow, specifically incorporating the PKCE extension to secure single-page applications and mobile clients. Beyond basic flows, the skill offers patterns for complex token management, OpenID Connect identity claims, and a comprehensive security checklist to prevent common vulnerabilities like CSRF or token leakage. This is an essential tool for developers looking to implement secure identity integrations with providers like Google and GitHub or building custom identity solutions.

主な機能

01Authorization Code Flow with PKCE for web and mobile security

02Security-first best practices for URI validation and storage

03OpenID Connect (OIDC) identity claim implementation

04Standardized token management and refresh logic patterns

052 GitHub stars

06Comprehensive implementation checklists for identity providers

ユースケース

01Integrating third-party social login with providers like Google or GitHub

02Securing Single Page Applications (SPAs) using the PKCE extension

03Implementing custom identity provider logic for multi-agent architectures

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoutrin/product-forge oauth

For use in Claude.ai and ChatGPT

Download Skill