How are expired Linear access tokens handled?

The skill includes logic to monitor token expiration and automatically use refresh tokens to obtain new access credentials without user intervention.

Can it help verify incoming Linear webhooks?

It features timing-safe cryptographic verification logic to ensure incoming webhook requests are authentic and originate directly from Linear.

How does this skill help with Linear API keys?

It provides standardized templates for environment-based storage and validation patterns to ensure keys are never hardcoded or exposed in source control.

Does it support full OAuth 2.0 implementation?

Yes, it includes complete implementation patterns for authorization code exchange, state validation to prevent CSRF, and secure token storage.

Linear Security Basics

Name: Linear Security Basics
Author: jeremylongshore

byjeremylongshore

•

1,206

Security & Testing

Implements secure authentication, OAuth 2.0 flows, and webhook signature verification for Linear integrations.

About

This skill provides comprehensive guidance and implementation patterns for securing Linear API integrations within the Claude Code environment. It covers essential security practices including environment-based API key management, robust OAuth 2.0 authorization flows with CSRF protection, and automated token refresh logic. Designed for developers building production-grade applications on top of Linear, it ensures that sensitive credentials remain protected while maintaining reliable connectivity through timing-safe webhook verification and secret rotation strategies.

Key Features

Automated token refresh logic with expiration buffering
Secret rotation strategies for zero-downtime key updates
Complete OAuth 2.0 flow implementation with state verification
1,206 GitHub stars
Timing-safe cryptographic webhook signature verification
Secure environment-based API key storage and validation

Use Cases

Implementing user-facing OAuth authentication for third-party Linear apps
Hardening existing Linear integrations against unauthorized access and spoofing
Setting up a secure backend for a custom Linear internal tool

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills linear-security-basics

For use in Claude.ai and ChatGPT

Download Skill

GitHub