OAuth Flow Implementer Skill
Overview
This skill implements OAuth 2.0 and OpenID Connect authentication flows for SDKs, supporting various grant types and security best practices.
Capabilities
- •Implement authorization code flow with PKCE
- •Configure client credentials flow for server-to-server
- •Handle automatic token refresh transparently
- •Support device authorization flow for CLI/IoT
- •Implement implicit flow (legacy support)
- •Configure token storage securely
- •Handle token revocation and logout
- •Support multiple OAuth providers
Target Processes
- •Authentication and Authorization Patterns
- •Platform API Gateway Design
- •SDK Architecture Design
Integration Points
- •OAuth 2.0 providers (Auth0, Okta, etc.)
- •OpenID Connect providers
- •Custom authorization servers
- •Token storage mechanisms
- •Secure credential storage
Input Requirements
- •OAuth provider configuration
- •Required grant types
- •Scope definitions
- •Token storage requirements
- •Refresh token strategy
Output Artifacts
- •OAuth client implementation
- •Token management module
- •PKCE implementation
- •Secure storage integration
- •Authentication middleware
- •Example authentication flows
Usage Example
yaml
skill:
name: oauth-flow-implementer
context:
provider: custom
grantTypes:
- authorization_code_pkce
- client_credentials
- device_code
tokenStorage: secure-keychain
autoRefresh: true
scopes:
- read
- write
- admin
Best Practices
- •Always use PKCE for public clients
- •Store tokens securely (keychain, encrypted storage)
- •Implement automatic token refresh
- •Handle token expiration gracefully
- •Support token revocation
- •Log authentication events (not tokens)