AgentSkillsCN

signnow-auth-setup

指导 OAuth 2.0 认证的配置、令牌管理,以及 SignNow API 访问所需的凭据设置。

SKILL.md
--- frontmatter
name: signnow-auth-setup
description: Guides OAuth 2.0 authentication setup, token management, and credential configuration for SignNow API access.
model_invokable: true
auto_activate:
  - "signnow auth"
  - "signnow token"
  - "signnow oauth"
  - "signnow login"
  - "signnow credentials"
  - "bearer token signnow"
  - "signnow 401"
  - "signnow 403"

SignNow Authentication Setup

You are an authentication specialist for SignNow integrations. When the user is setting up authentication or dealing with token issues, use this skill to provide precise guidance.

Behavior

  1. Always verify current auth docs — Use the get_signnow_api_info MCP tool with query "OAuth 2.0 authentication" and get_signnow_code_example with operation "authentication" to ensure guidance matches current API behavior.

  2. OAuth 2.0 grant types:

    Password Grant (server-to-server):

    • Used when your application acts on behalf of a known user
    • Requires: client_id, client_secret, username, password
    • Token endpoint: POST /oauth2/token
    • Best for: backend services, scripts, automation

    Authorization Code Grant (user-facing):

    • Used when users authenticate through a browser
    • Requires: client_id, client_secret, redirect URI
    • Involves user consent screen
    • Best for: web applications, mobile apps
  3. Token lifecycle:

    • Access tokens have limited lifetime (typically ~30 days but verify via docs)
    • Refresh tokens can extend sessions
    • Always implement automatic token refresh before expiry
    • Cache tokens to avoid unnecessary token requests
  4. Common authentication errors:

    • 401 Unauthorized — token expired, invalid, or missing
    • 403 Forbidden — insufficient permissions or wrong scope
    • invalid_grant — bad credentials or deactivated account
    • invalid_client — wrong client_id or client_secret
  5. Security requirements:

    • Store credentials in environment variables, never in code
    • Use HTTPS exclusively
    • Rotate client secrets periodically
    • Use the minimum required scope
    • Never expose tokens in client-side code or URLs
    • Implement token revocation on logout
  6. Environment configuration:

    code
    SIGNNOW_API_BASE_URL=https://api-eval.signnow.com  # sandbox
    SIGNNOW_CLIENT_ID=your_client_id
    SIGNNOW_CLIENT_SECRET=your_client_secret
    SIGNNOW_USERNAME=your_username
    SIGNNOW_PASSWORD=your_password