setup-auth
This skill should be used when the user asks to "set up authentication", "add login", "add logout", "configure Entra ID", "set up Azure AD auth", "add Microsoft login", "enable authentication", "set up sign in", "add role-based access", "add authorization", "protect routes", "add auth to my site", "configure identity provider", or wants to set up authentication (login/logout via Microsoft Entra ID) and role-based authorization for their Power Pages code site.
78
76%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/power-pages/skills/setup-auth/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description excels at providing explicit trigger terms and clearly stating when to use the skill, but it reads more like a trigger-term list than a capability description. It lacks specificity about what concrete actions the skill performs beyond the high-level 'set up authentication and role-based authorization'. The generic auth trigger terms could cause conflicts with other authentication skills for different platforms.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Configures Microsoft Entra ID app registration, sets up OAuth redirect URIs, implements login/logout flows, assigns web roles, and protects site pages with role-based access control.'
Narrow the generic trigger terms by qualifying them with the platform context, e.g., instead of just 'protect routes', use 'protect Power Pages routes' to reduce conflict risk with other auth skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (authentication via Microsoft Entra ID, role-based authorization, Power Pages) but doesn't list concrete actions beyond 'set up authentication' and 'add role-based access'. It lacks specifics like 'configure redirect URIs', 'create auth middleware', 'set up token validation', etc. | 2 / 3 |
Completeness | The description explicitly answers both 'what' (set up authentication via Microsoft Entra ID and role-based authorization for Power Pages code sites) and 'when' (with an extensive list of trigger phrases prefaced by 'This skill should be used when...'). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'add login', 'add logout', 'configure Entra ID', 'set up Azure AD auth', 'add Microsoft login', 'enable authentication', 'protect routes', 'add auth to my site', 'configure identity provider'. These are highly natural phrases covering many variations. | 3 / 3 |
Distinctiveness Conflict Risk | While it specifies Microsoft Entra ID and Power Pages which narrows the niche, many of the trigger terms like 'add login', 'enable authentication', 'protect routes' are very generic and could easily conflict with other authentication-related skills for different platforms or frameworks. | 2 / 3 |
Total | 10 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, comprehensive skill for a complex multi-phase authentication setup workflow. Its greatest strengths are workflow clarity (explicit phases, validation checkpoints, decision points with user prompts) and progressive disclosure (appropriate use of external references). Its main weaknesses are moderate verbosity with repeated output summaries and insufficient inline executable code—key implementation details are described abstractly or deferred to references rather than shown as copy-paste-ready code.
Suggestions
Reduce repetition by removing the 'Output' sections at the end of each phase—the actions already make clear what gets created, and the Phase 8 summary table covers the full inventory.
Add more executable code in Phase 3.2 (auth service) rather than just describing what each function should do—show at least the login() form POST implementation since it's the most critical and non-obvious piece.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is quite lengthy (~400 lines) with some repetition (e.g., output summaries at the end of each phase restate what was just described, the summary table in Phase 8 repeats file paths already mentioned). However, much of the content is genuinely necessary for a complex multi-phase workflow. Some sections like the framework-specific examples could be moved to references rather than inlined. | 2 / 3 |
Actionability | The skill provides clear step-by-step instructions and some concrete code snippets (TypeScript patterns, YAML examples, shell commands), but many critical implementation details are deferred to external references (authentication-reference.md, authorization-reference.md, framework-conventions.md). The auth service description in Phase 3.2 lists functions to create but doesn't provide executable implementation code—it describes what functions should do rather than showing the actual code. | 2 / 3 |
Workflow Clarity | Excellent workflow structure with 8 clearly sequenced phases, explicit validation checkpoints (Phase 7 with file verification, build verification, and UI rendering verification), decision points clearly documented with AskUserQuestion tables, and error recovery paths (e.g., deploy first if not deployed, create web roles if missing, fix build errors before proceeding). The Key Decision Points summary is a nice touch. | 3 / 3 |
Progressive Disclosure | The skill appropriately references external files for detailed content (framework-conventions.md, authentication-reference.md, authorization-reference.md, skill-tracking-reference.md) while keeping the main workflow and decision logic in the SKILL.md. References are one level deep and clearly signaled with full paths. The main file serves as a clear orchestration document. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
72%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 8 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (583 lines); consider splitting into references/ and linking | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 8 / 11 Passed | |
- Repository
- microsoft/power-platform-skills
- Commit
1132a35
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.