oauth-implementation
OAuth 2.0 and OpenID Connect authentication with secure flows. Use for third-party integrations, SSO systems, token-based API access, or encountering authorization code flow, PKCE, token refresh, scope management errors.
95
95%
Does it follow best practices?
Impact
93%
1.20xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Evaluation results
86%
2%React SPA: Third-Party Login Integration
PKCE OAuth for SPAs
PKCE verifier generation
83%
83%
PKCE challenge method
100%
100%
State parameter generated
50%
50%
State parameter validated
80%
70%
No implicit flow
90%
100%
No client secret in client code
100%
100%
HttpOnly cookie storage
70%
100%
PKCE params in auth URL
100%
100%
PKCE verifier in exchange
100%
75%
HTTPS redirect URI
62%
75%
98%
37%Build an OpenID Connect Provider in Python
Python OIDC Provider
Authlib used
70%
100%
AuthorizationServer class
0%
100%
OpenIDCode grant
0%
100%
RS256 signing algorithm
100%
100%
Discovery endpoint path
100%
100%
Discovery endpoint fields
100%
100%
JWKS endpoint path
100%
100%
JWKS key fields
100%
100%
Introspection response fields
75%
75%
Revocation uses SHA-256 hash
0%
100%
Redis mentioned for revocation
0%
100%
requirements.txt includes authlib
100%
100%
97%
11%Express.js App: Add OAuth Login with Secure Token Handling
Express OAuth Security
Authorization Code flow
100%
100%
State parameter generated
100%
100%
State parameter validated
100%
100%
HttpOnly cookie for tokens
100%
90%
No localStorage usage
100%
100%
Token rotation implemented
100%
100%
Short-lived access token
0%
100%
HTTPS in redirect URI
50%
75%
Grant type in exchange
100%
100%
No client secret in frontend
100%
100%
Scopes include openid
100%
100%
- Repository
- secondsky/claude-skills
- Commit
90d6bd7
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.