CtrlK
BlogDocsLog inGet started
Tessl Logo

auth-testing

Test OAuth2 token refresh and session expiry locally. Use when working on auth, tokens, SSO, OIDC, or session management features.

85

1.11x
Quality

77%

Does it follow best practices?

Impact

100%

1.11x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./.claude/skills/auth-testing/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

23%

Session Expiry Configuration

Session expiry config and test plan

Criteria
Without context
With context

Correct UI server config path

100%

100%

maxSessionDuration set to 2m

100%

100%

Auth enabled in UI config

100%

100%

Correct OIDC config path

100%

100%

OIDC Session TTL matches maxSessionDuration

100%

100%

Test plan references dev command

0%

100%

Test plan references correct login URL

0%

100%

Session expiry observable signal

100%

100%

session_start cookie mentioned

0%

100%

Distinction from token refresh

100%

100%

No maxSessionDuration=0

100%

100%

RefreshToken TTL longer than Session TTL

100%

100%

100%

6%

Compliance Auth Configuration Guide

Compliance re-auth configuration guide

Criteria
Without context
With context

Correct config file path

100%

100%

maxSessionDuration 8h value

100%

100%

Duration string format used

100%

100%

OIDC config file referenced

100%

100%

session_start cookie mechanism

100%

100%

401 on session expiry

100%

100%

SSO redirect on expiry

100%

100%

Token TTL distinction

100%

100%

Default Access Token TTL

100%

100%

Default Refresh Token TTL

100%

100%

Default Max Session Duration

25%

100%

Disable option mentioned

100%

100%

100%

Token Refresh Debug Runbook

Token refresh debug runbook

Criteria
Without context
With context

Correct start command

100%

100%

All four server ports listed

100%

100%

maxSessionDuration disabled

100%

100%

OIDC Session TTL long-lived

100%

100%

Correct OIDC config file path

100%

100%

/auth/refresh network observation

100%

100%

curl refresh endpoint

100%

100%

OIDC discovery curl

100%

100%

refresh cookie identified as HttpOnly

100%

100%

session_start cookie identified

100%

100%

user0/user1 cookies identified

100%

100%

Go server log patterns

100%

100%

Repository
temporalio/ui
Commit

01161e2

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Session Expiry ConfigurationCompliance Auth Configuration GuideToken Refresh Debug Runbook

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill