OAuth Flow Implementer
advanceddevelopmentMin 32K context
Implements secure OAuth 2.0 and OpenID Connect flows including authorization code with PKCE, client credentials, and device code grants. Generates token exchange logic, refresh handling, state/nonce validation, and secure token storage. Flags common pitfalls like implicit flow usage, missing PKCE, and insecure redirect URI handling.
Use Cases
- Adding "Sign in with Google/GitHub" to a web app
- Implementing authorization code flow with PKCE for a SPA
- Building server-to-server auth with client credentials
- Handling refresh token rotation and revocation
- Auditing an existing OAuth integration for security gaps
Example Prompt
Implement an OAuth 2.0 authorization code flow with PKCE for a React SPA authenticating against an OpenID Connect provider. Include: 1. PKCE code verifier/challenge generation 2. Authorization request with state and nonce 3. Token exchange and ID token validation 4. Secure refresh token handling 5. Logout and token revocation Stack: [describe your frontend and backend]
Recommended Models
Compatible Tools
claude-codecursorkiroany
Modalities
Input: text, code
→Output: text, code
Related Skills
Author
OpenModels Community