OAuth Flow Implementer

advanceddevelopmentMin 32K context

Implements secure OAuth 2.0 and OpenID Connect flows including authorization code with PKCE, client credentials, and device code grants. Generates token exchange logic, refresh handling, state/nonce validation, and secure token storage. Flags common pitfalls like implicit flow usage, missing PKCE, and insecure redirect URI handling.

Use Cases

  • Adding "Sign in with Google/GitHub" to a web app
  • Implementing authorization code flow with PKCE for a SPA
  • Building server-to-server auth with client credentials
  • Handling refresh token rotation and revocation
  • Auditing an existing OAuth integration for security gaps

Example Prompt

Implement an OAuth 2.0 authorization code flow with PKCE for a React SPA
authenticating against an OpenID Connect provider. Include:
1. PKCE code verifier/challenge generation
2. Authorization request with state and nonce
3. Token exchange and ID token validation
4. Secure refresh token handling
5. Logout and token revocation

Stack: [describe your frontend and backend]

Recommended Models

Compatible Tools

claude-codecursorkiroany

Modalities

Input: text, code
Output: text, code

Related Skills

Author

OpenModels Community

@openmodelsrun