هذا المحتوى غير متوفر بعد بلغتك ويتم عرضه باللغة الإنجليزية.

Fastify OAuth 2.0/2.1

Skill تحذير

Implements OAuth 2.0/2.1 authorization flows in Fastify applications — configures authorization code with PKCE, client credentials, device flow, refresh token rotation, JWT validation, and token introspection/revocation endpoints. Use when setting up authentication, authorization, login flows, access tokens, API security, or securing Fastify routes with OAuth; also applies when troubleshooting token validation errors, mismatched redirect URIs, CSRF issues, scope problems, or RFC 6749/6750/7636/8252/8628 compliance questions.

ملخص الذكاء الاصطناعي

This skill configures and integrates OAuth 2.0/2.1 authorization flows directly into Fastify applications. It provides concrete code examples for setting up authorization code with PKCE, handling callbacks, validating JWTs, and implementing refresh token rotation, emphasizing security and RFC compliance.

Documentation

warning:Configuration & parameter referenceWhile the examples show configuration parameters, there's no explicit documentation of defaults or a clear precedence order for configuration files, and environment variables are used without explicit documentation.

Maintenance

critical:Commit recencyThere are no commits on the default branch, indicating the extension is likely unmaintained and potentially poses a risk due to staleness.
warning:Dependency ManagementThe skill lists external dependencies like '@fastify/oauth2' but there are no explicit measures like dependabot or vulnerability checks mentioned for managing these dependencies.

Security

warning:Secret ManagementThe code examples show environment variables for sensitive credentials (CLIENT_ID, CLIENT_SECRET, CALLBACK_URI, AUTH_SERVER) being used, but there's no explicit instruction or mechanism shown for securely handling these secrets beyond assuming they are set in the environment.

Versioning

critical:Release ManagementThere is no version information in the manifest (tile.json) or the SKILL.md frontmatter, and no GitHub releases or CHANGELOG are present, making it impossible to track versions.

Code Execution

warning:ValidationWhile the code examples show validation for token claims and state, there is no explicit mention or use of a schema validation library for all input arguments and structured output.
warning:LoggingThe code explicitly warns against logging raw tokens, but there's no mention of a local audit log for actions or outbound calls.

Compliance

info:GDPRThe skill handles authentication and authorization, which may involve personal data (like user IDs), but the provided code does not explicitly sanitize this data before submission to the LLM, though it warns against logging raw tokens.

Practical Utility

warning:Edge casesWhile the skill addresses some edge cases like state mismatches and token expiration, it does not explicitly list or detail other failure modes such as rate limits or credential expiration with recovery paths.

التثبيت

npx skills add mcollina/skills

يشغّل Vercel skills CLI ‏(skills.sh) عبر npx — يتطلب وجود Node.js محليًا ووكيلًا واحدًا على الأقل متوافقًا مع skills (مثل Claude Code أو Cursor أو Codex). يفترض أن المستودع يتبع تنسيق agentskills.io.

25 days ago

mcollina

1.8k stars

MIT

تم التحديث في 6 days ago

عرض الكود المصدري

امتدادات مماثلة

Better Auth

TypeScript authentication framework (framework-agnostic). Features: email/password, OAuth (Google, GitHub, Discord), 2FA (TOTP, SMS), passkeys/WebAuthn, session management, RBAC, rate limiting, database adapters. Actions: implement, configure, secure authentication systems. Keywords: Better Auth, authentication, authorization, OAuth, email/password, 2FA, MFA, TOTP, passkeys, WebAuthn, session management, RBAC, rate limiting, database adapter, TypeScript auth, social login, Google auth, GitHub auth, Discord auth, email verification, password reset. Use when: implementing TypeScript auth, adding OAuth providers, setting up 2FA/MFA, managing sessions, configuring RBAC, building secure auth systems.

Skill

samhvw8

Clerk Expo Patterns

Expo / React Native patterns with Clerk — SecureStore token cache, OAuth deep linking, useAuth in native, Expo Router protected routes, push notifications with user context. Triggers on: expo clerk, clerk react native, SecureStore token cache, expo router auth, OAuth deep link clerk, mobile auth clerk.

Skill

clerk

OKX CEX Authentication

Use this skill when the user wants to 'login/log in/sign in', 'authenticate', 'authorize', 'connect OKX account', 'set up credentials', 'first time setup', 'configure okx', '登录', '授权', '认证', '连接账户', '首次配置'. Also when any OKX CLI command fails with an auth error: 'Run okx auth login first', 'Session expired', 'not authenticated', 'requires_auth', '401 Unauthorized', 'token expired/not found', 'StorageNotFoundError', '会话过期', '未认证', '需要登录'. Also when the user asks about login status or the login was interrupted. Also when the user wants to install/update/check/remove the okx-auth binary — 'install/update/remove auth', 'download okx-auth', '安装/更新/卸载认证', 'auth binary status', 'Failed to spawn okx-auth'. Also use before using okx-cex-trade/portfolio/earn/bot for the first time. Do NOT use for market data queries (use okx-cex-market).

Skill

okx

Agentic Wallet Authentication

Sign in to the wallet. Use when you or the user want to log in, sign in, connect, or set up the wallet, or when any wallet operation fails with authentication or "not signed in" errors. This skill is a prerequisite before sending, trading, or funding.

Skill

coinbase

Vercel CLI Auth

Used by Vercel's CLIs to handle authentication

Skill

vercel

Shannon Skill

Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'.

Skill

unicodeveloper