Fastify OAuth 2.0/2.1
Skill AvertissementImplements OAuth 2.0/2.1 authorization flows in Fastify applications — configures authorization code with PKCE, client credentials, device flow, refresh token rotation, JWT validation, and token introspection/revocation endpoints. Use when setting up authentication, authorization, login flows, access tokens, API security, or securing Fastify routes with OAuth; also applies when troubleshooting token validation errors, mismatched redirect URIs, CSRF issues, scope problems, or RFC 6749/6750/7636/8252/8628 compliance questions.
This skill configures and integrates OAuth 2.0/2.1 authorization flows directly into Fastify applications. It provides concrete code examples for setting up authorization code with PKCE, handling callbacks, validating JWTs, and implementing refresh token rotation, emphasizing security and RFC compliance.
Documentation
- warning:Configuration & parameter referenceWhile the examples show configuration parameters, there's no explicit documentation of defaults or a clear precedence order for configuration files, and environment variables are used without explicit documentation.
Maintenance
- critical:Commit recencyThere are no commits on the default branch, indicating the extension is likely unmaintained and potentially poses a risk due to staleness.
- warning:Dependency ManagementThe skill lists external dependencies like '@fastify/oauth2' but there are no explicit measures like dependabot or vulnerability checks mentioned for managing these dependencies.
Security
- warning:Secret ManagementThe code examples show environment variables for sensitive credentials (CLIENT_ID, CLIENT_SECRET, CALLBACK_URI, AUTH_SERVER) being used, but there's no explicit instruction or mechanism shown for securely handling these secrets beyond assuming they are set in the environment.
Versioning
- critical:Release ManagementThere is no version information in the manifest (tile.json) or the SKILL.md frontmatter, and no GitHub releases or CHANGELOG are present, making it impossible to track versions.
Code Execution
- warning:ValidationWhile the code examples show validation for token claims and state, there is no explicit mention or use of a schema validation library for all input arguments and structured output.
- warning:LoggingThe code explicitly warns against logging raw tokens, but there's no mention of a local audit log for actions or outbound calls.
Compliance
- info:GDPRThe skill handles authentication and authorization, which may involve personal data (like user IDs), but the provided code does not explicitly sanitize this data before submission to the LLM, though it warns against logging raw tokens.
Practical Utility
- warning:Edge casesWhile the skill addresses some edge cases like state mismatches and token expiration, it does not explicitly list or detail other failure modes such as rate limits or credential expiration with recovery paths.
Installation
npx skills add mcollina/skillsExécute le CLI skills de Vercel (skills.sh) via npx — nécessite Node.js en local et au moins un agent compatible skills installé (Claude Code, Cursor, Codex, …). Suppose que le dépôt suit le format agentskills.io.
Extensions similaires
Better Auth
95TypeScript authentication framework (framework-agnostic). Features: email/password, OAuth (Google, GitHub, Discord), 2FA (TOTP, SMS), passkeys/WebAuthn, session management, RBAC, rate limiting, database adapters. Actions: implement, configure, secure authentication systems. Keywords: Better Auth, authentication, authorization, OAuth, email/password, 2FA, MFA, TOTP, passkeys, WebAuthn, session management, RBAC, rate limiting, database adapter, TypeScript auth, social login, Google auth, GitHub auth, Discord auth, email verification, password reset. Use when: implementing TypeScript auth, adding OAuth providers, setting up 2FA/MFA, managing sessions, configuring RBAC, building secure auth systems.
Clerk Expo Patterns
98Expo / React Native patterns with Clerk — SecureStore token cache, OAuth deep linking, useAuth in native, Expo Router protected routes, push notifications with user context. Triggers on: expo clerk, clerk react native, SecureStore token cache, expo router auth, OAuth deep link clerk, mobile auth clerk.
OKX CEX Authentication
98Use this skill when the user wants to 'login/log in/sign in', 'authenticate', 'authorize', 'connect OKX account', 'set up credentials', 'first time setup', 'configure okx', '登录', '授权', '认证', '连接账户', '首次配置'. Also when any OKX CLI command fails with an auth error: 'Run okx auth login first', 'Session expired', 'not authenticated', 'requires_auth', '401 Unauthorized', 'token expired/not found', 'StorageNotFoundError', '会话过期', '未认证', '需要登录'. Also when the user asks about login status or the login was interrupted. Also when the user wants to install/update/check/remove the okx-auth binary — 'install/update/remove auth', 'download okx-auth', '安装/更新/卸载认证', 'auth binary status', 'Failed to spawn okx-auth'. Also use before using okx-cex-trade/portfolio/earn/bot for the first time. Do NOT use for market data queries (use okx-cex-market).
Agentic Wallet Authentication
96Sign in to the wallet. Use when you or the user want to log in, sign in, connect, or set up the wallet, or when any wallet operation fails with authentication or "not signed in" errors. This skill is a prerequisite before sending, trading, or funding.
Vercel CLI Auth
95Used by Vercel's CLIs to handle authentication
Shannon Skill
98Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'.