Skills

auth-security

Installation
SKILL.md

Auth Security

Core Principles

  • OAuth 2.1 — Follow RFC 9700 (January 2025)
  • PKCE Required — All clients must use PKCE
  • Short-lived Tokens — Access tokens expire in 5-15 minutes
  • Token Rotation — Refresh tokens are single-use
  • HttpOnly Storage — Browser tokens in HttpOnly cookies
  • Explicit Algorithm — Never trust JWT header algorithm
  • No backwards compatibility — Delete deprecated auth flows

OAuth 2.1 Key Changes

Deprecated Flows (DO NOT USE)

Installs
89
Repository
majiayu000/clau…-arsenal
GitHub Stars
202
First Seen
Jan 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
auth-security — majiayu000/claude-arsenal