The Agent Skills Directory

[SAFE]: The skill implements the Authorization Code Flow with Proof Key for Code Exchange (PKCE), which is the current security standard for OAuth 2.0, replacing the deprecated implicit flow.- [SAFE]: Includes a robust redirect URI validation pattern using a whitelist of allowed hosts to prevent open redirect vulnerabilities, which are common in authentication implementations.- [SAFE]: Correctly identifies and warns against anti-patterns such as storing tokens in localStorage or using the implicit flow, promoting the use of httpOnly cookies and server-side session management.- [SAFE]: The backend token validation example uses standard libraries (jose) and checks for critical JWT claims such as 'sub' and 'audience' to ensure token integrity and authenticity.

oauth-flow