azure-auth

Benign with moderate security risk due to integration complexity. The skill outlines a coherent, standard architecture for SPA authentication with a Cloudflare Worker backend validating tokens via jose. While the pattern involves cross-environment token handling and external network calls to Azure AD endpoints, these are conventional for such a setup and do not indicate credential harvesting or data leakage by design. Ensure proper validation of issuer/audience, careful handling of multi-tenant scenarios, and robust error handling to avoid information leakage through error messages.