oauth
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements standard OAuth 2.0/2.1 security patterns using official and trusted Fastify ecosystem plugins (@fastify/oauth2, @fastify/jwt, @fastify/session).
- [SAFE]: Instructions correctly mandate the use of Proof Key for Code Exchange (PKCE) with S256 as per RFC 7636, which is the current security standard for preventing authorization code injection.
- [SAFE]: The implementation includes robust CSRF protection by generating and validating a unique 'state' parameter for each authorization request.
- [SAFE]: JWT validation logic correctly enforces checking essential claims such as issuer (iss), audience (aud), and expiration (exp) to prevent token reuse and acceptance of forged tokens.
- [SAFE]: Sensitive information like client IDs and secrets are handled via environment variables (process.env), and instructions explicitly warn against logging raw tokens or storing them in insecure locations like localStorage.
Audit Metadata