Handles OAuth setup for Salesforce Connected Apps and External Client Apps, including JWT bearer flows, PKCE decisions, and scope configuration. Comes with templates for common patterns (web server, Canvas, JWT) and a 120-point security checklist. The skill pushes you toward ECAs for new work since Spring '26 disabled Connected App creation by default in most orgs. It knows the gnarly bits: ECA metadata spans six different directories with abbreviated suffixes like `.ecaGlblOauth` and `.ecaPlcy`, and OAuth security settings must be retrieved from an org before you can edit them. Won't touch Named Credentials or callout code, just the OAuth app definitions themselves.
npx skills add https://github.com/forcedotcom/afv-library --skill configuring-connected-apps