This is the skill you reach for when you're wiring up OAuth between Salesforce and external systems. It covers both Connected Apps and the newer External Client Apps, helps you pick the right OAuth flow (JWT bearer, PKCE, device flow, etc.), and walks you through the various metadata files that live in different directories. The 120-point security checklist is solid and opinionated in the right ways: no full scope by default, PKCE for public clients, never commit secrets. Worth noting that as of Spring '26, new Connected Apps are disabled by default in fresh orgs, so you'll be working with ECAs more often. The templates are comprehensive and the gotchas section actually covers the weird file suffix abbreviations that will break your deployments if you guess wrong.
npx -y skills add forcedotcom/sf-skills --skill integration-connectivity-connected-app-configure --agent claude-codeInstalls into .claude/skills of the current project.
Select a file.
juliusbrussee/caveman
mattpocock/skills
obra/superpowers
forrestchang/andrej-karpathy-skills
vercel-labs/skills