Handles OAuth 2.0 and OpenID Connect flows with proper security patterns baked in. You get authorization code flow with PKCE for SPAs and mobile apps, client credentials for service-to-service auth, and token refresh logic. The Express examples show state validation, secure token exchange, and the Python/Java references cover running your own OIDC provider if needed. What's good here is the explicit security checklist: PKCE for public clients, HttpOnly cookies for tokens, 15-minute access token lifetimes. It won't hold your hand on provider-specific quirks, but if you need to wire up Google/GitHub login or build federated auth, this covers the OAuth fundamentals without the usual footguns.
npx skills add https://github.com/secondsky/claude-skills --skill oauth-implementation