oauth-implementation▌
aj-geddes/useful-ai-prompts · updated Apr 8, 2026
Implement industry-standard OAuth 2.0 and OpenID Connect authentication flows with JWT tokens, refresh tokens, and secure session management.
OAuth Implementation
Table of Contents
Overview
Implement industry-standard OAuth 2.0 and OpenID Connect authentication flows with JWT tokens, refresh tokens, and secure session management.
When to Use
- User authentication systems
- Third-party API integration
- Single Sign-On (SSO) implementation
- Mobile app authentication
- Microservices security
- Social login integration
Quick Start
Minimal working example:
// oauth-server.js - Complete OAuth 2.0 implementation
const express = require("express");
const jwt = require("jsonwebtoken");
const crypto = require("crypto");
const bcrypt = require("bcrypt");
class OAuthServer {
constructor() {
this.app = express();
this.clients = new Map();
this.authorizationCodes = new Map();
this.refreshTokens = new Map();
this.accessTokens = new Map();
// JWT signing keys
this.privateKey = process.env.JWT_PRIVATE_KEY;
this.publicKey = process.env.JWT_PUBLIC_KEY;
this.setupRoutes();
}
// Register OAuth client
registerClient(clientId, clientSecret, redirectUris) {
this.clients.set(clientId, {
clientSecret: bcrypt.hashSync(clientSecret, 10),
// ... (see reference guides for full implementation)
Reference Guides
Detailed implementations in the references/ directory:
| Guide | Contents |
|---|---|
| Node.js OAuth 2.0 Server | Node.js OAuth 2.0 Server |
| Python OpenID Connect Implementation | Python OpenID Connect Implementation |
| Java Spring Security OAuth | Java Spring Security OAuth |
Best Practices
✅ DO
- Use PKCE for public clients
- Implement token rotation
- Store tokens securely
- Use HTTPS everywhere
- Validate redirect URIs
- Implement rate limiting
- Use short-lived access tokens
- Log authentication events
❌ DON'T
- Store tokens in localStorage
- Use implicit flow
- Skip state parameter
- Expose client secrets
- Allow open redirects
- Use weak signing keys
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.7★★★★★41 reviews- ★★★★★Lucas Nasser· Dec 28, 2024
oauth-implementation reduced setup friction for our internal harness; good balance of opinion and flexibility.
- ★★★★★Chinedu Reddy· Dec 16, 2024
Registry listing for oauth-implementation matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Dhruvi Jain· Dec 12, 2024
We added oauth-implementation from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Zaid Sethi· Dec 8, 2024
Keeps context tight: oauth-implementation is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Zaid Taylor· Nov 19, 2024
oauth-implementation is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★Sophia Huang· Nov 15, 2024
oauth-implementation has been reliable in day-to-day use. Documentation quality is above average for community skills.
- ★★★★★Chinedu Anderson· Nov 7, 2024
Solid pick for teams standardizing on skills: oauth-implementation is focused, and the summary matches what you get after install.
- ★★★★★Oshnikdeep· Nov 3, 2024
oauth-implementation fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Hiroshi Jain· Oct 26, 2024
We added oauth-implementation from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Ganesh Mohane· Oct 22, 2024
Registry listing for oauth-implementation matched our evaluation — installs cleanly and behaves as described in the markdown.
showing 1-10 of 41