oauth▌

OAuth authentication for MCP servers on Cloudflare Workers with Google Sign-In and Dynamic Client Registration. \n \n Implements dual OAuth role pattern: MCP server acts as both OAuth client (to Google) and OAuth server (to MCP clients like Claude.ai), issuing its own tokens after upstream authentication \n Includes production-ready security: CSRF protection via HttpOnly cookies, one-time-use state tokens with 10-minute TTL, session binding via SHA-256 hashing, and HMAC-signed approval cookies t

Implement industry-standard OAuth 2.0 and OpenID Connect authentication flows with JWT tokens, refresh tokens, and secure session management.

Use this skill when you need to:

OAuth 2.0 authentication for GitHub and Microsoft Entra in edge runtimes without MSAL. \n \n Covers GitHub OAuth quirks: required User-Agent header, private email handling via /user/emails endpoint, and form-encoded token responses \n Microsoft Entra setup for Cloudflare Workers using manual OAuth flow and JWT validation with jose , including tenant configuration and scope requirements \n Token lifetime management: GitHub tokens don't expire, Microsoft access tokens last 60-90 minutes with optio