explainx.ainewsletter3.4k
tag

oauth

7 indexed skills · max 10 per page

skills (7)

exploiting-oauth-misconfiguration

mukul975/Anthropic-Cybersecurity-Skills · exploiting-oauth-misconfiguration

0

Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.

detecting-oauth-token-theft

mukul975/Anthropic-Cybersecurity-Skills · detecting-oauth-token-theft

0

Detects and responds to OAuth token theft and replay attacks in cloud environments, focusing on Microsoft Entra ID (Azure AD) token protection, conditional access policies, and sign-in anomaly detection. Covers access token theft, refresh token replay, Primary Refresh Token (PRT) abuse, and pass-the-cookie attacks. Activates for requests involving OAuth token theft detection, token replay prevention, Azure AD conditional access token protection, or cloud identity attack investigation.

login

xero.com/login-za6riz · accounting

0

Authenticate a user session against Xero — either via OAuth 2.0 / OIDC (recommended, supported) or as a fallback by scripting the password form at login.xero.com/identity/user/login. Documents the canonical URL, form schema, anti-bot stack (Akamai + browsercheck + AspNetCore antiforgery), and all five branch outcomes (MFA, SSO, passkey, lockout, invalid credentials).

mcp-oauth-cloudflare

jezweb/claude-skills · Cloud

0

OAuth authentication for MCP servers on Cloudflare Workers with Google Sign-In and Dynamic Client Registration. \n \n Implements dual OAuth role pattern: MCP server acts as both OAuth client (to Google) and OAuth server (to MCP clients like Claude.ai), issuing its own tokens after upstream authentication \n Includes production-ready security: CSRF protection via HttpOnly cookies, one-time-use state tokens with 10-minute TTL, session binding via SHA-256 hashing, and HMAC-signed approval cookies t

oauth-implementation

aj-geddes/useful-ai-prompts · Productivity

0

Implement industry-standard OAuth 2.0 and OpenID Connect authentication flows with JWT tokens, refresh tokens, and secure session management.

oauth

mcollina/skills · Productivity

0

Use this skill when you need to:

oauth-integrations

jezweb/claude-skills · Productivity

0

OAuth 2.0 authentication for GitHub and Microsoft Entra in edge runtimes without MSAL. \n \n Covers GitHub OAuth quirks: required User-Agent header, private email handling via /user/emails endpoint, and form-encoded token responses \n Microsoft Entra setup for Cloudflare Workers using manual OAuth flow and JWT validation with jose , including tenant configuration and scope requirements \n Token lifetime management: GitHub tokens don't expire, Microsoft access tokens last 60-90 minutes with optio