{"id":"0fc2fe62-e07d-4435-bf93-162778a3ac68","slug":"guptadeepak-auth-implementation-skill","name":"auth-implementation","description":"Expert guidance for implementing secure authentication systems including OAuth 2.0, SAML, OIDC, JWT, passwordless authentication, passkeys, and biometrics. Covers protocol selection, security best practices, common pitfalls at scale, and enterprise patterns. Use when implementing login flows, SSO, API authentication, machine identity, or any identity management features.","canonicalUrl":"https://xpersona.co/skill/guptadeepak-auth-implementation-skill","sourceUrl":"https://github.com/guptadeepak/auth-implementation-skill","homepage":null,"source":"GITHUB_OPENCLEW","vendor":{"slug":"guptadeepak","label":"Guptadeepak","url":"https://github.com/guptadeepak/auth-implementation-skill"},"protocols":["OPENCLEW"],"capabilities":["immediately","passkeys","multiple","both"],"trustScore":null,"trustConfidence":"unknown","artifactCount":0,"benchmarkCount":0,"lastRelease":null,"freshnessAt":"2026-04-15T03:13:06.822Z","freshnessLabel":"Apr 15, 2026","securityReviewed":true,"openapiReady":false,"stats":[{"label":"Trust score","value":"Unknown"},{"label":"Compatibility","value":"OpenClaw"},{"label":"Freshness","value":"Apr 15, 2026"},{"label":"Vendor","value":"Guptadeepak"},{"label":"Artifacts","value":"0"},{"label":"Benchmarks","value":"0"},{"label":"Last release","value":"Unpublished"}],"factsPreview":[{"factKey":"docs_crawl","category":"integration","label":"Crawlable docs","value":"6 indexed pages on the official domain","href":"https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar","sourceUrl":"https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar","sourceType":"search_document","confidence":"medium","observedAt":"2026-04-15T05:03:46.393Z","isPublic":true},{"factKey":"vendor","category":"vendor","label":"Vendor","value":"Guptadeepak","href":"https://github.com/guptadeepak/auth-implementation-skill","sourceUrl":"https://github.com/guptadeepak/auth-implementation-skill","sourceType":"profile","confidence":"medium","observedAt":"2026-04-15T03:13:06.822Z","isPublic":true},{"factKey":"protocols","category":"compatibility","label":"Protocol compatibility","value":"OpenClaw","href":"https://xpersona.co/api/v1/agents/guptadeepak-auth-implementation-skill/contract","sourceUrl":"https://xpersona.co/api/v1/agents/guptadeepak-auth-implementation-skill/contract","sourceType":"contract","confidence":"medium","observedAt":"2026-04-15T03:13:06.822Z","isPublic":true},{"factKey":"traction","category":"adoption","label":"Adoption signal","value":"2 GitHub stars","href":"https://github.com/guptadeepak/auth-implementation-skill","sourceUrl":"https://github.com/guptadeepak/auth-implementation-skill","sourceType":"profile","confidence":"medium","observedAt":"2026-04-15T03:13:06.822Z","isPublic":true},{"factKey":"handshake_status","category":"security","label":"Handshake status","value":"UNKNOWN","href":"https://xpersona.co/api/v1/agents/guptadeepak-auth-implementation-skill/trust","sourceUrl":"https://xpersona.co/api/v1/agents/guptadeepak-auth-implementation-skill/trust","sourceType":"trust","confidence":"medium","observedAt":null,"isPublic":true}],"highlights":["2 GitHub stars","Trust evidence available"],"agentCard":{"name":"auth-implementation","description":"Expert guidance for implementing secure authentication systems including OAuth 2.0, SAML, OIDC, JWT, passwordless authentication, passkeys, and biometrics. Covers protocol selection, security best practices, common pitfalls at scale, and enterprise patterns. Use when implementing login flows, SSO, API authentication, machine identity, or any identity management features.","source":"GITHUB_OPENCLEW","sourceId":"github:1145719886","repository":"https://github.com/guptadeepak/auth-implementation-skill","documentation":"https://xpersona.co/skill/guptadeepak-auth-implementation-skill/agent/guptadeepak-auth-implementation-skill","protocols":["OPENCLEW"],"capabilities":["immediately","passkeys","multiple","both"],"languages":["typescript"],"install":{"command":"git clone https://github.com/guptadeepak/auth-implementation-skill.git","ecosystem":"git"},"examples":[{"kind":"example","language":"python","snippet":"# Server-side OAuth 2.0 implementation pattern\nimport secrets\nimport hashlib\nimport base64\nfrom datetime import datetime, timedelta\n\nclass OAuthServer:\n def __init__(self):\n self.auth_codes = {} # In production: use Redis with TTL\n self.tokens = {} # In production: use database\n \n def generate_authorization_code(self, client_id, redirect_uri, \n code_challenge, code_challenge_method, scope):\n \"\"\"Generate authorization code with PKCE support\"\"\"\n if code_challenge_method not in ['S256', 'plain']:\n raise ValueError(\"Invalid code_challenge_method\")\n \n # Generate secure authorization code\n auth_code = secrets.token_urlsafe(32)\n \n # Store authorization code with PKCE parameters (5 min TTL)\n self.auth_codes[auth_code] = {\n 'client_id': client_id,\n 'redirect_uri': redirect_uri,\n 'code_challenge': code_challenge,\n 'code_challenge_method': code_challenge_method,\n 'scope': scope,\n 'expires_at': datetime.utcnow() + timedelta(minutes=5),\n 'used': False\n }\n \n return auth_code\n \n def verify_code_verifier(self, code_verifier, code_challenge, method):\n \"\"\"Verify PKCE code verifier against stored challenge\"\"\"\n if method == 'S256':\n # Hash the verifier and compare\n computed = base64.urlsafe_b64encode(\n hashlib.sha256(code_verifier.encode()).digest()\n ).decode().rstrip('=')\n return computed == code_challenge\n elif method == 'plain':\n return code_verifier == code_challenge\n return False\n \n def exchange_code_for_token(self, auth_code, code_verifier, client_id):\n \"\"\"Exchange authorization code for access token\"\"\"\n # Retrieve stored authorization code\n code_data = self.auth_codes.get(auth_code)\n \n if not code_data:\n r"},{"kind":"example","language":"python","snippet":"# JWT token validation and management\nimport jwt\nfrom datetime import datetime, timedelta\nfrom functools import wraps\nfrom flask import request, jsonify\n\nclass JWTTokenManager:\n def __init__(self, public_key, private_key):\n self.public_key = public_key # RS256 public key\n self.private_key = private_key # RS256 private key\n self.algorithm = 'RS256' # NEVER use HS256 for production\n self.token_blacklist = set() # In production: use Redis\n \n def generate_token(self, user_id, scope, token_type='access'):\n \"\"\"Generate JWT token with proper claims\"\"\"\n now = datetime.utcnow()\n \n # Access tokens: short-lived (1 hour)\n # Refresh tokens: longer-lived (30 days) with different audience\n expires_in = 3600 if token_type == 'access' else 2592000\n \n payload = {\n 'sub': str(user_id), # Subject (user ID)\n 'iat': now, # Issued at\n 'exp': now + timedelta(seconds=expires_in), # Expiration\n 'nbf': now, # Not before\n 'jti': self._generate_jti(), # JWT ID for tracking\n 'scope': scope, # Permissions\n 'type': token_type, # Token type\n 'iss': 'https://your-domain.com', # Issuer\n 'aud': 'your-api' # Audience\n }\n \n token = jwt.encode(payload, self.private_key, algorithm=self.algorithm)\n return token\n \n def validate_token(self, token, required_scope=None):\n \"\"\"Validate JWT token with comprehensive checks\"\"\"\n try:\n # Decode and verify token\n payload = jwt.decode(\n token,\n self.public_key,\n algorithms=[self.algorithm],\n options={\n 'verify_signature': True,\n 'verify_exp': True,\n 'verify_nbf': True,\n 'verify_iat': True,\n 'verify_aud': True,\n 'verify_iss': Tru"}]}}