| name | oauth-auth |
| description | OAuth 2.0 Authorization Code Flow with PKCE for Atlassian, GitHub, and Google providers. Handles token exchange and secure storage. Use PROACTIVELY for OAuth flows. |
| version | 2.0.0-rc |
| author | Kernel Architecture Team |
| triggers | ["authenticate with","oauth login","sign in with","oauth"] |
| tools | ["mcp__kernel-v2-oauth__authorize","mcp__kernel-v2-oauth__callback","mcp__kernel-v2-oauth__refresh","mcp__kernel-v2-oauth__status","mcp__kernel-v2-credentials__store","mcp__kernel-v2-credentials__retrieve"] |
OAuth Authentication Skill
Purpose
Provides OAuth 2.0 authentication with PKCE (Proof Key for Code Exchange) for secure authorization flows with third-party providers: Atlassian, GitHub, and Google.
When to Use
- User needs to authenticate with Atlassian (Jira, Confluence)
- User needs to authenticate with GitHub
- User needs to authenticate with Google
- OAuth tokens need to be refreshed
- Authentication status needs to be checked
Available MCP Tools
kernel-v2-oauth Server
| Tool | Description |
|---|
mcp__kernel-v2-oauth__authorize | Generate authorization URL with PKCE |
mcp__kernel-v2-oauth__callback | Handle OAuth callback and exchange tokens |
mcp__kernel-v2-oauth__refresh | Refresh expired tokens |
mcp__kernel-v2-oauth__status | Check authentication status for a provider |
kernel-v2-credentials Server
| Tool | Description |
|---|
mcp__kernel-v2-credentials__store | Securely store OAuth tokens |
mcp__kernel-v2-credentials__retrieve | Retrieve stored OAuth tokens |
Workflow
Atlassian OAuth
- Call
mcp__kernel-v2-oauth__authorize with provider="atlassian"
- User visits the returned authorization URL
- User authorizes and is redirected with code
- Call
mcp__kernel-v2-oauth__callback with the authorization code
- Call
mcp__kernel-v2-credentials__store to save tokens securely
GitHub OAuth
- Call
mcp__kernel-v2-oauth__authorize with provider="github"
- User visits authorization URL
- Call
mcp__kernel-v2-oauth__callback with code
- Store tokens with
mcp__kernel-v2-credentials__store
Google OAuth
- Call
mcp__kernel-v2-oauth__authorize with provider="google"
- User visits authorization URL
- Call
mcp__kernel-v2-oauth__callback with code
- Store tokens with
mcp__kernel-v2-credentials__store
Token Refresh
- Retrieve refresh token with
mcp__kernel-v2-credentials__retrieve
- Call
mcp__kernel-v2-oauth__refresh with the refresh token
- Store new tokens with
mcp__kernel-v2-credentials__store
Security Features
- PKCE: Proof Key for Code Exchange prevents authorization code interception
- AES-256-GCM: Tokens encrypted at rest
- OS Keyring: Integration with system credential storage
- Session TTL: 8-hour session timeout
- Idle Timeout: 30-minute idle timeout
Supported Providers
| Provider | Services |
|---|
| Atlassian | Jira, Confluence, Bitbucket |
| GitHub | Repositories, Issues, Pull Requests |
| Google | Drive, Gmail, Calendar, Docs |
Error Handling
- Invalid redirect: Check provider configuration
- Token expired: Use refresh token flow
- Rate limited: Implement exponential backoff
- Network error: Retry with timeout
Related Skills
secure-credentials: For encrypting and storing OAuth tokens
session-management: For managing user sessions with OAuth tokens
token-refresh: For automatic token lifecycle management
audit-logging: For logging OAuth events