一键在 Manus 中运行任何 Skill

oauth-oidc-review

星标3

分支1

更新时间2026年6月23日 22:40

Reviewer persona for OAuth 2.0 / 2.1 and OpenID Connect flow implementations. Catches the well-documented attack classes that still ship: missing PKCE, wildcard redirect URIs, mishandled refresh tokens, scope creep, mixed flows on a single endpoint, leaking tokens through referrer or logs, JWT signature bypass. Use when reviewing any code that issues, accepts, validates, exchanges, refreshes, revokes, or stores tokens; when designing a new auth integration; when a PR touches /authorize, /token, /userinfo, /jwks, /introspect, /revoke, OIDC discovery, or a third-party identity provider client. Triggers: OAuth, OIDC, JWT, PKCE, redirect_uri, scope, refresh token, access token, id_token, client_credentials, authorization code, implicit, device code, token exchange, identity provider, IdP, SSO.

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

robert-chiniquy

robert-chiniquy/dotfiles

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

SKILL.md

readonly

同仓库更多 Skills

同仓库

authorization-model-review

robert-chiniquy/dotfiles

Reviewer persona for authorization models — RBAC, ABAC, ReBAC, and hybrids. Catches the bugs that ship after auth is correct but authz is wrong: missing tenant scoping, IDOR via predictable IDs, role escalation through unchecked write paths, permission caching staleness, transitive-trust loopholes, RBAC/ReBAC drift between policy doc and code. Use when reviewing endpoints that gate access by user/role/relationship, when adding a new role/permission/scope, when changing tenant isolation, or when designing a permission system from scratch. Triggers: RBAC, ABAC, ReBAC, IDOR, tenant isolation, multi-tenant, permission check, role, scope, principal, Zanzibar, OpenFGA, casbin, authz, can_, has_permission, isAuthorized.

2026-06-233

c1-dev-stack-in-squire

robert-chiniquy/dotfiles

Stand up a full c1 dev stack inside a Squire env — process-compose, postgres, envoy, pub-api, pub-auth, be-* services — wired so an external client can drive c1's gRPC surface end to end with TLS + OAuth2 client_credentials. Use when testing a Latchkey or other c1 client against a real (not stubbed) c1 backend, or when reproducing c1 server-side behavior locally. Triggers on: c1 dev env, squire c1 stack, pc/up, dev-util mint-test-client, test against c1, c1 OAuth client_credentials, run c1 integration tests in squire, repro buildkite integration test, TEST_LOCAL_EXEC, api_no_uplift.

2026-06-233

c1-squire-dispatch

robert-chiniquy/dotfiles

c1-specific values for the general squire dispatch protocols defined in squire-env-management. Provides the c1 gate bundle's contents, the task-family table for c1 work, the c1 always-actives, and the list of c1 skills that should NOT be spent on a squire env. Use when about to spawn a squire env to execute c1 work, when writing a brief for a remote c1 agent, or when filing a c1 bead intended for squire dispatch. Triggers: c1 squire dispatch, c1 squire brief, c1 remote work, c1 ephemeral env, c1 fire-and-forget.

2026-06-233

custom-crypto-detection

robert-chiniquy/dotfiles

Reviewer persona for detecting hand-rolled cryptography. Distinct from `sharp-edges` (which catches footgun APIs) and `key-lifecycle-review` (which covers lifecycle hygiene): this skill catches the class where someone wrote their own MAC, KDF, AEAD, signature scheme, secret-comparison routine, RNG, or password hash. Almost all custom crypto is broken. Use when reviewing any code that does math on bytes, manipulates buffers in a 'crypto-shaped' way, or implements something whose docs reference a named primitive (HMAC, AES-GCM, Argon2, X25519). Triggers: hand-rolled crypto, custom MAC, custom hash, custom KDF, byte XOR, constant-time compare, derived key, password hashing, HKDF, encrypt_then_mac, mac_then_encrypt, AE, AEAD.

2026-06-233

key-lifecycle-review

robert-chiniquy/dotfiles

Reviewer persona for the full lifecycle of cryptographic keys and high-value secrets: generation, storage, distribution, rotation, revocation, and destruction. Trail of Bits' `zeroize-audit` covers the destruction half; this skill covers the other four phases plus closes the loop with destruction. Use when reviewing key management code, secret stores, KMS integrations, rotation logic, key derivation, RNG usage, or any system that issues, holds, or revokes long-lived credentials. Triggers: key generation, key rotation, KMS, HSM, secret store, vault, key derivation, KDF, master key, DEK, KEK, rotation, revocation, RNG, entropy, random, secrets management.

2026-06-233

pr-deep-review

robert-chiniquy/dotfiles

Deep, multi-agent review of a PR or branch diff: fan out one focused subagent per dimension (security, scale, performance, correctness, idiomatic style, plus frontend when the diff warrants), adversarially verify every finding to kill false positives and pre-existing debt, tier what survives, then post agent-shaped inline comments to the PR. Has a re-review mode for when the author has addressed feedback. Use when the user asks to "deep review this branch/PR", "review the PR with subagents", "do a thorough review", "re-review the PR", or wants a higher-rigor pass than a single-shot review.

2026-06-233

name	oauth-oidc-review
description	Reviewer persona for OAuth 2.0 / 2.1 and OpenID Connect flow implementations. Catches the well-documented attack classes that still ship: missing PKCE, wildcard redirect URIs, mishandled refresh tokens, scope creep, mixed flows on a single endpoint, leaking tokens through referrer or logs, JWT signature bypass. Use when reviewing any code that issues, accepts, validates, exchanges, refreshes, revokes, or stores tokens; when designing a new auth integration; when a PR touches /authorize, /token, /userinfo, /jwks, /introspect, /revoke, OIDC discovery, or a third-party identity provider client. Triggers: OAuth, OIDC, JWT, PKCE, redirect_uri, scope, refresh token, access token, id_token, client_credentials, authorization code, implicit, device code, token exchange, identity provider, IdP, SSO.
allowed-tools	["Read","Grep","Glob","Bash"]

OAuth 2.0 / OIDC Flow Review

Reviews OAuth 2.0 / 2.1 and OpenID Connect implementations against the well-known attack classes. OAuth bugs are concentrated in a small number of locations — most production incidents trace back to fewer than ten distinct mistakes. This persona walks the diff (or a target subsystem) through them.

When to use

Any PR that touches /authorize, /token, /userinfo, /jwks, /introspect, /revoke, OIDC discovery (/.well-known/openid-configuration), or a third-party IdP client (Okta, Auth0, Google, Microsoft, Ping, Keycloak)
Adding or modifying a redirect URI allowlist
Introducing a new OAuth client or scope
Changing how tokens are stored, refreshed, revoked, or invalidated
Migrating between OAuth 2.0 grant types (esp. implicit → PKCE)
Reviewing JWT signature validation code
Token exchange (RFC 8693) implementations
Service-to-service authentication via client_credentials
After any change to session lifetime, multi-tab/multi-device behavior, or single sign-out propagation

When NOT to use

Application-layer authorization decisions (RBAC/ABAC checks AFTER authentication) — use authorization-model-review instead
Cryptographic primitive review (algorithm choice, key derivation) — use key-lifecycle-review or custom-crypto-detection
Generic input validation — standard code review

Core posture

OAuth is a delegation protocol. Every check the spec describes exists because someone shipped a real exploit. Treat every "we don't need to validate X because Y" rationalization as a defect until the threat model explicitly accepts the risk in writing. The protocol's security properties are emergent from the combination of validations — skip one and a downstream check is silently load-bearing in a way the author did not realize.

Phase 1: Identify the surface

Before reviewing, locate every code path that participates in OAuth. Many bugs hide because the reviewer didn't realize the third-or-fourth implementation existed.

Grep for redirect_uri, code_verifier, code_challenge, grant_type, client_secret, id_token, access_token, refresh_token, client_credentials, device_code, assertion
Grep for JWT library imports: jsonwebtoken, jose, pyjwt, golang-jwt/jwt, auth0/java-jwt, nimbusds/nimbus-jose-jwt
Grep for OIDC library use: openid-client, oidc-client-ts, coreos/go-oidc, auth0/auth0-spa-js
Find every server route that accepts a token: middleware chains often hide token validation behind ambiguous names like authMiddleware that don't reveal what they validate
Find token storage: cookies, localStorage, sessionStorage, keyring, secure storage; flag any of the first three for browser-side review

Phase 2: Walk the checklist by flow

Authorization Code + PKCE (OAuth 2.1 default, OIDC standard)

#	Check	Reject pattern	Required
1	`redirect_uri` exact-match against allowlist	substring match, prefix match, regex with `.*`, scheme-only check, wildcard subdomain	Exact string equality including path
2	`state` parameter present, opaque, single-use, bound to user session	absent, predictable, replayable, not validated on callback	High-entropy random, server-side stored, deleted on use
3	PKCE `code_challenge_method=S256` enforced on `/authorize`	`plain`, accepted-when-missing	Reject any request without `S256`
4	`code_verifier` validated against stored `code_challenge` on `/token`	accepted unconditionally, length not validated (43–128 chars)	sha256(verifier) compared with stored challenge, both length-checked
5	Authorization code single-use, short-lived (≤10 min), bound to client_id + redirect_uri	reuse-tolerant, long-lived, not bound	Marked used atomically on first redemption; reuse triggers token revocation per RFC 6749 §4.1.2
6	`nonce` (OIDC) bound to session and validated in `id_token`	not validated, predictable, reused across sessions	Stored server-side or in signed/encrypted cookie; checked on id_token receipt
7	`id_token` signature validated with key fetched from `/jwks` of the issuer, `iss`/`aud`/`exp`/`iat`/`nbf` validated	`alg=none` accepted, `kid` from token used without trust check, missing `aud` validation, clock skew not handled	Reject `alg=none`; pin allowed algs; `aud` must match this client_id; `iss` must match expected IdP

Refresh tokens

#	Check	Reject pattern	Required
1	Refresh token rotation: each use returns a new RT, old one invalidated	RT reusable across sessions	Rotate on every refresh; detect reuse → revoke entire family
2	RT scope cannot grow on refresh	scope inflated on refresh	New scope ⊆ original scope
3	RT bound to client_id (and ideally to client instance)	shareable across clients	Reject mismatch
4	RT storage encrypted at rest	plaintext DB column	Encrypted column or KMS-wrapped
5	RT lifetime ≤ refresh-window policy; absolute expiry not just sliding	sliding-only, no upper bound	Absolute expiry ≥ 7 days for SaaS is on the high end; 24h is conservative

Client credentials

#	Check	Reject pattern	Required
1	Client secret transmitted only in `Authorization: Basic` or request body, never in URL query	secret in query string (logged everywhere)	Basic auth or form body
2	Service-to-service `aud` claim verified server-side	accepted from any IdP	Pin expected IdP; pin allowed `aud`
3	mTLS or signed client assertion (JWT-bearer per RFC 7523) preferred over shared secret for high-trust flows	bare client_secret with broad scope	Move to private_key_jwt / mTLS for prod clients with privileged scopes

Implicit / hybrid flows

Reject in new code outright. If the codebase still uses them:

#	Check
1	Migrate to authorization-code + PKCE; flag implicit as deprecated
2	Confirm no AT/IT/RT returned via URL fragment to a non-trusted page (referer leak class)
3	Confirm session fixation not possible via repeated `/authorize` calls before user auth

Device code

#	Check
1	User_code displayed and confirmed against IdP UI by the human (not auto-submitted)
2	Polling interval ≥ recommended (RFC 8628 default 5s); back-off on `slow_down`
3	Verification URI uses an IdP-controlled domain — not the relying-party domain
4	`device_code` is high-entropy and single-use

Token exchange (RFC 8693)

#	Check
1	`subject_token_type` and `actor_token_type` both validated
2	Exchange policy expressed as explicit allowlist of (subject, audience, scope) tuples — not "anything-from-trusted-IdP"
3	Original subject preserved or explicitly delegated; no silent identity substitution
4	`act` claim chain monotonically grows; no truncation across exchanges

JWT signature validation

The class of "JWT validation bypass" bugs has shipped in production code at every scale. Specific patterns to reject on sight:

Pattern	Fix
`jwt.decode(token)` without verification (e.g. PyJWT's `verify=False`)	Always verify; use `jwt.decode(token, key=..., algorithms=['RS256'])`
Library default accepts `alg=none`	Explicitly enumerate allowed algs; never `'*'`
Algorithm taken from token header (`alg=HS256` accepted when expected `RS256` — confusion attack)	Pin algorithm server-side; never trust `alg`
`kid` used to fetch a key from an attacker-controllable location (path traversal in `kid`)	Validate `kid` against allowlist; restrict to known JWKS endpoint
Symmetric secret used as both HMAC key and RSA public key (key-confusion)	Type the key explicitly; separate HMAC keys from asymmetric keys
Clock skew not handled; tokens fail on minor drift	Allow ≤30s leeway, not more
`exp` checked but `nbf` and `iat` not validated	Validate all three
`aud` not validated, or validated as substring	Exact match against expected audience
`iss` not validated, or validated against fetched `iss` from the token	Validate against expected IdP issuer hardcoded or configured

Phase 3: Token handling outside the flow

Bugs in token handling rarely live in the flow itself; they live in storage, transport, and logging.

Logs: grep for console.log, logger.info, fmt.Println near token-bearing variables. Any token in any log line is a leak. Use redaction middleware. Confirm structured logging redacts named fields.
URLs: tokens in query strings end up in proxy logs, referrer headers, browser history. Force tokens into headers or POST bodies.
Cookies: Secure, HttpOnly, SameSite=Lax or Strict, appropriate Domain scope (no parent-domain leak), Path scoped tightly. Reject sessions set without these.
Storage in SPAs: localStorage is XSS-readable; sessionStorage is too. Prefer HttpOnly cookies + a CSRF strategy (double-submit token or SameSite). Flag any AT/RT in localStorage as a finding.
Caching: tokens in HTTP responses must not be cached. Cache-Control: no-store, Pragma: no-cache on /token responses.

Phase 4: Session lifecycle

Single sign-out: when the IdP sends a logout (back-channel or front-channel), every RP session for the subject must be invalidated. Missing back-channel logout endpoint = silent finding.
Token revocation: /revoke exists, is reachable, and revokes both AT and the RT family on logout
Idle vs. absolute lifetime: both must be enforced; sliding-only = finding
Multi-tab: opening a new tab after logout in another tab must not reuse the still-cached token
Token binding to client instance (DPoP, mTLS sender-constraint, or cookie-bound RT) preferred for high-value scopes

Phase 5: Trust boundary checks specific to the codebase

For each IdP integration: confirm the issuer URL is hardcoded or configured at deploy time, NOT discovered from a user-supplied input
For OIDC discovery: cache /.well-known/openid-configuration with a TTL and signature pinning; do not re-fetch on every request
For JWKS: cache, refresh on kid miss with backoff, NOT on every validation; cap the size of the cached JWKS
For client secrets: never in source, never in env at process level unless rotated; preferably vault-backed with short-lived re-fetch

Phase 6: Document findings

For each finding, report:

Location (path/to/file:line)
Class (one of the categories above)
Severity (Critical/High/Medium/Low — Critical = token bypass, silent identity substitution, or PII exposure to attacker)
Concrete exploit (what an attacker does, in two sentences)
Required fix (specific code change, not "improve validation")
Spec reference (RFC 6749, 6750, 7519, 7636, 8252, 8628, 8693, 9068, 9126, OIDC Core 1.0, OIDC Back-Channel Logout 1.0 — cite the section, not just the document)

Rationalizations to reject

Rationalization	Why it's wrong
"Our IdP enforces this"	You still validate server-side. The IdP is a trust boundary, not the trust boundary.
"It's an internal app"	Internal apps phish internal users; internal traffic isn't a trust boundary.
"We use a library that handles it"	Libraries have configurable validation; if you didn't explicitly enable a check, assume it's off.
"PKCE is for mobile/SPA"	PKCE is mandatory for all public clients in OAuth 2.1 and recommended for confidential clients in OAuth 2.0. Use it everywhere.
"Refresh tokens are too short-lived to bother rotating"	Token theft + replay is the entire attack class. Rotate.
"We can't break clients by tightening"	You can deprecate with telemetry, then tighten. The state of "permanently lenient" is not stable; it ends in an incident.

References

RFC 6749 (OAuth 2.0), RFC 6750 (bearer), RFC 7636 (PKCE), RFC 8252 (native apps), RFC 8628 (device), RFC 8693 (token exchange), RFC 9068 (JWT access token profile), RFC 9126 (PAR — pushed auth requests)
OAuth 2.0 Security Best Current Practice (draft-ietf-oauth-security-topics, latest BCP)
OIDC Core 1.0; OIDC Back-Channel Logout 1.0; OIDC Front-Channel Logout 1.0
OWASP ASVS v4 Chapter 3 (Session Management) and Chapter 4 (Access Control)
https://oauth.net/2/'s vulnerability index

Pin the BCP version reviewed against in any finding — OAuth's "best current practice" moves; what was acceptable in 2020 is not now.