OpenClaw LaunchOpenClaw Launch
🔓

OAuth2 Flow Guide

Verified

by Community

Guides you through implementing OAuth 2.0 flows including Authorization Code with PKCE, Client Credentials, and Device Authorization. Covers token management, refresh handling, scope design, and common security pitfalls to avoid.

oauth2authenticationauthorizationsecurityapi

OAuth2 Flow Guide

Implement OAuth 2.0 authorization flows correctly with proper token management and security practices.

Usage

Describe your authentication requirements and this skill will guide you through the appropriate OAuth 2.0 flow.

Examples

  • "Implement Authorization Code flow with PKCE for my SPA"
  • "Set up Client Credentials flow for server-to-server API access"
  • "Design OAuth scopes for my multi-tenant API"

Guidelines

  • Always use PKCE for public clients like SPAs and mobile apps
  • Store tokens securely and never expose them in URLs
  • Implement refresh token rotation for enhanced security
  • Use short-lived access tokens with longer-lived refresh tokens
  • Design granular scopes that follow least privilege principles

More API Development Skills

🌐
REST API Designer

Design RESTful APIs following best practices and conventions.

◼️
GraphQL Schema Builder

Design GraphQL schemas with types, queries, and mutations.

📄
OpenAPI Spec Generator

Generate OpenAPI 3.0 specifications for REST APIs.

🔢
API Versioning Guide

Implement API versioning strategies for backward compatibility.