reviewing-authentication-and-authorization-security

bbrowning/bbrowning-claude-marketplace

Use when reviewing authentication or authorization code. Provides comprehensive security guidance on JWT validation, token exchange, OAuth 2.0/2.1 compliance, PKCE, Resource Indicators, MCP authorization, session management, and API authentication. Covers critical vulnerabilities including token forwarding, audience validation, algorithm confusion, confused deputy attacks, and authentication bypass. Invoke when analyzing any authentication, authorization, or access control code changes.

0 stars

1 forks

8 views

View on GitHub Add to Favorites

Installation

Option 1: Use slash command in Claude Code

/install-skill https://github.com/bbrowning/bbrowning-claude-marketplace/tree/main/bbrowning-claude/skills/auth-security

Option 2: Clone to skills directory

# Global (all projects)

git clone https://github.com/bbrowning/bbrowning-claude-marketplace/tree/main/bbrowning-claude/skills/auth-security ~/.claude/skills/bbrowning-claude-marketplace

# Project-specific

git clone https://github.com/bbrowning/bbrowning-claude-marketplace/tree/main/bbrowning-claude/skills/auth-security .claude/skills/bbrowning-claude-marketplace

Add MCP server to .cursor/mcp.json:

{
  "mcpServers": {
    "skillz": {
      "command": "npx",
      "args": ["-y", "skillz-mcp", "https://github.com/bbrowning/bbrowning-claude-marketplace/tree/main/bbrowning-claude/skills/auth-security"]
    }
  }
}

Restart Cursor after adding the configuration.

Option 1: Use Gemini CLI command

gemini extensions install https://github.com/bbrowning/bbrowning-claude-marketplace/tree/main/bbrowning-claude/skills/auth-security

Option 2: Clone to extensions directory

git clone https://github.com/bbrowning/bbrowning-claude-marketplace/tree/main/bbrowning-claude/skills/auth-security ~/.gemini/extensions/bbrowning-claude-marketplace