Reviewing Authentication and Authorization Security
CommunitySecurity-minded code reviews for auth.
Authorbbrowning
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Provides security guidance for reviewing authentication and authorization code, focusing on JWT validation, token exchange, OAuth 2.1, PKCE, and MCP security; helps identify critical vulnerabilities and improper token handling.
Core Features & Use Cases
- JWT best practices: Validate audience, issuer, signature, and alg.
- Token exchange: Prefer token exchange over forwarding tokens for service-to-service calls.
- MCP security: Enforce OAuth 2.1, PKCE, resource indicators, and no session-based auth.
- Review scope: Check for token scope correctness and secure storage.
Quick Start
Use during reviews of authentication/authorization changes: verify token validation, PKCE usage, and token exchange, and ensure no token forwarding to downstream services.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Reviewing Authentication and Authorization Security Download link: https://github.com/bbrowning/bbrowning-claude-marketplace/archive/main.zip#reviewing-authentication-and-authorization-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.