Skip to content

docs(oauth): add OAuth identity sign-in skill#118

Open
theothersideofgod wants to merge 3 commits into
feat/csrf-cookie-authfrom
feat/oauth-cross-origin
Open

docs(oauth): add OAuth identity sign-in skill#118
theothersideofgod wants to merge 3 commits into
feat/csrf-cookie-authfrom
feat/oauth-cross-origin

Conversation

@theothersideofgod
Copy link
Copy Markdown
Contributor

@theothersideofgod theothersideofgod commented May 12, 2026

Summary

Adds constructive-oauth skill documenting OAuth identity sign-in with cross-origin token exchange.

Based on feat/csrf-cookie-auth (Cookie/CSRF skill).

Contents

constructive-oauth skill

  • Same-origin vs cross-origin flow comparison
  • Quick start guide with code examples
  • Identity provider configuration (GitHub, Google)
  • Multi-tenant support
  • Server environment configuration (OAUTH_SECRET)
  • Troubleshooting reference

constructive-cookie-csrf skill (base branch)

  • Cookie auth and CSRF documentation
  • Current implementation status
  • Architecture diagram
  • Middleware configuration

Environment Variables

Variable Required Description
OAUTH_SECRET State signing secret (required in all environments)

Related

  • constructive PR #1141 - OAuth implementation

🤖 Generated with Claude Code

theothersideofgod and others added 3 commits May 12, 2026 17:14
@theothersideofgod @claude
docs(skills): add constructive-oauth skill
a51de7f 
Documents OAuth identity sign-in with cross-origin token exchange:
- Quick start guide for frontend integration
- Identity provider configuration (GitHub, Google)
- signInCrossOrigin mutation usage
- Multi-tenant support
- Troubleshooting guide

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@theothersideofgod @claude
docs(oauth): add same-origin vs cross-origin comparison
f8df96b 
Explains when to use Bearer token (cross-origin) vs cookie auth (same-origin),
including pros/cons for each approach.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@theothersideofgod @claude
docs(oauth): add OAUTH_SECRET configuration
77ed6bf 
OAUTH_SECRET is required in all environments.
Server throws error if not configured.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@theothersideofgod theothersideofgod mentioned this pull request May 15, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pyramation pyramation Awaiting requested review from pyramation

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theothersideofgod