mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 10:03:42 +03:00
Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
This commit is contained in:
@@ -0,0 +1,43 @@
|
||||
# OAuth 2.0 Authorization Flow — API Reference
|
||||
|
||||
## Libraries
|
||||
|
||||
| Library | Install | Purpose |
|
||||
|---------|---------|---------|
|
||||
| requests | `pip install requests` | HTTP client for OAuth endpoints |
|
||||
| authlib | `pip install authlib` | Full OAuth 2.0 / OIDC client library |
|
||||
| PyJWT | `pip install PyJWT[crypto]` | JWT token validation and inspection |
|
||||
|
||||
## OIDC Discovery Endpoint
|
||||
|
||||
```
|
||||
GET {issuer}/.well-known/openid-configuration
|
||||
```
|
||||
|
||||
Returns: authorization_endpoint, token_endpoint, jwks_uri, supported grant types, scopes.
|
||||
|
||||
## OAuth 2.0 Grant Types
|
||||
|
||||
| Grant Type | Use Case | Security |
|
||||
|------------|----------|----------|
|
||||
| authorization_code | Server-side apps | Recommended with PKCE |
|
||||
| client_credentials | Machine-to-machine | Service accounts only |
|
||||
| implicit | (DEPRECATED) SPAs | Avoid — tokens in URL fragment |
|
||||
| password | (DEPRECATED) Legacy | Avoid — credentials exposed to client |
|
||||
| urn:ietf:params:oauth:grant-type:device_code | IoT/CLI | Approved for limited-input devices |
|
||||
|
||||
## Security Best Practices
|
||||
|
||||
| Practice | RFC |
|
||||
|----------|-----|
|
||||
| PKCE (Proof Key for Code Exchange) | RFC 7636 |
|
||||
| Token Binding | RFC 8471 |
|
||||
| DPoP (Demonstrating Proof of Possession) | RFC 9449 |
|
||||
| Sender-Constrained Tokens | OAuth 2.0 Security BCP |
|
||||
|
||||
## External References
|
||||
|
||||
- [RFC 6749 OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc6749)
|
||||
- [RFC 7636 PKCE](https://datatracker.ietf.org/doc/html/rfc7636)
|
||||
- [OAuth 2.0 Security BCP](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics)
|
||||
- [authlib Documentation](https://docs.authlib.org/)
|
||||
Reference in New Issue
Block a user