- Home
- Skills
- Cameronapak
- Bknd Skills
- Bknd Oauth Setup
bknd-oauth-setup_skill
2
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill cameronapak/bknd-skills --skill bknd-oauth-setup- SKILL.md14.2 KB
Overview
This skill helps you configure OAuth and social login providers for a Bknd application, covering Google, GitHub and custom providers. It explains required provider credentials, callback URLs, environment variables, and frontend integration patterns for both cookie and token flows. Use it to enable secure OAuth sign-in, registration, and multi-provider setups in Bknd projects.
How this skill works
The skill inspects provider requirements and guides you through adding strategies to bknd.config.ts and setting environment variables for client_id and client_secret. It describes built-in providers (google, github) and shows how to configure custom OAuth/OIDC servers with authorization, token, and userinfo endpoints. It also maps the exposed Bknd auth endpoints and shows both cookie-based (SSR) and token-based (SPA) frontend flows including callback handling and challenge verification.
When to use it
- Setting up Google or GitHub OAuth for a Bknd app
- Adding multiple providers or enabling password + OAuth strategies
- Configuring a custom OAuth/OIDC provider (Slack, Discord, Microsoft)
- Testing flows from the admin UI or via API endpoints
- Integrating frontend login buttons and callback pages
Best practices
- Store client secrets and JWT_SECRET in environment variables, never in source code
- Use HTTPS and secure cookie settings in production; set secure=false on localhost
- Set cookie.sameSite to "lax" to allow OAuth redirects
- Ensure callback URLs listed in provider dashboards exactly match your Bknd host configuration
- Test flows in incognito and verify the OAuth challenge during token-based flows
Example use cases
- Enable Google sign-in for quick user onboarding and profile import
- Add GitHub login for developer-focused apps and email verification
- Configure Slack or Discord as a custom OAuth2 provider using custom endpoints
- Implement cookie-based OAuth for SSR apps and token-based flow for SPA with localStorage
- Expose multiple strategies (password + google + github) so users can choose their method
FAQ
Use http://localhost:7654/api/auth/{provider}/callback in development and https://api.yourapp.com/api/auth/{provider}/callback in production; these must match the host configured for Bknd.
Why do I get redirect_uri_mismatch?
This happens when the redirect URI configured in the provider dashboard does not exactly match the URL Bknd uses. Verify host, path, and protocol match precisely.
When should I use cookie vs token flow?
Use cookie-based flow for server-rendered apps (recommended for SSR) because the backend sets the session cookie. Use token-based flow for SPAs where you manage the OAuth challenge and persist tokens in client storage.