Agent Skillszhaoxuya520/reverse-skill › competition-oauth-oidc-chain

competition-oauth-oidc-chain

GitHub

CTF沙箱下游技能,专用于追踪和分析OAuth/OIDC认证链。涵盖重定向、PKCE、Token交换及身份接受流程,旨在证明从入口请求到最终权限获取的最小可复现路径,需在前置沙箱上下文建立后使用。

CTF-Sandbox-Orchestrator/competition-oauth-oidc-chain/SKILL.md zhaoxuya520/reverse-skill

Trigger Scenarios

用户询问如何追踪OAuth或OIDC的重定向与回调参数 需要解释认证链如何将令牌转换为被接受的Identity或特权 涉及PKCE、State/Nonce处理或Token刷新逻辑的分析

Install

npx skills add zhaoxuya520/reverse-skill --skill competition-oauth-oidc-chain -g -y
More Options

Non-standard path

npx skills add https://github.com/zhaoxuya520/reverse-skill/tree/main/CTF-Sandbox-Orchestrator/competition-oauth-oidc-chain -g -y

Use without installing

npx skills use zhaoxuya520/reverse-skill@competition-oauth-oidc-chain

指定 Agent (Claude Code)

npx skills add zhaoxuya520/reverse-skill --skill competition-oauth-oidc-chain -a claude-code -g -y

安装 repo 全部 skill

npx skills add zhaoxuya520/reverse-skill --all -g -y

预览 repo 内 skill

npx skills add zhaoxuya520/reverse-skill --list

SKILL.md

Frontmatter
{
    "name": "competition-oauth-oidc-chain",
    "description": "Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for OAuth, OIDC, redirect flows, state or nonce handling, PKCE, token exchange, refresh logic, claim mapping, and accepted login paths. Use when the user asks to trace redirects, callback parameters, scopes, state, nonce, PKCE, refresh tokens, consent, or explain how an OAuth or OIDC chain turns into accepted identity or privilege. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here."
}

Competition OAuth OIDC Chain

Use this skill only as a downstream specialization after $ctf-sandbox-orchestrator is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to $ctf-sandbox-orchestrator first.

Use this skill when the hard part is proving how an OAuth or OIDC flow is shaped, exchanged, and ultimately accepted.

Reply in Simplified Chinese unless the user explicitly requests English.

Quick Start

  1. Map the auth chain in order: entry route, redirect, authorize request, callback, token exchange, refresh, and final accepting service.
  2. Record scopes, state, nonce, PKCE material, redirect URIs, and claim-bearing tokens before mutating anything.
  3. Separate token possession from actual identity acceptance.
  4. Keep browser-visible redirects and backend-visible token exchange in one compact chain.
  5. Reproduce the smallest redirect-to-acceptance flow that proves the decisive identity edge.

Workflow

1. Map The Redirect And Token Path

  • Record issuer, client ID, redirect URI, authorize parameters, callback parameters, token endpoint, and refresh path.
  • Note which values are user-controlled, derived, cached, or validated: state, nonce, PKCE verifier, audience, scope, or prompt.
  • Keep browser redirects, server-side exchanges, and resulting session state tied together.

2. Prove Token-To-Identity Acceptance

  • Show how code, ID token, access token, or refresh token turns into app session, claims mapping, tenant selection, or accepted privilege.
  • Record token claims, expiration, audience, subject, scopes, and the exact accepting app or backend edge.
  • Distinguish UI login success from backend authorization success.

3. Reduce To The Decisive OAuth Chain

  • Compress the result to the smallest sequence: entry request -> redirect -> callback -> token or claim acceptance -> resulting capability.
  • Keep one canonical good flow and one minimal mutated flow if a parameter change matters.
  • If the task broadens into generic web routing or storage behavior outside the auth chain, switch back to the broader web-runtime skill.

Read This Reference

  • Load references/oauth-oidc-chain.md for the redirect checklist, token checklist, and evidence packaging.
  • If the hard part is JWT header parsing, claim normalization, key lookup, or token validation confusion after issuance, prefer $competition-jwt-claim-confusion.

What To Preserve

  • Redirect URIs, parameters, codes, token claims, scopes, and the accepting service or callback
  • The exact point where claims or tokens become accepted app identity
  • One minimal replayable redirect-to-acceptance sequence

Version History

  • 1bec1f2 Current 2026-07-05 18:45

Same Skill Collection

CTF-Sandbox-Orchestrator/competition-crypto-mobile/SKILL.md
CTF-Sandbox-Orchestrator/competition-reverse-pwn/SKILL.md
CTF-Sandbox-Orchestrator/competition-stego-media/SKILL.md
CTF-Sandbox-Orchestrator/competition-web-runtime/SKILL.md
CTF-Sandbox-Orchestrator/ctf-sandbox-orchestrator/SKILL.md
skills/apk-reverse/SKILL.md
skills/binary-diff/SKILL.md
skills/browser-automation/SKILL.md
skills/docs-generator/SKILL.md
skills/dotnet-reverse/SKILL.md
skills/firmware-pentest/SKILL.md
skills/js-reverse/SKILL.md
skills/patch-diff-exploit/SKILL.md
skills/pentest-tools/SKILL.md
skills/pentest-tools/src-hunter/SKILL.md
skills/pwn-chain/SKILL.md
skills/radare2/SKILL.md
CTF-Sandbox-Orchestrator/competition-ad-certificate-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-agent-cloud/SKILL.md
CTF-Sandbox-Orchestrator/competition-android-hooking/SKILL.md
CTF-Sandbox-Orchestrator/competition-browser-persistence/SKILL.md
CTF-Sandbox-Orchestrator/competition-bundle-sourcemap-recovery/SKILL.md
CTF-Sandbox-Orchestrator/competition-cloud-metadata-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-container-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-custom-protocol-replay/SKILL.md
CTF-Sandbox-Orchestrator/competition-dpapi-credential-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-file-parser-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-firmware-layout/SKILL.md
CTF-Sandbox-Orchestrator/competition-forensic-timeline/SKILL.md
CTF-Sandbox-Orchestrator/competition-graphql-rpc-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-identity-windows/SKILL.md
CTF-Sandbox-Orchestrator/competition-ios-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-jwt-claim-confusion/SKILL.md
CTF-Sandbox-Orchestrator/competition-k8s-control-plane/SKILL.md
CTF-Sandbox-Orchestrator/competition-kerberos-delegation/SKILL.md
CTF-Sandbox-Orchestrator/competition-kernel-container-escape/SKILL.md
CTF-Sandbox-Orchestrator/competition-linux-credential-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-lsass-ticket-material/SKILL.md
CTF-Sandbox-Orchestrator/competition-mailbox-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-malware-config/SKILL.md
CTF-Sandbox-Orchestrator/competition-pcap-protocol/SKILL.md
CTF-Sandbox-Orchestrator/competition-prompt-injection/SKILL.md
CTF-Sandbox-Orchestrator/competition-queue-worker-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-race-condition-state-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-relay-coercion-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-request-normalization-smuggling/SKILL.md
CTF-Sandbox-Orchestrator/competition-runtime-routing/SKILL.md
CTF-Sandbox-Orchestrator/competition-ssrf-metadata-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-supply-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-template-render-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-websocket-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-windows-pivot/SKILL.md
skills/diagram-generator/SKILL.md
skills/edr-bypass-re/SKILL.md
skills/ida-reverse/SKILL.md
skills/reverse-engineering/SKILL.md

Metadata

Files
0
Version
1bec1f2
Hash
47d4f2a2
Indexed
2026-07-05 18:45

trang chủ - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-08 20:38
浙ICP备14020137号-1 $bản đồ khách truy cập$