SKILL-080 Authentication and account lifecycle Locked skill

Social login

Only auto-link a social login to an existing user when the provider says the email is verified — otherwise you hand attackers a free account takeover.

Unlock download Unlock downloads

What this skill helps you build

Let users sign in with Google or GitHub, handle the OAuth callback, and link to an existing account only through a provider-verified email.

The production takeaway

Only auto-link a social login to an existing user when the provider says the email is verified — otherwise you hand attackers a free account takeover.

Inside this skill

The full skill expands these implementation areas with decisions, edge cases, prompts, tests, and framework-specific code.

Authentication and account lifecycle

What this helps you build

A "Sign in with Google / GitHub" flow that does the boring parts correctly: the OAuth round trip, a safe callback, and account linking that doesn't let a stranger walk into someone

🔒

Authentication and account lifecycle

When to use this

Reach for social login when you want to lower signup friction or avoid storing passwords at all. It's a good fit when: Your users already live in Google Workspace or GitHub and exp

🔒

Authentication and account lifecycle

The core idea

A successful OAuth login gives you a provider google , github and a stable provider user id sub for Google, the numeric id for GitHub . That pair — not the email — is the durable i

🔒

Unlock the full implementation

Paid access includes the complete skill body, implementation prompt, common mistakes, production checklist, and code examples where this skill includes them.

Unlock all skills — $199 Browse the library