How do I use the "Implement OAuth 2.0 Authentication System" prompt?

Copy the prompt template, fill in the variables (APPLICATION_TYPE, PROGRAMMING_LANGUAGE, FRAMEWORK, OAUTH_PROVIDER), and paste it into ChatGPT, Claude, or Gemini.

What AI tools work with this coding prompt?

This prompt works with chatgpt, claude, gemini. Simply copy and paste the template into any of these AI assistants.

Tips for getting the best results?

Always validate the state parameter to prevent CSRF attacks during OAuth flows Store refresh tokens encrypted and implement token rotation for enhanced security Use environment variables for all sensitive configuration data like client secrets Implement proper session management with secure cookies and appropriate timeouts Test the complete flow including error scenarios and token expiration handling

coding advanced

Implement OAuth 2.0 Authentication System

Get step-by-step OAuth 2.0 implementation code with security best practices. Perfect for secure user authentication in web apps.

Works with: chatgptclaudegemini

Prompt Template

I need to implement OAuth 2.0 authentication for my [APPLICATION_TYPE] application using [PROGRAMMING_LANGUAGE] and [FRAMEWORK]. The OAuth provider is [OAUTH_PROVIDER]. Please provide a complete implementation that includes: 1. **Initial Setup**: Configuration setup, environment variables, and required dependencies/packages 2. **Authorization Flow**: Code to initiate the OAuth authorization request with proper scopes 3. **Callback Handling**: Secure callback endpoint to handle the authorization code and exchange it for tokens 4. **Token Management**: Secure storage and refresh token handling 5. **User Session**: Integration with user sessions and profile data retrieval 6. **Security Measures**: CSRF protection, state parameter validation, and secure token storage 7. **Error Handling**: Comprehensive error handling for failed authentication attempts 8. **Middleware/Guards**: Route protection middleware for authenticated endpoints Requirements: - Follow OAuth 2.0 security best practices - Include detailed code comments explaining each step - Implement proper error handling and logging - Use secure methods for storing sensitive data - Include example usage and testing instructions - Ensure the code is production-ready with security considerations Please structure the response with clear sections and provide any additional security recommendations specific to [OAUTH_PROVIDER] integration.

Variables to Customize

[APPLICATION_TYPE]

Type of application (web app, mobile app, SPA, etc.)

Example: web application

[PROGRAMMING_LANGUAGE]

Programming language for the implementation

Example: Node.js

[FRAMEWORK]

Framework or library being used

Example: Express.js

[OAUTH_PROVIDER]

OAuth provider service

Example: Google

Example Output

# Google OAuth 2.0 Implementation for Node.js/Express Web Application ## 1. Initial Setup ```javascript // Install dependencies npm install express express-session passport passport-google-oauth20 dotenv // Environment variables (.env) GOOGLE_CLIENT_ID=your_client_id GOOGLE_CLIENT_SECRET=your_client_secret SESSION_SECRET=your_session_secret REDIRECT_URI=http://localhost:3000/auth/google/callback ``` ## 2. OAuth Configuration ```javascript const passport = require('passport'); const GoogleStrategy = require('passport-google-oauth20').Strategy; passport.use(new GoogleStrategy({ clientID: process.env.GOOGLE_CLIENT_ID, clientSecret: process.env.GOOGLE_CLIENT_SECRET, callbackURL: process.env.REDIRECT_URI }, async (accessToken, refreshToken, profile, done) => { // Store user data and tokens securely const user = { id: profile.id, email: profile.emails[0].value, name: profile.displayName, accessToken: accessToken, refreshToken: refreshToken }; return done(null, user); })); ``` **Security Recommendations:** - Store refresh tokens encrypted in database - Implement token rotation - Use HTTPS in production - Validate state parameters - Set appropriate session timeouts

Pro Tips for Best Results

Always validate the state parameter to prevent CSRF attacks during OAuth flows
Store refresh tokens encrypted and implement token rotation for enhanced security
Use environment variables for all sensitive configuration data like client secrets
Implement proper session management with secure cookies and appropriate timeouts
Test the complete flow including error scenarios and token expiration handling