When to use Use this skill when you need to: - Implement or debug an OAuth 2.0/2.1 flow in a Fastify application - Validate tokens, configure PKCE, or set up refresh token rotation - Secure Fastify routes and plugins with access-control middleware - Resolve RFC compliance questions or identify security anti-patterns --- Step-by-step: Authorization Code + PKCE in Fastify 1. Install dependencies 2. Register the OAuth plugin Validation checkpoint: Confirm exactly matches a registered redirect URI at the authorization server before proceeding (RFC 6749 §3.1.2). 3. Handle the callback and exchange…