Agent skill

oauth-helper

Automate OAuth login flows with user confirmation via Telegram. Supports 7 providers: Google, Apple, Microsoft, GitHub, Discord, WeChat, QQ. Features: - Auto-detect available OAuth options on login pages - Ask user to choose via Telegram when multiple options exist - Confirm before authorizing - Handle account selection and consent pages automatically

Stars 9
Forks 0

Install this agent skill to your Project

npx add-skill https://github.com/delorenj/skills/tree/main/oauth-helper

SKILL.md

OAuth Helper

Automate OAuth login with Telegram confirmation. Supports 7 major providers.

Supported Providers

Provider Status Detection Domain
Google accounts.google.com
Apple appleid.apple.com
Microsoft login.microsoftonline.com, login.live.com
GitHub github.com/login/oauth
Discord discord.com/oauth2
WeChat open.weixin.qq.com
QQ graph.qq.com

Prerequisites

  1. Clawd browser logged into the OAuth providers (one-time setup)
  2. Telegram channel configured

Core Workflow

Flow A: Login Page with Multiple OAuth Options

When user requests to login to a website:

1. Open website login page
2. Scan page for available OAuth buttons
3. Send Telegram message:
   "🔐 [Site] supports these login methods:
    1️⃣ Google
    2️⃣ Apple  
    3️⃣ GitHub
    Reply with number to choose"
4. Wait for user reply (60s timeout)
5. Click the selected OAuth button
6. Enter Flow B

Flow B: OAuth Authorization Page

When on an OAuth provider's page:

1. Detect OAuth page type (by URL)
2. Extract target site info
3. Send Telegram: "🔐 [Site] requests [Provider] login. Confirm? Reply yes"
4. Wait for "yes" (60s timeout)
5. Execute provider-specific click sequence
6. Wait for redirect back to original site
7. Send: "✅ Login successful!"

Detection Patterns

Google

URL patterns:
- accounts.google.com/o/oauth2
- accounts.google.com/signin/oauth
- accounts.google.com/v3/signin

Apple

URL patterns:
- appleid.apple.com/auth/authorize
- appleid.apple.com/auth/oauth2

Microsoft

URL patterns:
- login.microsoftonline.com/common/oauth2
- login.microsoftonline.com/consumers
- login.live.com/oauth20

GitHub

URL patterns:
- github.com/login/oauth/authorize
- github.com/login
- github.com/sessions/two-factor

Discord

URL patterns:
- discord.com/oauth2/authorize
- discord.com/login
- discord.com/api/oauth2

WeChat

URL patterns:
- open.weixin.qq.com/connect/qrconnect
- open.weixin.qq.com/connect/oauth2

QQ

URL patterns:
- graph.qq.com/oauth2.0/authorize
- ssl.xui.ptlogin2.qq.com
- ui.ptlogin2.qq.com

Click Sequences by Provider

Google

Account selector: [data-identifier], .JDAKTe
Auth buttons: button:has-text("Allow"), button:has-text("Continue")

Apple

Email input: input[type="email"], #account_name_text_field
Password: input[type="password"], #password_text_field  
Continue: button#sign-in, button:has-text("Continue")
Trust device: button:has-text("Trust")

Microsoft

Account selector: .table-row[data-test-id]
Email input: input[name="loginfmt"]
Password: input[name="passwd"]
Next: button#idSIButton9
Accept: button#idBtn_Accept

GitHub

Email: input#login_field
Password: input#password
Sign in: input[type="submit"]
Authorize: button[name="authorize"]
2FA: input#app_totp

Discord

Email: input[name="email"]
Password: input[name="password"]
Login: button[type="submit"]
Authorize: button:has-text("Authorize")

WeChat

Method: QR code scan
- Screenshot QR code to user
- Wait for mobile scan confirmation
- Detect page redirect

QQ

Method: QR code or password login
QR: Screenshot to user
Password mode:
  - Switch: a:has-text("密码登录")
  - Username: input#u
  - Password: input#p
  - Login: input#login_button

OAuth Button Detection

Scan login pages for these selectors:

Provider Selectors Common Text
Google [data-provider="google"], .google-btn "Continue with Google"
Apple [data-provider="apple"], .apple-btn "Sign in with Apple"
Microsoft [data-provider="microsoft"] "Sign in with Microsoft"
GitHub [data-provider="github"] "Continue with GitHub"
Discord [data-provider="discord"] "Login with Discord"
WeChat .wechat-btn, img[src*="wechat"] "WeChat Login"
QQ .qq-btn, img[src*="qq"] "QQ Login"

One-Time Setup

Login to each provider in clawd browser:

bash
# Google
browser action=navigate profile=clawd url=https://accounts.google.com

# Apple
browser action=navigate profile=clawd url=https://appleid.apple.com

# Microsoft  
browser action=navigate profile=clawd url=https://login.live.com

# GitHub
browser action=navigate profile=clawd url=https://github.com/login

# Discord
browser action=navigate profile=clawd url=https://discord.com/login

# WeChat/QQ - Use QR scan, no pre-login needed

Error Handling

  • No "yes" reply → Cancel and notify user
  • 2FA required → Prompt user to enter code manually
  • QR timeout → Re-screenshot new QR code
  • Login failed → Screenshot and send to user for debugging

Usage Example

User: Login to Kaggle for me

Agent:
1. Navigate to kaggle.com/account/login
2. Detect Google/Facebook/Yahoo options
3. Send: "🔐 Kaggle supports:
   1️⃣ Google
   2️⃣ Facebook
   3️⃣ Yahoo
   Reply number to choose"
4. User replies: 1
5. Click Google login
6. Detect Google OAuth page
7. Send: "🔐 Kaggle requests Google login. Confirm? Reply yes"
8. User replies: yes
9. Select account, click Continue
10. Send: "✅ Logged into Kaggle!"

Version History

  • v1.0.0 - Initial release with 7 OAuth providers

Expand your agent's capabilities with these related and highly-rated skills.

delorenj/skills

openclaw-upgrade

Upgrade OpenClaw installations to the latest version. Handles global npm installs, local development setups, release channels (stable/beta/dev), configuration preservation, and platform-specific requirements. Use when updating OpenClaw, switching release channels, or troubleshooting update issues.

9 0
Explore
delorenj/skills

vercel-composition-patterns

React composition patterns that scale. Use when refactoring components with boolean prop proliferation, building flexible component libraries, or designing reusable APIs. Triggers on tasks involving compound components, render props, context providers, or component architecture. Includes React 19 API changes.

9 0
Explore
delorenj/skills

security-monitor

Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.

9 0
Explore
delorenj/skills

event-driven-architecture

Kafka, RabbitMQ, SQS/SNS, event sourcing, CQRS, saga patterns, dead letter queues, and idempotency. Use when designing asynchronous systems, implementing message-driven workflows, or building event streaming pipelines.

9 0
Explore
delorenj/skills

shadcn-ui

Expert guidance for integrating and building applications with shadcn/ui components, including component discovery, installation, customization, and best practices.

9 0
Explore
delorenj/skills

just-fucking-cancel

Find and cancel unwanted subscriptions by analyzing bank transactions. Detects recurring charges, calculates annual waste, and helps you cancel with direct URLs and browser automation. Use when: 'cancel subscriptions', 'audit subscriptions', 'find recurring charges', 'what am I paying for', 'save money', 'subscription cleanup', 'stop wasting money'. Supports CSV import (Apple Card, Chase, Amex, Citi, Bank of America, Capital One, Mint, Copilot) OR Plaid API for automatic transaction pull. Outputs interactive HTML audit with one-click cancel workflow. Pairs with Plaid integration for real-time transaction access without CSV exports.

9 0
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results