miro-security-basics

Featured

Apply Miro REST API v2 security best practices — OAuth scope minimization, token storage, webhook signature validation, and secret rotation. Trigger with phrases like "miro security", "miro secrets", "secure miro", "miro token security", "miro webhook signature".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Miro Security Basics ## Overview Security best practices for Miro OAuth 2.0 tokens, webhook signatures, and access control across the REST API v2. ## Prerequisites - Miro app created at https://developers.miro.com - Understanding of OAuth 2.0 concepts - Secret management solution for production ## OAuth Token Security ### Never Store Tokens in Code ```bash # .env (NEVER commit to git) MIRO_CLIENT_ID=3458764500000001 MIRO_CLIENT_SECRET=your_client_secret_here MIRO_ACCESS_TOKEN=eyJ... MIRO_REFRESH_TOKEN=eyJ... # .gitignore — MUST include these .env .env.local .env.*.local *.pem ``` ### Scope Minimization Request only the scopes your app actually needs. Fewer scopes = smaller blast radius if a token is compromised. | Use Case | Minimum Scopes | |----------|---------------| | Read-only dashboard | `boards:read` | | Board automation | `boards:read`, `boards:write` | | Team management | `boards:read`, `team:read`, `team:write` | | Enterprise admin | `boards:read`, `organizations:read`, `auditlogs:read` | | Full integration | `boards:read`, `boards:write`, `identity:read` | ### Token Lifecycle Management ```typescript // src/miro/token-manager.ts interface TokenInfo { accessToken: string; refreshToken: string; expiresAt: number; // Unix timestamp in ms scopes: string[]; } class MiroTokenManager { constructor( private storage: TokenStorage, // DB, Redis, or Vault private clientId: string, private clientSecret: string, ) {} async getValid...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI Redis · Database OAuth · Auth REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

miro-install-auth

Install and configure Miro REST API v2 authentication with OAuth 2.0. Use when setting up a new Miro app, configuring OAuth tokens, or initializing the @mirohq/miro-api Node.js client. Trigger with phrases like "install miro", "setup miro", "miro auth", "miro OAuth", "configure miro API".

2,266 Updated today
jeremylongshore
AI & Automation Featured

miro-prod-checklist

Execute Miro REST API v2 production deployment checklist and rollback procedures. Use when deploying Miro integrations to production, preparing for launch, or implementing go-live procedures for Miro apps. Trigger with phrases like "miro production", "deploy miro", "miro go-live", "miro launch checklist", "miro production ready".

2,266 Updated today
jeremylongshore
AI & Automation Featured

miro-multi-env-setup

Configure Miro REST API v2 across development, staging, and production with separate OAuth apps, isolated test boards, and secret management. Trigger with phrases like "miro environments", "miro staging", "miro dev prod", "miro environment setup", "miro multi env".

2,266 Updated today
jeremylongshore
AI & Automation Featured

miro-sdk-patterns

Apply production-ready patterns for @mirohq/miro-api client usage. Use when implementing Miro integrations, refactoring SDK usage, or establishing coding standards for Miro REST API v2. Trigger with phrases like "miro SDK patterns", "miro best practices", "miro code patterns", "miro client wrapper", "miro typescript".

2,266 Updated today
jeremylongshore
AI & Automation Featured

hubspot-security-basics

Apply HubSpot security best practices for tokens, scopes, and webhook verification. Use when securing private app tokens, implementing least privilege scopes, or validating HubSpot webhook signatures. Trigger with phrases like "hubspot security", "hubspot token rotation", "secure hubspot", "hubspot scopes", "hubspot webhook verify".

2,266 Updated today
jeremylongshore