Set up authentication, authorization, and identity providers for Power Pages sites.
The material indicates this is an open-source, prompt-only skill with no declared secrets or remote endpoints, so the overall risk is low. It primarily guides authentication and authorization setup for a Power Pages site; caution is limited to local project auth-related code/config changes, with no clear data exfiltration or major red flags shown.
The material explicitly states that no secrets or environment variables are required, and the README does not ask for tokens, API keys, or account credentials. Although the subject matter involves identity provider configuration, the disclosed content does not show the skill itself collecting, storing, or transmitting credentials.
No remote endpoints are declared; based on the provided material, this appears to be a prompt-only skill for generating/guiding authentication configuration, with no described transmission of user data to third-party services. References to Entra ID, Google, and Facebook are identity provider options, not evidence that the skill itself performs outbound network calls.
The README includes a plugin-check command `node "${CLAUDE_PLUGIN_ROOT}/scripts/check-version.js"`, and the workflow mentions validating that builds succeed, indicating the usage context may involve running local checks or build commands in the project environment. For a skill/tool, this is a normal local development capability that warrants attention, but the material does not show privilege escalation or requests for unusually broad system permissions.
The documentation instructs locating `powerpages.config.json`, checking `.powerpages-site`, detecting existing auth code, and creating/modifying auth services, authorization utilities, and UI, indicating access to and modification of local project files. This scope is generally consistent with the stated function, and there is no indication of data access beyond what is needed for authentication setup.
The source is an open-source Microsoft-related GitHub repository, making the code auditable and materially lowering supply-chain risk. Cautionary context remains: the repo shows 0 stars, no declared license, and unknown maintenance status, but the provided material does not show a closed-source package, deceptive provenance, or suspicious injection red flags.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "setup-auth" skill from askskill: 1. Download https://raw.githubusercontent.com/microsoft/power-platform-skills/main/plugins/power-pages/skills/setup-auth/SKILL.md 2. Save it as ~/.claude/skills/setup-auth/SKILL.md 3. Reload skills and tell me it's ready
Set up Microsoft Entra ID login for my Power Pages site, including sign-in, sign-out, protected page access control, and the configuration steps I need to change.
A configuration plan for Entra ID authentication and authorization, including sign-in, sign-out, and protected page settings.
Help me enable local username-password login in Power Pages, with sign-up, sign-in, sign-out, and pages accessible only to authenticated users.
Instructions to enable local authentication, configure user access restrictions, and implement the setup.
Integrate Google sign-in for my Power Pages site and configure role-based access to different pages after login.
A third-party sign-in integration plan and recommendations for role-based page authorization.
Plugin check: Run
node "${CLAUDE_PLUGIN_ROOT}/scripts/check-version.js"— if it outputs a message, show it to the user before proceeding.
Configure authentication (login/logout) and role-based authorization for a Power Pages code site. This skill supports multiple identity providers -- Microsoft Entra ID, Entra External ID (for customer-facing apps with self-service sign-up), OpenID Connect (generic), SAML2, WS-Federation, local authentication (username/password), Microsoft Account, Facebook, and Google. It also supports optional features including invitation-based registration and Terms & Conditions acceptance. Power Pages built-in 2FA is intentionally not scaffolded because the SendCode/VerifyCode pages are server-rendered and cannot be integrated into a SPA experience — use IdP-level MFA instead. It creates an auth service, type declarations, authorization utilities, auth UI components, and role-based access control patterns appropriate to the site's framework and chosen identity provider(s).
Initial request: $ARGUMENTS
Prerequisites:
- An existing Power Pages code site created via
/create-site- The site must be deployed at least once (
.powerpages-sitefolder must exist)- Web roles must be created via
/create-webroles
Goal: Confirm the project exists, identify the framework, verify deployment status and web roles, and check for existing auth code.
Look for powerpages.config.json in the current directory or immediate subdirectories:
**/powerpages.config.json
If not found: Tell the user to create a site first with /create-site.
Read package.json to determine the framework (React, Vue, Angular, or Astro). See ${CLAUDE_PLUGIN_ROOT}/references/framework-conventions.md for the full framework detection mapping.
Look for the .powerpages-site folder:
**/.powerpages-site
If not found: Tell the user the site must be deployed first:
"The
.powerpages-sitefolder was not found. The site needs to be deployed at least once before authentication can be configured."
Use AskUserQuestion:
| Question | Options |
|---|---|
| Your site needs to be deployed first. Would you like to deploy now? | Yes, deploy now (Recommended), No, I'll do it later |
If "Yes, deploy now": Invoke /deploy-site, then resume.
If "No": Stop — the site must be deployed first.
Look for web role YAML files in .powerpages-site/web-roles/:
**/.powerpages-site/web-roles/*.yml
…
Review and fix Power Pages security headers, CSP, CORS, cookies, and embedding settings.
Run an end-to-end Power Pages security review with a consolidated HTML report.
Test deployed Power Pages sites with browsing, crawling, and API verification.
Add a data source or connector to a Power Apps code app.
Add Azure DevOps to Power Apps for work items, bugs, pipelines, and API calls.
Set up Power Platform Pipelines for automated Power Pages deployments.
Integrate Power Automate cloud flows into Power Pages with generated metadata and code.
Set up authentication, identity mapping, and access control in Convex apps.
Set up Entra ID app registration, OAuth, permissions, and MSAL integration.
Create a publisher and solution, then package Power Pages components for ALM.
Add essential SEO settings to Power Pages sites for better visibility and sharing.
Inspect and configure WAF protection for a Power Pages production site.