CLAUDE CODE MARKETPLACES
SkillsOrcaQubits/agentic-commerce-skills-pluginsucp-identity-linking

Editor's Note

ucp-identity-linking

>

Install

npx skills add https://github.com/OrcaQubits/agentic-commerce-skills-plugins --skill ucp-identity-linking
SKILL.md

UCP Identity Linking

Before writing code

Fetch live spec: Web-search site:ucp.dev specification identity-linking and fetch the page for exact OAuth requirements, scopes, and metadata format.

Also fetch https://developers.google.com/merchant/ucp/guides/identity-linking for Google's integration guide.

Conceptual Architecture

What It Enables

Identity Linking lets a Platform (AI agent) authenticate a buyer with a Business (merchant) so the agent can:

  • Access the buyer's existing account (loyalty points, saved addresses, order history)
  • Apply account-specific discounts or pricing
  • Provide personalized checkout experiences

Protocol: OAuth 2.0 Authorization Code Flow

UCP mandates RFC 6749 Section 4.1 (Authorization Code) as the primary mechanism:

  1. Platform redirects buyer to Business's authorization endpoint
  2. Buyer authenticates and consents
  3. Business redirects back with authorization code
  4. Platform exchanges code for access token at Business's token endpoint
  5. Platform includes access token in subsequent UCP requests

Requirements

  • HTTP Basic Authentication (RFC 7617) for client credentials at the token endpoint
  • RFC 8414 OAuth Authorization Server Metadata at /.well-known/oauth-authorization-server
  • RFC 7009 token revocation support
  • RFC 9728 HTTP Resource Metadata — for discovering and linking identity provider metadata
  • Optional: OpenID RISC Profile 1.0 for async account status updates (e.g., account deleted)

UCP Scopes

ScopeGrants
ucp:scopes:checkout_sessionAll checkout operations (create, get, update, complete, cancel)

A scope covering a capability grants access to ALL operations of that capability.

Capability Declaration

Identity Linking is declared as a capability in the Business's discovery profile. It includes:

  • Authorization endpoint URL
  • Token endpoint URL
  • Supported scopes
  • Client registration details

Implementation Guidance

Business:

  • Implement standard OAuth 2.0 Authorization Code server
  • Publish OAuth metadata at /.well-known/oauth-authorization-server
  • Map UCP scopes to internal permissions
  • Issue access tokens that the Platform includes in UCP requests

Platform:

  • Discover identity linking capability from Business profile
  • Initiate OAuth flow when buyer wants to link their account
  • Store and refresh access tokens
  • Include tokens in UCP request authorization

Fetch the exact current requirements from the live spec — OAuth details (PKCE requirements, token formats, etc.) may evolve.

Installs0
GitHub Stars32
LanguagePython
AddedJun 10, 2026

Categories

a2aacpagentic-commerceai-commerceap2bigcommerceclaude-code-pluginclaude-plugincodex-cli-plugincursor-plugingemini-cli-extensionmagentomcpopenclaw-pluginshopifystripe-mppucpwebmcpwoocommerce
View on GitHub

Related a2a Skills

View all

composio

composiohq/skills

2.0K642.0K

office-mcp

claude-office-skills/skills

1.1K1191.1K

shopify-automation

claude-office-skills/skills

688119688

mcp-hub

claude-office-skills/skills

519119519

postgresql

diegosouzapw/awesome-omni-skills

0550

rehabilitation-analyzer-v2

diegosouzapw/awesome-omni-skills

0550