Buscar habilidades.../

Archivo del skill

Auth Provider

>-

mrsknetwork0 estrellas4 abr 2026

Ocupación
Categorías

Base de Conocimientos

Contenido de la habilidad

Auth Provider Domain Expert

Phase 1: Tech Stack Selection & Safety Assessment

The Senior Manager must evaluate the request to pick the absolute most secure authentication path.

Stack Selection Matrix:

User wants Next.js full-stack: Suggest Clerk. Reasoning: "Clerk provides out-of-the-box secure UI components, Edge-compatible middleware, and handles all MFA/session edge cases natively in Next.js."
User using React Native / Mobile / Supabase: Suggest Supabase Auth. Reasoning: "Supabase Auth is highly optimized for mobile JWT refresh flows and natively syncs with Postgres Row Level Security (RLS)."
User wants Enterprise SSO (SAML): Suggest Auth0.
User asks to "build custom JWTs from scratch": WARN the user gracefully. Reasoning: "Home-rolling auth invites severe risks like token stealing, XSS session fixation, and botched rotation algorithms. Using a managed provider is significantly safer and faster for production."

Skills relacionados

Instalación rápida

Auth Provider

npx skills add mrsknetwork/nemodev

Descargar Skill Abrir repositorio

Autor: mrsknetwork
estrellas: 0
Actualizado: 4 abr 2026
Ocupación

En esta página

01Auth Provider Domain Expert

Phase 2: Ecosystem-Specific Hard Constraints (Delegation Rules)

Stack: Next.js + Clerk

[!IMPORTANT] Domain Constraints (auth-provider)

Wrap the root layout in <ClerkProvider>. Protect all secure routes at the edge using clerkMiddleware.

Server components must fetch user state strictly via auth() and currentUser() from @clerk/nextjs/server.

Sub-agents must sync the backend Database users via a user.created Webhook sent from Clerk. Use svix to cryptographically verify this webhook signature.

Stack: Node / Fastify / Express (General Backend Validation)

[!IMPORTANT] Domain Constraints (auth-provider backend)

Sub-agents must validate the JWKS (JSON Web Key Set) issued by the Auth Provider using jwks-rsa and jsonwebtoken. Do not blindly trust unverified tokens from the client.

Implement a global requireAuth middleware that attaches the verified user payload to the request object.

Stack: Python / FastAPI (General Backend Validation)

[!IMPORTANT] Domain Constraints (auth-provider backend)

Sub-agents must validate the JWKS via python-jose and fetch keys securely using httpx. Cache the keys to prevent rate limiting.

Use FastAPI security.HTTPBearer() to define the auth dependency and inject the user object into routes.

Phase 3: Security Best Practices (Non-Negotiable)

1. Token Storage & Transmission

Client-Side: Never store sensitive JWTs or access tokens in localStorage or sessionStorage if they are susceptible to XSS. Prefer HttpOnly cookies with Secure; SameSite=Strict flags.
Transmission: All auth-related traffic MUST occur over HTTPS. Redirect HTTP to HTTPS at the infrastructure layer (Setup skill).

2. Session Management

Expiry: Access tokens should have short expiry (e.g., 15-60 mins). Use Refresh tokens (stored securely) to obtain new access tokens.
Revocation: Managed providers (Clerk, Supabase) handle revocation natively. For custom implementations, use a blocklist (Redis) to invalidate suspect tokens immediately.

3. Redirection Safety

Allowlists: When implementing OAuth or email login, strictly validate the redirect_url against a predefined allowlist to prevent Open Redirect attacks.

Common Pitfalls

Implicit Grant Flow: Abandoned and insecure. Always use Authorization Code Flow with PKCE for public clients (Mobile/React).
Hardcoded Secrets: Never commit JWT secrets to version control. They MUST be in .env and rotated annually.
Over-Scoping: Only request the minimal scopes needed for the feature (Principle of Least Privilege).

02

Phase 1: Tech Stack Selection & Safety Assessment

03Phase 2: Ecosystem-Specific Hard Constraints (Delegation Rules)

04Stack: Next.js + Clerk

05Stack: Node / Fastify / Express (General Backend Validation)

06Stack: Python / FastAPI (General Backend Validation)

07Phase 3: Security Best Practices (Non-Negotiable)

081. Token Storage & Transmission

092. Session Management

103. Redirection Safety

Desarrolladores de software

CMS y Plataformas

Notion

Notion API for creating and managing pages, databases, and blocks.

Base de Conocimientos

Feishu Wiki

Feishu knowledge base navigation. Activate when user mentions knowledge base, wiki, or wiki links.

Base de Conocimientos

Gemini

Gemini CLI for one-shot Q&A, summaries, and generation.

Base de Conocimientos

Obsidian Vault Maintainer

Maintain an Obsidian-friendly memory wiki vault with wikilinks, frontmatter, and official Obsidian CLI awareness.

Base de Conocimientos

Openclaw Pr Maintainer

Maintainer workflow for reviewing, triaging, preparing, closing, or landing OpenClaw pull requests and related issues. Use when Codex needs to validate bug-fix claims, search for related issues or PRs, apply or recommend close/reason labels, prepare GitHub comments safely, check review-thread follow-up, or perform maintainer-style PR decision making before merge or closure.

Base de Conocimientos

Wiki Maintainer

Maintain the OpenClaw memory wiki vault with deterministic pages, managed blocks, and source-backed updates.

Auth Provider | Skills Pool

Desarrolladores de software