building-api-authentication

Featured

Build secure API authentication systems with OAuth2, JWT, API keys, and session management. Use when implementing secure authentication flows. Trigger with phrases like "build authentication", "add API auth", or "secure the API".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Building API Authentication ## Overview Build secure API authentication systems supporting JWT Bearer tokens, OAuth 2.0 authorization code and client credentials flows, API key management, and session-based authentication. Implement token issuance, validation, refresh rotation, revocation, and role-based access control (RBAC) with scoped permissions across all API endpoints. ## Prerequisites - Cryptographic library: `jsonwebtoken` (Node.js), `PyJWT` (Python), or `jjwt` (Java) - Secure secret storage: environment variables, AWS Secrets Manager, or HashiCorp Vault for JWT signing keys - Database table for user credentials, refresh tokens, and API key storage - Bcrypt or Argon2 for password hashing (never store plaintext passwords) - OAuth 2.0 provider credentials for third-party auth integration (Google, GitHub, Auth0) ## Instructions 1. Examine existing authentication setup using Grep and Read, identifying current auth mechanisms, middleware placement, and any endpoints bypassing authentication. 2. Implement JWT token issuance on successful login: sign with RS256 (asymmetric) or HS256 (symmetric), including `sub` (user ID), `iat`, `exp` (15-minute access token), `roles`, and `scopes` in the payload. 3. Create authentication middleware that extracts the Bearer token from the `Authorization` header, verifies the signature and expiration, and injects the decoded user context into the request object. 4. Implement refresh token rotation: issue a long-lived refresh token (30...

Details

Author: jeremylongshore
Repository: jeremylongshore/claude-code-plugins-plus-skills
Created: 7 months ago
Last Updated: today
Language: Python
License: MIT

Integrates with

Anthropic · AI Auth0 · Auth OAuth · Auth

Similar Skills

Semantically similar based on skill content — not just same category

API & Backend Solid

api-authentication

Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.

160 Updated 2 weeks ago

secondsky

AI & Automation Solid

auth-implementation-patterns

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

36,166 Updated yesterday

wshobson

AI & Automation Listed

auth-implementation-patterns

1 Updated today

Mohammadibrahim55

API & Backend Listed

auth-implementation-patterns

21 Updated 5 days ago

HermeticOrmus

AI & Automation Listed

auth-architect

Designs and implements authentication and identity systems. Covers OAuth2 and OIDC flows including authorization code, PKCE, and client credentials; JWT design including RS256 vs HS256, key rotation, token blacklisting, and refresh token strategy; RBAC and ABAC modeling; SSO with Google, GitHub, and SAML 2.0; session management; magic links; MFA with TOTP, SMS, and hardware keys; and API key management. Use this skill when the user says "implement OAuth2," "JWT refresh token rotation," "set up SSO with Google," "design RBAC for multi-tenant," "implement magic link auth," "is my JWT secure," "add login to my app," "session management strategy," or "API key auth."

1 Updated 2 days ago

mturac