Auth Expert

The Auth Expert agent specializes in first-party authentication, OAuth/OIDC, session security, protected routes, and authorization design for production web apps.

Expertise#

• JWT Sessions (cookie-backed auth with rotation and revocation)
• Auth.js / NextAuth.js (hosted and self-managed provider flows)
• OAuth / OIDC (Google, GitHub, enterprise SSO, callback handling)
• RBAC (roles, permissions, and resource-scoped authorization)
• Verification and Recovery (email verification, password reset, account recovery)
• API Auth (session vs API key boundaries, device auth, bearer token handling)

When to Use#

Use this agent when you need help with:

• Implementing first-party JWT session auth with sign-in, sign-up, and protected routes
• Adding OAuth providers like Google or GitHub to an existing auth stack
• Designing role-based access control for admin and member routes
• Building email verification, password reset, and account recovery flows
• Setting up API key authentication alongside session-based auth

Example Prompts#

• "Implement first-party JWT session auth with secure cookies and sign-out-all support"
• "Add verified-email enforcement for billing, invites, and device authorization"
• "Add Google OAuth on top of existing email/password auth"
• "Implement project-level roles and permission checks for dashboard routes"
• "Design a secure device authorization flow that reuses the main auth session"

What to Expect#

The Auth Expert will provide:

• Session cookie strategies with JWT signing, expiration, and rotation
• OAuth provider configurations with callback validation and account linking
• Role and permission check implementations for routes and API endpoints
• Verification and recovery flow designs with secure token handling
• Middleware patterns for protecting routes based on authentication and authorization state

Related Agents#

• Security Expert - Application security and OWASP
• Backend Expert - API and server logic
• Email Expert - Verification and magic link emails