Bootspring
HomeGet Started

auth-flow Skill

Implement secure authentication patterns including OAuth, session management, and protected routes.

Overview

The auth-flow skill generates production-ready authentication code following security best practices. It supports multiple authentication providers and patterns.

Usage

Use the auth-flow skill to implement OAuth authentication with Google and GitHub.

Parameters

ParameterTypeRequiredDescription
providerstringYesAuth provider: jwt, nextauth, custom
strategiesarrayNoLogin strategies: oauth, credentials, magic-link
providersarrayNoOAuth providers: google, github, apple
sessionTypestringNoSession strategy: jwt, database

Generated Output

Server-Side Auth Check (JWT Sessions)

Loading code block...

Protected Layout

Loading code block...

Get Current User Details

Loading code block...

NextAuth.js Setup

Loading code block...

Custom JWT Session Management

Loading code block...

Middleware Configuration

Loading code block...

OAuth Social Buttons

Loading code block...

Client-Side Auth Hook

Loading code block...

Features Included

  • Server-side authentication checks
  • Protected route layouts
  • JWT session management
  • OAuth provider integration
  • Middleware protection
  • Current-user session helpers
  • Client-side hooks

Customization Options

Use the auth-flow skill with: - provider: "nextauth" - strategies: ["oauth", "credentials"] - providers: ["google", "github"] - sessionType: "jwt"

Best Practices

Security Considerations

  • Always use httpOnly cookies for session tokens
  • Set secure: true in production
  • Use sameSite: 'lax' or 'strict' for CSRF protection
  • Never expose JWT secrets to client-side code
  • Implement session refresh for long-lived sessions

Authentication Flow

  1. User initiates login
  2. Validate credentials or OAuth callback
  3. Create session token
  4. Store in secure cookie
  5. Verify token on protected routes
  6. Refresh token before expiry

Error Handling

Loading code block...

Related Skills