api-authentication | aj-geddes-useful-ai-prompts-4 | ClaudePluginHub

Skill

api-authentication

From aj-geddes-useful-ai-prompts-4

Implements secure API authentication with JWT, OAuth 2.0, API keys, and session management. Use for securing endpoints, token handling, and user login flows.

Install

$

npx claudepluginhub joshuarweaver/cascade-code-languages-misc-1 --plugin aj-geddes-useful-ai-prompts-4

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- [Overview](#overview)

Supporting Assets

references/api-key-authentication.mdreferences/jwt-authentication.mdreferences/oauth-20-implementation.mdreferences/python-authentication-implementation.mdscripts/security-checklist.sh

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

159.9k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

159.9k

next-compile

1 file

Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.

vercel-next-js-2

139.2k

Stats

Stars180

Forks28

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

api-authentication

session-management

API Authentication

Table of Contents

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement comprehensive authentication strategies for APIs including JWT tokens, OAuth 2.0, API keys, and session management with proper security practices.

When to Use

Securing API endpoints
Implementing user login/logout flows
Managing access tokens and refresh tokens
Integrating OAuth 2.0 providers
Protecting sensitive data
Implementing API key authentication

Quick Start

Minimal working example:

// Node.js JWT Implementation
const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');

const app = express();
const SECRET_KEY = process.env.JWT_SECRET || 'your-secret-key';
const REFRESH_SECRET = process.env.REFRESH_SECRET || 'your-refresh-secret';

// User login endpoint
app.post('/api/auth/login', async (req, res) => {
  try {
    const { email, password } = req.body;

    // Find user in database
    const user = await User.findOne({ email });
    if (!user) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

    // Verify password
    const isValid = await bcrypt.compare(password, user.password);
    if (!isValid) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
JWT Authentication	JWT Authentication
OAuth 2.0 Implementation	OAuth 2.0 Implementation
API Key Authentication	API Key Authentication
Python Authentication Implementation	Python Authentication Implementation

Best Practices

✅ DO

Use HTTPS for all authentication
Store tokens securely (HttpOnly cookies)
Implement token refresh mechanism
Set appropriate token expiration times
Hash and salt passwords
Use strong secret keys
Validate tokens on every request
Implement rate limiting on auth endpoints
Log authentication attempts
Rotate secrets regularly

❌ DON'T

Store passwords in plain text
Send tokens in URL parameters
Use weak secret keys
Store sensitive data in JWT payload
Ignore token expiration
Disable HTTPS in production
Log sensitive tokens
Reuse API keys across services
Store credentials in code