Skill

catalyst-authentication

Handles Catalyst user login/signup, ZAID environment verification, Web SDK auth flows, and OAuth token management via Connections. Essential for implementing authentication and protecting data.

authentication

security

Popularity

Shared by

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/catalyst-by-zoho:catalyst-authentication

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

1. **Identify flow type** — Hosted login (redirect to Catalyst login page), embedded login (custom UI), or backend `getCurrentUser` check.

Supporting Files

references/auth-basics.mdreferences/connections.md

SKILL.md

32 lines · ~837 tokens

Stats

Stars0

MaintenanceExcellent

Last CommitJun 17, 2026

Actions

View Source View Plugin View on GitHub View README

How It Works

Identify flow type — Hosted login (redirect to Catalyst login page), embedded login (custom UI), or backend getCurrentUser check.
Load references/auth-basics.md — for signup/login flows, ZAID gotcha, hosted vs embedded login, and common auth errors.
ZAID warning — ZAID differs between Development and Production. This is the #1 auth issue in production. Always verify the environment.
Security Rules — If the query involves controlling who can invoke a function, route to catalyst-functions skill and its references/functions-basics.md Security Rules section. Security Rules has two parameters: (a) methods — which HTTP methods (GET/POST/PUT/DELETE/PATCH) are enabled for the function (removing a method blocks that verb entirely), and (b) authentication — a single binary flag (optional = public, required = authenticated users only) applied function-wide, not per-method. For role-based data access control, route to DataStore Scopes and Permissions (Console → Table → Scopes and Permissions).
OAuth / Connections — Load references/connections.md for external API OAuth token management (Zoho or third-party).

Security Checklist

ZAID is environment-specific. The Development ZAID is different from the Production ZAID. Social logins (Google, Facebook, LinkedIn, Microsoft) configured in Development MUST be reconfigured with the Production ZAID and production app domain before going live — using the wrong ZAID causes all social logins to silently fail in production.
DataStore permissions are separate from function-level auth. Requiring authentication in Security Rules only controls who can call the function. App User table permissions (Console → Table → Scopes and Permissions) separately control which DataStore operations authenticated users can perform.

Triggers

Use this skill for: "authentication", "user management", "login", "signup", getCurrentUser, "ZAID", registerUser, isUserAuthenticated, signOut, "hosted login", "embedded login", "Connections", "OAuth token", getConnector, getAccessToken, "Security Rules", "App User", "credentials include", or "auth redirect".

References

Reference	Load when the query is about…
`references/auth-basics.md`	User signup/login, getCurrentUser, Web SDK auth flows, ZAID gotcha, hosted vs embedded login, common auth errors
`catalyst-functions` skill	Security Rules — function invocation control (`methods`, `authentication: optional/required`)
`references/connections.md`	OAuth token management for external APIs — getConnector, getAccessToken, Zoho and third-party service connections

catalyst-authentication

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

catalyst-authentication

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

How It Works

Security Checklist

Triggers

References

Similar Skills

How It Works

Security Checklist

Triggers

References

Similar Skills