Skill

Build Auth

From go-studio

Add JWT + magic link + OAuth (Google/GitHub) + optional TOTP auth to an existing Go app.

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/go-studio:build-auth

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Adds a complete authentication system to an existing Go SaaS app.

SKILL.md

82 lines · ~769 tokens

Stats

LanguageTypeScript

Parent stars0

MaintenanceGood

Last CommitMar 18, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

Actions

Build Auth

Adds a complete authentication system to an existing Go SaaS app.

Inputs

Confirm with user before proceeding:

Magic link? (yes/no, default yes)
OAuth providers? (google, github, both, none)
TOTP 2FA? (yes/no, default no)
Session duration? (default: 15min access, 7d refresh)

Steps

Read patterns:
- go-stack: pattern://auth-jwt.md
- go-stack: pattern://auth-magic-link.md
- go-stack: pattern://auth-oauth.md (if OAuth enabled)
- For TOTP: use pquerna/otp library — no dedicated pattern file yet, follow go-stack: guide://review-checklists.md security section
Add dependencies to go.mod:
- github.com/golang-jwt/jwt/v5
- golang.org/x/oauth2 (if OAuth)
- github.com/pquerna/otp (if TOTP)
Write migration: internal/migrations/002_auth.sql
- magic_link_tokens table (id, user_id, token_hash, expires_at, used_at)
- refresh_tokens table (id, user_id, token_hash, expires_at)
- totp_secrets table (if TOTP)
Write internal/repositories/auth.go:
- FindUserByEmail(ctx, email)
- CreateMagicLinkToken(ctx, userID, tokenHash, expiresAt)
- ConsumeMagicLinkToken(ctx, tokenHash) — marks used, returns user
- CreateRefreshToken(ctx, userID, tokenHash)
- RotateRefreshToken(ctx, oldHash, newHash)
Write internal/services/auth.go:
- SendMagicLink(ctx, email) — generates token, sends via Resend
- VerifyMagicLink(ctx, token) — returns JWT pair
- RefreshTokens(ctx, refreshToken) — rotates and returns new pair
- OAuthCallback(ctx, provider, code) (if OAuth)
Write internal/handlers/auth.go:
- POST /auth/magic-link — request magic link
- GET /auth/verify?token=... — verify and set cookies
- POST /auth/refresh — rotate tokens
- GET /auth/logout — clear cookies
- GET /auth/oauth/{provider} (if OAuth)
- GET /auth/oauth/{provider}/callback (if OAuth)
Write internal/middleware/auth.go:
- RequireAuth middleware — validates JWT from cookie, sets user in context
- OptionalAuth middleware — sets user if token present, continues either way
Write auth Templ pages:
- internal/ui/pages/login.templ — email form for magic link
- internal/ui/pages/verify-sent.templ — "check your email" confirmation
Wire auth handler to chi router in cmd/server/main.go
Add auth config fields to internal/config/config.go:
- JWTSecret, JWTAccessExpiry, JWTRefreshExpiry
- MagicLinkExpiry, BaseURL
- GoogleClientID, GoogleClientSecret (if OAuth)
- GitHubClientID, GitHubClientSecret (if OAuth)
Run go build ./... + templ generate

Success Criteria

go build ./... passes
Auth routes registered: POST /auth/magic-link, GET /auth/verify, POST /auth/refresh, GET /auth/logout
RequireAuth middleware available for protecting routes
Magic link email sends via Resend

Build Auth

Invocation

Context Preview

SKILL.md

Build Auth

Invocation

Context Preview

SKILL.md

Build Auth

Inputs

Steps

Success Criteria

Similar Skills

Build Auth

Inputs

Steps

Success Criteria

Similar Skills