Skill

litestar-auth-guards

Provides guard patterns, middleware user loading, and validation for Litestar authentication and authorization (JWTAuth, SessionAuth, role/tenant checks, WebSocket auth).

Python

security

backend

npx claudepluginhub litestar-org/litestar-skills --plugin litestar

Popularity

Stars

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/litestar:litestar-auth-guards

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Use this skill for authentication boundaries, authorization checks, guard composition, and user context.

Supporting Files

references/guards.md

SKILL.md

86 lines · ~631 tokens

Similar Skills

payload

42.5k

Guides Payload CMS config (payload.config.ts), collections, fields, hooks, access control, APIs. Debugs validation errors, security, relationships, queries, transactions, hook behavior.

11 files

payload

vector-database-engineer

37.9k

Implements vector databases with Pinecone, Weaviate, Qdrant, Milvus, pgvector for semantic search, RAG, recommendations, and similarity systems. Optimizes embeddings, indexing, and hybrid search.

antigravity-bundle-data-engineering

Stats

LanguagePython

Stars7

MaintenanceExcellent

Last CommitJun 9, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Litestar Auth and Guards

Use this skill for authentication boundaries, authorization checks, guard composition, and user context.

Code Style Rules

Put auth and permission checks in Guards or middleware, not handler bodies.

Prefer Controller-level guards when a whole domain shares a policy.

Raise Litestar HTTP exceptions or domain exceptions consistently.

Keep tenant isolation explicit in guard logic and service filters.

Quick Reference

Workflow

Determine where identity is loaded.

Add Guards at app, Controller, or route scope.

Keep permission checks reusable and testable.

Verify denial paths and authenticated success paths.

Guardrails

Do not inline auth checks in handlers.

Do not make Guards perform database work repeatedly when middleware can load the user once.

Do not trust client-supplied tenant IDs without server-side scoping.

Do not use HTTP-only assumptions for WebSocket auth.

Validation Checkpoint

Guard scope matches the policy scope.

Denial paths return the expected status.

Handlers contain no duplicated auth branching.

WebSocket routes use an explicit browser-compatible auth path.

Example

from litestar.connection import ASGIConnection from litestar.exceptions import PermissionDeniedException from litestar.handlers import BaseRouteHandler async def requires_active_user(connection: ASGIConnection, _: BaseRouteHandler) -> None: if not connection.user or not connection.user.is_active: raise PermissionDeniedException("Authentication required")

References Index

Official References

Shared Styleguide Baseline

Litestar Auth and Guards

Use this skill for authentication boundaries, authorization checks, guard composition, and user context.

Code Style Rules

Put auth and permission checks in Guards or middleware, not handler bodies.
Prefer Controller-level guards when a whole domain shares a policy.
Raise Litestar HTTP exceptions or domain exceptions consistently.
Keep tenant isolation explicit in guard logic and service filters.

Quick Reference

Guard patterns: guards.md
Middleware user loading: litestar-middleware
Realtime auth: litestar-realtime

Workflow

Determine where identity is loaded.
Add Guards at app, Controller, or route scope.
Keep permission checks reusable and testable.
Verify denial paths and authenticated success paths.

Guardrails

Do not inline auth checks in handlers.
Do not make Guards perform database work repeatedly when middleware can load the user once.
Do not trust client-supplied tenant IDs without server-side scoping.
Do not use HTTP-only assumptions for WebSocket auth.

Validation Checkpoint

Guard scope matches the policy scope.
Denial paths return the expected status.
Handlers contain no duplicated auth branching.
WebSocket routes use an explicit browser-compatible auth path.

Example

from litestar.connection import ASGIConnection
from litestar.exceptions import PermissionDeniedException
from litestar.handlers import BaseRouteHandler

async def requires_active_user(connection: ASGIConnection, _: BaseRouteHandler) -> None:
    if not connection.user or not connection.user.is_active:
        raise PermissionDeniedException("Authentication required")

litestar-auth-guards

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

litestar-auth-guards

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

Litestar Auth and Guards

Code Style Rules

Quick Reference

Workflow

Guardrails

Validation Checkpoint

Example

References Index

Official References

Shared Styleguide Baseline

Similar Skills

Help us improve

Litestar Auth and Guards

Code Style Rules

Quick Reference

Workflow

Guardrails

Validation Checkpoint

Example

References Index

Official References

Shared Styleguide Baseline