From api-authentication
Implements secure API authentication with JWT middleware in Node.js, OAuth 2.0, API keys; includes Flask refs, security headers, and pitfalls. For auth systems and token issues.
How this skill is triggered — by the user, by Claude, or both
Slash command
/api-authentication:api-authenticationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Implement secure authentication mechanisms for APIs using modern standards and best practices.
Implement secure authentication mechanisms for APIs using modern standards and best practices.
| Method | Use Case | Security Level |
|---|---|---|
| JWT | Stateless auth, SPAs | High |
| OAuth 2.0 | Third-party integration | High |
| API Keys | Service-to-service | Medium |
| Session | Traditional web apps | High |
const jwt = require('jsonwebtoken');
const generateTokens = (user) => ({
accessToken: jwt.sign(
{ userId: user.id, role: user.role },
process.env.JWT_SECRET,
{ expiresIn: '15m' }
),
refreshToken: jwt.sign(
{ userId: user.id, type: 'refresh' },
process.env.REFRESH_SECRET,
{ expiresIn: '7d' }
)
});
const authMiddleware = (req, res, next) => {
const authHeader = req.headers.authorization;
// Validate authorization header format
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res.status(401).json({ error: 'Malformed authorization header' });
}
const parts = authHeader.split(' ');
if (parts.length !== 2) {
return res.status(401).json({ error: 'Malformed authorization header' });
}
const token = parts[1];
if (!token) {
return res.status(401).json({ error: 'No token provided' });
}
try {
req.user = jwt.verify(token, process.env.JWT_SECRET);
next();
} catch (err) {
res.status(401).json({ error: 'Invalid token' });
}
};
app.use((req, res, next) => {
res.setHeader('X-Content-Type-Options', 'nosniff');
res.setHeader('X-Frame-Options', 'DENY');
res.setHeader('Strict-Transport-Security', 'max-age=31536000');
next();
});
See references/python-flask.md for:
npx claudepluginhub midego1/claude-skills --plugin api-authenticationImplements secure API authentication with JWT middleware in Node.js, OAuth 2.0, API keys; includes Flask refs, security headers, and pitfalls. For auth systems and token issues.
Implements secure API authentication with JWT, OAuth 2.0, API keys, and session management. Use for securing APIs, managing tokens, or implementing user authentication flows.
Builds secure API authentication with JWT tokens, OAuth2 flows, API keys, and sessions. Implements validation, refresh rotation, RBAC, and brute-force protection for API endpoints.