Skill

bkend-auth

Guides bkend.ai authentication including email/password/social/magic link logins, JWT tokens, RBAC, RLS, session management, and REST API endpoints.

REST API

Oauth

JWT

authentication

security

Install

npx claudepluginhub popup-studio-ai/bkit-claude-code --plugin bkit

Tool Access

This skill is limited to using the following tools:

ReadWriteEditGlobGrepBashmcp__bkend__*

Preview

| Method | Description |

SKILL.md

Similar Skills

using-git-worktrees

Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.

superpowers

168.3k

subagent-driven-development

3 files

Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.

superpowers

168.3k

dispatching-parallel-agents

Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.

superpowers

168.3k

Stats

Stars513

Forks130

Last CommitApr 8, 2026

Actions

View Source View Plugin View on GitHub View README

bkend.ai Authentication & Security Guide

Auth Methods

Method	Description
Email + Password	Email/password signup and login
Social (Google)	OAuth 2.0 social login
Social (GitHub)	OAuth 2.0 social login
Magic Link	Email link login (no password)

JWT Token Structure

Access Token: 1 hour validity
Refresh Token: 7 days validity
Auto-refresh: POST /v1/auth/refresh

Password Policy

8+ characters, uppercase + lowercase + numbers + special characters

MCP Auth Workflow

bkend MCP does NOT have dedicated auth tools. Use this workflow:

Search docs: search_docs with query "email signup" or "social login"
Get examples: search_docs with query "auth code examples"
Generate code: AI generates REST API code based on search results

Searchable Auth Docs

Doc ID	Content
`3_howto_implement_auth`	Signup, login, token management guide
`6_code_examples_auth`	Email, social, magic link code examples

Key Pattern

User: "Add social login"
  → search_docs(query: "social login implementation")
  → Returns auth guide with REST API patterns
  → AI generates social login code

REST Auth API (Core Endpoints)

For the complete endpoint list, use search_docs or check Live Reference.

Method	Endpoint	Description
POST	/v1/auth/email/signup	Sign up
POST	/v1/auth/email/signin	Sign in
GET	/v1/auth/me	Current user
POST	/v1/auth/refresh	Refresh token
POST	/v1/auth/signout	Sign out
GET/POST	/v1/auth/:provider/callback	Social login callback
POST	/v1/auth/password/reset/request	Password reset
POST	/v1/auth/password/reset/confirm	Confirm reset
POST	/v1/auth/password/change	Change password
GET	/v1/auth/sessions	List sessions
DELETE	/v1/auth/sessions/:sessionId	Remove session
DELETE	/v1/auth/withdraw	Delete account

Additional endpoints (MFA, invitations, user management): use search_docs or Live Reference.

RBAC (Role-Based Access Control)

Group	Description	Scope
admin	Full CRUD	All data
user	Authenticated user	Full read, own write
self	Owner only	createdBy-based
guest	Unauthenticated	Read only (usually)

RLS (Row Level Security)

Per-table row-level access control
4-level policies: admin/user/self/guest
Auto-filtering based on createdBy field

Session Management

Per-device session tracking
GET /v1/auth/sessions - List sessions
DELETE /v1/auth/sessions/:sessionId - Remove session

Official Documentation (Live Reference)

For the latest authentication documentation, use WebFetch: