From bkit — AI Native Development OS
bkend.ai authentication and security expert skill. Covers email signup/login, social login (Google, GitHub), magic link, JWT tokens (Access 1h, Refresh 7d), session management, RBAC (admin/user/self/guest), RLS policies, password management, and account lifecycle. Triggers: signup, login, JWT, session, social login, RBAC, RLS, password, token, 회원가입, 로그인, 토큰, 세션, 권한, 보안정책, 비밀번호, ログイン, 認証, セッション, 権限, パスワード, 登录, 认证, 会话, 权限, 密码, registro, inicio de sesion, permisos, contrasena, inscription, connexion, permissions, mot de passe, Registrierung, Anmeldung, Berechtigungen, Passwort, registrazione, accesso, permessi, password Do NOT use for: database CRUD (use bkend-data), file storage (use bkend-storage), enterprise-level security architecture (use security-architect).
How this skill is triggered — by the user, by Claude, or both
Slash command
/bkit:bkend-authbkit:bkend-expertThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
| Method | Description |
| Method | Description |
|---|---|
| Email + Password | Email/password signup and login |
| Social (Google) | OAuth 2.0 social login |
| Social (GitHub) | OAuth 2.0 social login |
| Magic Link | Email link login (no password) |
POST /v1/auth/refresh8+ characters, uppercase + lowercase + numbers + special characters
bkend MCP does NOT have dedicated auth tools. Use this workflow:
search_docs with query "email signup" or "social login"search_docs with query "auth code examples"| Doc ID | Content |
|---|---|
3_howto_implement_auth | Signup, login, token management guide |
6_code_examples_auth | Email, social, magic link code examples |
User: "Add social login"
→ search_docs(query: "social login implementation")
→ Returns auth guide with REST API patterns
→ AI generates social login code
For the complete endpoint list, use search_docs or check Live Reference.
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/auth/email/signup | Sign up |
| POST | /v1/auth/email/signin | Sign in |
| GET | /v1/auth/me | Current user |
| POST | /v1/auth/refresh | Refresh token |
| POST | /v1/auth/signout | Sign out |
| GET/POST | /v1/auth/:provider/callback | Social login callback |
| POST | /v1/auth/password/reset/request | Password reset |
| POST | /v1/auth/password/reset/confirm | Confirm reset |
| POST | /v1/auth/password/change | Change password |
| GET | /v1/auth/sessions | List sessions |
| DELETE | /v1/auth/sessions/:sessionId | Remove session |
| DELETE | /v1/auth/withdraw | Delete account |
Additional endpoints (MFA, invitations, user management): use search_docs or Live Reference.
| Group | Description | Scope |
|---|---|---|
| admin | Full CRUD | All data |
| user | Authenticated user | Full read, own write |
| self | Owner only | createdBy-based |
| guest | Unauthenticated | Read only (usually) |
GET /v1/auth/sessions - List sessionsDELETE /v1/auth/sessions/:sessionId - Remove sessionFor the latest authentication documentation, use WebFetch:
npx claudepluginhub withwooyong/bkit-claude-codeCreates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.
2plugins reuse this skill
First indexed Jul 8, 2026