How does this skill handle token security?

It provides logic for secure token generation, validation, and storage recommendations, specifically advising against storing sensitive tokens in localStorage.

Which authentication methods does this skill cover?

This skill provides standardized implementations for JWT (JSON Web Tokens), OAuth 2.0, API keys, and traditional session-based authentication.

Can I use this for both Node.js and Python?

Yes, the skill includes reference implementations for Node.js (Express) and Python (Flask), including decorators for role-based access control.

Does this skill include security best practices?

Yes, it enforces industry standards such as using HttpOnly cookies, bcrypt hashing for passwords, rate limiting, and the implementation of essential security headers.

API Authentication

Name: API Authentication
Author: secondsky

bysecondsky

•

API Development

Implements secure authentication mechanisms including JWT, OAuth 2.0, and API keys using production-ready standards.

This skill equips Claude with the patterns and best practices necessary to build robust, secure authentication systems for modern web applications. It provides comprehensive guidance on implementing stateless JWT authentication, third-party OAuth 2.0 integrations, and secure service-to-service communication via API keys. By following this skill, developers can ensure their applications adhere to critical security requirements such as proper token storage, essential security headers, password hashing, and efficient error handling, significantly reducing the risk of common authentication vulnerabilities.

Key Features

01Pre-configured security headers (HSTS, CSP, X-Frame-Options)

02JWT implementation with access and refresh token rotation

0321 GitHub stars

04Middleware for role-based access control and token verification

05OAuth 2.0 integration patterns for third-party providers

06Secure API key management and validation logic

Use Cases

01Integrating Google, GitHub, or other social logins via OAuth 2.0

02Building stateless authentication for React or Vue Single Page Applications

03Securing backend microservices with service-to-service API keys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add secondsky/claude-skills api-authentication

For use in Claude.ai and ChatGPT

Download Skill