Command Palette

Search for a command to run...

YepAPI
ExploreSEO APISERP APIScrapingAI APISkillsDocs
Get Started
Free · All Tools

Authentication Agent Skill

Session auth, social providers, CSRF protection, and secure cookie patterns.

authauthenticationsecuritysession

The Skill

Full content, every format. Copy it, download it, or install with one command.

SKILL.md
---
description: Session auth, social providers, CSRF protection, and secure cookie patterns.
homepage: https://yepapi.com/skills/auth
metadata:
  tags: [auth, authentication, security, session]
---

# Authentication

## Rules

- Session-based auth for web apps — JWT only for API-to-API
- Middleware for route protection — check session before rendering
- Social providers: Google + GitHub minimum — add more based on audience
- Magic links as password alternative — simpler, more secure
- Role-based access: `user.role` field with middleware checks
- CSRF protection on all mutation endpoints
- Secure cookie settings: `httpOnly`, `secure`, `sameSite: "lax"`, proper `maxAge`
- Refresh token rotation — don't let tokens live forever

## Avoid

- Storing tokens in localStorage — use httpOnly cookies
- Rolling your own password hashing — use bcrypt/argon2 via your auth library
- Client-side role checks without server validation
- Missing CSRF protection on form submissions

Install

Why Use the Authentication Skill?

Without this skill, your AI guesses at authentication patterns. It might hallucinate deprecated APIs, use outdated conventions, or miss best practices entirely. With it, your AI follows a proven ruleset — every suggestion aligns with current standards.

Drop this skill into your project and your AI instantly knows the rules. Better code suggestions, fewer errors, faster shipping.

Try These Prompts

These prompts work better with the Authentication skill installed. Your AI knows the context and writes code that fits.

"Implement session-based authentication with secure cookies, CSRF protection, and social login"

"Add email/password auth with email verification, password reset, and account lockout"

"Create a middleware-based auth system that protects routes and handles token refresh"

Works Great With

OAuth Providers

Google/GitHub/Discord OAuth flows, PKCE, token refresh, and session management.

View skill

Security

OWASP top 10 prevention — XSS, CSRF, CSP, secrets management.

View skill

Supabase

Supabase with RLS enforcement, proper auth, edge functions, and type generation.

View skill

Authentication skill — FAQ

It covers session-based authentication, social login providers, CSRF protection, and secure cookie patterns. Your AI implements auth flows that follow security best practices by default.

Run `npx skills add YepAPI/skills --skill auth` in your project root. This copies the skill file into your repo where your AI coding tool can read it automatically.

The skill recommends server-side sessions with secure cookies for web apps. JWTs are useful for API-to-API communication but add complexity for browser-based auth. The skill covers both patterns.

Want more skills?

Browse all 110 free skills for builders.

See All Skills