Authentication

The Boring JavaScript Stack uses session-based authentication with multiple sign-in methods. The Ascent templates provide production-ready implementations of password auth, magic links, passkeys, two-factor authentication, password reset, and OAuth — all built on Sails.js actions, helpers, and policies.

When to Use

Use this skill when:

• Implementing signup and login flows (password or magic link)
• Adding passkey (WebAuthn) support with @simplewebauthn
• Setting up two-factor authentication (TOTP, email codes, backup codes)
• Building password reset flows with secure token handling
• Integrating OAuth providers (Google, GitHub) via sails-hook-wish
• Configuring authentication policies (is-authenticated, is-guest, has-partially-logged-in)
• Understanding the req.me / req.session.userId pattern and return URL handling
• Working with the User model's auth-related attributes and lifecycle callbacks

Rules