Authentication Skill

When to use this skill

Use when implementing login/signup, session management, OAuth integrations, role-based access control, or any security-sensitive auth feature.

Auth Principles

1. Never roll your own crypto

• Use established libraries for hashing, tokens, encryption
• Don't invent custom auth protocols
• Follow OWASP guidelines

2. Defense in depth

• Auth at the API gateway / middleware (not per-endpoint)
• Validate tokens on every request
• Never trust the client