تشغيل أي مهارة في Manus بنقرة واحدة

ابدأ الآن

auth-flow-designer

النجوم١٠

التفرعات٣

آخر تحديث١٧ يونيو ٢٠٢٦ في ١٥:٣٤

Design secure authentication and authorization flows — OAuth2, JWT, API keys, and RBAC for APIs

التثبيت

التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.

تشغيل في Manus

المصدر

UitbreidenOS

UitbreidenOS/Claudient

فتح مستودع GitHub عرض مستودعات المنشئ

تنزيل

تشغيل في Manus

المهن ذات الصلةSOC

استنادا إلى تصنيف SOC المهني

مطوّرو البرمجياتمهن الحاسوب والرياضيات·SOC 15-1252

SKILL.md

readonly

name	auth-flow-designer
description	Design secure authentication and authorization flows — OAuth2, JWT, API keys, and RBAC for APIs
allowed-tools	["Read","Write","Bash","Grep"]
effort	high

When to activate

Designing authentication for new API endpoints
Implementing OAuth2 flows (authorization code, client credentials, PKCE)
Setting up JWT token generation, validation, and refresh
Designing role-based access control (RBAC) or ABAC policies
Migrating from API keys to token-based auth

When NOT to use

For frontend session management (different concern)
For SSO/SAML federation setup
For password hashing implementation details

Instructions

Identify auth requirements. Who are the consumers? (users, services, third-party apps). What data sensitivity?
Select auth method. API keys for server-to-server, OAuth2 + PKCE for user-facing apps, JWT for stateless microservices.
Design token structure. JWT claims: sub, iss, aud, exp, iat, scope. Keep payload minimal (<1KB).
Define token lifecycle. Access token: 15min expiry. Refresh token: 7-day rotation. Revocation: blacklist or token version.
Map scopes to endpoints. Document which scopes are required for each endpoint in OpenAPI spec security section.
Design error responses. 401 for missing/invalid token, 403 for insufficient scope, 429 for rate-limited auth attempts.
Security review. Verify: HTTPS only, no tokens in URLs, proper CORS, secure token storage recommendations.

Example

# OpenAPI security definition
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key

security:
  - bearerAuth: [read:users, write:users]
  - apiKeyAuth: []

المزيد من هذا المستودع

نفس المستودع

agent-teams

UitbreidenOS/Claudient

Orchestrate multi-agent teams in Claude Code — set up coordinated sessions with task delegation, inter-agent communication, and parallel execution

2026-06-2310

ultraplan

UitbreidenOS/Claudient

Leverage Claude Code's ultra-deep planning mode for complex architecture decisions, multi-file refactors, and system design

2026-06-2310

ultrareview

UitbreidenOS/Claudient

Deep code review using Claude Code's thorough analysis mode — security, performance, correctness, and maintainability

2026-06-2310

swarm-sandbox

UitbreidenOS/Claudient

Safe isolated testing environment for multi-agent swarm topologies before production deployment

2026-06-2210

auto-summarizer

UitbreidenOS/Claudient

Automatically summarizes the current session context to prevent token window overflow.

2026-06-2210

prune-context

UitbreidenOS/Claudient

Claude Code context pruner: slash command to summarize session and reset token bloat

2026-06-1910

name	auth-flow-designer
description	Design secure authentication and authorization flows — OAuth2, JWT, API keys, and RBAC for APIs
allowed-tools	["Read","Write","Bash","Grep"]
effort	high

When to activate

Designing authentication for new API endpoints
Implementing OAuth2 flows (authorization code, client credentials, PKCE)
Setting up JWT token generation, validation, and refresh
Designing role-based access control (RBAC) or ABAC policies
Migrating from API keys to token-based auth

When NOT to use

For frontend session management (different concern)
For SSO/SAML federation setup
For password hashing implementation details

Instructions

Identify auth requirements. Who are the consumers? (users, services, third-party apps). What data sensitivity?
Select auth method. API keys for server-to-server, OAuth2 + PKCE for user-facing apps, JWT for stateless microservices.
Design token structure. JWT claims: sub, iss, aud, exp, iat, scope. Keep payload minimal (<1KB).
Define token lifecycle. Access token: 15min expiry. Refresh token: 7-day rotation. Revocation: blacklist or token version.
Map scopes to endpoints. Document which scopes are required for each endpoint in OpenAPI spec security section.
Design error responses. 401 for missing/invalid token, 403 for insufficient scope, 429 for rate-limited auth attempts.
Security review. Verify: HTTPS only, no tokens in URLs, proper CORS, secure token storage recommendations.

Example

# OpenAPI security definition
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key

security:
  - bearerAuth: [read:users, write:users]
  - apiKeyAuth: []