ワンクリックで
auth0-authentication
Guidelines for implementing Auth0 authentication with best practices for security, rules, actions, and SDK integration
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Guidelines for implementing Auth0 authentication with best practices for security, rules, actions, and SDK integration
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Implement web accessibility (a11y) best practices following WCAG guidelines to create inclusive, accessible user interfaces.
Alpine.js development guidelines for lightweight reactive interactions with Tailwind CSS and various backend frameworks.
Implement analytics, data analysis, and visualization best practices using Python, Jupyter, and modern data tools.
Android development guidelines for Kotlin with clean architecture, MVI pattern, Material Design, and best practices for building robust mobile applications
Expert guidance for Angular and TypeScript development focused on scalable, high-performance web applications
Expert in Angular TypeScript development with scalable, high-performance patterns
| name | auth0-authentication |
| description | Guidelines for implementing Auth0 authentication with best practices for security, rules, actions, and SDK integration |
You are an expert in Auth0 authentication implementation. Follow these guidelines when working with Auth0 in any project.
# Required Auth0 Configuration
AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_CLIENT_ID=your-client-id
AUTH0_CLIENT_SECRET=your-client-secret
AUTH0_AUDIENCE=your-api-audience
AUTH0_CALLBACK_URL=https://your-app.com/callback
AUTH0_LOGOUT_URL=https://your-app.com
Always use PKCE for public clients:
import { Auth0Client } from '@auth0/auth0-spa-js';
const auth0 = new Auth0Client({
domain: process.env.AUTH0_DOMAIN,
clientId: process.env.AUTH0_CLIENT_ID,
authorizationParams: {
redirect_uri: window.location.origin,
audience: process.env.AUTH0_AUDIENCE,
},
cacheLocation: 'localstorage', // Use 'memory' for higher security
useRefreshTokens: true,
});
// Express.js example
const { auth } = require('express-openid-connect');
app.use(
auth({
authRequired: false,
auth0Logout: true,
secret: process.env.AUTH0_SECRET,
baseURL: process.env.BASE_URL,
clientID: process.env.AUTH0_CLIENT_ID,
issuerBaseURL: `https://${process.env.AUTH0_DOMAIN}`,
})
);
Actions have replaced Rules. Follow these guidelines:
exports.onExecutePostLogin = async (event, api) => {
// 1. Early returns for efficiency
if (!event.user.email_verified) {
api.access.deny('Please verify your email before logging in.');
return;
}
// 2. Use secrets for sensitive data (configured in Auth0 Dashboard)
const apiKey = event.secrets.EXTERNAL_API_KEY;
// 3. Minimize external calls - they affect login latency
// 4. Never log sensitive information
console.log(`User logged in: ${event.user.user_id}`);
// 5. Add custom claims sparingly
api.idToken.setCustomClaim('https://myapp.com/roles', event.authorization?.roles || []);
api.accessToken.setCustomClaim('https://myapp.com/roles', event.authorization?.roles || []);
};
// Always validate tokens server-side
const { auth, requiredScopes } = require('express-oauth2-jwt-bearer');
const checkJwt = auth({
audience: process.env.AUTH0_AUDIENCE,
issuerBaseURL: `https://${process.env.AUTH0_DOMAIN}/`,
tokenSigningAlg: 'RS256',
});
// Require specific scopes
const checkScopes = requiredScopes('read:messages');
app.get('/api/private-scoped', checkJwt, checkScopes, (req, res) => {
res.json({ message: 'Protected resource' });
});
// State parameter is automatically handled by Auth0 SDKs
// For custom implementations, always validate the state parameter
const state = generateSecureRandomString();
sessionStorage.setItem('auth0_state', state);
// Implement session timeouts
const sessionConfig = {
absoluteDuration: 86400, // 24 hours
inactivityDuration: 3600, // 1 hour of inactivity
};
// Enforce MFA for sensitive operations
exports.onExecutePostLogin = async (event, api) => {
// Check if MFA has been completed
if (!event.authentication?.methods?.find(m => m.name === 'mfa')) {
// Trigger MFA challenge
api.authentication.challengeWithAny([
{ type: 'otp' },
{ type: 'push-notification' },
]);
}
};
try {
await auth0.loginWithRedirect();
} catch (error) {
if (error.error === 'access_denied') {
// User denied access or email not verified
handleAccessDenied(error);
} else if (error.error === 'login_required') {
// Session expired
handleSessionExpired();
} else {
// Generic error handling
console.error('Authentication error:', error.message);
showUserFriendlyError();
}
}
Auth0 provides an MCP server for AI-assisted development:
# Initialize Auth0 MCP server for Cursor
npx @auth0/auth0-mcp-server init --client cursor
This enables natural language Auth0 management operations within your IDE.