원클릭으로 Manus에서 모든 스킬 실행

시작하기

auth-flow-designer

스타10

포크3

업데이트2026년 6월 17일 15:34

Design secure authentication and authorization flows — OAuth2, JWT, API keys, and RBAC for APIs

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

Manus에서 실행

출처

UitbreidenOS

UitbreidenOS/Claudient

GitHub 저장소 열기 Creator 저장소 보기

다운로드

Manus에서 실행

When to activate

Designing authentication for new API endpoints
Implementing OAuth2 flows (authorization code, client credentials, PKCE)
Setting up JWT token generation, validation, and refresh
Designing role-based access control (RBAC) or ABAC policies
Migrating from API keys to token-based auth

When NOT to use

For frontend session management (different concern)
For SSO/SAML federation setup
For password hashing implementation details

Instructions

Identify auth requirements. Who are the consumers? (users, services, third-party apps). What data sensitivity?
Select auth method. API keys for server-to-server, OAuth2 + PKCE for user-facing apps, JWT for stateless microservices.
Design token structure. JWT claims: sub, iss, aud, exp, iat, scope. Keep payload minimal (<1KB).
Define token lifecycle. Access token: 15min expiry. Refresh token: 7-day rotation. Revocation: blacklist or token version.
Map scopes to endpoints. Document which scopes are required for each endpoint in OpenAPI spec security section.
Design error responses. 401 for missing/invalid token, 403 for insufficient scope, 429 for rate-limited auth attempts.
Security review. Verify: HTTPS only, no tokens in URLs, proper CORS, secure token storage recommendations.

Example

# OpenAPI security definition
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key

security:
  - bearerAuth: [read:users, write:users]
  - apiKeyAuth: []

이 저장소의 다른 Skills

같은 저장소

agent-teams

UitbreidenOS/Claudient

Orchestrate multi-agent teams in Claude Code — set up coordinated sessions with task delegation, inter-agent communication, and parallel execution

2026-06-2310

ultraplan

UitbreidenOS/Claudient

Leverage Claude Code's ultra-deep planning mode for complex architecture decisions, multi-file refactors, and system design

2026-06-2310

ultrareview

UitbreidenOS/Claudient

Deep code review using Claude Code's thorough analysis mode — security, performance, correctness, and maintainability

2026-06-2310

swarm-sandbox

UitbreidenOS/Claudient

Safe isolated testing environment for multi-agent swarm topologies before production deployment

2026-06-2210

auto-summarizer

UitbreidenOS/Claudient

Automatically summarizes the current session context to prevent token window overflow.

2026-06-2210

prune-context

UitbreidenOS/Claudient

Claude Code context pruner: slash command to summarize session and reset token bloat

2026-06-1910

name	auth-flow-designer
description	Design secure authentication and authorization flows — OAuth2, JWT, API keys, and RBAC for APIs
allowed-tools	["Read","Write","Bash","Grep"]
effort	high

When to activate

Designing authentication for new API endpoints
Implementing OAuth2 flows (authorization code, client credentials, PKCE)
Setting up JWT token generation, validation, and refresh
Designing role-based access control (RBAC) or ABAC policies
Migrating from API keys to token-based auth

When NOT to use

For frontend session management (different concern)
For SSO/SAML federation setup
For password hashing implementation details

Instructions

Identify auth requirements. Who are the consumers? (users, services, third-party apps). What data sensitivity?
Select auth method. API keys for server-to-server, OAuth2 + PKCE for user-facing apps, JWT for stateless microservices.
Design token structure. JWT claims: sub, iss, aud, exp, iat, scope. Keep payload minimal (<1KB).
Define token lifecycle. Access token: 15min expiry. Refresh token: 7-day rotation. Revocation: blacklist or token version.
Map scopes to endpoints. Document which scopes are required for each endpoint in OpenAPI spec security section.
Design error responses. 401 for missing/invalid token, 403 for insufficient scope, 429 for rate-limited auth attempts.
Security review. Verify: HTTPS only, no tokens in URLs, proper CORS, secure token storage recommendations.

Example

# OpenAPI security definition
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key

security:
  - bearerAuth: [read:users, write:users]
  - apiKeyAuth: []