- Home
- Skills
- Cameronapak
- Bknd Skills
- Bknd Setup Auth
bknd-setup-auth_skill
2
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill cameronapak/bknd-skills --skill bknd-setup-auth- SKILL.md13.1 KB
Overview
This skill helps initialize and configure the Bknd authentication system. It covers enabling auth, password strategy, JWT and cookie options, role definitions, registration controls, and production security hardening. Use it to produce a safe, testable auth setup ready for deployment.
How this skill works
The skill inspects and produces a code-first auth configuration for Bknd projects. It generates sensible defaults (password strategy, users entity, JWT sessions, auth endpoints) and exposes customizable settings for JWT, cookies, password hashing, roles, and registration. It also provides dev vs production toggles and a seed hook to create an initial admin user.
When to use it
- Initial project setup when you need authentication enabled
- Configuring JWT secret, algorithm, expiry, and token payload fields
- Setting cookie behavior for browser sessions and CSRF protections
- Defining roles, permissions, and default registration role
- Hardening auth settings before production deployment
- Creating an admin user automatically on first run
Best practices
- Store secrets in environment variables and never hardcode JWT_SECRET
- Use bcrypt hashing with moderate rounds in production; sha256 or dev shortcuts only for local development
- Require a strong JWT secret (256-bit minimum) and set jwt.expires
- Set cookie.secure true in production and httpOnly true to prevent JS access
- Define roles before referencing them and seed an admin user via startup seed
- Test the full auth flow (register, login, /me) after configuration changes
Example use cases
- Enable basic password auth and auto-create users entity for a new Bknd app
- Switch to bcrypt hashing and set jwt.secret when preparing to deploy
- Configure cookies with sameSite and secure flags for browser apps
- Define admin, editor, and user roles with scoped permissions
- Disable public registration in closed systems while keeping admin seed
FAQ
The server cannot sign tokens and auth endpoints will fail; always set JWT_SECRET in environment variables for production.
How do I test cookies locally when secure is required?
Set cookie.secure to false for local development or use a local HTTPS proxy; ensure secure is true in production.
Which hashing should I pick for production?
Use bcrypt for production to balance security and performance; choose rounds that suit your server capacity (e.g., 4–10).