jeremylongshore/claude-code-plugins-plus-skills
Overview
This skill automates designing and implementing secure API authentication systems using OAuth2, JWTs, API keys, and session management. It guides you from threat-informed requirements to middleware, token handling, and test coverage. The goal is practical, production-ready auth layers that integrate with common frameworks and OpenAPI documentation.
How this skill works
The skill inspects API surface and authentication requirements, then scaffolds endpoint auth flows, middleware, token issuance, validation, and revocation patterns. It generates or suggests code for bearer token handling, API key verification, OAuth2/OIDC flows (including PKCE), session stores, and integration points for databases and identity providers. It also recommends OpenAPI artifacts and test scenarios to validate auth behavior.
When to use it
- Adding authentication to a new or existing API
- Choosing between OAuth2, JWT, API keys, or session approaches
- Implementing token issuance, refresh, and revocation logic
- Securing microservice-to-microservice calls and service accounts
- Preparing compliance-ready auth controls (audit logs, rotation, expiry)
Best practices
- Follow least-privilege and scope-based authorization, issuing tokens with minimal permissions.
- Use short-lived access tokens and refresh tokens; enforce token revocation and rotation.
- Always transmit credentials and tokens over TLS; use secure cookie attributes for session cookies.
- Validate tokens server-side (signature, issuer, audience, expiry) and check revocation lists for critical flows.
- Log auth events, monitor failed attempts and rate-limit endpoints to mitigate brute force attacks.
Example use cases
- Public REST API: issue and validate API keys for rate-limited client tiers.
- Single-page or mobile apps: implement OAuth2 Authorization Code with PKCE and short-lived JWT access tokens.
- Backend services: use signed JWTs or mTLS for service-to-service authentication with scoped permissions.
- Legacy web apps: migrate session stores to secure, HttpOnly cookies and add CSRF protections.
- Hybrid setups: combine API keys for machine clients and OAuth2 for user-driven flows, centralizing token validation.
FAQ
Choose based on client type and threat model: use OAuth2/JWT for scalable stateless user auth and delegated access, API keys for simple machine-to-machine identification, and server-side sessions when you need easy revocation and browser-friendly controls.
What tests should I run to validate authentication?
Run unit tests for token issuance/validation, integration tests for full auth flows (login, refresh, revoke), negative tests for expired/invalid tokens, and end-to-end tests enforcing scopes and rate limits.
60 skills
This skill helps you design and implement secure API authentication using OAuth2, JWT, API keys, and session management.
This skill automates training and evaluating machine learning models by analyzing data, selecting models, training with cross-validation, and saving artifacts
This skill helps you implement and validate production-ready cron job configurations with best practices for backend scheduling.
This skill helps you profile application performance by identifying bottlenecks and recommending targeted optimizations across CPU, memory, and execution time.
This skill automates content security policy generator workflows, delivering production-ready configurations and best-practice guidance for secure web
This skill helps you generate production-ready open graph configurations and guidance for frontend projects using best practices.
This skill helps you implement robust rate limiting for APIs using sliding windows, token buckets, and quotas to protect resources.
This skill helps you build and maintain real-time API monitoring dashboards with metrics, alerts, and health checks.
This skill analyzes and optimizes SQL queries, providing automated guidance, implementation plans, and validation to boost performance.
This skill helps you implement event-driven APIs by generating boilerplate, wiring webhooks and real-time notifications with robust validation.
This skill automates data visualization helper tasks by providing step-by-step guidance, production-ready code, and validation against standards.
This skill helps you generate and deploy APM dashboards by defining metrics and producing platform-specific configurations for Grafana, Datadog, or similar
This skill helps you generate production-ready Helm charts with Chart.yaml, values.yaml, and templates for multi-environment deployments.
This skill guides you through zustand store creator tasks with step-by-step guidance, producing production-ready code and best-practice configurations.
This skill aggregates and filters crypto news from 50+ sources, delivering coin- and category-specific updates with fast, actionable results.
This skill helps optimize bulk API operations by batching, throttling, and parallel execution to improve throughput and reliability.
This skill helps generate conventional commit messages from staged changes, automatically classifying type, scope, and breaking changes for clean, reviewable
This skill helps you design, implement, and manage API versioning with backwards compatibility, deprecation, and migration paths across services.
This skill helps validate API responses against schemas to ensure contract compliance and data integrity across services.
This skill helps you create and automate Ansible playbooks with guided design, implementation, and validation.
This skill converts data into visuals by automatically selecting the best plot type and generating clear charts and graphs.
This skill helps you quickly generate realistic mock API servers for development and testing, speeding integration and validation workflows.
This skill guides you through heap dump analyzer workflows, generating configurations and best practices to optimize performance testing outcomes.
This skill analyzes HTTP security headers of a target domain, identifying misconfigurations and actionable remediation steps to improve web app security.
This skill guides you through a structured seven-phase brand strategy, delivering actionable outputs that ground identity, messaging, and market success.
This skill provides automated guidance and production-ready templates for incident postmortem documentation to speed technical writing and adherence to best
This skill helps automate mindmap generator workflows, providing step-by-step guidance, production-ready code, and validation for reliable visual content
This skill implements Exa rate limiting with exponential backoff and idempotency to optimize API throughput and reliability.
This skill provides automated guidance and production-ready test organization configurations to streamline test automation workflows.
This skill helps you generate production-ready n8n workflow configurations and best-practice guidance for business automation tasks.
This skill automates API test generation, validation, and reporting to improve contract accuracy and endpoint reliability across REST and GraphQL.
This skill helps you validate API performance under load by automating design, implementation, and testing workflows for scalable endpoints.
This skill helps you implement robust API throttling policies to protect backends by automating design, testing, and integration tasks.
This skill helps you build API gateways with routing, authentication, rate limiting, and load balancing across services.
This skill helps automate github issue creation workflows by guiding production-ready configurations and best practices for enterprise integration and
This skill audits access control configurations to identify vulnerabilities and misconfigurations, helping you strengthen IAM policies, ACLs, and permissions.
This skill optimizes prompts for LLMs to reduce token usage, lower costs, and speed up responses without sacrificing quality.
This skill helps you automate API fuzzing to uncover edge cases, crashes, and security gaps during testing.
This skill helps you generate production-ready pytest test configurations and guidance by following industry best practices for test automation.
This skill helps you model NoSQL data efficiently by guiding design, validation, and automation across production-ready schemas.
This skill automates API migrations across versions and platforms, guiding design, implementation, and testing to minimize downtime.
This skill automatically scans applications for GDPR compliance and provides actionable reports to close gaps and improve data protection.
This skill helps you manage autonomous development tasks and system state in Sugar, enabling task creation, status checks, and execution control.
This skill helps you monitor and log API requests with correlation IDs, performance metrics, and security audit trails.
This skill guides you through installing Granola and configuring calendar and microphone access for automated meeting notes.
This skill helps you generate production-ready k6 scripts and configurations for performance testing, following best practices and validating outputs.
This skill helps you generate and validate ascii art diagrams with production-ready guidance and configurations for visual content tasks.
This skill helps you install and authenticate the Perplexity SDK/CLI, configuring API keys and validating the connection.
This skill automates API documentation generation by outlining specs, models, endpoints, authentication, and examples to accelerate developer onboarding.
This skill helps you set up and optimize Cursor codebase indexing for fast semantic search and improved AI context awareness.
This skill helps you generate architecture documentation and best-practice configurations, guiding you step by step from API docs to architecture diagrams.
This skill validates Vast.ai webhooks with signature verification, idempotent handling, and secure event processing for reliable integrations.
This skill helps centralize and standardize performance metrics from diverse sources, enabling faster insights and proactive issue resolution.
This skill helps automate sprint planning by providing step-by-step guidance, production-ready configurations, and validation aligned with enterprise workflows.
This skill helps you craft effective Cursor AI prompts by applying prompt engineering fundamentals, templates, and best practices for consistent, high-quality
This skill helps you identify and avoid Supabase anti-patterns by guiding code reviews, fixes, and preventive checks for secure, scalable integrations.
This skill guides you through network diagram generator tasks, produces production-ready configurations, and validates outputs against industry standards.
This skill helps you implement standardized API error handling with proper status codes and consistent error responses across endpoints.
This skill forecasts future values from historical time series data by selecting models, generating predictions, and providing confidence intervals.
This skill guides you to design Groq integrations with a reference architecture, improving project structure, consistency, and maintainability.