- Home
- Skills
- Psincraian
- Myfy
- User Module
user-module_skill
- Python
83
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill psincraian/myfy --skill user-module- SKILL.md6.9 KB
Overview
This skill integrates a complete user authentication system (email/password, OAuth, sessions, and JWT) into Python applications built with the myfy framework. It exposes a UserModule and BaseUser to extend user models, register auth routes and templates, and manage sessions and tokens. It simplifies common flows: registration, login, password reset, email verification, and third-party OAuth.
How this skill works
The module provides a BaseUser model you extend with custom fields and registers a UserService and JWTService for user lifecycle operations. It auto-registers standard auth routes (login, register, forgot/reset password, verify email) and OAuth entry/callback endpoints. Sessions are cookie-backed for web routes while JWTs are available for API authentication. Configuration is driven by environment variables prefixed with MYFY_USER_.
When to use it
- You need full user authentication with email/password and optional OAuth providers.
- You want both session-based web auth and JWT-based API auth in the same app.
- You need ready-made routes and templates for login, registration, password reset, and email verification.
- You want an extendable user model with custom fields and relationships.
- You need a service layer (UserService, JWTService) to manage users programmatically.
Best practices
- Set a strong MYFY_USER_SECRET_KEY and secure environment for secrets.
- Enable MYFY_USER_REQUIRE_EMAIL_VERIFICATION in production.
- Use OAuth providers (Google, GitHub) to reduce password surface area.
- Extend BaseUser for custom fields; avoid modifying BaseUser directly.
- Use sessions for browser workflows and JWTs for API clients; apply rate limiting on auth routes.
Example use cases
- Register a custom User model with extra fields (phone, is_admin, company relationship) and enable oauth_providers=['google','github'].
- Protect endpoints by type-hinting User to inject the authenticated user or return 401 for unauthenticated access.
- Build an API login endpoint that authenticates credentials and returns a JWT created by JWTService; clients send it in Authorization: Bearer <token>.
- Implement password reset flow: request at /auth/forgot-password, send email with token, complete at /auth/reset-password?token=....
- Customize UI by overriding templates in frontend/templates/auth/ to match branding and flows.
FAQ
Set the provider list on UserModule (oauth_providers) and provide client ID/secret as MYFY_USER_OAUTH_<PROVIDER>_CLIENT_ID and _CLIENT_SECRET environment variables.
When should I use sessions vs JWT?
Use sessions for browser-based web flows where cookies are convenient; use JWTs for stateless API clients and mobile apps that manage tokens.