user-module_skill

This skill helps you implement comprehensive user authentication with email/password, OAuth, sessions, and JWT across web and API clients.
  • Python

83

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill psincraian/myfy --skill user-module

  • SKILL.md6.9 KB

Overview

This skill integrates a complete user authentication system (email/password, OAuth, sessions, and JWT) into Python applications built with the myfy framework. It exposes a UserModule and BaseUser to extend user models, register auth routes and templates, and manage sessions and tokens. It simplifies common flows: registration, login, password reset, email verification, and third-party OAuth.

How this skill works

The module provides a BaseUser model you extend with custom fields and registers a UserService and JWTService for user lifecycle operations. It auto-registers standard auth routes (login, register, forgot/reset password, verify email) and OAuth entry/callback endpoints. Sessions are cookie-backed for web routes while JWTs are available for API authentication. Configuration is driven by environment variables prefixed with MYFY_USER_.

When to use it

  • You need full user authentication with email/password and optional OAuth providers.
  • You want both session-based web auth and JWT-based API auth in the same app.
  • You need ready-made routes and templates for login, registration, password reset, and email verification.
  • You want an extendable user model with custom fields and relationships.
  • You need a service layer (UserService, JWTService) to manage users programmatically.

Best practices

  • Set a strong MYFY_USER_SECRET_KEY and secure environment for secrets.
  • Enable MYFY_USER_REQUIRE_EMAIL_VERIFICATION in production.
  • Use OAuth providers (Google, GitHub) to reduce password surface area.
  • Extend BaseUser for custom fields; avoid modifying BaseUser directly.
  • Use sessions for browser workflows and JWTs for API clients; apply rate limiting on auth routes.

Example use cases

  • Register a custom User model with extra fields (phone, is_admin, company relationship) and enable oauth_providers=['google','github'].
  • Protect endpoints by type-hinting User to inject the authenticated user or return 401 for unauthenticated access.
  • Build an API login endpoint that authenticates credentials and returns a JWT created by JWTService; clients send it in Authorization: Bearer <token>.
  • Implement password reset flow: request at /auth/forgot-password, send email with token, complete at /auth/reset-password?token=....
  • Customize UI by overriding templates in frontend/templates/auth/ to match branding and flows.

FAQ

Set the provider list on UserModule (oauth_providers) and provide client ID/secret as MYFY_USER_OAUTH_<PROVIDER>_CLIENT_ID and _CLIENT_SECRET environment variables.

When should I use sessions vs JWT?

Use sessions for browser-based web flows where cookies are convenient; use JWTs for stateless API clients and mobile apps that manage tokens.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
user-module skill by psincraian/myfy | VeilStrat