login
InSelfControll

auth0

by @InSelfControll in Development
0
0
# Install this skill:
npx skills add InSelfControll/ai-agent-skills --skill "auth0"

Install specific skill from multi-skill repository

# Description

Expert for Auth0 integration across Go backends and React frontends. Use when setting up OIDC authentication, validating JWTs in Go, or implementing Auth0 React SDK patterns.

# SKILL.md

name: auth0
description: Expert for Auth0 integration across Go backends and React frontends. Use when setting up OIDC authentication, validating JWTs in Go, or implementing Auth0 React SDK patterns.

Auth0 Integration Skill

This skill provides standard patterns for integrating Auth0 into a polyglot stack. It focuses on secure OIDC flows, JWT verification in Go, and efficient React state management.

Architectural Standards

1. Go Backend Integration (JWT Validation)

  • Verification: Use auth0/go-jwt-middleware and form3tech-oss/jwt-go.
  • JWKS Cache: Implement a caching mechanism for public keys from the .well-known/jwks.json endpoint to reduce latency.
  • Claims Mapping: Map Auth0's https://yourdomain.com/roles custom claims to internal Go RBAC structures. Validate the aud (Audience) and iss (Issuer) claims strictly.

2. React Frontend Integration

  • SDK: Use @auth0/auth0-react. Wrap the application root in Auth0Provider.
  • Silent Refresh: Implement getAccessTokenSilently with useAuth0. Use ignoreCache: true only when a fresh token is absolutely required for mutation.
  • Multi-tenant: Handle organization parameters in the login flow if using Auth0 Organizations.

3. TanStack Query Integration

const { getAccessTokenSilently, isAuthenticated } = useAuth0();

const useSecureQuery = (key: any[], fetcher: (token: string) => Promise<any>) => {
  return useQuery({
    queryKey: key,
    queryFn: async () => {
      if (!isAuthenticated) throw new Error("Not authenticated");
      const token = await getAccessTokenSilently();
      return fetcher(token);
    },
    enabled: isAuthenticated,
  });
};

4. Advanced Security

  • PKCE: Always ensure Authorization Code Flow with PKCE is enabled for SPAs.
  • CORS & Redirects: Strictly white-list only production and trusted dev URLs (e.g., http://localhost:5173).
  • MFA: Handle "MFA Required" errors in the frontend by prompting the user to complete the Auth0 MFA challenge.

Interaction Protocol

  • Input: Auth0 Domain, Client ID, Audience, and architectural requirements.
  • Output: Go middleware logic and React TanStack Query integration code.

Tag: Start your response with [AUTH0-INTEGRATION].

# Related Skills

facebook
feature-flags @facebook

Use when feature flag tests fail, flags need updating, understanding @gate pragmas, debugging...

β˜… 242,571
facebook
fix @facebook

Use when you have lint errors, formatting issues, or before committing code to ensure it passes CI.

β˜… 242,571
facebook
flags @facebook

Use when you need to check feature flag states, compare channels, or debug why a feature behaves...

β˜… 242,571

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

⚑ Amp πŸš€ Antigravity πŸ€– Claude Code πŸ¦€ Clawdbot πŸ“ Codex ▢️ Cursor πŸ€– Droid πŸ’Ž Gemini CLI πŸ™ GitHub Copilot πŸͺΏ Goose πŸ“Š Kilo Code πŸ”§ Kiro CLI πŸ’» OpenCode 🦘 Roo Code 🌲 Trae πŸ„ Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.