Stats
Actions
Tags
From core
Add ThunderID authentication to an Express application using the official @thunderid/express SDK. Use when asked to "add ThunderID to my Express app", "integrate ThunderID with Express", or "protect Express routes with ThunderID".
How this skill is triggered — by the user, by Claude, or both
Slash command
/core:integrate-expressThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Assumes ThunderID is running at `https://localhost:8090`. If not, run `/setup-thunderid` first.
Assumes ThunderID is running at https://localhost:8090. If not, run /setup-thunderid first.
https://localhost:8090/console and sign in as admin / adminhttp://localhost:3000/callbackFirst obtain a system API token from the ThunderID console, then:
curl -kL -X POST https://localhost:8090/applications \
-H 'Authorization: Bearer <your-system-token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "my-express-app",
"inboundAuthConfig": [{
"type": "oauth2",
"config": {
"grantTypes": ["authorization_code", "refresh_token"],
"responseTypes": ["code"],
"redirectUris": ["http://localhost:3000/callback"],
"tokenEndpointAuthMethod": "client_secret_basic",
"publicClient": false,
"pkceRequired": true
}
}]
}'
Detect the package manager from lockfiles: pnpm-lock.yaml → pnpm add, yarn.lock → yarn add, bun.lockb → bun add, else npm install.
npm install @thunderid/express
import express from 'express'
import { thunderID, requireAuth } from '@thunderid/express'
const app = express()
app.use(thunderID({
clientId: '<your-client-id>',
clientSecret: '<your-client-secret>',
baseUrl: 'https://localhost:8090',
redirectUri: 'http://localhost:3000/callback',
sessionSecret: '<random-string-at-least-32-chars>',
}))
The middleware automatically mounts /login, /callback, and /logout routes. You can customise the paths via options, or wire them manually:
// Manual login trigger
app.get('/login', (req, res) => {
res.thunderID.signIn()
})
// Manual logout trigger
app.get('/logout', (req, res) => {
res.thunderID.signOut()
})
// Redirect to login if not signed in (web routes)
app.get('/dashboard', requireAuth(), (req, res) => {
res.send(`Welcome, ${req.thunderID.user.name}`)
})
// Return 401 for API routes
app.get('/api/profile', requireAuth({ redirect: false }), (req, res) => {
res.json({ user: req.thunderID.user })
})
npm run dev # or node index.js
Visit http://localhost:3000/login — you should be redirected to https://localhost:8090 and returned after login.
Certificate error — Set NODE_TLS_REJECT_UNAUTHORIZED=0 in .env for local development (remove before deploying).
Session not persisting — Ensure sessionSecret is set and that your Express app has a session store configured for production.
invalid_client — Double-check the Client ID and Client Secret.
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.
npx claudepluginhub brionmario/thunderid-skills-poc --plugin integration