Stats
Actions
Tags
From full-stack-auth
Implements Scalekit full-stack authentication (FSA) including sign-up, login, logout, and secure session management using JWT tokens. Use when building or integrating user authentication with the Scalekit SDK across Node.js, Python, Go, or Java — or when the user asks about auth flows, OAuth callbacks, token refresh, or session handling with Scalekit.
How this skill is triggered — by the user, by Claude, or both
Slash command
/full-stack-auth:full-stack-authThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Install the SDK and set credentials in `.env`:
Install the SDK and set credentials in .env:
SCALEKIT_ENVIRONMENT_URL=<your-environment-url>
SCALEKIT_CLIENT_ID=<your-client-id>
SCALEKIT_CLIENT_SECRET=<your-client-secret>
Generate an authorization URL and redirect the user:
// Node.js
const authorizationUrl = scalekit.getAuthorizationUrl(redirectUri, {
scopes: ['openid', 'profile', 'email', 'offline_access']
});
res.redirect(authorizationUrl);
redirectUrimust exactly match the allowed callback URL registered in the Scalekit dashboard.
Exchange the authorization code for tokens:
// Node.js
const { user, idToken, accessToken, refreshToken } =
await scalekit.authenticateWithCode(code, redirectUri);
| Token | Purpose |
|---|---|
idToken | Full user profile (sub, oid, email, name, exp) |
accessToken | Roles + permissions; expires in 5 min (configurable) |
refreshToken | Long-lived; use to renew access tokens |
Store tokens in HttpOnly cookies:
// Node.js
res.cookie('accessToken', authResult.accessToken, {
maxAge: (authResult.expiresIn - 60) * 1000,
httpOnly: true, secure: true, path: '/api', sameSite: 'strict'
});
res.cookie('refreshToken', authResult.refreshToken, {
httpOnly: true, secure: true, path: '/auth/refresh', sameSite: 'strict'
});
Token validation middleware pattern:
accessToken cookie → decrypt → scalekit.validateAccessToken(token)scalekit.refreshAccessToken(refreshToken) → update cookiesClear session data, then redirect to Scalekit's logout endpoint:
// Node.js
clearSessionData();
const logoutUrl = scalekit.getLogoutUrl(idTokenHint, postLogoutRedirectUri);
res.redirect(logoutUrl); // One-time use URL; expires after logout
All SDK methods follow the same pattern across languages with minor naming conventions:
| Operation | Node.js | Python | Go | Java |
|---|---|---|---|---|
| Auth URL | getAuthorizationUrl | get_authorization_url | GetAuthorizationUrl | getAuthorizationUrl |
| Exchange code | authenticateWithCode | authenticate_with_code | AuthenticateWithCode | authenticateWithCode |
| Validate token | validateAccessToken | validate_access_token | ValidateAccessToken | validateAccessToken |
| Refresh token | refreshAccessToken | refresh_access_token | RefreshAccessToken | refreshToken |
| Logout URL | getLogoutUrl | get_logout_url | GetLogoutUrl | getLogoutUrl |
One integration enables: Magic Link & OTP, social sign-ins, enterprise SSO, workspaces, MCP authentication, SCIM provisioning, and user management.
npx claudepluginhub scalekit-inc/claude-code-authstack --plugin full-stack-authUse when adding authentication or login to any app - detects your stack (React, Next.js, Vue, Nuxt, Angular, Express, Fastify, FastAPI, ASP.NET Core, React Native, Expo, Android, Swift), sets up an Auth0 account if needed, and routes to the correct SDK setup workflow.
Implements auth patterns like JWT, OAuth2, sessions, and RBAC for securing APIs. Use for user auth, API protection, social login, or debugging security issues.
Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.