Loading...
Loading...
Found 162 Skills
Authentication and authorization including JWT, OAuth2, OIDC, sessions, RBAC, and security analysis. Activate for login, auth flows, security audits, threat modeling, access control, and identity management.
Decode and inspect JSON Web Tokens (JWTs) without verification. Use when the user provides a JWT string and wants to see its header, payload, or claims — e.g. "decode this JWT", "what's in this token", "inspect this JWT", "show me the claims", "parse this token". Also triggers on raw JWT strings (three base64url segments separated by dots).
Guide first-time Enable Banking API setup and sample flows: Control Panel signup, sandbox application registration, browser-generated private key download, RS256 JWT creation, Authorization header setup, listing ASPSPs, starting AIS authorization, exchanging callback code for a session, fetching balances and transactions, creating a SEPA payment, redirecting the PSU, and checking payment status. Use when Codex needs to onboard a developer quickly or scaffold a minimal working Enable Banking sandbox integration.
Use when adding Auth0 token validation to Express or Node.js APIs - integrates express-oauth2-jwt-bearer SDK to protect Node.js API endpoints with JWT Bearer authentication, scope-based RBAC, claim validation, and optional DPoP support
Implements authentication, authorization, encryption, secrets management, and security hardening patterns. Use when designing auth flows, managing secrets, configuring CORS, implementing rate limiting, or when asked about JWT, OAuth, password hashing, API keys, RBAC, or security best practices.
Load PROACTIVELY when task involves user identity, login, or access control. Use when user says "add authentication", "set up login", "add OAuth", "protect these routes", "implement RBAC", or "add sign-up". Covers session management, JWT tokens, OAuth2 flows, password reset, email verification, protected route middleware, role-based access control, and security hardening (CSRF, rate limiting, token rotation).
pctl CLI (v0.6.3) — PAIC Control, a unified testing CLI for PingOne Advanced Identity Cloud (AIC). Handles connection profiles, JWT token generation/decoding/validation, authentication journey testing, local ELK stack management (Elasticsearch + Kibana log streaming), historical log search, and configuration change tracking. Contains environment shorthands, ELK workflow recipes, and gotchas.
Use when securing Fastify API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates @auth0/auth0-fastify-api for REST APIs receiving access tokens from frontends or mobile apps.
Build FastAPI services with JWT auth, structlog, and Prometheus metrics. Use when creating or modifying a Python HTTP server, adding authentication, structured logging, or instrumentation to a FastAPI app.
Build and debug Enable Banking API integrations for account information (AIS), payment initiation (PIS), ASPSP discovery, user sessions, JWT authentication with RSA certificates, sandbox setup, and TypeScript/Node clients. Use when Codex needs to implement Enable Banking request flows, generate or validate bearer JWTs, model Enable Banking schemas, handle PSU redirect callbacks, fetch accounts/balances/transactions, create payments, or troubleshoot Enable Banking API errors.
Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication on endpoints, weak password policies, credential stuffing susceptibility, token leakage in URLs or logs, and session management flaws. The tester evaluates JWT implementation, API key handling, OAuth flows, and session token entropy to identify authentication bypasses. Maps to OWASP API2:2023 Broken Authentication. Activates for requests involving API authentication testing, token validation assessment, credential security testing, or API auth bypass.
Implement advanced SLAS authentication patterns in B2C Commerce. Use when implementing passwordless login (email OTP, SMS OTP, passkeys), session bridging between PWA and SFRA, hybrid authentication, token refresh, or trusted system authentication. Covers authentication flows, token management, and JWT validation.