authentication

Original🇺🇸 English
Translated

Authentication patterns for The Boring JavaScript Stack — session-based auth with password, magic links, passkeys (WebAuthn), two-factor authentication (TOTP/email/backup codes), password reset, and OAuth. Use this skill when implementing or modifying any authentication flow in a Sails.js application.

1installs
Sourcesailscastshq/boring-stack
Added on

NPX Install

npx skill4agent add sailscastshq/boring-stack authentication

Tags

Translated version includes tags in frontmatter
session-authenticationsails-js-authwebauthn-passkeystwo-factor-authoauth-integration

SKILL.md Content

View Translation Comparison →

Authentication

The Boring JavaScript Stack uses session-based authentication with multiple sign-in methods. The Ascent templates provide production-ready implementations of password auth, magic links, passkeys, two-factor authentication, password reset, and OAuth — all built on Sails.js actions, helpers, and policies.

When to Use

Use this skill when:
  • Implementing signup and login flows (password or magic link)
  • Adding passkey (WebAuthn) support with 
    @simplewebauthn
  • Setting up two-factor authentication (TOTP, email codes, backup codes)
  • Building password reset flows with secure token handling
  • Integrating OAuth providers (Google, GitHub) via 
    sails-hook-wish
  • Configuring authentication policies (
    is-authenticated
    , 
    is-guest
    , 
    has-partially-logged-in
    )
  • Understanding the 
    req.me
    / 
    req.session.userId
    pattern and return URL handling
  • Working with the User model's auth-related attributes and lifecycle callbacks

Rules

Read individual rule files for detailed explanations and code examples:
  • rules/getting-started.md - Auth architecture, User model overview, policies, req.me, return URL
  • rules/password-auth.md - Signup and login flows, password hashing, remember me, validation
  • rules/magic-links.md - Token generation/hashing, request/verify actions, auto-signup, security
  • rules/passkeys.md - WebAuthn with @simplewebauthn, registration and authentication flows
  • rules/two-factor.md - TOTP, email 2FA, backup codes, partial login state, verify-2fa action
  • rules/password-reset.md - Forgot/reset flow, token lifecycle, email integration, security
  • rules/oauth.md - Wish library, Google/GitHub OAuth, redirect/callback, findOrCreate pattern