authentication
SKILL.md
Authentication
The Boring JavaScript Stack uses session-based authentication with multiple sign-in methods. The Ascent templates provide production-ready implementations of password auth, magic links, passkeys, two-factor authentication, password reset, and OAuth — all built on Sails.js actions, helpers, and policies.
When to Use
Use this skill when:
- Implementing signup and login flows (password or magic link)
- Adding passkey (WebAuthn) support with
@simplewebauthn - Setting up two-factor authentication (TOTP, email codes, backup codes)
- Building password reset flows with secure token handling
- Integrating OAuth providers (Google, GitHub) via
sails-hook-wish - Configuring authentication policies (
is-authenticated,is-guest,has-partially-logged-in) - Understanding the
req.me/req.session.userIdpattern and return URL handling - Working with the User model's auth-related attributes and lifecycle callbacks
Rules
Read individual rule files for detailed explanations and code examples:
- rules/getting-started.md - Auth architecture, User model overview, policies, req.me, return URL
- rules/password-auth.md - Signup and login flows, password hashing, remember me, validation
- rules/magic-links.md - Token generation/hashing, request/verify actions, auto-signup, security
- rules/passkeys.md - WebAuthn with @simplewebauthn, registration and authentication flows
- rules/two-factor.md - TOTP, email 2FA, backup codes, partial login state, verify-2fa action
- rules/password-reset.md - Forgot/reset flow, token lifecycle, email integration, security
- rules/oauth.md - Wish library, Google/GitHub OAuth, redirect/callback, findOrCreate pattern
Weekly Installs
14
Repository
sailscastshq/bo…ng-stackGitHub Stars
491
First Seen
Feb 12, 2026
Security Audits
Installed on
github-copilot14
gemini-cli13
claude-code13
codex13
kimi-cli13
amp13