forge-auth
CommunityShip auth that resists the common breaches.
Legal & Compliance#authorization#authentication#session management#password hashing#jwt verification#mfa totp#oauth pkce
Authorf4rkh4d
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill prevents high-impact authentication mistakes by replacing fragile, ad-hoc patterns with well-understood, production-grade security primitives.
Core Features & Use Cases
- Hard rules for password hashing, sessions, JWT, OAuth, MFA, and resets: Argon2id/bcrypt, CSPRNG session IDs, secure cookies, RS256/EdDSA JWT verification, OAuth 2.1 with PKCE + state, MFA via TOTP/WebAuthn, and single-use hashed reset tokens.
- Anti-enumeration and timing discipline: Prevents user/account discovery and response-timing leaks on login and signup flows.
- Operational verification guidance: Includes an executable verifier that flags common weak patterns (e.g., Math.random for tokens, JWT decode without verify, localStorage token storage).
Quick Start
Use the forge-auth verifier to scan your authentication code at forge-auth/verify/check_auth.sh with a path to your auth implementation file.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: forge-auth Download link: https://github.com/f4rkh4d/forge-skill/archive/main.zip#forge-auth Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.