Auth Layer

A drop-in skill for implementing Supabase authentication with JWT tokens and row-level security. When an agent loads this skill, it gains the ability to set up a full auth flow in ~15 minutes.

Use this skill when the user says any of: "add login", "set up auth", "protect this route", or "fix RLS".

When to use

• The project is a Next.js 14+ app or a Node/Express server.
• The database is Postgres (Supabase or self-hosted).
• You need email + OAuth login — not passwordless magic links only.
• Row-level security is required or will be soon.

The pattern

This skill follows a three-layer approach, top to bottom:

• Client: @supabase/ssr with cookie-based sessions.
• Server: middleware that refreshes the JWT and hydrates request.user.
• Database: RLS policies keyed off auth.uid() with indexed user_id columns.

Example policy

Every table with user data gets a policy like auth.uid() = user_id. Never trust the client to scope reads. The middleware sets the JWT, the database does the filtering.

Files this skill expects

• lib/supabase/server.ts — SSR client factory
• middleware.ts — session refresh on every request
• app/auth/callback/route.ts — OAuth handler
• supabase/migrations/*.sql — RLS policy migrations

Edge cases the agent will handle

• Service-role key leaking into client bundles — the skill checks for this.
• Missing user_id indexes — auto-suggests a migration.
• OAuth redirect loops caused by wrong redirectTo.