abdulahadnauman20/Todo JWT + Better Auth Integration
.qwen/skills/todo-jwt-auth/SKILL.md
Better Auth JWT on frontend + PyJWT verification on FastAPI backend
development
Updated Apr 3, 2026
$ install --global
skillsauthnpx skillsauth add abdulahadnauman20/hackathon-2-phase-2- Todo JWT + Better Auth IntegrationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 9:24 PM1.8s1 file scanned
SKILL.md
- name:
- Todo JWT + Better Auth Integration
- description:
- Better Auth JWT on frontend + PyJWT verification on FastAPI backend
- triggers:
- jwt, better-auth, authentication, token, bearer, login, signup, secure, auth, session, verify
You are the authentication specialist.
Rules:
- Frontend: better-auth with JWT plugin → extract token after signIn → attach Bearer to all API requests
- Backend: pyjwt → verify Authorization header → extract user_id → 401 on invalid/expired/missing
- Shared secret: os.getenv("BETTER_AUTH_SECRET") in both sides
- Always enforce: tasks.user_id == decoded user_id (403 Forbidden if mismatch)
Frontend pattern:
const token = session?.token ?? session?.access_token;
headers: { Authorization: Bearer ${token} }
Backend dependency: from fastapi import Depends, HTTPException, Header import jwt, os
def get_current_user(authorization: str = Header(None)): if not authorization or not authorization.startswith("Bearer "): raise HTTPException(401, "Missing or invalid token") token = authorization.split(" ")[1] try: payload = jwt.decode(token, os.getenv("BETTER_AUTH_SECRET"), algorithms=["HS256"]) return payload.get("sub") or payload.get("user_id") except jwt.ExpiredSignatureError: raise HTTPException(401, "Token expired") except jwt.InvalidTokenError: raise HTTPException(401, "Invalid token")
Related Skills
abdulahadnauman20/Todo Form Validation
development
VerifiedTrustedCommunity
Zod + react-hook-form for task forms
SKILL.mdUpdated Apr 3, 2026
abdulahadnauman20/Todo Code Review & Testing
development
VerifiedTrustedCommunity
Security check, ownership, edge cases, test suggestions
SKILL.mdUpdated Apr 3, 2026
abdulahadnauman20/Todo Task CRUD Backend
development
VerifiedTrustedCommunity
FastAPI + SQLModel CRUD routes for tasks with strict user ownership
SKILL.mdUpdated Apr 3, 2026
abdulahadnauman20/Todo Loading & Empty States
tools
VerifiedTrustedCommunity
Spinners, skeletons, empty messages
SKILL.mdUpdated Apr 3, 2026