pikkujs/pikku-auth-js
.claude/skills/pikku-auth-js/SKILL.md
Use when integrating Auth.js (NextAuth) with a Pikku app. Covers createAuthHandler, createAuthRoutes, and Auth.js configuration. TRIGGER when: code uses createAuthHandler, createAuthRoutes, user asks about Auth.js, NextAuth, OAuth providers, or @pikku/auth-js. DO NOT TRIGGER when: user asks about JWT middleware (use pikku-security) or custom session services (use pikku-services).
$ install --global
skillsauthnpx skillsauth add pikkujs/pikku pikku-auth-jsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 9:50 PM8.6s1 file scanned
SKILL.md
- name:
- pikku-auth-js
- description:
- Use when integrating Auth.js (NextAuth) with a Pikku app. Covers createAuthHandler, createAuthRoutes, and Auth.js configuration.
- TRIGGER when:
- code uses createAuthHandler, createAuthRoutes, user asks about Auth.js, NextAuth, OAuth providers, or @pikku/auth-js.
- DO NOT TRIGGER when:
- user asks about JWT middleware (use pikku-security) or custom session services (use pikku-services).
Pikku Auth.js Integration
@pikku/auth-js provides Auth.js integration for Pikku apps, handling OAuth providers, session management, and auth routes.
Installation
yarn add @pikku/auth-js @auth/core
API Reference
createAuthHandler(config)
Creates a Pikku function that handles all Auth.js routes (signin, signout, callback, etc.):
import { createAuthHandler } from '@pikku/auth-js'
const authHandler = createAuthHandler(
config: AuthConfig | ((services: CoreSingletonServices) => AuthConfig | Promise<AuthConfig>)
)
// Returns: { func: CorePikkuFunctionSessionless }
The config can be static or a factory function that receives singleton services (useful for dynamic provider configuration).
createAuthRoutes(config, basePath?)
Creates HTTP route contracts for Auth.js endpoints:
import { createAuthRoutes } from '@pikku/auth-js'
const authRoutes = createAuthRoutes(
config: AuthConfig | ((services) => AuthConfig | Promise<AuthConfig>),
basePath?: string // default: '/auth'
)
// Returns: HTTPRouteContract<HTTPRouteMap>
Usage Patterns
Basic Setup
import { createAuthHandler, createAuthRoutes } from '@pikku/auth-js'
import GitHub from '@auth/core/providers/github'
const authConfig = {
providers: [
GitHub({
clientId: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
}),
],
}
const authHandler = createAuthHandler(authConfig)
const authRoutes = createAuthRoutes(authConfig)
Dynamic Config with Services
const authHandler = createAuthHandler(async (services) => {
const githubSecret = await services.secrets.getSecretJSON('github-oauth')
return {
providers: [
GitHub({
clientId: githubSecret.clientId,
clientSecret: githubSecret.clientSecret,
}),
],
}
})
Wiring Auth Routes
import { wireHTTPRoute } from '@pikku/core/http'
// Auth routes are automatically wired when passed to your HTTP runner
const routes = [
...authRoutes,
// ...your other routes
]
Related Skills
pikkujs/pikku-tag-middleware
documentation
VerifiedTrustedCommunity
Deprecated — use pikku-middleware instead. Tag middleware (addTagMiddleware) is now documented as a section within the pikku-middleware skill, alongside global HTTP middleware, execution order, and the service-to-service bearer auth pattern.
56SKILL.mdUpdated Jun 10, 2026
pikkujs/pikku-permissions
testing
VerifiedTrustedCommunity
Use when adding authorization checks to Pikku functions or routes — pikkuPermission, pikkuAuth, per-function permissions, pattern-based permissions, or understanding OR/AND permission logic. TRIGGER when: user wants to restrict who can call a function, check resource ownership, add role-based access, or understand where permission checks belong. DO NOT TRIGGER when: user asks about middleware or request interception (use pikku-middleware), authentication strategies (use pikku-security), or session management.
56SKILL.mdUpdated Jun 10, 2026
pikkujs/pikku-middleware
testing
VerifiedTrustedCommunity
Use when adding any middleware to a Pikku app — global HTTP middleware, tag-scoped middleware (including service-to-service bearer auth), per-route middleware, session-setting middleware, or understanding middleware execution order and priority. TRIGGER when: user wants middleware on some or all routes, machine-to-machine auth, tag-scoped cross-cutting concerns, global interceptors, or middleware priority/order questions. DO NOT TRIGGER when: user asks about permissions/authorization checks (use pikku-permissions), auth strategies like authBearer/authCookie (use pikku-security), or deployment.
56SKILL.mdUpdated Jun 10, 2026
pikkujs/pikku-template-clone
documentation
VerifiedTrustedCommunity
Standard cleanup to run right after a Pikku template is cloned or scaffolded into a new project. TRIGGER when: a Pikku template was just cloned/scaffolded (via `pikku create`, `git clone <template>`, or the user says "I cloned the kanban template / starter / template"), or the working tree still looks like an untouched template (template README, placeholder `@project/*` name in package.json). DO NOT TRIGGER when: working in an established project mid-feature, or editing the template repo itself.
56SKILL.mdUpdated Jun 4, 2026