scalekit-inc/implementing-scalekit-fsa
plugins/full-stack-auth/skills/full-stack-auth/SKILL.md
Implements Scalekit full-stack authentication (FSA) including sign-up, login, logout, and secure session management using JWT tokens. Use when building or integrating user authentication with the Scalekit SDK across Node.js, Python, Go, or Java — or when the user asks about auth flows, OAuth callbacks, token refresh, or session handling with Scalekit.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add scalekit-inc/claude-code-authstack implementing-scalekit-fsaInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:39 AM12.5s1 file scanned
SKILL.md
- name:
- implementing-scalekit-fsa
- description:
- Implements Scalekit full-stack authentication (FSA) including sign-up, login, logout, and secure session management using JWT tokens. Use when building or integrating user authentication with the Scalekit SDK across Node.js, Python, Go, or Java — or when the user asks about auth flows, OAuth callbacks, token refresh, or session handling with Scalekit.
Scalekit Full-Stack Authentication
Setup
Install the SDK and set credentials in .env:
SCALEKIT_ENVIRONMENT_URL=<your-environment-url>
SCALEKIT_CLIENT_ID=<your-client-id>
SCALEKIT_CLIENT_SECRET=<your-client-secret>
Auth flow
1. Redirect to login
Generate an authorization URL and redirect the user:
// Node.js
const authorizationUrl = scalekit.getAuthorizationUrl(redirectUri, {
scopes: ['openid', 'profile', 'email', 'offline_access']
});
res.redirect(authorizationUrl);
redirectUrimust exactly match the allowed callback URL registered in the Scalekit dashboard.
2. Handle the callback
Exchange the authorization code for tokens:
// Node.js
const { user, idToken, accessToken, refreshToken } =
await scalekit.authenticateWithCode(code, redirectUri);
| Token | Purpose |
|---|---|
| idToken | Full user profile (sub, oid, email, name, exp) |
| accessToken | Roles + permissions; expires in 5 min (configurable) |
| refreshToken | Long-lived; use to renew access tokens |
3. Create the session
Store tokens in HttpOnly cookies:
// Node.js
res.cookie('accessToken', authResult.accessToken, {
maxAge: (authResult.expiresIn - 60) * 1000,
httpOnly: true, secure: true, path: '/api', sameSite: 'strict'
});
res.cookie('refreshToken', authResult.refreshToken, {
httpOnly: true, secure: true, path: '/auth/refresh', sameSite: 'strict'
});
Token validation middleware pattern:
- Read
accessTokencookie → decrypt →scalekit.validateAccessToken(token) - If invalid →
scalekit.refreshAccessToken(refreshToken)→ update cookies - If refresh fails → log out the user
4. Log out
Clear session data, then redirect to Scalekit's logout endpoint:
// Node.js
clearSessionData();
const logoutUrl = scalekit.getLogoutUrl(idTokenHint, postLogoutRedirectUri);
res.redirect(logoutUrl); // One-time use URL; expires after logout
Cross-language reference
All SDK methods follow the same pattern across languages with minor naming conventions:
| Operation | Node.js | Python | Go | Java |
|---|---|---|---|---|
| Auth URL | getAuthorizationUrl | get_authorization_url | GetAuthorizationUrl | getAuthorizationUrl |
| Exchange code | authenticateWithCode | authenticate_with_code | AuthenticateWithCode | authenticateWithCode |
| Validate token | validateAccessToken | validate_access_token | ValidateAccessToken | validateAccessToken |
| Refresh token | refreshAccessToken | refresh_access_token | RefreshAccessToken | refreshToken |
| Logout URL | getLogoutUrl | get_logout_url | GetLogoutUrl | getLogoutUrl |
What this unlocks
One integration enables: Magic Link & OTP, social sign-ins, enterprise SSO, workspaces, MCP authentication, SCIM provisioning, and user management.
Related Skills
scalekit-inc/production-readiness-scalekit
development
VerifiedTrustedCommunity
Walks through a structured production readiness checklist for Scalekit SSO implementations. Use when the user says they are going live, launching to production, doing a pre-launch review, hardening their SSO setup, or wants to verify their Scalekit implementation is production-ready.
SKILL.mdUpdated May 1, 2026
scalekit-inc/modular-sso
data-ai
VerifiedTrustedCommunity
Implements complete SSO and authentication flows using Scalekit. Handles modular SSO, IdP-initiated login, user session management, and enterprise customer onboarding. Use when adding authentication, SSO, SAML, OIDC, or user login to applications.
SKILL.mdUpdated Apr 16, 2026
scalekit-inc/implementing-admin-portal
testing
VerifiedTrustedCommunity
Implements Scalekit's admin portal for customer self-serve SSO and SCIM configuration. Generates portal links server-side and embeds the portal as an iframe in the app's settings UI. Use when the user asks to add an admin portal, customer self-serve SSO setup, iframe embed for SSO config, shareable setup link, or let customers configure their own SSO or SCIM connection.
SKILL.mdUpdated Apr 16, 2026
scalekit-inc/production-readiness-scalekit
development
VerifiedTrustedCommunity
Walks through a structured production readiness checklist for Scalekit SCIM provisioning implementations. Use when the user says they are going live, launching to production, doing a pre-launch review, or wants to verify their SCIM directory sync implementation is production-ready.
SKILL.mdUpdated Apr 16, 2026