Auth Debug Skill
When to Apply
- •Login succeeds but users appear unauthenticated.
- •Requests return 401/403 unexpectedly.
- •Session/cookie/token handling is inconsistent across environments.
Workflow
- •Read auth-related requirements from
specs/specs.mdandspecs/security-spec.md. - •Identify auth model in use (session cookie, token, OAuth, SSO, hybrid).
- •Trace the failing request path:
- •client request headers/cookies
- •server middleware/guards
- •role/policy checks
- •Verify environment/config factors (domains, CORS, secure cookie, token expiry).
- •Propose minimal fix and include regression tests/checklist.
Quality Bar
- •No broad permission bypasses.
- •Preserve least privilege.
- •Include one concrete reproduction and one verification path.