AgentSkillsCN

auth0

借助 gh-aw CLI 工具调试 GitHub Agentic Workflow 的运行过程,深入探究失败原因、分析日志记录、定位 MCP 服务器问题,并排查工作流执行中的各类故障。当您遇到以下情形时,此技能将大显身手:(1) 探究工作流运行失败或出现意外行为的原因;(2) 分析工作流执行日志;(3) 调试 MCP 服务器的连接问题或工具可用性问题;(4) 创建问题以记录工作流中的各类难题;(5) 深入理解为何成功运行的工作流并未产生预期结果;(6) 检查工作流中可能存在的防火墙拦截或网络问题。

SKILL.md
--- frontmatter
name: auth0
description: Expert for Auth0 integration across Go backends and React frontends. Use when setting up OIDC authentication, validating JWTs in Go, or implementing Auth0 React SDK patterns.

Auth0 Integration Skill

This skill provides standard patterns for integrating Auth0 into a polyglot stack. It focuses on secure OIDC flows, JWT verification in Go, and efficient React state management.

Architectural Standards

1. Go Backend Integration (JWT Validation)

  • Verification: Use auth0/go-jwt-middleware and form3tech-oss/jwt-go.
  • JWKS Cache: Implement a caching mechanism for public keys from the .well-known/jwks.json endpoint to reduce latency.
  • Claims Mapping: Map Auth0's https://yourdomain.com/roles custom claims to internal Go RBAC structures. Validate the aud (Audience) and iss (Issuer) claims strictly.

2. React Frontend Integration

  • SDK: Use @auth0/auth0-react. Wrap the application root in Auth0Provider.
  • Silent Refresh: Implement getAccessTokenSilently with useAuth0. Use ignoreCache: true only when a fresh token is absolutely required for mutation.
  • Multi-tenant: Handle organization parameters in the login flow if using Auth0 Organizations.

3. TanStack Query Integration

typescript
const { getAccessTokenSilently, isAuthenticated } = useAuth0();

const useSecureQuery = (key: any[], fetcher: (token: string) => Promise<any>) => {
  return useQuery({
    queryKey: key,
    queryFn: async () => {
      if (!isAuthenticated) throw new Error("Not authenticated");
      const token = await getAccessTokenSilently();
      return fetcher(token);
    },
    enabled: isAuthenticated,
  });
};

4. Advanced Security

  • PKCE: Always ensure Authorization Code Flow with PKCE is enabled for SPAs.
  • CORS & Redirects: Strictly white-list only production and trusted dev URLs (e.g., http://localhost:5173).
  • MFA: Handle "MFA Required" errors in the frontend by prompting the user to complete the Auth0 MFA challenge.

Interaction Protocol

  • Input: Auth0 Domain, Client ID, Audience, and architectural requirements.
  • Output: Go middleware logic and React TanStack Query integration code.

Tag: Start your response with [AUTH0-INTEGRATION].