ReddRadar
Agent skill
auth-tool-cloudbase
CloudBase auth provider configuration and login-readiness guide. This skill should be used when users need to inspect, enable, disable, or configure auth providers, publishable-key prerequisites, login methods, SMS/email sender setup, or other provider-side readiness before implementing a client or backend auth flow.
Install this agent skill to your Project
npx add-skill https://github.com/TencentCloudBase/CloudBase-MCP/tree/main/config/.claude/skills/auth-tool
SKILL.md
Activation Contract
Use this first when
- The task is to inspect, enable, disable, or configure CloudBase auth providers, login methods, publishable key prerequisites, SMS/email delivery, or third-party login readiness.
- An auth implementation cannot proceed until provider status and login configuration are confirmed.
- A CloudBase Web auth flow needs provider verification before
auth-web.
Read before writing code if
- The request mentions provider setup, auth console configuration, publishable key retrieval, login method availability, SMS/email sender setup, or third-party provider credentials.
- The task mixes provider configuration with Web, mini program, Node, or raw HTTP auth implementation.
Then also read
- Web auth UI ->
../auth-web/SKILL.md - Mini program native auth ->
../auth-wechat/SKILL.md - Node server-side identity / custom ticket ->
../auth-nodejs/SKILL.md - Native App / raw HTTP auth client ->
../http-api/SKILL.md
Do NOT use this as
- The default implementation guide for every login or registration request.
- A replacement for mini program native auth behavior when no provider change is involved.
- A replacement for Node-side caller identity, user lookup, or custom login ticket flows.
- A replacement for frontend integration, session handling, or client UX implementation.
Common mistakes / gotchas
- Writing login UI before enabling the required provider.
- Treating any mention of "auth" as a provider-management task.
- Implementing Web login in cloud functions.
- Routing native App auth to Web SDK flows.
Minimal checklist
- Read Authentication Activation Checklist before auth implementation.
Overview
Configure CloudBase authentication providers: Anonymous, Username/Password, SMS, Email, WeChat, Google, and more.
Prerequisites: CloudBase environment ID (env)
Authentication Scenarios
1. Get Login Config
Use the official login-config API. Do not use lowcode/DescribeLoginStrategy or lowcode/ModifyLoginStrategy as the default path.
Query current login configuration:
{
"params": { "EnvId": `env` },
"service": "tcb",
"action": "DescribeLoginConfig"
}
The response contains fields such as:
AnonymousLoginUserNameLoginPhoneNumberLoginEmailLoginSmsVerificationConfigMfaConfigPwdUpdateStrategy
Parameter mapping for downstream Web auth code:
PhoneNumberLogincontrols phone OTP flows used byauth-webauth.signInWithOtp({ phone })andauth.signUp({ phone })EmailLogincontrols email OTP flows used byauth-webauth.signInWithOtp({ email })andauth.signUp({ email })UserNameLogincontrols password login flows used byauth-webauth.signInWithPassword({ username, password })SmsVerificationConfig.Type = "apis"requires bothNameandMethodEnvIdis always the CloudBase environment ID, not the publishable key
Before calling ModifyLoginConfig, rebuild the payload from writable keys only. Do not spread the full response object back into the request.
const WritableLoginConfig = {
"PhoneNumberLogin": LoginConfig.PhoneNumberLogin,
"EmailLogin": LoginConfig.EmailLogin,
"UserNameLogin": LoginConfig.UserNameLogin,
"AnonymousLogin": LoginConfig.AnonymousLogin,
...(LoginConfig.SmsVerificationConfig ? { "SmsVerificationConfig": LoginConfig.SmsVerificationConfig } : {}),
...(LoginConfig.MfaConfig ? { "MfaConfig": LoginConfig.MfaConfig } : {}),
...(LoginConfig.PwdUpdateStrategy ? { "PwdUpdateStrategy": LoginConfig.PwdUpdateStrategy } : {})
}
2. Anonymous Login
- Get
LoginConfig(see Scenario 1) - Set
LoginConfig.AnonymousLogin = true(on) orfalse(off) - Update:
{
"params": { "EnvId": `env`, ...WritableLoginConfig, "AnonymousLogin": true },
"service": "tcb",
"action": "ModifyLoginConfig"
}
3. Username/Password Login
- Get
LoginConfig(see Scenario 1) - Set
LoginConfig.UserNameLogin = true(on) orfalse(off) - Update:
{
"params": { "EnvId": `env`, ...WritableLoginConfig, "UserNameLogin": true },
"service": "tcb",
"action": "ModifyLoginConfig"
}
4. SMS Login
- Get
LoginConfig(see Scenario 1) - Modify:
- Turn on:
LoginConfig.PhoneNumberLogin = true - Turn off:
LoginConfig.PhoneNumberLogin = false - Config (optional):
js
LoginConfig.SmsVerificationConfig = { Type: 'default', // 'default' or 'apis' Name: 'method_53978f9f96a35', // required when Type = 'apis' Method: 'SendVerificationCode', SmsDayLimit: 30 // -1 = unlimited }
- Turn on:
- Update:
{
"params": {
"EnvId": `env`,
...WritableLoginConfig,
"PhoneNumberLogin": true,
"SmsVerificationConfig": {
"Type": "default",
"SmsDayLimit": 30
}
},
"service": "tcb",
"action": "ModifyLoginConfig"
}
Use custom apis to send SMS:
{
"params": {
"EnvId": `env`,
...WritableLoginConfig,
"PhoneNumberLogin": true,
"SmsVerificationConfig": {
"Type": "apis",
"Name": "method_53978f9f96a35",
"Method": "SendVerificationCode",
"SmsDayLimit": 20
}
},
"service": "tcb",
"action": "ModifyLoginConfig"
}
5. Email Login
Email has two layers of configuration:
ModifyLoginConfig.EmailLogin: controls whether email/password login is enabledModifyProvider(Id="email"): controls the email sender channel and SMTP configuration- In Web auth code, this maps to
auth.signInWithOtp({ email })andauth.signUp({ email })
Turn on email/password login:
{
"params": { "EnvId": `env`, ...WritableLoginConfig, "EmailLogin": true },
"service": "tcb",
"action": "ModifyLoginConfig"
}
Turn off email/password login:
{
"params": { "EnvId": `env`, ...WritableLoginConfig, "EmailLogin": false },
"service": "tcb",
"action": "ModifyLoginConfig"
}
Configure email provider (Tencent Cloud email):
{
"params": {
"EnvId": `env`,
"Id": "email",
"On": "TRUE",
"EmailConfig": { "On": "TRUE", "SmtpConfig": {} }
},
"service": "tcb",
"action": "ModifyProvider"
}
Disable email provider:
{
"params": { "EnvId": `env`, "Id": "email", "On": "FALSE" },
"service": "tcb",
"action": "ModifyProvider"
}
Configure email provider (custom SMTP):
{
"params": {
"EnvId": `env`,
"Id": "email",
"On": "TRUE",
"EmailConfig": {
"On": "FALSE",
"SmtpConfig": {
"AccountPassword": "password",
"AccountUsername": "username",
"SecurityMode": "SSL",
"SenderAddress": "sender@example.com",
"ServerHost": "smtp.qq.com",
"ServerPort": 465
}
}
},
"service": "tcb",
"action": "ModifyProvider"
}
6. WeChat Login
- Get WeChat config:
{
"params": { "EnvId": `env` },
"service": "tcb",
"action": "GetProviders"
}
Filter by Id == "wx_open", save as WeChatProvider.
-
Get credentials from WeChat Open Platform:
AppIDAppSecret
-
Update:
{
"params": {
"EnvId": `env`,
"Id": "wx_open",
"On": "TRUE", // "FALSE" to disable
"Config": {
...WeChatProvider.Config,
ClientId: `AppID`,
ClientSecret: `AppSecret`
}
},
"service": "tcb",
"action": "ModifyProvider"
}
7. Google Login
- Get redirect URI:
{
"params": { "EnvId": `env` },
"service": "lowcode",
"action": "DescribeStaticDomain"
}
Save result.Data.StaticDomain as staticDomain.
-
Configure at Google Cloud Console:
- Create OAuth 2.0 Client ID
- Set redirect URI:
https://{staticDomain}/__auth/ - Get
Client IDandClient Secret
-
Enable:
{
"params": {
"EnvId": `env`,
"ProviderType": "OAUTH",
"Id": "google",
"On": "TRUE", // "FALSE" to disable
"Name": { "Message": "Google" },
"Description": { "Message": "" },
"Config": {
"ClientId": `Client ID`,
"ClientSecret": `Client Secret`,
"Scope": "email openid profile",
"AuthorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"TokenEndpoint": "https://oauth2.googleapis.com/token",
"UserinfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo",
"TokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"RequestParametersMap": {
"RegisterUserSyncScope": "syncEveryLogin",
"IsGoogle": "TRUE"
}
},
"Picture": "https://qcloudimg.tencent-cloud.cn/raw/f9131c00dcbcbccd5899a449d68da3ba.png",
"TransparentMode": "FALSE",
"ReuseUserId": "TRUE",
"AutoSignUpWithProviderUser": "TRUE"
},
"service": "tcb",
"action": "ModifyProvider"
}
8. Client Configuration Boundary
Use client APIs for client metadata and token/session settings. Do not use them as a replacement for login strategy or provider management.
Query client config:
{
"params": { "EnvId": `env`, "Id": `env` },
"service": "tcb",
"action": "DescribeClient"
}
Update client config:
{
"params": {
"EnvId": `env`,
"Id": `env`,
"AccessTokenExpiresIn": 7200,
"RefreshTokenExpiresIn": 2592000,
"MaxDevice": 3
},
"service": "tcb",
"action": "ModifyClient"
}
9. Get Publishable Key
Query existing key:
{
"params": { "EnvId": `env`, "KeyType": "publish_key", "PageNumber": 1, "PageSize": 10 },
"service": "lowcode",
"action": "DescribeApiKeyTokens"
}
Return PublishableKey.ApiKey if exists (filter by Name == "publish_key").
Create new key (if not exists):
{
"params": { "EnvId": `env`, "KeyType": "publish_key", "KeyName": "publish_key" },
"service": "lowcode",
"action": "CreateApiKeyToken"
}
If creation fails, direct user to: "https://tcb.cloud.tencent.com/dev?envId=env#/env/apikey"
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
TencentCloudBase/CloudBase-MCP
cloudbase
Essential CloudBase (TCB, Tencent CloudBase, 云开发, 微信云开发) development guidelines. MUST read when working with CloudBase projects, developing web apps, mini programs, backend services, fullstack development, static deployment, cloud functions, mysql/nosql database, authentication, cloud storage, web search or AI(LLM streaming) using CloudBase platform. Great supabase alternative.
TencentCloudBase/CloudBase-MCP
skill-authoring
Design, improve, and evaluate reusable agent skills with high-quality SKILL.md files, precise trigger descriptions, progressive disclosure, and testable behavior. This skill should be used when users ask to create a new skill, rewrite or review an existing skill, audit a skill collection such as `config/source/skills` for redundancy or overlap, improve skill trigger quality, organize skill references, or evaluate whether a skill should trigger and behave correctly.
TencentCloudBase/CloudBase-MCP
git-workflows
Reusable git delivery workflows derived from local slash commands (commit, push, PR, release notes, and GitHub Actions failure triage with worktree-based fixes).
TencentCloudBase/CloudBase-MCP
codebase-audit
Perform a full codebase review, categorize findings by severity, file GitHub issues, then fix each issue in an isolated git worktree and submit PRs. Use this skill when the user asks to audit the codebase, do a comprehensive code review, find and fix security/quality/reliability issues, or run a proactive health check across the entire repository.
TencentCloudBase/CloudBase-MCP
manage-local-skills
Analyze, standardize, validate, and sync locally maintained skills into agent skill directories with a `skills` CLI-aligned workflow. Use this skill when Codex needs to turn ad-hoc prompt or rules folders into reusable `SKILL.md`-based skills, install or sync one or more local skills from `./skills` into Claude, Cursor, CodeBuddy, Codex, or similar agent directories, or manage local skill path mappings and symlink or copy installation behavior.
TencentCloudBase/CloudBase-MCP
planning-workflows
Spec and no-spec planning workflows derived from local slash commands (requirements, design, tasks).
Didn't find tool you were looking for?