ReddRadar
Agent skill
jwt-handler
JWT creation, validation, and management for SDK authentication
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/sdk-platform-development/skills/jwt-handler
SKILL.md
JWT Handler Skill
Overview
This skill implements JWT-based authentication for SDKs including token creation, validation, key rotation via JWKS, and secure claims handling.
Capabilities
- Generate and validate JWTs with multiple algorithms
- Implement JWKS (JSON Web Key Set) key rotation
- Support multiple signing algorithms (RS256, ES256, EdDSA)
- Handle token claims validation and extraction
- Configure token expiration and refresh
- Implement audience and issuer validation
- Support nested JWTs and JWE encryption
- Handle clock skew tolerance
Target Processes
- Authentication and Authorization Patterns
- SDK Architecture Design
- Platform API Gateway Design
Integration Points
- jose libraries (node-jose, python-jose)
- JWKS endpoints for key distribution
- Identity providers
- Token introspection endpoints
- Key management systems
Input Requirements
- Signing algorithm preference
- Claims schema requirements
- Key rotation strategy
- Validation requirements
- Token lifetime configuration
Output Artifacts
- JWT generation module
- Token validation middleware
- JWKS endpoint implementation
- Claims extraction utilities
- Key rotation automation
- Token refresh handling
Usage Example
skill:
name: jwt-handler
context:
algorithm: RS256
issuer: "https://api.example.com"
audience: "api-users"
expiration: "1h"
refreshExpiration: "7d"
jwksEndpoint: "/.well-known/jwks.json"
keyRotation:
enabled: true
period: "30d"
claims:
- sub
- email
- roles
Best Practices
- Use asymmetric algorithms for public validation
- Implement key rotation via JWKS
- Validate all standard claims (iss, aud, exp)
- Handle clock skew appropriately
- Keep token payloads minimal
- Never store sensitive data in JWTs
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?