CtrlK
BlogDocsLog inGet started
Tessl Logo

auth-patterns

This skill should be used when the user asks about "authentication in Next.js", "NextAuth", "Auth.js", "middleware auth", "protected routes", "session management", "JWT", "login flow", or needs guidance on implementing authentication and authorization in Next.js applications.

68

1.40x
Quality

55%

Does it follow best practices?

Impact

90%

1.40x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./.trae/skills/auth-patterns/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

89%

45%

Authentication Setup for a Multi-Tenant SaaS App

NextAuth v5 setup and RBAC configuration

Criteria
Without context
With context

Beta package version

0%

50%

Auth exports pattern

0%

100%

Correct route handler path

100%

100%

Route exports from handlers

25%

100%

Middleware auth export

0%

37%

SessionProvider wrapper

62%

75%

Client useSession hook

100%

100%

Server action sign-in/out

0%

100%

Type declaration file

100%

100%

JWT and session callbacks

100%

100%

AUTH_SECRET env var

0%

100%

Unauthorized redirect for wrong role

55%

100%

100%

6%

Secure Middleware Layer for a Next.js Dashboard App

Middleware JWT verification and route protection

Criteria
Without context
With context

jose library used

100%

100%

TextEncoder secret

100%

100%

HS256 algorithm specified

100%

100%

x-user-id header

100%

100%

x-user-role header

100%

100%

callbackUrl on redirect

33%

100%

Cookie deletion on invalid token

100%

100%

Auth route redirect

100%

100%

Matcher excludes static assets

100%

100%

X-Frame-Options header

100%

100%

X-Content-Type-Options header

100%

100%

Referrer-Policy header

100%

100%

83%

28%

Custom Session and Password Management Library

Custom session management and secure cookies

Criteria
Without context
With context

nanoid for session IDs

0%

100%

httpOnly cookie flag

100%

100%

Conditional secure flag

100%

100%

sameSite lax

100%

100%

path '/'

100%

100%

1-day refresh threshold

0%

100%

7-day session duration

0%

100%

Atomic token rotation

100%

100%

bcrypt cost factor 12

100%

100%

HS256 JWT algorithm

0%

0%

7-day JWT expiry

0%

0%

Repository
Lingjie-chen/MT5
Commit

3069d33

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Authentication Setup for a Multi-Tenant SaaS AppSecure Middleware Layer for a Next.js Dashboard AppCustom Session and Password Management Library

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill