riligar-dev-auth-elysia
npx machina-cli add skill riligar/agents-kit/riligar-dev-auth-elysia --openclawRiligar Auth Elysia Skill
This skill provides a backend workflow for integrating authentication and permissions using the @riligar/auth-elysia SDK.
Core Integration Workflow
1. Installation
Install the backend SDK:
bun add @riligar/auth-elysia
2. Environment Variables
Set up your Secret Key and URLs in your environment files.
[!CAUTION] Backend integration requires the Secret Key (
sk_...). Never share this key or include it in client-side code.
# .env.development
AUTH_API_URL=https://manager.myauth.click
AUTH_API_SECRET=sk_test_your_secret_key
AUTH_JWKS_URL=https://manager.myauth.click/.well-known/jwks.json
# .env.production
AUTH_API_URL=https://manager.myauth.click
AUTH_API_SECRET=sk_live_your_secret_key
AUTH_JWKS_URL=https://manager.myauth.click/.well-known/jwks.json
3. Plugin Registration
Add the authPlugin to your Elysia instance.
import { Elysia } from 'elysia'
import { authPlugin } from '@riligar/auth-elysia'
const app = new Elysia()
.use(
authPlugin({
apiUrl: process.env.AUTH_API_URL,
apiKey: process.env.AUTH_API_SECRET,
jwksUrl: process.env.AUTH_JWKS_URL,
})
)
.listen(3000)
For more patterns, see server-snippets.js.
Specialized Guides
- Context & User Data: Documentation for
ctx.authandctx.user. See context-and-user.md. - Route Protection: How to implement
requireAuthmiddleware and guard route groups. See route-protection.md. - Manual Verification: Using
verifyTokenfor custom JWT handling. See manual-verification.md.
Common Tasks
Protecting a Route Group
Use onBeforeHandle to secure multiple endpoints efficiently.
app.group('/api/v1', app => app.onBeforeHandle(requireAuth).get('/data', () => ({ ok: true })))
Accessing User Profile
Access the decoded user data directly from the context.
app.get('/profile', ({ user }) => {
return { id: user.id, email: user.email }
})
Source
git clone https://github.com/riligar/agents-kit/blob/prod/.agent/skills/riligar-dev-auth-elysia/SKILL.mdView on GitHub Overview
This skill guides integrating the Riligar Auth Elysia SDK into backend servers. It covers installing the SDK, configuring with the Secret Key and JWKS URL, protecting routes, accessing authenticated user data in handlers, and performing manual JWT verification.
How This Skill Works
Install the @riligar/auth-elysia SDK, set environment variables for AUTH_API_URL, AUTH_API_SECRET, and AUTH_JWKS_URL, then register the authPlugin with your Elysia instance. The plugin exposes ctx.auth and ctx.user for handlers and supports verifyToken for custom JWT handling.
When to Use It
- Set up a backend auth plugin
- Configure Elysia using the Riligar Secret Key and JWKS URL
- Protect API routes or groups with requireAuth
- Access authenticated user data in handlers via ctx.user
- Perform manual JWT verification with verifyToken
Quick Start
- Step 1: bun add @riligar/auth-elysia
- Step 2: Create environment files with AUTH_API_URL, AUTH_API_SECRET, AUTH_JWKS_URL
- Step 3: Initialize Elysia and register authPlugin with the env values, then run the server
Best Practices
- Keep the SECRET key secure; never expose it client-side or in client code.
- Store AUTH_API_URL, AUTH_API_SECRET, and AUTH_JWKS_URL in environment files per environment (.env.development, .env.production).
- Register the authPlugin early in your Elysia app initialization to ensure all routes are protected.
- Protect routes or groups using onBeforeHandle with requireAuth or route guards for scalable security.
- Use ctx.user and ctx.auth in handlers and leverage verifyToken for custom JWT workflows when needed.
Example Use Cases
- Protect a route group using onBeforeHandle(requireAuth) to secure multiple endpoints.
- Fetch authenticated user info in a /profile handler via ctx.user.
- Register the plugin with Elysia using apiUrl, apiKey, and jwksUrl sourced from environment variables.
- Perform manual JWT handling with verifyToken in a custom handler.
- Consult context-and-user and route-protection references for advanced usage.
