> nextjs-authentication
Secure token storage (HttpOnly Cookies) and Middleware patterns. Use when implementing authentication, secure session storage, or auth middleware in Next.js. (triggers: middleware.ts, **/auth.ts, **/login/page.tsx, cookie, jwt, session, localstorage, auth)
curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/nextjs-authentication?format=md"Authentication & Token Management
Priority: P0 (CRITICAL)
Use HttpOnly Cookies for token storage. Never use LocalStorage.
Key Rules
- Storage: Use
cookies().set()withhttpOnly: true,secure: true,sameSite: 'lax'. (Reference: Setting Tokens) - Access: Read tokens in Server Components via
cookies().get(). (Reference: Reading Tokens) - Protection: Guard routes in
middleware.tsbefore rendering. (Reference: Middleware Protection)
Anti-Pattern: LocalStorage
- Security Risk: Vulnerable to XSS.
- Performance Hit: Incompatible with Server Components (RSC). Forces client hydration and causes layout shift.
Related Topics
common/security-standards | server-components | app-router
> related_skills --same-repo
> typescript-tooling
Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling. (triggers: tsconfig.json, .eslintrc.*, jest.config.*, package.json, eslint, prettier, jest, vitest, build, compile, lint)
> typescript-security
Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration. (triggers: **/*.ts, **/*.tsx, validate, sanitize, xss, injection, auth, password, secret, token)
> typescript-language
Modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings. (triggers: **/*.ts, **/*.tsx, tsconfig.json, type, interface, generic, enum, union, intersection, readonly, const, namespace)
> typescript-best-practices
Idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic. (triggers: **/*.ts, **/*.tsx, class, function, module, import, export, async, promise)