API身份验证完整指南：JWT、OAuth 2.0、API密钥实现与安全最佳实践

api-authentication by aj-geddes/useful-ai-prompts

202 周安装量

160 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill api-authentication

Node.js API 安全

🇨🇳中文介绍

API 身份验证

概述

为 API 实施全面的身份验证策略，包括 JWT 令牌、OAuth 2.0、API 密钥以及具有适当安全实践的会话管理。

使用场景

保护 API 端点
实现用户登录/注销流程
管理访问令牌和刷新令牌
集成 OAuth 2.0 提供商
保护敏感数据
实现 API 密钥身份验证

快速开始

最小工作示例：

// Node.js JWT Implementation
const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');

const app = express();
const SECRET_KEY = process.env.JWT_SECRET || 'your-secret-key';
const REFRESH_SECRET = process.env.REFRESH_SECRET || 'your-refresh-secret';

// User login endpoint
app.post('/api/auth/login', async (req, res) => {
  try {
    const { email, password } = req.body;

    // Find user in database
    const user = await User.findOne({ email });
    if (!user) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

    // Verify password
    const isValid = await bcrypt.compare(password, user.password);
    if (!isValid) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }
// ... (see reference guides for full implementation)

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

指南	内容
JWT Authentication	JWT 身份验证
OAuth 2.0 Implementation	OAuth 2.0 实现
API Key Authentication	API 密钥身份验证
Python Authentication Implementation	Python 身份验证实现

🇺🇸English

API Authentication

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement comprehensive authentication strategies for APIs including JWT tokens, OAuth 2.0, API keys, and session management with proper security practices.

When to Use

Securing API endpoints
Implementing user login/logout flows
Managing access tokens and refresh tokens
Integrating OAuth 2.0 providers
Protecting sensitive data
Implementing API key authentication

Quick Start

Minimal working example:

// Node.js JWT Implementation
const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');

const app = express();
const SECRET_KEY = process.env.JWT_SECRET || 'your-secret-key';
const REFRESH_SECRET = process.env.REFRESH_SECRET || 'your-refresh-secret';

// User login endpoint
app.post('/api/auth/login', async (req, res) => {
  try {
    const { email, password } = req.body;

    // Find user in database
    const user = await User.findOne({ email });
    if (!user) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

    // Verify password
    const isValid = await bcrypt.compare(password, user.password);
    if (!isValid) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
JWT Authentication	JWT Authentication
OAuth 2.0 Implementation	OAuth 2.0 Implementation
API Key Authentication	API Key Authentication
Python Authentication Implementation	Python Authentication Implementation

Best Practices

✅ DO

Use HTTPS for all authentication
Store tokens securely (HttpOnly cookies)
Implement token refresh mechanism
Set appropriate token expiration times
Hash and salt passwords
Use strong secret keys
Validate tokens on every request
Implement rate limiting on auth endpoints
Log authentication attempts
Rotate secrets regularly

❌ DON'T

Store passwords in plain text
Send tokens in URL parameters
Use weak secret keys
Store sensitive data in JWT payload
Ignore token expiration
Disable HTTPS in production
Log sensitive tokens
Reuse API keys across services
Store credentials in code

Weekly Installs

145

Repository

aj-geddes/usefu…-prompts

GitHub Stars

121

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode126

gemini-cli122

codex119

claude-code116

cursor110

github-copilot99

API身份验证完整指南：JWT、OAuth 2.0、API密钥实现与安全最佳实践

🇨🇳中文介绍

API 身份验证

目录

概述

使用场景

快速开始

相关 Skills

参考指南

最佳实践

✅ 应该做

❌ 不应该做