hive-auth
How authentication works in Hive framework
Best use case
hive-auth is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
How authentication works in Hive framework
Teams using hive-auth should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/hive-auth/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How hive-auth Compares
| Feature / Agent | hive-auth | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
How authentication works in Hive framework
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Authentication
Hive provides auth infrastructure but **no built-in auth endpoints**. You implement login/signup yourself.
## Built-in (in .hive/)
- `tokens` collection - stores access tokens
- `attachUser` middleware - loads user from token
- `isAuthorized` middleware - requires auth
- `allowNoAuth` middleware - skips auth
## How It Works
1. Token extracted from cookie `access_token` or `Authorization: Bearer` header
2. Token looked up in `tokens` collection
3. User loaded from `users` collection
4. User attached to `ctx.state.user`
## Token Schema (built-in)
```javascript
{
_id: string,
user: { _id: string },
token: string,
metadata: object (optional),
}
```
## Implement Auth Endpoints
**1. Create token helper:**
```javascript
// src/resources/auth/methods/createToken.js
import db from 'db';
import crypto from 'crypto';
const tokenService = db.services.tokens;
export default async (ctx, { userId, metadata }) => {
const token = crypto.randomBytes(32).toString('hex');
await tokenService.create({
token,
user: { _id: userId },
...(metadata && { metadata }),
});
ctx.cookies.set('access_token', token, {
httpOnly: false,
expires: new Date(Date.now() + 10 * 365 * 24 * 60 * 60 * 1000),
});
return { token };
};
```
**2. Login endpoint:**
```javascript
// src/resources/auth/endpoints/login.js
import { z } from 'zod';
import db from 'db';
import bcrypt from 'bcrypt';
import createToken from '../methods/createToken';
export const handler = async (ctx) => {
const { email, password } = ctx.validatedData;
const user = await db.services.users.findOne(
{ email },
{ isIncludeSecureFields: true }
);
ctx.assert(user, 401, 'Invalid credentials');
const valid = await bcrypt.compare(password, user.password);
ctx.assert(valid, 401, 'Invalid credentials');
const { token } = await createToken(ctx, { userId: user._id });
return { user, token };
};
export const middlewares = ['allowNoAuth'];
export const endpoint = { url: '/login', method: 'post' };
export const requestSchema = z.object({
email: z.string().email(),
password: z.string(),
});
```
**3. Logout endpoint:**
```javascript
// src/resources/auth/endpoints/logout.js
import { z } from 'zod';
import db from 'db';
export const handler = async (ctx) => {
await db.services.tokens.remove({ token: ctx.state.accessToken });
ctx.cookies.set('access_token', null);
return { success: true };
};
export const endpoint = { url: '/logout', method: 'post' };
export const requestSchema = z.object({});
```
## Users Schema (add password)
```javascript
// src/resources/users/users.schema.js
password: z.coerce.string().nullable().optional(),
// Hide from responses
export const secureFields = ['password'];
```
## Client Usage
**Browser (cookies):**
```javascript
await fetch('/auth/login', { method: 'POST', credentials: 'include', body });
```
**API (header):**
```javascript
await fetch('/tasks', { headers: { Authorization: `Bearer ${token}` } });
```Related Skills
rodauth
Plutonium Rodauth integration - authentication setup, account types, and configuration
openspec-bulk-archive-change
一次归档多个已完成的变更。用于归档多个并行变更。
openclaw-codex-oauth-proxy
OpenClaw 用 openai-codex(ChatGPT OAuth)跑 GPT-5.x Codex/Spark 的配置与排障(网关进程、代理、模型、thinking、JSON 输出)。
onesignal-user-auth-automation
Automate Onesignal User Auth tasks via Rube MCP (Composio). Always search tools first for current schemas.
oauth-platform-integration
Add new OAuth platform connectors to Twin Me Soul Signature Platform. Use when the user wants to integrate a new platform (Spotify, Netflix, LinkedIn, TikTok, etc.) for soul signature data extraction.
oauth-2-0-setup
Implement OAuth 2.0 authentication flows including authorization code with PKCE, client credentials, and device code for secure API integration.
moai-security-auth0
Auth0 security specialist covering attack protection, multi-factor authentication, token security, sender constraining, and compliance. Use when implementing Auth0 security features, configuring attack defenses, setting up MFA, or meeting regulatory requirements.
message-authentication-code-pattern
Security pattern for implementing Message Authentication Codes (MACs) to ensure data integrity and origin authentication. Use when implementing HMAC, CMAC, or other MAC algorithms, verifying message integrity, authenticating message origin with shared secrets, or when non-repudiation is NOT required. Specialization of Cryptographic action pattern.
doc-coauthoring
Guia os usuários através de um fluxo de trabalho estruturado para coautoria de documentação. Use quando o usuário quiser escrever documentação, propostas, especificações técnicas, documentos de decisão ou conteúdo estruturado semelhante. Este fluxo de trabalho ajuda os usuários a transferir contexto de forma eficiente, refinar o conteúdo através de iteração e verificar se o documento funciona para os leitores. Acione quando o usuário mencionar escrever documentos, criar propostas, redigir especificações ou tarefas de documentação semelhantes.
broken-authentication
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate ...
better-auth-v2
Production-ready authentication system using Better Auth v2 with latest features. Includes OAuth providers, advanced RBAC, multi-tenant support, and security best practices.
better-auth-skill
Configure Better Auth with JWT for secure authentication