Have Autohand Code use authentication skill guidance to add email, OAuth, session handling, callbacks, and protected route checks.
Wire sign-in, sessions, and protected routes safely
Security Build and change Implementation Code
autohand -p "Build this authentication flow with session handling, protected routes, and tests"
An auth flow with secure session handling, route protection, config notes, and validation tests.
Build an authentication flow with Autohand Code is a product security workflow that implements sign-in, OAuth or email flows, session handling, callbacks, protected routes, and tests using the project auth stack. ### At a glance | Question | Answer | | --- | --- | | Best for | new auth setup, provider integration, protected app areas, session bugs, and login flows that need tests | | Primary inputs | Auth provider, user model, callback URLs, and session requirements; Protected routes, roles, and redirect behavior; Environment variables, local test users, and security constraints | | Autohand Code returns | An auth flow with secure session handling, route protection, config notes, and validation tests. | | Avoid when | the identity provider, user model, or access policy is not decided | ### How Autohand Code handles this workflow 1. Finds the app routing, middleware, session, and user model patterns. 2. Adds provider config, callbacks, session checks, and protected routes through existing conventions. 3. Keeps secrets in environment configuration and documents required values. 4. Adds tests or browser checks for sign-in, sign-out, redirects, and denied access. ### Best inputs - Auth provider, user model, callback URLs, and session requirements - Protected routes, roles, and redirect behavior - Environment variables, local test users, and security constraints ### Strong prompt autohand -p "Build this authentication flow with session handling, protected routes, and tests" ### Autohand Code CLI options - Use `/skills use better-auth-best-practices` or a provider-specific auth skill when installed. - Run `autohand -p "Build this authentication flow with session handling, protected routes, and tests"` with the provider and routes. - Use `--restricted` for planning when secrets or identity settings are visible. ### Review before accepting Review session storage, redirect behavior, protected route checks, env docs, and tests for allowed and denied access. ### Source and validation signals Autohand AI maintains this workflow as first-party product guidance for Autohand Code. Use the [Autohand CLI Playbook](https://github.com/autohandai/code-cli/blob/main/docs/AUTOHAND_PLAYBOOK.md), [CLI reference](/docs/working-with-autohand-code/cli-reference.html), and [configuration reference](https://github.com/autohandai/code-cli/blob/main/docs/config-reference.md) when choosing between interactive mode, command mode, auto-mode, feature-enabled /goal, /settings, skills, MCP, and permission settings. The related resources below link to product docs and tutorials for the workflow, and the final answer should name repository-specific files, commands, outputs, or docs that a reviewer can verify. ### Frequently asked questions ### What is Build an authentication flow with Autohand Code? Build an authentication flow with Autohand Code is a product security workflow that implements sign-in, OAuth or email flows, session handling, callbacks, protected routes, and tests using the project auth stack. ### When should a team use Build an authentication flow? Use it when authentication touches product routing, backend sessions, and security policy together. ### What evidence should reviewers check for Build an authentication flow? Review session storage, redirect behavior, protected route checks, env docs, and tests for allowed and denied access.
Skill Skilled: Better Auth Best Practices Use auth setup and session guidance. https://skilled.autohand.ai/skill/better-auth-best-practices Guide Security Best Practices Keep credentials and access checks safe. /docs/guides/security-best-practices.html Guide Enterprise Security Apply secure deployment constraints. /docs/guides/enterprise-security.html