Authentication Patterns
Drop interactive GitHub (and similar) authentication with caching into bash workflow skills so commands fail fast with clear prompts.
Overview
Authentication-patterns is an agent skill most often used in Build (integrations, also Ship review) that standardizes interactive CLI authentication with caching before workflow commands run.
Install
npx skills add https://github.com/athola/claude-night-market --skill authentication-patternsWhat is this skill?
- ensure_auth pattern replaces brittle manual gh auth status checks
- Auth status cached for 5 minutes with session persistence up to 24 hours
- Works in CI/CD when GITHUB_TOKEN is provided alongside interactive login flows
- Documented wiring for PR review and create-issue style slash commands
- Pre-flight check at workflow start for any external service access
Adoption & trust: 1 installs on skills.sh; 304 GitHub stars; 2/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).
What problem does it solve?
Your agent workflows call gh or other CLIs but fail with unclear errors when the user is not logged in or tokens are missing in CI.
Who is it for?
Builders maintaining bash-based agent commands in Leyline-style plugins who want one reusable auth module instead of per-script checks.
Skip if: Pure in-app OAuth flows or languages that never shell out to gh-style CLIs without adapting the bash module.
When should I use this skill?
At the start of any bash workflow or agent command that requires GitHub or external CLI authentication.
What do I get? / Deliverables
Workflows source ensure_auth helpers so users get guided login, cached auth for repeat commands, and reliable execution in local and token-based CI runs.
- Reusable ensure_auth integration in command scripts
- Documented before/after patterns for PR review and issue creation flows
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
External service hooks are built during integration work and reused whenever agents call APIs or CLIs. Integrations is the primary shelf because the module wraps ensure_auth for tools like gh before command logic runs.
Where it fits
Source interactive_auth.sh at the start of a new gh-backed slash command so the agent prompts once then caches success.
Run ensure_auth github before gh pr view and pull request comments during an automated PR review flow.
Wrap create-issue commands so contributors authenticate interactively instead of hitting opaque gh errors.
Use GITHUB_TOKEN in CI with the same ensure_auth gate so scheduled jobs and local dev share one pattern.
How it compares
Use as a workflow template layer, not a hosted identity provider or MCP auth server.
Common Questions / FAQ
Who is authentication-patterns for?
Solo developers wiring Claude Night Market / Leyline bash commands that need GitHub or similar CLI access with interactive fallback.
When should I use authentication-patterns?
Use it in Build (integrations) when authoring PR or issue commands; in Ship (review) before gh pr view or API calls; in Operate when automation scripts need GITHUB_TOKEN in CI.
Is authentication-patterns safe to install?
It runs shell auth helpers and may prompt for credentials; review the Security Audits panel on this page and scope tokens to least privilege.
SKILL.md
READMESKILL.md - Authentication Patterns
# Workflow Integration Examples Examples of integrating the interactive authentication module into existing workflows. ## Pattern: Pre-Flight Authentication Check Add authentication check at the start of any workflow requiring external service access. ### Before: Manual Auth Check ```bash # Old way - manual check, unclear error handling if ! gh auth status &>/dev/null; then echo "Error: Not authenticated" echo "Run: gh auth login" exit 1 fi gh pr view 123 ``` ### After: Interactive Auth with Caching ```bash # New way - interactive auth with caching source plugins/leyline/scripts/interactive_auth.sh ensure_auth github || exit 1 gh pr view 123 ``` ## Example 1: PR Review Command ```bash #!/usr/bin/env bash # /pr-review command # Source interactive auth source plugins/leyline/skills/authentication-patterns/modules/interactive_auth.sh # Ensure GitHub authentication if ! ensure_auth github; then echo "❌ GitHub authentication required for PR review" exit 1 fi # Get PR number PR_NUMBER="${1:-$(gh pr view --json number -q .number)}" # Continue with workflow echo "Reviewing PR #$PR_NUMBER..." gh pr view "$PR_NUMBER" gh api "repos/owner/repo/pulls/$PR_NUMBER/comments" ``` **Benefits:** - ✅ User is prompted to authenticate if needed - ✅ Auth status cached for 5 minutes - ✅ Session persists for 24 hours - ✅ Works in CI/CD with `GITHUB_TOKEN` ## Example 2: Create Issue Command ```bash #!/usr/bin/env bash # /create-issue command source plugins/leyline/skills/authentication-patterns/modules/interactive_auth.sh # Ensure authentication if ! ensure_auth github; then echo "❌ GitHub authentication required to create issues" exit 1 fi # Parse arguments TITLE="$1" shift # Create issue gh issue create --title "$TITLE" "$@" ``` ## Example 3: Multi-Service Workflow ```bash #!/usr/bin/env bash # Sync issues from GitHub to GitLab source plugins/leyline/skills/authentication-patterns/modules/interactive_auth.sh # Authenticate both services ensure_auth github || exit 1 ensure_auth gitlab || exit 1 # Sync issues gh issue list --json number,title | \ jq -r '.[] | "\(.number)|\(.title)"' | \ while IFS='|' read -r num title; do glab issue create --title "gh-$num: $title" done ``` ## Example 4: Batch Operations with Wrapper Functions ```bash #!/usr/bin/env bash # Batch PR operations source plugins/leyline/skills/authentication-patterns/modules/interactive_auth.sh # Use wrapper functions for cleaner code gh_api_with_auth "repos/owner/repo/pulls" | \ jq -r '.[].number' | \ while read -r pr_num; do gh_with_auth pr view "$pr_num" done ``` ## Example 5: CI/CD Pipeline Integration ```yaml # .github/workflows/pr-review.yml name: PR Review on: pull_request: types: [opened, synchronize] jobs: review: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup Python uses: actions/setup-python@v4 with: python-version: '3.11' - name: Install Claude Code plugins run: | # Plugin setup here : - name: Run PR Review env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AUTH_INTERACTIVE: false # Force non-interactive mode run: | source plugins/leyline/skills/authentication-patterns/modules/interactive_auth.sh # Will use GITHUB_TOKEN from environment if ! ensure_auth github; then echo "GitHub authentication failed" exit 1 fi # Run review /pr-review ${{ github.event.pull_request.number }} ``` **Key Points:** - `AUTH_INTERACTIVE=false` forces non-interactive mode - `GITHUB_TOKEN` is used automatically (GitHub Actions provides it) - No browser prompts in CI/CD environment ## Example 6: Fix PR Command Integration ```bash #!/usr/bin/env bash # /fix-pr command source plugins/leyline/skills/authentication-patterns/modules/interactive_auth.sh # Ensure authentication before starting workflow