Setup Flows Auth

Name: Setup Flows Auth
Author: cognitedata

cognitedata/builder-skills

Wire Cognite Flows and CDF authentication into an existing React app when migrating to Fusion or when no Dune or App SDK auth is present yet.

Install

npx skills add https://github.com/cognitedata/builder-skills --skill setup-flows-auth

What is this skill?

Detects Classic (DuneAuthProvider) vs Apps API (connectToHostApp) from app.json infra field
No-op when a valid DuneAuthProvider or AppSdkAuthProvider setup is already detected
Installs @cognite/dune and optionally @cognite/app-sdk with entry-file wiring
Reads package.json, main/index TSX, vite.config, and app.json before acting
Defaults to Apps API when app.json is missing, matching modern @cognite/cli apps create

Adoption & trust: 1k installs on skills.sh; 4 GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Recommended Skills

Frontend Designanthropics/skills

Frontend Design is an agent skill for solo and indie builders who want web interfaces that look intentional, not like ev…516k installs·148k stars

Vercel React Best Practicesvercel-labs/agent-skills

Vercel React Best Practices is an agent skill packaging Vercel Engineering’s performance playbook for React and Next.js.…459k installs·27.7k stars

Remotion Best Practicesremotion-dev/skills

Remotion Best Practices is a domain knowledge agent skill for solo and indie builders who ship video with Remotion—progr…357k installs·3.5k stars

Vercel Composition Patternsvercel-labs/agent-skills

Vercel Composition Patterns is an agent-oriented skill from Vercel Labs that documents how solo and indie builders shoul…204k installs·27.7k stars

Develop Userscriptsxixu-me/skills

Guides building and fixing browser userscripts for Tampermonkey and ScriptCat, emphasizing runtime selection, minimal pe…154k installs·61 stars

Next Best Practicesvercel-labs/next-skills

Next Best Practices is a Vercel Labs agent skill that encodes how to write and review modern Next.js App Router projects…102k installs·919 stars

Journey fit

Primary fit

BuildIntegrations & version control

Auth and host wiring happen during product integration, before the app can call CDF inside Fusion. The skill installs packages, edits entry files, and chooses Classic vs Apps API flows—core third-party integration work, not greenfield UI.

Common Questions / FAQ

Is Setup Flows Auth safe to install?

skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Setup Flows Auth

# Set Up Flows Authentication

Wire a React app for Flows auth so it can talk to CDF inside Fusion. Two flows exist; pick one based on `app.json`.

## Pick the flow

Read `app.json` if present:

| `app.json` `infra` | Flow | Auth source | Extra package |
|---|---|---|---|
| `"appsApi"` | **Apps API** (new Fusion app host) | `connectToHostApp` from `@cognite/app-sdk` | `@cognite/app-sdk` |
| missing / other | **Classic** (legacy Files API) | `DuneAuthProvider` + `useDune()` from `@cognite/dune` | — |

No `app.json`? Ask the user. Default to **Apps API** — it's the default for `npx @cognite/cli@latest apps create`.

## Step 1 — Read state, decide whether to act

Read `package.json`, `src/main.tsx` (or `src/index.tsx`), `vite.config.ts`, `app.json`.

**A valid setup already exists if any of these is true — in which case do nothing and report no-op:**

- **Classic**: `<DuneAuthProvider>` from `@cognite/dune` wraps `<App />` in the entry file.
- **Apps API, provider pattern**: `<CogniteSdkProvider>` from `@cognite/app-sdk/react` wraps the app (in `App.tsx` or `main.tsx`), and nested components consume the client via `useCogniteSdk()`. Requires `@cognite/app-sdk >= 0.5.1`.

Detect the package manager from the lock file (`pnpm-lock.yaml` → pnpm, `yarn.lock` → yarn, otherwise npm).

## Step 2 — Install missing deps

**Classic flow:**

| Package | Type |
|---|---|
| `@cognite/dune` | runtime |
| `@cognite/sdk` | runtime |
| `@tanstack/react-query` | runtime |
| `vite-plugin-mkcert` | dev |

**Apps API flow:**

| Package | Type |
|---|---|
| `@cognite/app-sdk` | runtime |
| `@cognite/sdk` | runtime |
| `@tanstack/react-query` | runtime |
| `vite-plugin-mkcert` | dev |

Skip anything already in `package.json`. Use the detected package manager (`pnpm add`, `npm install`, `yarn add`; `-D` / `--save-dev` for dev deps).

## Step 3 — Vite config

Add only what's missing. Don't remove existing plugins.

### Classic flow

```ts
import { fusionOpenPlugin } from "@cognite/dune/vite";
import mkcert from "vite-plugin-mkcert";

export default defineConfig({
  base: "./",
  plugins: [react(), mkcert(), fusionOpenPlugin(), /* ... */],
  server: { port: 3001 },
  worker: { format: "es" },
});
```

### Apps API flow

```ts
// or see @cognite/cli/_templates/app/new/config/vite.config.ts.ejs.t source file for newest config
import { fusionOpenPlugin, manifestCspPlugin } from "@cognite/app-sdk/vite";
import mkcert from "vite-plugin-mkcert";

export default defineConfig({
  base: "./",
  // manifestCspPlugin() must be first — its middleware sets the CSP header before any HTML response
  plugins: [manifestCspPlugin(), react(), mkcert(), fusionOpenPlugin(), /* ... */],
  server: { port: 3001 },
  worker: { format: "es" },
});
```

- `base: "./"` — required for Fusion iframe deployment.
- `mkcert()` — provides HTTPS for the dev server (the Fusion parent is HTTPS).
- `fusionOpenPlugin()` — opens the dev URL inside Fusion automatically.
- `manifestCspPlugin()` (Apps API only) — enforces the CSP declared in `manifest.json`; must be first.
- `server.port: 3001` — convention; the plugin falls back to 3001 if no port is set.

## Step 4 — Wire up the entry file and component

### Classic flow

`src/main.tsx`:

```tsx
import { DuneAuthProvider } from "@cognite/dune";
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import React from "react";
import ReactDOM from

What is this skill?

Detects Classic (DuneAuthProvider) vs Apps API (connectToHostApp) from app.json infra field

No-op when a valid DuneAuthProvider or AppSdkAuthProvider setup is already detected

Installs @cognite/dune and optionally @cognite/app-sdk with entry-file wiring

Reads package.json, main/index TSX, vite.config, and app.json before acting

Defaults to Apps API when app.json is missing, matching modern @cognite/cli apps create

Adoption & trust: 1k installs on skills.sh; 4 GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Journey fit

Primary fit

BuildIntegrations & version control

SKILL.md

READMESKILL.md - Setup Flows Auth

# Set Up Flows Authentication

Wire a React app for Flows auth so it can talk to CDF inside Fusion. Two flows exist; pick one based on `app.json`.

## Pick the flow

Read `app.json` if present:

| `app.json` `infra` | Flow | Auth source | Extra package |
|---|---|---|---|
| `"appsApi"` | **Apps API** (new Fusion app host) | `connectToHostApp` from `@cognite/app-sdk` | `@cognite/app-sdk` |
| missing / other | **Classic** (legacy Files API) | `DuneAuthProvider` + `useDune()` from `@cognite/dune` | — |

No `app.json`? Ask the user. Default to **Apps API** — it's the default for `npx @cognite/cli@latest apps create`.

## Step 1 — Read state, decide whether to act

Read `package.json`, `src/main.tsx` (or `src/index.tsx`), `vite.config.ts`, `app.json`.

**A valid setup already exists if any of these is true — in which case do nothing and report no-op:**

- **Classic**: `<DuneAuthProvider>` from `@cognite/dune` wraps `<App />` in the entry file.
- **Apps API, provider pattern**: `<CogniteSdkProvider>` from `@cognite/app-sdk/react` wraps the app (in `App.tsx` or `main.tsx`), and nested components consume the client via `useCogniteSdk()`. Requires `@cognite/app-sdk >= 0.5.1`.

Detect the package manager from the lock file (`pnpm-lock.yaml` → pnpm, `yarn.lock` → yarn, otherwise npm).

## Step 2 — Install missing deps

**Classic flow:**

| Package | Type |
|---|---|
| `@cognite/dune` | runtime |
| `@cognite/sdk` | runtime |
| `@tanstack/react-query` | runtime |
| `vite-plugin-mkcert` | dev |

**Apps API flow:**

| Package | Type |
|---|---|
| `@cognite/app-sdk` | runtime |
| `@cognite/sdk` | runtime |
| `@tanstack/react-query` | runtime |
| `vite-plugin-mkcert` | dev |

Skip anything already in `package.json`. Use the detected package manager (`pnpm add`, `npm install`, `yarn add`; `-D` / `--save-dev` for dev deps).

## Step 3 — Vite config

Add only what's missing. Don't remove existing plugins.

### Classic flow

```ts
import { fusionOpenPlugin } from "@cognite/dune/vite";
import mkcert from "vite-plugin-mkcert";

export default defineConfig({
  base: "./",
  plugins: [react(), mkcert(), fusionOpenPlugin(), /* ... */],
  server: { port: 3001 },
  worker: { format: "es" },
});
```

### Apps API flow

```ts
// or see @cognite/cli/_templates/app/new/config/vite.config.ts.ejs.t source file for newest config
import { fusionOpenPlugin, manifestCspPlugin } from "@cognite/app-sdk/vite";
import mkcert from "vite-plugin-mkcert";

export default defineConfig({
  base: "./",
  // manifestCspPlugin() must be first — its middleware sets the CSP header before any HTML response
  plugins: [manifestCspPlugin(), react(), mkcert(), fusionOpenPlugin(), /* ... */],
  server: { port: 3001 },
  worker: { format: "es" },
});
```

- `base: "./"` — required for Fusion iframe deployment.
- `mkcert()` — provides HTTPS for the dev server (the Fusion parent is HTTPS).
- `fusionOpenPlugin()` — opens the dev URL inside Fusion automatically.
- `manifestCspPlugin()` (Apps API only) — enforces the CSP declared in `manifest.json`; must be first.
- `server.port: 3001` — convention; the plugin falls back to 3001 if no port is set.

## Step 4 — Wire up the entry file and component

### Classic flow

`src/main.tsx`:

```tsx
import { DuneAuthProvider } from "@cognite/dune";
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import React from "react";
import ReactDOM from

Install

What is this skill?

Recommended Skills

Journey fit

Is Setup Flows Auth safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Setup Flows Auth safe to install?

SKILL.md