Insforge Integrations

Name: Insforge Integrations
Author: insforge

insforge/agent-skills

Wire Auth0 login to InsForge with a Post Login JWT claim and Next.js session handling so Row Level Security keys off the authenticated user’s sub.

Overview

InsForge Integrations is an agent skill for the Build phase that walks through Auth0 Post Login JWT claims, Next.js session wiring, and InsForge client plus RLS setup.

Install

npx skills add https://github.com/insforge/agent-skills --skill insforge-integrations

What is this skill?

Nine-step recommended workflow from Auth0 app creation through InsForge CRUD pages
Post Login Action pattern that mints an InsForge-compatible JWT on the ID token for edgeFunctionToken
Next.js v4+ setup: auth0 client with beforeSessionSaved, middleware, layout, and lib/insforge.ts utility
Database section for requesting_user_id(), tables, and RLS tied to JWT sub claims
Recommended workflow lists 9 ordered steps from Auth0 application through CRUD features

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 8.5k installs on skills.sh; 27 GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You have Auth0 users and an InsForge project but no reliable way to pass a validated JWT from login into InsForge calls and database policies.

Who is it for?

Solo builders shipping a Next.js SaaS who already chose Auth0 for login and InsForge for data or edge functions.

Skip if: Projects using a different auth provider without JWT customization, or backends that do not use InsForge’s client and RLS model.

When should I use this skill?

When integrating Auth0 authentication with InsForge in a Next.js application using Post Login Actions and RLS.

What do I get? / Deliverables

A Next.js app extracts the custom JWT claim, configures the InsForge client with edgeFunctionToken, and applies RLS using the Auth0 sub across your tables.

lib/auth0.ts and lib/insforge.ts client utilities
Middleware, layout, and env configuration for callback URLs and tokens
InsForge schema with requesting_user_id() and RLS policies

Recommended Skills

Entra App Registrationmicrosoft/azure-skills

Walkthrough for Microsoft Entra ID app registration, OAuth configuration, and MSAL-based authentication setup.374k installs·1.2k stars

Azure Aigatewaymicrosoft/azure-skills

Quick reference for building and operating Azure API Management as an AI gateway using ARM .NET SDK and policy best prac…373k installs·1.2k stars

Lark Openapi Explorerlarksuite/cli

Escalation path for uncovered Lark/Feishu APIs: browse official OpenAPI docs and execute via lark-cli.208k installs·13.7k stars

Supabasesupabase/agent-skills

Authoritative Supabase agent skill for database, auth, edge functions, and client SSR with emphasis on up-to-date docs, …111k installs·2.2k stars

Firebase Auth Basicsfirebase/agent-skills

firebase-auth-basics is a guided agent skill for solo builders implementing Firebase Authentication in web or mobile-bac…75.7k installs·345 stars

Firebase Data Connectfirebase/agent-skills

Firebase Data Connect is an agent skill that equips solo builders to design relational data layers on Firebase using Gra…73.2k installs·345 stars

Journey fit

Primary fit

BuildIntegrations & version control

Auth plus backend client setup happens while you are assembling the product’s data and identity layer, not during launch marketing. Integrations fits because the skill is a cross-vendor wiring guide—Auth0 Actions, InsForge CLI, Next.js middleware—not generic UI work.

Also useful

ShipSecurity

How it compares

This is a full-stack integration playbook, not a drop-in MCP server—you still paste Auth0 Action code and configure dashboards manually.

Common Questions / FAQ

Who is insforge-integrations for?

Indie developers building Next.js apps that need Auth0 sessions to authorize InsForge database and API access via JWT claims.

When should I use insforge-integrations?

During Build while wiring authentication, middleware, InsForge client utilities, and RLS—before you ship user-specific CRUD screens.

Is insforge-integrations safe to install?

Treat Auth0 secrets and InsForge keys as sensitive; review Security Audits on this page and never commit .env.local values the skill references.

SKILL.md

READMESKILL.md - Insforge Integrations

# InsForge + Auth0 Integration Guide

Auth0 signs an InsForge-compatible JWT inside a **Post Login Action**, embeds it as a custom claim on the ID token, and the Next.js app extracts it to pass to the InsForge client as `edgeFunctionToken`. InsForge validates the token and uses the `sub` claim for Row Level Security.

## Key packages

- `@auth0/nextjs-auth0` — Auth0 SDK for Next.js (use v4+)
- `@insforge/sdk` — InsForge client

## Recommended Workflow

```text
1. Create Auth0 application       → Auth0 Dashboard (manual)
2. Create/link InsForge project   → npx @insforge/cli create or link
3. Create Post Login Action       → Auth0 Dashboard (manual, paste code below)
4. Install deps + configure env   → npm install, .env.local
5. Set up Auth0 client            → lib/auth0.ts with beforeSessionSaved
6. Set up middleware + layout      → middleware.ts, app/layout.tsx
7. Create InsForge client utility → lib/insforge.ts
8. Set up InsForge database        → requesting_user_id() + table + RLS
9. Build features                  → CRUD pages using InsForge client
```

## Dashboard setup (manual, cannot be automated)

### Auth0 Application
- Create a **Regular Web Application** in Auth0 Dashboard > Applications
- Set **Allowed Callback URLs** to `http://localhost:3000/auth/callback`
- Set **Allowed Logout URLs** to `http://localhost:3000`
- Note down **Domain**, **Client ID**, **Client Secret**

### Auth0 Post Login Action
- Create in Auth0 Dashboard > Actions > Library > Build Custom
- Name: `Generate InsForge Token`, trigger: **Post Login**
- Add `jsonwebtoken` as a dependency in the action editor
- Add `INSFORGE_JWT_SECRET` in the action's **Secrets** tab
- Deploy the action and drag it into the **post-login** trigger flow

### InsForge Project
- Create via `npx @insforge/cli create` or link via `npx @insforge/cli link --project-id <id>`
- Get the JWT secret via CLI: `npx @insforge/cli secrets get JWT_SECRET`
- Note down **URL** and **Anon Key** from InsForge, then store the CLI value in Auth0 as `INSFORGE_JWT_SECRET`

## Auth0 Post Login Action

This code runs in Auth0's environment (not your app). The action must sign a JWT with the InsForge secret and attach it as a namespaced custom claim on the ID token.

```javascript
const jwt = require('jsonwebtoken');

exports.onExecutePostLogin = async (event, api) => {
  const insforgeToken = jwt.sign(
    {
      sub: event.user.user_id,
      role: 'authenticated',
      aud: 'insforge-api',
      email: event.user.email,
    },
    event.secrets.INSFORGE_JWT_SECRET,
    { expiresIn: '1h' }
  );

  api.idToken.setCustomClaim('https://insforge.dev/insforge_token', insforgeToken);
};
```

## Auth0 v4 SDK — `beforeSessionSaved`

Auth0 v4 SDK **filters out custom claims** from the ID token by default. You **must** configure `beforeSessionSaved` on `Auth0Client` to extract the InsForge token into the session. Without this, `getSession().user` will not contain the token.

**The `idToken` parameter is a raw JWT string**, not a decoded object — you must split and base64url-decode it:

```typescript
// lib/auth0.ts
beforeSessionSaved: async (session, idToken) => {
  if (idToken) {
    const parts = idToken.split(".");
    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
    const insforgeToken = payload["https://insforge.dev/insforge_token"];
    if (insforgeToken) {
      (session.user ??= {})["https://insforge.dev/insforge_token"] = insforgeToken;
    }
  }
  return session;
}
```

## Middleware

- Auth0 v4 uses `auth0.middleware()` exported directly from `middleware.ts` as `export const middleware = auth0.middleware()`
- No `app/api/auth/[auth0]/route.js` needed in v4
- Match paths: `/auth/:path*` and any protected routes

```typescript
// middleware.ts
import { auth0 } from "@/lib/auth0";

export const middleware = auth0.middleware();

export const config = {
  matcher: ["/auth/:path*", "/protected/:path*"],
};
```

## Layout

- Wrap the app with `Auth0Provider` from `

What is this skill?

Nine-step recommended workflow from Auth0 app creation through InsForge CRUD pages

Post Login Action pattern that mints an InsForge-compatible JWT on the ID token for edgeFunctionToken

Next.js v4+ setup: auth0 client with beforeSessionSaved, middleware, layout, and lib/insforge.ts utility

Database section for requesting_user_id(), tables, and RLS tied to JWT sub claims

Recommended workflow lists 9 ordered steps from Auth0 application through CRUD features

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 8.5k installs on skills.sh; 27 GitHub stars; 2/3 security scanners passed (skills.sh audits).

What do I get? / Deliverables

A Next.js app extracts the custom JWT claim, configures the InsForge client with edgeFunctionToken, and applies RLS using the Auth0 sub across your tables.

lib/auth0.ts and lib/insforge.ts client utilities

Middleware, layout, and env configuration for callback URLs and tokens

InsForge schema with requesting_user_id() and RLS policies

Journey fit

Primary fit

BuildIntegrations & version control

Also useful

ShipSecurity

SKILL.md

READMESKILL.md - Insforge Integrations

# InsForge + Auth0 Integration Guide

Auth0 signs an InsForge-compatible JWT inside a **Post Login Action**, embeds it as a custom claim on the ID token, and the Next.js app extracts it to pass to the InsForge client as `edgeFunctionToken`. InsForge validates the token and uses the `sub` claim for Row Level Security.

## Key packages

- `@auth0/nextjs-auth0` — Auth0 SDK for Next.js (use v4+)
- `@insforge/sdk` — InsForge client

## Recommended Workflow

```text
1. Create Auth0 application       → Auth0 Dashboard (manual)
2. Create/link InsForge project   → npx @insforge/cli create or link
3. Create Post Login Action       → Auth0 Dashboard (manual, paste code below)
4. Install deps + configure env   → npm install, .env.local
5. Set up Auth0 client            → lib/auth0.ts with beforeSessionSaved
6. Set up middleware + layout      → middleware.ts, app/layout.tsx
7. Create InsForge client utility → lib/insforge.ts
8. Set up InsForge database        → requesting_user_id() + table + RLS
9. Build features                  → CRUD pages using InsForge client
```

## Dashboard setup (manual, cannot be automated)

### Auth0 Application
- Create a **Regular Web Application** in Auth0 Dashboard > Applications
- Set **Allowed Callback URLs** to `http://localhost:3000/auth/callback`
- Set **Allowed Logout URLs** to `http://localhost:3000`
- Note down **Domain**, **Client ID**, **Client Secret**

### Auth0 Post Login Action
- Create in Auth0 Dashboard > Actions > Library > Build Custom
- Name: `Generate InsForge Token`, trigger: **Post Login**
- Add `jsonwebtoken` as a dependency in the action editor
- Add `INSFORGE_JWT_SECRET` in the action's **Secrets** tab
- Deploy the action and drag it into the **post-login** trigger flow

### InsForge Project
- Create via `npx @insforge/cli create` or link via `npx @insforge/cli link --project-id <id>`
- Get the JWT secret via CLI: `npx @insforge/cli secrets get JWT_SECRET`
- Note down **URL** and **Anon Key** from InsForge, then store the CLI value in Auth0 as `INSFORGE_JWT_SECRET`

## Auth0 Post Login Action

This code runs in Auth0's environment (not your app). The action must sign a JWT with the InsForge secret and attach it as a namespaced custom claim on the ID token.

```javascript
const jwt = require('jsonwebtoken');

exports.onExecutePostLogin = async (event, api) => {
  const insforgeToken = jwt.sign(
    {
      sub: event.user.user_id,
      role: 'authenticated',
      aud: 'insforge-api',
      email: event.user.email,
    },
    event.secrets.INSFORGE_JWT_SECRET,
    { expiresIn: '1h' }
  );

  api.idToken.setCustomClaim('https://insforge.dev/insforge_token', insforgeToken);
};
```

## Auth0 v4 SDK — `beforeSessionSaved`

Auth0 v4 SDK **filters out custom claims** from the ID token by default. You **must** configure `beforeSessionSaved` on `Auth0Client` to extract the InsForge token into the session. Without this, `getSession().user` will not contain the token.

**The `idToken` parameter is a raw JWT string**, not a decoded object — you must split and base64url-decode it:

```typescript
// lib/auth0.ts
beforeSessionSaved: async (session, idToken) => {
  if (idToken) {
    const parts = idToken.split(".");
    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
    const insforgeToken = payload["https://insforge.dev/insforge_token"];
    if (insforgeToken) {
      (session.user ??= {})["https://insforge.dev/insforge_token"] = insforgeToken;
    }
  }
  return session;
}
```

## Middleware

- Auth0 v4 uses `auth0.middleware()` exported directly from `middleware.ts` as `export const middleware = auth0.middleware()`
- No `app/api/auth/[auth0]/route.js` needed in v4
- Match paths: `/auth/:path*` and any protected routes

```typescript
// middleware.ts
import { auth0 } from "@/lib/auth0";

export const middleware = auth0.middleware();

export const config = {
  matcher: ["/auth/:path*", "/protected/:path*"],
};
```

## Layout

- Wrap the app with `Auth0Provider` from `

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is insforge-integrations for?

When should I use insforge-integrations?

Is insforge-integrations safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is insforge-integrations for?

When should I use insforge-integrations?

Is insforge-integrations safe to install?

SKILL.md