Workflow Development

Add Authentication

Workflow for implementing auth checks on routes or features

authsecuritybackend
CLAUDE.md

When adding authentication to a route or feature:

  1. Identify which routes or actions require authentication.
  2. Use the existing auth middleware or guard pattern in the project — don’t invent a new one.
  3. Add the auth check to each route. Verify it returns 401 for unauthenticated requests.
  4. If the feature requires authorization (not just authentication), check the user’s role or permissions and return 403 for unauthorized access.
  5. Write tests for: authenticated access (200), unauthenticated access (401), and unauthorized access (403).
  6. Verify that auth tokens/sessions are not logged or exposed in error responses.

Copy this workflow into your CLAUDE.md or agent config file so your agent follows this process automatically.

get crystl