> **Building with AI coding agents?** If you're using an AI coding agent, install the official Scalekit plugin. It gives your agent full awareness of the Scalekit API — reducing hallucinations and enabling faster, more accurate code generation. > > - **Claude Code**: `/plugin marketplace add scalekit-inc/claude-code-authstack` then `/plugin install @scalekit-auth-stack` > - **GitHub Copilot CLI**: `copilot plugin marketplace add scalekit-inc/github-copilot-authstack` then `copilot plugin install @scalekit-auth-stack` > - **Codex**: run the bash installer, restart, then open Plugin Directory and enable `` > - **Skills CLI** (Windsurf, Cline, 40+ agents): `npx skills add scalekit-inc/skills --list` then `--skill ` > > `` / ``: `agentkit`, `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` — [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/) --- # Coding agents: Add full-stack auth to your app Let your coding agents guide you into implementing Scalekit full-stack authentication in minutes FSAClaudeCodeSection, FSACodexSection, FSAGitHubCopilotCLISection, CursorCodingAgentSection, SkillsCLICodingAgentSection } from '@/components/templates' Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to implement Scalekit's full-stack authentication end-to-end in your web applications. This guide shows you how to configure these agents so they analyze your codebase, apply consistent authentication patterns, and generate production-ready code for login, session management, and logout that follows security best practices while reducing implementation time from hours to minutes. ### Claude Code 1. ## Add the Scalekit Auth Stack marketplace Not yet on Claude Code? Follow the [official quickstart guide](https://code.claude.com/docs/en/quickstart) to install it. Register Scalekit's plugin marketplace to access pre-configured authentication skills. This marketplace provides context-aware prompts and implementation guides that help coding agents generate correct Full Stack Auth code. Start the Claude Code REPL: ```bash title="Terminal" frame="terminal" showLineNumbers=false claude ``` Then add the marketplace: ```bash title="Claude REPL" showLineNumbers=false /plugin marketplace add scalekit-inc/claude-code-authstack ``` When the marketplace registers successfully, you'll see confirmation output: ```bash title="Terminal" frame="terminal" showLineNumbers=false ❯ /plugin marketplace add scalekit-inc/claude-code-authstack ⎿ Successfully added marketplace: scalekit-auth-stack ``` The marketplace provides specialized authentication plugins that understand full-stack auth patterns and OAuth 2.0 security requirements. These plugins guide the coding agent to generate implementation code that matches your project structure. 2. ## Enable authentication plugins Select which authentication capabilities to activate in your development environment. Each plugin provides specific skills that the coding agent uses to generate authentication code. Directly install the specific plugin: ```bash title="Claude REPL" showLineNumbers=false /plugin install full-stack-auth@scalekit-auth-stack ``` ## Alternative: Enable authentication plugins via plugin wizard Run the plugin wizard to browse and enable available plugins: ```bash title="Claude REPL" showLineNumbers=false /plugins ``` Navigate through the visual interface to enable the Full Stack Auth plugin. > tip: Auto-update recommendations > > Enable auto-updates for authentication plugins to receive security patches and improvements. Scalekit regularly updates plugins based on community feedback and security best practices. 3. ## Generate authentication implementation Use a structured prompt to direct the coding agent. A well-formed prompt ensures the agent generates complete, production-ready Full Stack Auth code that includes all required security components. Copy the following prompt into your coding agent: ```md wrap showLineNumbers=false title="Authentication implementation prompt" Guide the coding agent to implement Scalekit full-stack auth — initialize ScalekitClient with environment credentials, implement the login redirect, handle the OAuth callback to exchange the code for tokens, store the session securely, and add a logout endpoint that clears the session. Code only. ``` When you submit this prompt, Claude Code loads the Full Stack Auth skill from the marketplace -> analyzes your existing application structure -> generates Scalekit client initialization with environment credentials -> creates the login redirect handler -> implements the OAuth callback to exchange the authorization code for tokens -> adds secure session storage and a logout endpoint. > caution: Review generated code > > Always review AI-generated authentication code before deployment. Verify that environment variables, token validation logic, and error handling match your security requirements. The coding agent provides a foundation, but you must ensure it aligns with your application's specific needs. 4. ## Verify the implementation After the coding agent completes, verify that all authentication components are properly configured: Check generated files: - Scalekit client initialization with environment credentials (you may need to set up a `.env` file with your Scalekit API credentials) - Login route that redirects to Scalekit's authorization endpoint - OAuth callback route that exchanges the code for tokens - Secure session storage with proper cookie attributes - Logout endpoint that clears the session The login flow should redirect users to Scalekit's authorization page, where they authenticate. Your application should then exchange the returned authorization code for tokens, store the session, and redirect the user to the protected area of your app. When you connect, users authenticate through the OAuth 2.0 flow you configured. Verify that protected routes require a valid session and that the logout endpoint properly clears session state. ### Codex 1. ## Install the Scalekit Auth Stack marketplace Install Scalekit's Codex-native marketplace to access focused authentication plugins and reusable implementation guidance. Run the bootstrap installer: ```bash title="Terminal" frame="terminal" showLineNumbers=false curl -fsSL https://raw.githubusercontent.com/scalekit-inc/codex-authstack/main/install.sh | bash ``` This installer downloads the marketplace from GitHub, installs it into `~/.codex/marketplaces/scalekit-auth-stack`, and only updates `~/.agents/plugins/marketplace.json` when it is safe to do so. > tip: If Codex skips your personal marketplace file > > The installer avoids overwriting another personal marketplace by default. If it skips that file, follow the installer's manual path and select the marketplace from `~/.codex/marketplaces/scalekit-auth-stack/.agents/plugins/marketplace.json`. 2. ## Enable the Full Stack Auth plugin Restart Codex so it reloads installed marketplaces, then open the Plugin Directory and select **Scalekit Auth Stack**. Install the `full-stack-auth` plugin. This plugin includes the workflows, references, and prompts Codex uses to generate Full Stack Auth code that matches your existing project structure. 3. ## Generate the authentication implementation Use a structured prompt to direct Codex. A well-formed prompt helps Codex generate complete, production-ready Full Stack Auth code that includes the core security components. Copy the following prompt into Codex: ```md wrap showLineNumbers=false title="Authentication implementation prompt" Guide the coding agent to implement Scalekit full-stack auth — initialize ScalekitClient with environment credentials, implement the login redirect, handle the OAuth callback to exchange the code for tokens, store the session securely, and add a logout endpoint that clears the session. Code only. ``` When you submit this prompt, Codex loads the Full Stack Auth plugin from the Scalekit Auth Stack marketplace, analyzes your existing application structure, generates Scalekit client initialization with environment credentials, creates the login redirect handler, implements the OAuth callback to exchange the authorization code for tokens, and adds secure session storage with a logout endpoint. > caution: Review generated code > > Always review AI-generated authentication code before deployment. Verify that environment variables, token validation logic, and error handling match your security requirements. The coding agent provides a foundation, but you must ensure it aligns with your application's specific needs. 4. ## Verify the implementation After Codex completes, verify that all authentication components are properly configured: Check generated files: - Scalekit client initialization with environment credentials. You may need to set up a `.env` file with your Scalekit API credentials. - Login route that redirects to Scalekit's authorization endpoint - OAuth callback route that exchanges the code for tokens - Secure session storage with proper cookie attributes - Logout endpoint that clears session state The login flow should redirect users to Scalekit's authorization page, where they authenticate. Your application should then exchange the returned authorization code for tokens, store the session, and redirect the user to the protected area of your app. When you connect, users authenticate through the OAuth 2.0 flow you configured. Verify that protected routes require a valid session and that the logout endpoint properly clears session state. ### GitHub Copilot CLI 1. ## Add the Scalekit authstack marketplace Need to install GitHub Copilot CLI? See the [getting started guide](https://docs.github.com/en/copilot/how-tos/copilot-cli/cli-getting-started) — an active GitHub Copilot subscription is required. Register Scalekit's plugin marketplace to access pre-configured authentication plugins. This marketplace provides implementation skills that help GitHub Copilot generate correct Full Stack Auth code. ```bash title="Terminal" frame="terminal" showLineNumbers=false copilot plugin marketplace add scalekit-inc/github-copilot-authstack ``` The marketplace provides specialized plugins that understand full-stack auth patterns and OAuth 2.0 security requirements. These plugins guide GitHub Copilot to generate implementation code that matches your project structure. 2. ## Install the Full Stack Auth plugin Install the Full Stack Auth plugin to give GitHub Copilot the skills needed to generate complete authentication code: ```bash title="Terminal" frame="terminal" showLineNumbers=false copilot plugin install full-stack-auth@scalekit-auth-stack ``` ## Verify the plugin is installed Confirm the plugin installed successfully: ```bash title="Terminal" frame="terminal" showLineNumbers=false copilot plugin list ``` > tip: Keep plugins updated > > Update authentication plugins regularly to receive security patches and improvements: > > ```bash title="Terminal" frame="terminal" showLineNumbers=false > copilot plugin update full-stack-auth@scalekit-auth-stack > ``` 3. ## Generate authentication implementation Use a structured prompt to direct GitHub Copilot. A well-formed prompt ensures the agent generates complete, production-ready Full Stack Auth code that includes all required security components. Copy the following command into your terminal: ```bash wrap title="Terminal" frame="terminal" showLineNumbers=false copilot "Implement Scalekit full-stack auth — initialize ScalekitClient with environment credentials, implement the login redirect, handle the OAuth callback to exchange the code for tokens, store the session securely, and add a logout endpoint that clears the session. Code only." ``` GitHub Copilot uses the Full Stack Auth plugin to analyze your existing application structure, generate Scalekit client initialization code, create the login redirect handler, implement the OAuth callback for token exchange, add secure session storage, and provide a logout endpoint. > caution: Review generated code > > Always review AI-generated authentication code before deployment. Verify that environment variables, token validation logic, and error handling match your security requirements. The coding agent provides a foundation, but you must ensure it aligns with your application's specific needs. 4. ## Verify the implementation After GitHub Copilot completes, verify that all authentication components are properly configured: Check generated files: - Scalekit client initialization with environment credentials (you may need to set up a `.env` file with your Scalekit API credentials) - Login route that redirects to Scalekit's authorization endpoint - OAuth callback route that exchanges the code for tokens - Secure session storage with proper cookie attributes - Logout endpoint that clears the session The login flow should redirect users to Scalekit's authorization page, where they authenticate. Your application should then exchange the returned authorization code for tokens, store the session, and redirect the user to the protected area of your app. When you connect, users authenticate through the OAuth 2.0 flow you configured. Verify that protected routes require a valid session and that the logout endpoint properly clears session state. ### Cursor > note: Scalekit Auth Stack is under review on Cursor Marketplace > > The Scalekit Auth Stack plugin is currently under review and not yet live on [cursor.com/marketplace](https://cursor.com/marketplace). Once approved, you'll be able to install it directly with an "Add to Cursor" button. > > Until then, use the local installer to load the plugins into Cursor. 1. ## Install the Scalekit Auth Stack locally ```bash title="Terminal" frame="terminal" showLineNumbers=false curl -fsSL https://raw.githubusercontent.com/scalekit-inc/cursor-authstack/main/install.sh | bash ``` This installer downloads the latest Scalekit Cursor plugin bundle and installs each auth plugin into `~/.cursor/plugins/local/`. > tip: Use a symlink when iterating locally > > If you're developing the plugin repo locally and want changes to show up without recopies, use the local installer path described in the repository README to symlink plugins into `~/.cursor/plugins/local`. 2. ## Reload Cursor and enable the plugin Restart Cursor, or run **Developer: Reload Window**, then open **Settings > Cursor Settings > Plugins**. {/* IMAGE PLACEHOLDER: Screenshot of Cursor Settings > Plugins showing Scalekit Auth Stack */} Select the authentication plugin you need, such as **Full Stack Auth**, **Modular SSO**, or **MCP Auth**, and enable it. > note: Alternatively: Install via Skills CLI > > You can also install Scalekit skills with the Vercel Skills CLI: > > ```bash title="Terminal" frame="terminal" showLineNumbers=false > npx skills add scalekit-inc/skills > ``` > > Use `--list` to browse available skills or `--skill ` to install a specific auth type. Refer to Cursor's documentation for how to invoke skills once installed. 3. ## Generate the implementation Open Cursor's chat panel with **Cmd+L** (macOS) or **Ctrl+L** (Windows/Linux) and paste in an implementation prompt. Use the same prompt from the corresponding Claude Code tab — the Scalekit plugins and their authentication skills work identically in Cursor. > caution: Review generated code > > Always review AI-generated authentication code before deployment. Verify that environment variables, token validation logic, and error handling match your application's security requirements. 4. ## Verify the implementation After Cursor finishes generating code, confirm all authentication components are in place: - The Scalekit plugin appears in **Settings > Cursor Settings > Plugins** - Scalekit client initialized with your API credentials (set up a `.env` file with your Scalekit environment variables) - Authorization URL generation and callback handler - Session or token integration matching your application's existing patterns Once the Scalekit Auth Stack is live on [cursor.com/marketplace](https://cursor.com/marketplace), you'll be able to skip the local installer and install it directly inside Cursor. ### 40+ agents Scalekit skills work with 40+ AI agents via the [Vercel Skills CLI](https://vercel.com/docs/agent-resources/skills). Install skills to add Scalekit authentication to your agent. Supported agents include Claude Code, Cursor, GitHub Copilot CLI, OpenCode, Windsurf, Cline, Gemini CLI, Codex, and 30+ others. 1. ## Install interactively Run the command with no flags to be guided through the available skills: ```bash title="Terminal" frame="terminal" showLineNumbers=false npx skills add scalekit-inc/skills ``` 2. ## Browse and install a specific skill Install the skill for your auth type (for example, MCP OAuth): ```bash title="Terminal" frame="terminal" showLineNumbers=false # List all available skills npx skills add scalekit-inc/skills --list # Install a specific skill npx skills add scalekit-inc/skills --skill adding-mcp-oauth ``` 3. ## Invoke the skill Each coding agent has its own behavior for invoking skills. In OpenCode, skills are invoked **automatically by the agent based on natural language** — no slash commands required. The agent has a list of available skills and their `description` fields in context. It reads your intent, matches it against those descriptions, and autonomously calls the skill tool to load the relevant `SKILL.md`. A clear, specific `description` in skill frontmatter is what the agent uses to decide which skill to invoke. **Flow in practice:** - You write a natural language message to the agent - The agent checks its context — it already sees `` with names and descriptions - If your request matches a skill's purpose, the agent calls `skill("")` internally - The full `SKILL.md` content loads into context and the agent follows those instructions {/* TODO: Add screenshot of OpenCode invoking Scalekit skill - use @/assets/docs/dev-kit/opencode-invoke-skill.png */} If your agent does not automatically pick up skills, you can run a command to load a skill and manually select Scalekit's skills to load into context. Refer to your favorite coding agent's documentation for how to invoke skills once they are installed. 4. ## Install all skills globally To add all Scalekit authentication skills to your agents: ```bash title="Terminal" frame="terminal" showLineNumbers=false npx skills add scalekit-inc/skills --all --global ``` This installs skills for Full Stack Auth, Agent Auth, MCP Auth, Modular SSO, and Modular SCIM. --- ## More Scalekit documentation | Resource | What it contains | When to use it | |----------|-----------------|----------------| | [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content | | [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas | | [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |