api-authentication

# api-authentication

Backend API authentication skill for Clerk integration. Provides JWT middleware, route protection patterns, and API client generation for REST and GraphQL backends.

## Instructions

### Phase 1: Understand Requirements

1. Identify backend framework (Express, Fastify, Next.js API routes, etc.)
2. Determine authentication strategy (JWT validation, session tokens)
3. Check for existing Clerk configuration
4. Identify API endpoints to protect

### Phase 2: Setup API Authentication

Run the setup script to configure backend authentication:

```bash
bash scripts/setup-api-auth.sh <framework> <project-path>
```

**Supported Frameworks:**
- `express` - Express.js middleware
- `fastify` - Fastify decorators
- `nextjs` - Next.js API route helpers
- `fastapi` - FastAPI dependencies (Python)

**What it does:**
- Installs required Clerk SDK packages
- Creates middleware files from templates
- Configures environment variables
- Sets up JWT verification utilities
- Creates route protection helpers

### Phase 3: Implement Route Protection

**For Express/Node.js backends:**

Use the `api-middleware.ts` template:

```typescript
import { requireAuth } from './middleware/clerk-auth'

// Protect individual routes
app.get('/api/protected', requireAuth, (req, res) => {
  const userId = req.auth.userId
  res.json({ message: 'Protected data', userId })
})

// Protect route groups
app.use('/api/admin', requireAuth, adminRouter)
```

**For Next.js API routes:**

Use the `api-routes.ts` template:

```typescript
import { withAuth } from '@/lib/clerk-middleware'

export default withAuth(async (req, res) => {
  const { userId } = req.auth
  // Protected route logic
})
```

**For GraphQL:**

Use the `graphql-clerk.ts` example:

```typescript
import { ClerkExpressRequireAuth } from '@clerk/clerk-sdk-node'

const server = new ApolloServer({
  context: ({ req }) => ({
    userId: req.auth?.userId,
    user: req.auth?.user
  })
})

app.use('/graphql', ClerkExpressRequireAuth(),