api-jwt-authenticator

# API JWT Authenticator Skill ## When to Use This Skill Use this conceptual skill when you need to implement secure JWT-based authentication for FastAPI REST APIs. This skill is appropriate for: - Protecting API endpoints that require user authentication - Enforcing user-specific access control (ensuring users can only access their own resources) - Implementing stateless authentication in microservices - Securing REST APIs with standard JWT token validation - Adding role-based access control (RBAC) to API endpoints This skill should NOT be used for: - Public APIs that don't require authentication - APIs that use alternative authentication methods (OAuth, API keys, etc.) - Simple applications where basic auth is sufficient ## Prerequisites - Understanding of JWT (JSON Web Token) concepts - FastAPI application framework knowledge - Basic security principles and authentication patterns - Environment for managing secret keys securely ## Conceptual Implementation Framework ### JWT Token Extraction Capability - Extract JWT tokens from the Authorization header in the format "Bearer <token>" - Handle malformed or missing authorization headers appropriately - Validate the presence of the "Bearer" prefix in the header ### Token Validation Capability - Validate JWT tokens using a shared secret key - Verify token signature to ensure integrity - Check token expiration (exp) claim to prevent usage of expired tokens - Validate token issuer (iss) and audience (aud) claims when appli...