Inertia Rails Authentication & Authorization

What it does

This skill provides step-by-step guidance for implementing authentication and authorization in Rails applications that use Inertia.js for the frontend. It covers setting up Devise or has_secure_password, sharing auth state with Inertia (inertia_share), session handling, protected routes, CSRF handling, role-based access, and secure session configuration. The skill also explains patterns for passing permission flags to the frontend and integrating authorization libraries like Pundit or ActionPolicy.

When to use it

Use this skill when building or hardening auth flows for Inertia-powered Rails apps: onboarding Devise, creating login/registration flows, protecting controller actions, serialising user data safely for the client, and implementing per-record permission checks. It's useful during initial setup and during security reviews.

What's included

• Scripts: none bundled; examples include Rails generators and migration commands.
• References: compact code examples for controllers, models, Devise setup, sessions controller, Inertia props, and common patterns for logout, password reset, and encrypted history.
• Instructions: recommended middleware, CSRF notes, rate-limiting suggestion, and how to safely expose minimal user data.

Compatible agents

Developer-focused coding assistants that can run Rails commands or generate code snippets (e.g., Copilot-style tools, Claude Code).