Inertia Rails Authentication & Authorization

Trust Score 86/100

Practical guide for adding authentication and authorization to Inertia + Rails apps — covers Devise, has_secure_password, session sharing, permission props, and

triggers:inertia railsdevise setuphas_secure_passwordinertia_sharepundit

GitHub SKILL.md

What it does

This skill provides step-by-step guidance for implementing authentication and authorization in Rails applications that use Inertia.js for the frontend. It covers setting up Devise or has_secure_password, sharing auth state with Inertia (inertia_share), session handling, protected routes, CSRF handling, role-based access, and secure session configuration. The skill also explains patterns for passing permission flags to the frontend and integrating authorization libraries like Pundit or ActionPolicy.

When to use it

Use this skill when building or hardening auth flows for Inertia-powered Rails apps: onboarding Devise, creating login/registration flows, protecting controller actions, serialising user data safely for the client, and implementing per-record permission checks. It's useful during initial setup and during security reviews.

What's included

Scripts: none bundled; examples include Rails generators and migration commands.
References: compact code examples for controllers, models, Devise setup, sessions controller, Inertia props, and common patterns for logout, password reset, and encrypted history.
Instructions: recommended middleware, CSRF notes, rate-limiting suggestion, and how to safely expose minimal user data.

Compatible agents

Developer-focused coding assistants that can run Rails commands or generate code snippets (e.g., Copilot-style tools, Claude Code).

Audit Summary

Comprehensive guide for implementing authentication and authorization in Inertia Rails apps, covering Devise, has_secure_password, Pundit, ActionPolicy, session security, CSRF, and password resets. Includes both React and Vue component examples. No scripts to execute — purely a reference/tutorial skill. Code examples are idiomatic and well-structured, with good security practices (email enumeration prevention, CSRF handling, minimal data exposure).

Watch Out

No executable scripts — reference-only skill
Password reset token handling could be more secure (tokens in URL params)

Notes

Clean, well-written tutorial skill. No security concerns whatsoever — all code snippets are instructional and follow Rails security best practices. Lacks scripts/ or references/ directories which limits architecture score, but appropriate for a guide-type skill.

Information

Repository: inertia-rails-skills
Stars: 35
Installs: 0

Trust Score

Overall86

Security95

Code Quality82

Architecture68

Usefulness78

More from inertia-rails-skills

Inertia Rails Testing

Testing guide and helpers for Inertia Rails apps — RSpec/Minitest matchers and examples for Inertia responses, components, props, flashes, and partial reloads.

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

Clerk Vue Patterns

Vue 3 integration patterns for Clerk: composables, router guards, and Pinia auth store integration.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Cognitive Accessibility Specialist

Audits content, forms and authentication flows for cognitive accessibility (WCAG 2.2 / COGA) and gives prioritized remediation and plain-language guidance.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Back to Skills