Add skill notes on using JWT auth#78
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI (base), Organization UI (inherited) Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughDocumentation-only changes across three build-plugin skill files: added a JWT Bearer authentication pattern to the checklist and metadata reference, including HMAC/asymmetric signing options and advanced JWT configuration, plus a minor punctuation fix in the UI field reference. ChangesJWT Bearer Documentation
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.claude/skills/build-plugin/references/metadata.md:
- Around line 187-188: The metadata docs for jwtTokenLocation currently present
"queryParam" as a neutral option, but it should be clearly marked as last-resort
because tokens can leak through URLs. Update the jwtTokenLocation and
jwtQueryParamName guidance in the metadata reference to warn that query-param
JWT transport is less secure than header-based transport and should only be used
when unavoidable, while keeping the header option as the default recommendation.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: ac457762-aeef-4a1d-bef1-04ffded5aac3
📒 Files selected for processing (3)
.claude/skills/build-plugin/SKILL.md.claude/skills/build-plugin/references/metadata.md.claude/skills/build-plugin/references/ui.md
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
🧩 Plugin PR Summaryℹ️ No plugins were modified in this PR. |
📋 Summary
Adds guidance for LLMs on how to use the newly added JWT auth handling
🔍 Scope of change
📚 Checklist
Summary by CodeRabbit