Coding agents: Add auth to your AI agents

Let your coding agents guide you into adding auth to your agent to handle OAuth tokens and call tools on behalf of the user

Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to add Scalekit’s Agent Auth to your AI applications. This guide shows you how to configure these agents so they analyze your codebase, apply authentication patterns, and generate production-ready code for handling OAuth tokens and connecting to external services such as Gmail, Calendar, Slack, and Notion, reducing implementation time from hours to minutes while following security best practices.

Add the Scalekit Auth Stack marketplace

Not yet on Claude Code? Follow the official quickstart guide to install it.

Register Scalekit’s plugin marketplace to access pre-configured authentication skills. This marketplace provides context-aware prompts and implementation guides that help coding agents generate correct Agent Auth code.

Start the Claude Code REPL:
Terminal
```
claude
```
Then add the marketplace:
Claude REPL
```
/plugin marketplace add scalekit-inc/claude-code-authstack
```
When the marketplace registers successfully, you’ll see confirmation output:
Terminal
```
❯ /plugin marketplace add scalekit-inc/claude-code-authstack
   ⎿  Successfully added marketplace: scalekit-auth-stack
```
The marketplace provides specialized authentication plugins that understand Agent Auth patterns and OAuth 2.0 security requirements. These plugins guide the coding agent to generate implementation code that matches your project structure.

To remove the Scalekit Auth Stack marketplace, use the uninstall command:
Claude REPL
```
/plugin marketplace remove scalekit-auth-stack
```
Enable authentication plugins

Select which authentication capabilities to activate in your development environment. Each plugin provides specific skills that the coding agent uses to generate authentication code.

Directly install the specific plugin:
Claude REPL
```
/plugin install agent-auth@scalekit-auth-stack
```
Alternative: Enable authentication plugins via plugin wizard
Run the plugin wizard to browse and enable available plugins:
Claude REPL
```
/plugins
```
Navigate through the visual interface to enable the Agent Auth plugin.

Enable auto-updates for authentication plugins to receive security patches and improvements. Scalekit regularly updates plugins based on community feedback and security best practices.
Generate authentication implementation

Use a structured prompt to direct the coding agent. A well-formed prompt ensures the agent generates complete, production-ready Agent Auth code that includes all required security components.

Copy the following prompt into your coding agent:
Authentication implementation prompt
```
Guide me through configuring the installed Scalekit marketplace plugin to handle agent authentication for Gmail. Provide the code to trigger the auth flow, retrieve the secure user token, and then use that authenticated session to fetch and list the last 5 unread emails. Add logging to verify the flow.
```
When you submit this prompt, Claude Code loads the Agent Auth skill from the marketplace -> analyzes your existing application structure -> generates Scalekit client initialization -> creates connected account management functions -> implements OAuth authorization link generation -> adds token fetching and refresh logic.

Always review AI-generated authentication code before deployment. Verify that environment variables, token validation logic, and error handling match your security requirements. The coding agent provides a foundation, but you must ensure it aligns with your application’s specific needs.
Verify just-in-time implementation

After the coding agent completes, verify that all authentication components are properly configured:

Check generated files:
- Scalekit client initialization with credentials. You may need to set up a .env file with your Scalekit API credentials.
- Connected account management functions
- Authorization link generation
- Token fetching and storage
- Error handling for expired tokens
The authorization flow should redirect users to the service’s consent page, where they grant permissions. Your application should then be able to fetch OAuth tokens and execute actions on behalf of the authenticated user.

When you connect, the agent authenticates users through the OAuth 2.0 flow you configured. Verify that protected resources require valid access tokens and that the agent can successfully execute actions on behalf of authenticated users.

Add the Scalekit authstack marketplace

Need to install GitHub Copilot CLI? See the getting started guide — an active GitHub Copilot subscription is required.

Register Scalekit’s plugin marketplace to access pre-configured authentication plugins. This marketplace provides implementation skills that help GitHub Copilot generate correct Agent Auth code.
Terminal
```
copilot plugin marketplace add scalekit-inc/github-copilot-authstack
```
The marketplace provides specialized plugins that understand Agent Auth patterns and OAuth 2.0 security requirements. These plugins guide GitHub Copilot to generate implementation code that matches your project structure.

To remove the Scalekit authstack marketplace, use the remove command:
Terminal
```
copilot plugin marketplace remove github-copilot-authstack
```
Install the Agent Auth plugin

Install the Agent Auth plugin to give GitHub Copilot the skills needed to generate agent authentication code:
Terminal
```
copilot plugin install agent-auth@scalekit-auth-stack
```
Verify the plugin is installed
Confirm the plugin installed successfully:
Terminal
```
copilot plugin list
```
Keep plugins updated
Update authentication plugins regularly to receive security patches and improvements:
Terminal
copilot plugin update agent-auth@scalekit-auth-stack
Generate authentication implementation

Use a structured prompt to direct GitHub Copilot. A well-formed prompt ensures the agent generates complete, production-ready Agent Auth code that includes all required security components.

Copy the following command into your terminal:
Terminal
```
copilot "Configure Scalekit agent authentication for Gmail — provide the code to trigger the auth flow, retrieve the secure user token, and then use that authenticated session to fetch and list the last 5 unread emails. Add logging to verify the flow."
```
GitHub Copilot uses the Agent Auth plugin to analyze your existing application structure, generate Scalekit client initialization code, create connected account management functions, implement OAuth authorization link generation, and add token fetching and refresh logic.

Always review AI-generated authentication code before deployment. Verify that environment variables, token validation logic, and error handling match your security requirements. The coding agent provides a foundation, but you must ensure it aligns with your application’s specific needs.
Verify the implementation

After GitHub Copilot completes, verify that all authentication components are properly configured:

Check generated files:
- Scalekit client initialization with credentials (you may need to set up a .env file with your Scalekit API credentials)
- Connected account management functions
- Authorization link generation
- Token fetching and storage
- Error handling for expired tokens
The authorization flow should redirect users to the service’s consent page, where they grant permissions. Your application should then be able to fetch OAuth tokens and execute actions on behalf of the authenticated user.

Register the Scalekit Auth Stack marketplace

Cursor surfaces Claude Code plugins in Settings > Plugins. If you haven’t installed Claude Code yet, follow the Claude Code quickstart first.

Open the Claude Code REPL:
Terminal
```
claude
```
Then add the Scalekit marketplace:
Claude REPL
```
/plugin marketplace add scalekit-inc/claude-code-authstack
```
When the marketplace registers successfully, you’ll see:
Terminal
```
❯ /plugin marketplace add scalekit-inc/claude-code-authstack
   ⎿  Successfully added marketplace: scalekit-auth-stack
```
Open the plugin in Cursor

Launch Cursor and go to Settings > Plugins. The Scalekit Auth Stack plugins appear here automatically — Cursor picks them up from Claude Code’s plugin registry.

Select the authentication plugin you need (for example, Modular SSO, Full Stack Auth, or MCP Auth) and enable it.
Generate the implementation

Open Cursor’s chat panel with Cmd+L (macOS) or Ctrl+L (Windows/Linux) and paste in an implementation prompt. Use the same prompt from the corresponding Claude Code tab — the Scalekit plugins and their authentication skills work identically in Cursor.

Always review AI-generated authentication code before deployment. Verify that environment variables, token validation logic, and error handling match your application’s security requirements.
Verify the implementation

After Cursor finishes generating code, confirm all authentication components are in place:
- Scalekit client initialized with your API credentials (set up a .env file with your Scalekit environment variables)
- Authorization URL generation and callback handler
- Session or token integration matching your application’s existing patterns

Once the Scalekit Auth Stack is live on cursor.com/marketplace, you can skip steps 1–2 entirely. A single click on the Add to Cursor button will install the plugin directly into Cursor, and it will appear immediately in Settings > Plugins.

Coding agents: Add auth to your AI agents

Add the Scalekit Auth Stack marketplace

Enable authentication plugins

Generate authentication implementation

Verify just-in-time implementation

Add the Scalekit authstack marketplace

Install the Agent Auth plugin

Generate authentication implementation

Verify the implementation

Register the Scalekit Auth Stack marketplace

Open the plugin in Cursor

Generate the implementation

Verify the implementation