SKILL-028 Authentication and account lifecycle Locked skill

Email verification

Store only the hash of the token, give it a short expiry, and burn it on first use — the raw token lives only in the email.

Unlock download Unlock downloads

What this skill helps you build

Prove a user controls the email they signed up with, using a hashed, single-use, expiring token and a throttled resend.

The production takeaway

Store only the hash of the token, give it a short expiry, and burn it on first use — the raw token lives only in the email.

Inside this skill

The full skill expands these implementation areas with decisions, edge cases, prompts, tests, and framework-specific code.

Authentication and account lifecycle

What this helps you build

A trustworthy email verification flow: the user signs up, you send them a one time link or code , and clicking it proves they actually control that inbox. You get a verified at tim

🔒

Authentication and account lifecycle

When to use this

Reach for email verification whenever the address is a load bearing part of the account — which is almost always: New signups, before you let an account send mail, invite others, o

🔒

Authentication and account lifecycle

The core idea

Generate a long, random token. Email the raw token to the user, but store only its hash. The link or code is the single copy of the secret that can verify; your database holds a on

🔒

Unlock the full implementation

Paid access includes the complete skill body, implementation prompt, common mistakes, production checklist, and code examples where this skill includes them.

Unlock all skills — $199 Browse the library