Add reference to custom user verifier demo server#877
Open
Conversation
Add an info callout to the "Secure Auth in Production" guide pointing readers to the custom-user-verifier demo repo as a working example they can run locally or hand to a coding agent. Made-with: Cursor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
app/en/guides/user-facing-agents/secure-auth-production/page.mdx
Outdated
Show resolved
Hide resolved
Member
Author
|
@nbarbettini @wdawson I'm tagging you here since you previously expressed concerns about this demo custom user verifier server. I think it's valuable as a reference implementation. People can clone it locally, point their coding agent to understand the pattern, and then ask to implement in their own system. But let me know if you guys think it's not appropriate to advertise it in our docs. |
Add a link to the build-custom-user-verifier agent skill hosted in ArcadeAI/agent-skills, giving coding agents an LLM-friendly reference for implementing the verification flow. Made-with: Cursor
byrro
force-pushed
the
renato/example-user-verifier-server
branch
from
c30a8aa to
257d1d4
Compare
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
torresmateo
approved these changes
Mar 17, 2026
wdawson
requested changes
Mar 17, 2026
Contributor
wdawson
left a comment
wdawson
left a comment
There was a problem hiding this comment.
I don't think we should point to an insecure demo, even if we call it that! People are going to look at this for inspiration and not understand how to fix it to be secure.
Will let @nbarbettini chime in too, but I have concerns with it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
custom-user-verifierdemo repo as a working example.Motivation
A user reported confusion about the custom verifier flow — specifically that Arcade's redirect to their
/auth/verifyendpoint didn't include any cookies or user identity. The root cause was a misunderstanding of the verification model: Arcade only sends aflow_id, and the verifier is responsible for independently identifying the user from its own session.The existing docs explain the steps correctly, but having a runnable reference implementation linked directly from the guide would help users understand the pattern faster — either by reading the code, running it locally, or handing it to a coding agent to adapt.