RADZOR
ComponentsRecipesDocsContributeGitHub
Get Started
RADZOR

The universal component registry for LLM-driven development. Empowering developers to build better apps, faster.

Product
  • Components
  • Standard
Resources
  • Documentation
  • API Reference
  • AI Agent Integration
  • Pipeline Guide
  • MCP Server
Community
  • GitHub
  • X / Twitter
  • Discord

© 2026 Radzor Registry. All rights reserved.

Cookbook
Beginnerauthsecuritynetworking

Auth + Rate LimitAI Workflow

OAuth authentication with persistent sessions and abuse protection. The essential trio for any public-facing API.

Prerequisites

Environment variables

GITHUB_IDGITHUB_SECRETJWT_SECRETSESSION_SECRETREDIS_URL
Requires a GitHub OAuth app. Redis is used for session storage.

Install

$npx radzor@latest recipe add auth-rate-limit

AI Prompt

“Run `npx radzor@latest add auth-oauth session-manager rate-limiter` to install 3 Radzor components. Then read components/radzor/auth-oauth/radzor.manifest.json, components/radzor/session-manager/radzor.manifest.json, components/radzor/rate-limiter/radzor.manifest.json and each component's llm/integration.md. Wire them together to oAuth authentication with persistent sessions and abuse protection. The essential trio for any public-facing API. Use the manifest's inputs (check envVar for required environment variables), outputs (check fields for object shapes), composability (check mapField for field extraction), and actions — don't invent custom interfaces.”

Paste this into Claude Code, Cursor, Windsurf, or any AI coding agent.

Pipeline

AuthOAuth

Authenticates users via OAuth provider

→
↓
user + session

SessionManager

Creates and verifies sessions

→
↓
session ID

RateLimiter

Throttles requests per user

Scaffolded Code

auth-rate-limit-recipe.ts
// npx radzor@latest add auth-oauth session-manager rate-limiter
import { AuthOAuth }      from "./components/radzor/auth-oauth"
import { SessionManager } from "./components/radzor/session-manager"
import { RateLimiter }    from "./components/radzor/rate-limiter"

const oauth   = new AuthOAuth({
  providers: ["github"],
  redirectUrl: "/api/auth/callback",
  scopes: ["user:email"],
  clientCredentials: { github: { clientId: process.env.GITHUB_ID!, clientSecret: process.env.GITHUB_SECRET! } },
  jwtSecret: process.env.JWT_SECRET!,
  sessionDuration: 86400,
})

const sessions = new SessionManager({ store: "redis", connection: process.env.REDIS_URL!, secret: process.env.SESSION_SECRET!, ttl: 86400 })
const limiter  = new RateLimiter({ algorithm: "sliding-window", maxRequests: 100, windowMs: 60_000 })

// OAuth callback handler
async function handleCallback(provider: string, code: string) {
  const authSession = await oauth.handleCallback(provider, code)
  const { sessionId, cookie } = await sessions.create({ userId: authSession.userId, ...authSession })
  return { sessionId, cookie }
}

// Auth middleware
async function protect(req: Request) {
  const sessionId = req.headers.get("authorization") ?? ""
  const data = await sessions.get(sessionId)
  if (!data) throw new Error("Unauthorized")
  const result = limiter.check(data.userId as string)
  if (!result.allowed) throw new Error("Rate limit exceeded")
  return data.userId as string
}

Components used

AuthOAuthAuthenticates users via OAuth provider
View
SessionManagerCreates and verifies sessions
View
RateLimiterThrottles requests per user
View

LLM tip

Pass all 3 radzor.manifest.json files to your agent at once. It will read the outputs of each step and match them against the inputs of the next — wiring the full pipeline without any extra instructions.

auth-oauth/manifest.jsonsession-manager/manifest.jsonrate-limiter/manifest.json