Authentication & Authorization Patterns

Acerca de

This skill provides comprehensive guidance and implementation patterns for securing modern web applications and APIs. It covers essential authentication strategies including stateless JWTs with secure refresh token flows, stateful session-based management using Redis, and external identity delegation via OAuth2. Beyond initial identity verification, it facilitates granular authorization through Role-Based Access Control (RBAC) and Permission-Based Access Control, ensuring that security and least-privilege principles are integrated directly into your application architecture.

Características Principales

• Granular Role-Based Access Control (RBAC) with hierarchical permissions
• Standardized JWT implementation with access and refresh token rotation
• Stateful session management patterns using Express and Redis storage
• Social login integration using OAuth2 and Passport.js strategies
• 0 GitHub stars
• Secure middleware patterns for protecting REST and GraphQL endpoints

Casos de Uso

• Building an enterprise-grade permission system with role-based access hierarchies
• Securing a Node.js backend with stateless JWT authentication and token revocation
• Implementing multi-provider social login for a customer-facing web application