Does it include security best practices for token management?

Absolutely. It covers secure token generation, short-lived access tokens, refresh token rotation, and token revocation strategies (logout all devices).

Is the code provided compatible with Node.js/Express?

Yes, the patterns are demonstrated using TypeScript with popular libraries like Express, jsonwebtoken, Passport.js, and Redis.

What authentication methods does this skill support?

The skill provides patterns for session-based authentication, token-based (JWT) authentication, and delegated authentication via OAuth2 and OpenID Connect.

Can I use this for complex user permission systems?

Yes, it includes specific implementation patterns for both Role-Based Access Control (RBAC) with hierarchies and granular Permission-Based Access Control.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: Tahir-yamin

byTahir-yamin

•

Seguridad y Pruebas

Implement secure, scalable authentication and authorization systems using industry-standard patterns like JWT, OAuth2, and RBAC.

This skill provides a comprehensive knowledge base and implementation patterns for building robust security layers in modern applications. It covers critical authentication strategies including stateless JWTs with secure refresh token rotations, stateful session management via Redis, and third-party OAuth2 integration. Additionally, it offers structured approaches to authorization through Role-Based Access Control (RBAC) and Permission-Based Access Control, enabling developers to secure APIs, manage user identities, and implement complex access policies with production-grade code examples.

Características Principales

01JWT implementation with secure refresh token rotation flows

02OAuth2 and social login integration patterns using Passport.js

03Hierarchical Role-Based Access Control (RBAC) middleware

04Granular Permission-Based Access Control for enterprise security

05Stateful session management using Express and Redis storage

063 GitHub stars

Casos de Uso

01Integrating Google or GitHub social logins into a full-stack application

02Designing multi-tenant authorization systems with complex permission hierarchies

03Securing REST or GraphQL APIs with stateless token-based authentication

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add tahir-yamin/dev-engineering-playbook auth-implementation-patterns

For use in Claude.ai and ChatGPT

Download Skill