How are refresh tokens protected from theft?

Refresh tokens are stored in httpOnly, Secure, and SameSite cookies to prevent client-side JS access (XSS) and are hashed in the database.

Does this skill handle password hashing?

Yes, it uses bcrypt with a recommended work factor of 12 for secure password storage and verification.

What happens if a refresh token is stolen and reused?

The skill implements rotation and reuse detection; if an old token is used, the system can revoke all active sessions for that user as a precaution.

Does it include frontend integration code?

Yes, it provides a pre-configured Axios instance with request and response interceptors to handle the 'silent refresh' flow automatically.

MERN JWT Authentication

Name: MERN JWT Authentication
Author: chavangorakh1999

bychavangorakh1999

0•

Desarrollo de API

Implements a production-grade JWT authentication flow with refresh token rotation and secure cookie management for MERN applications.

This skill provides a comprehensive blueprint for implementing robust JWT-based authentication in MERN stack projects. It automates the creation of secure registration and login endpoints, handles short-lived access tokens alongside long-lived refresh tokens, and ensures high security through httpOnly cookies and server-side token rotation. Ideal for developers building secure full-stack applications, it includes both backend logic for Node/Express and frontend interceptors for React/Axios to handle silent refreshes and session management seamlessly while protecting against common vulnerabilities like XSS and CSRF.

Características Principales

01Complete registration and login flows with bcrypt password hashing

02httpOnly cookie implementation for refresh tokens to prevent XSS

03Automated Axios interceptors for handling silent refreshes on the frontend

040 GitHub stars

05Middleware for JWT signature verification and role-based access control

06Secure token rotation system with reuse detection and invalidation

Casos de Uso

01Migrating from simple session-based auth to a scalable, stateless JWT architecture

02Implementing session management that persists across refreshes without compromising security

03Building a secure member-only portal or SaaS dashboard using the MERN stack

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add chavangorakh1999/sde-skills jwt-auth

For use in Claude.ai and ChatGPT

Características Principales

01Complete registration and login flows with bcrypt password hashing

02httpOnly cookie implementation for refresh tokens to prevent XSS

03Automated Axios interceptors for handling silent refreshes on the frontend

040 GitHub stars

05Middleware for JWT signature verification and role-based access control

06Secure token rotation system with reuse detection and invalidation

Casos de Uso

01Migrating from simple session-based auth to a scalable, stateless JWT architecture

02Implementing session management that persists across refreshes without compromising security

03Building a secure member-only portal or SaaS dashboard using the MERN stack