Can I implement passwordless login with this skill?

Absolutely. The skill includes detailed patterns for WebAuthn and Passkeys, enabling secure biometric-based authentication for modern applications.

Does it include Role-Based Access Control (RBAC)?

Yes, the skill provides implementation patterns for defining permission hierarchies and verifying user roles within application routes and middleware.

What is the recommended password hashing algorithm?

The skill prioritizes Argon2id as the primary recommendation over bcrypt to ensure maximum resistance against GPU-based brute-force attacks.

Does this skill support the latest OAuth standards?

Yes, it strictly enforces OAuth 2.1 standards, including the mandatory use of PKCE (Proof Key for Code Exchange) to secure authorization codes.

How are JWT tokens handled for security?

It follows 2026 guidelines, recommending short-lived access tokens (15-60 min) stored in memory and longer-lived refresh tokens stored in HTTPOnly cookies.

Modern Authentication Patterns

Name: Modern Authentication Patterns
Author: yonatangross

byyonatangross

•

Seguridad y Pruebas

Implements production-ready authentication and authorization workflows using modern security standards like OAuth 2.1, Passkeys, and Argon2id.

The Modern Authentication Patterns skill provides a comprehensive framework for building secure, industry-standard identity systems within Claude Code. It automates the implementation of complex security protocols—including OAuth 2.1 with PKCE, biometric Passkeys (WebAuthn), and robust JWT management—while enforcing strict adherence to 2026 security guidelines. By integrating best practices for session security, role-based access control (RBAC), and anti-pattern prevention, it ensures developers can build resilient, production-grade login flows and permission hierarchies with confidence.

Características Principales

01OAuth 2.1 & PKCE implementation for secure third-party and SPA authorization

02Production-grade password hashing using Argon2id and bcrypt algorithms

03Fine-grained Role-Based Access Control (RBAC) and permission management

0429 GitHub stars

05Passkey and WebAuthn support for modern passwordless biometric authentication

06Secure session handling with HTTPOnly, Secure, and SameSite cookie policies

Casos de Uso

01Implementing strict authorization middleware for FastAPI or Flask backend services

02Building a secure multi-tenant SaaS login system with rotating JWT refresh tokens

03Migrating legacy password-based authentication to modern passwordless Passkey workflows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add yonatangross/skillforge-claude-plugin auth-patterns

For use in Claude.ai and ChatGPT

Download Skill