Can I use this for Role-Based Access Control?

Yes, it includes detailed implementation patterns for both Role-Based Access Control (RBAC) and granular Permission-Based Access Control (PBAC).

Is this skill specific to a certain programming language?

The implementation examples are provided in TypeScript/Node.js, but the architectural patterns and security principles are applicable across most backend languages.

Does it include security for refresh tokens?

Yes, the skill demonstrates secure refresh token rotations, including database storage, token hashing, and revocation strategies to prevent unauthorized access.

What authentication methods does this skill support?

It covers JWT (JSON Web Tokens), stateful session-based authentication with Redis, and OAuth2/OpenID Connect for social logins like Google and GitHub.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

セキュリティとテスト

Implements secure, scalable authentication and authorization systems using industry-standard patterns like JWT, OAuth2, and RBAC.

概要

This skill provides comprehensive guidance and boilerplate for building robust security layers in modern applications. It covers essential patterns including stateless JWT authentication with refresh token flows, stateful session management via Redis, and delegated authentication through OAuth2/Passport.js. Beyond identity verification, it facilitates granular access control through Role-Based (RBAC) and Permission-Based (PBAC) models, helping developers migrate auth systems or debug complex security issues with production-grade code samples and standardized middleware architecture.

主な機能

Stateful session management with Redis integration
JWT and Refresh Token implementation patterns
Role-Based (RBAC) and Permission-Based Access Control
Standardized security middleware for Node.js environments
OAuth2 and Social Login integration using Passport.js
0 GitHub stars

ユースケース

Building a secure SaaS platform with multi-tier user permissions
Integrating Google or GitHub social login into an existing application
Migrating from stateful sessions to stateless JWT-based authentication

概要

主な機能

Stateful session management with Redis integration
JWT and Refresh Token implementation patterns
Role-Based (RBAC) and Permission-Based Access Control
Standardized security middleware for Node.js environments
OAuth2 and Social Login integration using Passport.js
0 GitHub stars

ユースケース

Building a secure SaaS platform with multi-tier user permissions
Integrating Google or GitHub social login into an existing application
Migrating from stateful sessions to stateless JWT-based authentication