Does this skill support stateless authentication?

Yes, it includes comprehensive patterns for implementing JWT-based stateless authentication, including secure refresh token rotation and storage.

Can I use this to implement social logins?

Absolutely. The skill provides implementation patterns for integrating OAuth2 and social login providers like Google and GitHub using the Passport.js ecosystem.

What is the difference between the AuthN and AuthZ patterns provided?

The skill distinguishes between Authentication (identity verification via tokens/sessions) and Authorization (permission management via RBAC or permission-based access control).

Are these patterns compatible with TypeScript?

Yes, all implementation patterns are provided with TypeScript interfaces and types to ensure type-safe security logic.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

API開発

Implements secure authentication and authorization systems using JWT, OAuth2, session management, and RBAC.

概要

This skill equips Claude with the expertise to design and implement robust security architectures for modern applications. It provides detailed implementation patterns for stateless token-based authentication (JWT), stateful session management with Redis, and external identity providers via OAuth2. Beyond simple identity verification, the skill covers granular access control through Role-Based Access Control (RBAC) and permission-based logic, ensuring that your APIs and data remain secure, scalable, and compliant with industry-standard security practices.

主な機能

JWT implementation with secure refresh token rotation flows
Social login and OAuth2 integration via Passport.js
Granular Role-Based Access Control (RBAC) and permission hierarchies
Secure middleware templates for protecting REST and GraphQL endpoints
0 GitHub stars
Session-based authentication patterns using Express and Redis

ユースケース

Securing production REST or GraphQL APIs with stateless JWT tokens
Adding social login providers like Google or GitHub to modern web applications
Implementing enterprise-grade multi-level authorization and user roles

概要

主な機能

JWT implementation with secure refresh token rotation flows
Social login and OAuth2 integration via Passport.js
Granular Role-Based Access Control (RBAC) and permission hierarchies
Secure middleware templates for protecting REST and GraphQL endpoints
0 GitHub stars
Session-based authentication patterns using Express and Redis

ユースケース

Securing production REST or GraphQL APIs with stateless JWT tokens
Adding social login providers like Google or GitHub to modern web applications
Implementing enterprise-grade multi-level authorization and user roles