Does this skill support social login?

Yes, it includes patterns for OAuth2 and OpenID Connect using Passport.js for popular providers like Google and GitHub.

Can I use this for stateless API security?

Absolutely, the skill provides detailed patterns for JWT implementation, including short-lived access tokens and long-lived refresh token rotation.

Does it handle role-based permissions?

Yes, it includes implementation patterns for both Role-Based Access Control (RBAC) and more granular Permission-Based Access Control.

Is it compatible with Express.js?

Yes, the provided patterns and middleware are optimized for Express.js and TypeScript, but the core logic can be adapted for other Node.js frameworks.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: Microck

byMicrock

•

108

セキュリティとテスト

Implements secure authentication and authorization systems using modern patterns like JWT, OAuth2, and RBAC.

概要

This skill provides comprehensive guidance and implementation patterns for building robust access control systems within your applications. It covers critical security architectures including stateless JWT authentication with secure refresh token flows, stateful session-based management using Redis, and third-party social login via OAuth2. Beyond simple identity verification, the skill offers granular authorization strategies such as Role-Based Access Control (RBAC) and permission-based logic, ensuring your REST or GraphQL APIs follow industry-standard security best practices while remaining scalable.

主な機能

Provides granular access control models including RBAC and permission-based logic
Configures stateful session-based authentication with Redis storage and CSRF protection
108 GitHub stars
Implements stateless JWT authentication with secure refresh token rotation flows
Delivers production-grade security middleware for Express and Node.js frameworks
Integrates social login and SSO using industry-standard OAuth2 and OpenID Connect

ユースケース

Securing REST and GraphQL APIs with token-based or session-based identity management
Migrating legacy authentication to modern, scalable OAuth2 or JWT systems
Implementing complex multi-tenant authorization and role hierarchy logic

概要

主な機能

Provides granular access control models including RBAC and permission-based logic
Configures stateful session-based authentication with Redis storage and CSRF protection
108 GitHub stars
Implements stateless JWT authentication with secure refresh token rotation flows
Delivers production-grade security middleware for Express and Node.js frameworks
Integrates social login and SSO using industry-standard OAuth2 and OpenID Connect

ユースケース

Securing REST and GraphQL APIs with token-based or session-based identity management
Migrating legacy authentication to modern, scalable OAuth2 or JWT systems
Implementing complex multi-tenant authorization and role hierarchy logic