How does it help with role-based access control?

It includes decorators and implementation logic to restrict specific API endpoints or UI views based on user roles.

Does it support refresh token rotation?

Yes, it provides modern patterns for rotating refresh tokens on use to prevent replay attacks and enhance session security.

What password hashing algorithms does this skill recommend?

The skill prioritizes Argon2id as the gold standard for password hashing, with support for Argon2 and bcrypt as alternatives.

Can it prevent brute-force attacks?

Yes, the skill includes patterns for implementing rate limiting on authentication endpoints to mitigate automated login attempts.

Auth Patterns

Name: Auth Patterns
Author: yonatangross

byyonatangross

•

セキュリティとテスト

Implements secure authentication and authorization patterns using modern industry standards.

概要

The Auth Patterns skill provides a comprehensive framework for building secure login systems, managing JWT tokens, and enforcing role-based access control. It follows 2026 best practices, including Argon2id password hashing, refresh token rotation, and hardened session management. This skill ensures Claude can generate production-grade security code that mitigates common vulnerabilities such as brute-force attacks, session hijacking, and unauthorized privilege escalation.

主な機能

Hardened session and cookie security
Role-Based Access Control (RBAC) implementation
Secure password hashing with Argon2id and bcrypt
JWT management with refresh token rotation
8 GitHub stars
Rate limiting and MFA integration

ユースケース

Enforcing granular user permissions and roles
Building secure signup and login flows
Implementing token-based API authentication

概要

主な機能

Hardened session and cookie security
Role-Based Access Control (RBAC) implementation
Secure password hashing with Argon2id and bcrypt
JWT management with refresh token rotation
8 GitHub stars
Rate limiting and MFA integration

ユースケース

Enforcing granular user permissions and roles
Building secure signup and login flows
Implementing token-based API authentication