Is it suitable for debugging existing security issues?

Absolutely. The skill includes logic for token verification, error handling for expired credentials, and best practices for revoking refresh tokens.

Can I use this for role-based permissions?

Yes, it provides implementation patterns for both Role-Based Access Control (RBAC) with hierarchies and more granular Permission-Based Access Control.

Does it include social login examples?

Yes, it features patterns for integrating social logins using Passport.js for providers such as Google and GitHub.

What authentication strategies does this skill cover?

The skill includes patterns for stateless JWT (JSON Web Tokens), stateful session-based authentication, and delegated authentication via OAuth2 and OpenID Connect.

Authentication & Access Control Patterns

Name: Authentication & Access Control Patterns
Author: 3commas-io

by3commas-io

セキュリティとテスト

Implements secure authentication and authorization systems including JWT, OAuth2, and role-based access control (RBAC).

概要

This skill provides specialized knowledge to design, implement, and debug robust security architectures within your applications. It covers a comprehensive range of modern security strategies, from stateless JWT flows and refresh token management to stateful session handling with Redis. By utilizing these patterns, developers can ensure their REST or GraphQL APIs are protected using industry-standard protocols while implementing sophisticated permission models like RBAC and fine-grained access control to manage user rights effectively.

主な機能

Security-focused middleware for API route protection
JWT implementation with secure refresh token rotations
0 GitHub stars
OAuth2 and Social Login integration using Passport.js
Stateful session management using Redis and cookie security
Role-Based Access Control (RBAC) and hierarchical permissions

ユースケース

Building secure REST or GraphQL APIs from scratch
Implementing complex multi-tenant authorization systems
Adding social login providers like Google or GitHub to existing apps

概要

主な機能

Security-focused middleware for API route protection
JWT implementation with secure refresh token rotations
0 GitHub stars
OAuth2 and Social Login integration using Passport.js
Stateful session management using Redis and cookie security
Role-Based Access Control (RBAC) and hierarchical permissions

ユースケース

Building secure REST or GraphQL APIs from scratch
Implementing complex multi-tenant authorization systems
Adding social login providers like Google or GitHub to existing apps