How does this skill help with JWT security?

It provides standardized patterns for implementing short-lived access tokens combined with secure, database-backed refresh token rotation to minimize security risks.

What is the difference between the RBAC and permission patterns included?

The RBAC pattern focuses on user roles and hierarchies, while the permission-based pattern allows for granular control over specific actions like 'read:users' or 'write:posts'.

Can I use this for traditional session-based apps?

Absolutely. The skill includes patterns for stateful session management using express-session and Redis for secure, scalable cookie-based authentication.

Does this support social login integration?

Yes, it includes implementation patterns for OAuth2 and OpenID Connect using Passport.js to integrate providers like Google and GitHub.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: Microck

byMicrock

•

セキュリティとテスト

Implements secure access control systems using JWT, OAuth2, session management, and granular role-based patterns.

概要

This skill provides a comprehensive toolkit for developers to build robust security layers within their applications. It covers essential authentication strategies like stateless JWTs with secure refresh token logic and stateful session management via Redis, alongside granular authorization models including Role-Based Access Control (RBAC) and Permission-Based Access Control. Whether you are securing RESTful APIs, integrating social logins via Passport.js, or managing complex user permissions, this skill offers production-ready implementation patterns to ensure your application remains secure and scalable.

主な機能

Stateful session management implementation using Express and Redis
81 GitHub stars
OAuth2 and Social Login integration patterns with Passport.js
JWT authentication with secure refresh token rotation logic
Permission-Based Access Control for fine-grained resource security
Hierarchical Role-Based Access Control (RBAC) middleware

ユースケース

Migrating from stateful sessions to stateless JWT authentication
Implementing multi-tenant RBAC systems for enterprise applications
Securing REST and GraphQL APIs against unauthorized access

概要

主な機能

Stateful session management implementation using Express and Redis
81 GitHub stars
OAuth2 and Social Login integration patterns with Passport.js
JWT authentication with secure refresh token rotation logic
Permission-Based Access Control for fine-grained resource security
Hierarchical Role-Based Access Control (RBAC) middleware

ユースケース

Migrating from stateful sessions to stateless JWT authentication
Implementing multi-tenant RBAC systems for enterprise applications
Securing REST and GraphQL APIs against unauthorized access