Does it provide code for handling token expiration?

Yes, the skill provides a complete pattern for a dual-token system featuring short-lived access tokens and long-lived, revocable refresh tokens.

What authentication strategies does this skill cover?

It covers modern strategies including stateless JWT (JSON Web Tokens), stateful session-based authentication with Redis, and OAuth2/OpenID Connect for social logins.

Which frameworks are these patterns designed for?

While the security concepts are universal, the implementation examples are provided in TypeScript and are optimized for Node.js environments like Express.

Can this help me implement role-based access control?

Yes, it includes specific implementation patterns for both Role-Based Access Control (RBAC) and Permission-Based Access Control (PBAC) using middleware.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: Microck

byMicrock

•

111

セキュリティとテスト

Implements secure, scalable access control systems using modern patterns like JWT, OAuth2, and RBAC.

概要

This skill provides comprehensive guidance and implementation patterns for building robust authentication and authorization systems in backend applications. It covers essential strategies including stateless JWT tokens with refresh flows, stateful Redis-backed session management, social login via OAuth2, and sophisticated access control models like Role-Based Access Control (RBAC). Whether you are securing a REST API, migrating an existing auth system, or debugging security vulnerabilities, this skill offers production-grade code examples and best practices to ensure user data remains protected and systems scale efficiently.

主な機能

JWT implementation with secure access and refresh token flows
Production-ready security middleware and identity verification patterns
Stateful session management using Express and Redis storage
Granular access control models including RBAC and PBAC
Social login integration via OAuth2 and Passport.js
111 GitHub stars

ユースケース

Adding social login (Google/GitHub) to an existing REST or GraphQL API
Building a secure user authentication system for a new web application
Implementing Role-Based Access Control to manage complex user permissions

概要

主な機能

JWT implementation with secure access and refresh token flows
Production-ready security middleware and identity verification patterns
Stateful session management using Express and Redis storage
Granular access control models including RBAC and PBAC
Social login integration via OAuth2 and Passport.js
111 GitHub stars

ユースケース

Adding social login (Google/GitHub) to an existing REST or GraphQL API
Building a secure user authentication system for a new web application
Implementing Role-Based Access Control to manage complex user permissions