How does it help with JWT security?

It provides best practices for JWT handling, including short-lived access tokens, secure refresh token rotation in databases, and robust token verification middleware.

Can I use this for complex user permissions?

Yes, the skill covers Role-Based Access Control (RBAC) and granular Permission-Based Access Control to handle complex nested authorization logic.

Is it specific to a single programming language?

While the code examples are provided in TypeScript and Express, the underlying architectural patterns and security concepts are applicable across most modern backend stacks.

Does it cover both stateful and stateless auth?

Absolutely. It provides implementation examples for both stateless JWT tokens and stateful Redis-backed session management to suit different architecture needs.

Can this skill help with social login?

Yes, it includes patterns for implementing OAuth2 and social login using standard frameworks like Passport.js for providers like Google and GitHub.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: Microck

byMicrock

•

114

セキュリティとテスト

Implements secure access control systems using industry-standard JWT, OAuth2, and RBAC patterns to protect applications and APIs.

概要

This skill provides comprehensive guidance for architecting and implementing robust security layers in modern applications. It covers essential authentication strategies like stateless JWTs with refresh tokens and stateful session management, alongside sophisticated authorization models including Role-Based Access Control (RBAC) and granular permission systems. Whether you are securing a REST API, integrating social login via OAuth2, or debugging complex security middleware, this skill ensures your implementation follows industry security best practices and scales effectively for production environments.

主な機能

Stateful session management patterns using Redis for distributed storage
JWT implementation with secure refresh token rotation flows
Granular permission-based access control and policy enforcement middleware
OAuth2 and social login integration using Passport.js and OpenID Connect
Role-Based Access Control (RBAC) with support for role hierarchies
114 GitHub stars

ユースケース

Migrating legacy session-based systems to modern OAuth2 or JWT standards
Architecting a secure backend API with stateless token-based authentication
Implementing complex multi-tenant authorization and user permission hierarchies

概要

主な機能

Stateful session management patterns using Redis for distributed storage
JWT implementation with secure refresh token rotation flows
Granular permission-based access control and policy enforcement middleware
OAuth2 and social login integration using Passport.js and OpenID Connect
Role-Based Access Control (RBAC) with support for role hierarchies
114 GitHub stars

ユースケース

Migrating legacy session-based systems to modern OAuth2 or JWT standards
Architecting a secure backend API with stateless token-based authentication
Implementing complex multi-tenant authorization and user permission hierarchies