How does it help with token management?

It provides patterns for generating short-lived access tokens, managing long-lived refresh tokens in databases, and implementing secure token revocation.

Does this skill handle security best practices like CSRF protection?

Yes, it includes guidance on secure cookie configurations, HTTP-only flags, and SameSite attributes to protect against common web vulnerabilities.

Is this skill compatible with Express.js?

While the concepts are universal, the patterns provided include ready-to-use implementations specifically for Express.js, Passport.js, and TypeScript.

Can I implement Role-Based Access Control (RBAC) with this?

Yes, the skill provides specific patterns for defining role hierarchies and middleware for both RBAC and fine-grained Permission-Based Access Control.

What authentication strategies does this skill support?

It supports various strategies including stateless JWT with refresh tokens, stateful session-based auth using Redis, and social logins via OAuth2/OpenID Connect.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: EricGrill

byEricGrill

•

セキュリティとテスト

Implements secure access control systems using industry-standard patterns like JWT, OAuth2, and RBAC to protect web applications and APIs.

This skill empowers developers to design and deploy robust security architectures for modern web applications using best-in-class authentication and authorization strategies. It provides detailed implementation patterns for stateless JWT authentication with refresh token rotation, stateful session management using Redis, and flexible authorization models including Role-Based Access Control (RBAC) and Permission-Based Access Control. Whether you are integrating social logins through OAuth2 or securing complex REST/GraphQL APIs, this skill ensures your security layer is scalable, follows modern best practices, and mitigates common vulnerabilities.

主な機能

01Stateful session management patterns using Express and Redis

02OAuth2 and social login integration using Passport.js

03Standardized security middleware for API protection

04Role-Based and Permission-Based Access Control (RBAC/PBAC) logic

05JWT implementation with secure refresh token rotation flows

062 GitHub stars

ユースケース

01Building multi-tenant access control systems for SaaS platforms

02Implementing secure logout and multi-device token revocation

03Securing REST and GraphQL APIs with token-based identity verification

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ericgrill/agents-skills-plugins auth-implementation-patterns

For use in Claude.ai and ChatGPT

主な機能

01Stateful session management patterns using Express and Redis

02OAuth2 and social login integration using Passport.js

03Standardized security middleware for API protection

04Role-Based and Permission-Based Access Control (RBAC/PBAC) logic

05JWT implementation with secure refresh token rotation flows

062 GitHub stars

ユースケース

01Building multi-tenant access control systems for SaaS platforms

02Implementing secure logout and multi-device token revocation

03Securing REST and GraphQL APIs with token-based identity verification

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ericgrill/agents-skills-plugins auth-implementation-patterns

For use in Claude.ai and ChatGPT