How does it help with token management?

It provides patterns for generating short-lived access tokens, managing long-lived refresh tokens in databases, and implementing secure token revocation.

Does this skill handle security best practices like CSRF protection?

Yes, it includes guidance on secure cookie configurations, HTTP-only flags, and SameSite attributes to protect against common web vulnerabilities.

Is this skill compatible with Express.js?

While the concepts are universal, the patterns provided include ready-to-use implementations specifically for Express.js, Passport.js, and TypeScript.

Can I implement Role-Based Access Control (RBAC) with this?

Yes, the skill provides specific patterns for defining role hierarchies and middleware for both RBAC and fine-grained Permission-Based Access Control.

What authentication strategies does this skill support?

It supports various strategies including stateless JWT with refresh tokens, stateful session-based auth using Redis, and social logins via OAuth2/OpenID Connect.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: EricGrill

byEricGrill

•

セキュリティとテスト

Implements secure access control systems using industry-standard patterns like JWT, OAuth2, and RBAC to protect web applications and APIs.

概要

This skill empowers developers to design and deploy robust security architectures for modern web applications using best-in-class authentication and authorization strategies. It provides detailed implementation patterns for stateless JWT authentication with refresh token rotation, stateful session management using Redis, and flexible authorization models including Role-Based Access Control (RBAC) and Permission-Based Access Control. Whether you are integrating social logins through OAuth2 or securing complex REST/GraphQL APIs, this skill ensures your security layer is scalable, follows modern best practices, and mitigates common vulnerabilities.

主な機能

Stateful session management patterns using Express and Redis
OAuth2 and social login integration using Passport.js
Standardized security middleware for API protection
Role-Based and Permission-Based Access Control (RBAC/PBAC) logic
JWT implementation with secure refresh token rotation flows
2 GitHub stars

ユースケース

Building multi-tenant access control systems for SaaS platforms
Implementing secure logout and multi-device token revocation
Securing REST and GraphQL APIs with token-based identity verification

概要

主な機能

Stateful session management patterns using Express and Redis
OAuth2 and social login integration using Passport.js
Standardized security middleware for API protection
Role-Based and Permission-Based Access Control (RBAC/PBAC) logic
JWT implementation with secure refresh token rotation flows
2 GitHub stars

ユースケース

Building multi-tenant access control systems for SaaS platforms
Implementing secure logout and multi-device token revocation
Securing REST and GraphQL APIs with token-based identity verification