What is the difference between AuthN and AuthZ in this skill?

The skill distinguishes between Authentication (identity verification) and Authorization (permission management), providing specific code patterns for both logic layers.

Can this skill help with JWT refresh tokens?

Yes, it includes detailed patterns for managing short-lived access tokens and long-lived, database-backed refresh tokens with secure revocation logic.

Can I implement complex role hierarchies?

Yes, the skill covers Role-Based Access Control (RBAC) with defined hierarchies and middleware to enforce permissions across different user levels.

Does it support social login integration?

It provides implementation patterns for OAuth2 and OpenID Connect using popular libraries like Passport.js for providers like Google and GitHub.

Is this compatible with traditional session-based auth?

Absolutely, it includes patterns for Redis-backed stateful sessions for applications that require traditional cookie-based session management.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: GaitanS

byGaitanS

セキュリティとテスト

Implements secure, scalable access control systems using modern patterns like JWT, OAuth2, and RBAC.

概要

This skill provides comprehensive guidance and implementation patterns for securing modern web applications and APIs. It covers essential authentication strategies including stateless JWTs with secure refresh token flows, stateful session-based management using Redis, and external identity delegation via OAuth2. Beyond initial identity verification, it facilitates granular authorization through Role-Based Access Control (RBAC) and Permission-Based Access Control, ensuring that security and least-privilege principles are integrated directly into your application architecture.

主な機能

Granular Role-Based Access Control (RBAC) with hierarchical permissions
Standardized JWT implementation with access and refresh token rotation
Stateful session management patterns using Express and Redis storage
Social login integration using OAuth2 and Passport.js strategies
0 GitHub stars
Secure middleware patterns for protecting REST and GraphQL endpoints

ユースケース

Building an enterprise-grade permission system with role-based access hierarchies
Securing a Node.js backend with stateless JWT authentication and token revocation
Implementing multi-provider social login for a customer-facing web application

概要

主な機能

Granular Role-Based Access Control (RBAC) with hierarchical permissions
Standardized JWT implementation with access and refresh token rotation
Stateful session management patterns using Express and Redis storage
Social login integration using OAuth2 and Passport.js strategies
0 GitHub stars
Secure middleware patterns for protecting REST and GraphQL endpoints

ユースケース

Building an enterprise-grade permission system with role-based access hierarchies
Securing a Node.js backend with stateless JWT authentication and token revocation
Implementing multi-provider social login for a customer-facing web application