Can I use these patterns for stateful applications?

Absolutely. The skill provides specific patterns for stateful, session-based authentication using Express-session and Redis storage.

Does this skill support social login integration?

Yes, it includes detailed patterns for implementing OAuth2 and OpenID Connect for social providers like Google and GitHub using Passport.js.

Does it include security best practices for tokens?

Yes, it covers critical security measures such as token expiration, refresh token hashing, and secure cookie configurations to prevent common vulnerabilities.

What is the difference between AuthN and AuthZ in this skill?

The skill treats Authentication (AuthN) as identity verification (who you are) and Authorization (AuthZ) as permission management (what you can do).

Authentication Implementation Patterns

Name: Authentication Implementation Patterns
Author: goodnight000

bygoodnight000

セキュリティとテスト

Implements secure authentication and authorization systems using industry-standard patterns like JWT, OAuth2, and RBAC.

概要

This skill equips Claude with the specialized knowledge required to architect and implement robust security layers for modern web applications. It provides comprehensive implementation patterns for stateless JWT management with refresh token flows, stateful session handling using Redis, and social login integration via OAuth2 and Passport.js. Additionally, it covers advanced authorization strategies including Role-Based Access Control (RBAC) and granular Permission-Based Access Control, ensuring developers can build secure, scalable, and production-ready access control systems for REST and GraphQL APIs.

主な機能

Stateful session management patterns using Express and Redis
OAuth2 and social login integration strategies with Passport.js
Hierarchical Role-Based Access Control (RBAC) middleware
0 GitHub stars
Granular Permission-Based Access Control for resource-level security
Stateless JWT implementation with secure refresh token rotation

ユースケース

Migrating legacy session-based systems to modern OAuth2 or JWT architectures
Securing REST or GraphQL APIs with stateless token-based authentication
Designing multi-tenant authorization systems with complex permission hierarchies

概要

主な機能

Stateful session management patterns using Express and Redis
OAuth2 and social login integration strategies with Passport.js
Hierarchical Role-Based Access Control (RBAC) middleware
0 GitHub stars
Granular Permission-Based Access Control for resource-level security
Stateless JWT implementation with secure refresh token rotation

ユースケース

Migrating legacy session-based systems to modern OAuth2 or JWT architectures
Securing REST or GraphQL APIs with stateless token-based authentication
Designing multi-tenant authorization systems with complex permission hierarchies