Does this skill handle password security?

Yes, it implements industry-standard password hashing using the bcryptjs library to ensure user credentials are never stored in plain text.

Is this skill compliant with security best practices?

Yes, the skill follows OWASP guidelines, including recommendations for strong secrets, HTTPS usage, input validation, and token expiry management.

Can I implement different user levels like 'Admin' or 'User'?

Absolutely. The skill includes built-in patterns for Role-Based Access Control (RBAC) to restrict specific API endpoints to authorized roles only.

Does it support token refreshing for better user experience?

Yes, it provides a complete implementation for managing long-lived refresh tokens and short-lived access tokens, allowing users to stay logged in securely.

JWT Authentication for Node.js

Name: JWT Authentication for Node.js
Author: pluginagentmarketplace

bypluginagentmarketplace

•

セキュリティとテスト

Implements secure JSON Web Token authentication with refresh token logic and role-based access control for Node.js applications.

概要

This skill provides a comprehensive framework for adding industry-standard security to Node.js backends. It guides Claude through the implementation of stateless authentication using jsonwebtoken and bcryptjs, covering critical patterns like password hashing, middleware creation, token refreshing, and granular role-based permissions. It is an essential resource for developers building secure REST APIs or microservices where scalability and security are paramount, following OWASP best practices for modern web development.

主な機能

End-to-end password reset flows with short-expiry tokens
Dual-token system featuring short-lived access and long-lived refresh tokens
Robust authentication middleware for protecting sensitive API routes
Secure password hashing using bcryptjs with configurable salt rounds
Granular Role-Based Access Control (RBAC) implementation
1 GitHub stars

ユースケース

Creating administrative dashboards with tiered user permission levels
Implementing secure authentication in microservices architectures
Building stateless REST APIs for mobile and web applications

概要

主な機能

End-to-end password reset flows with short-expiry tokens
Dual-token system featuring short-lived access and long-lived refresh tokens
Robust authentication middleware for protecting sensitive API routes
Secure password hashing using bcryptjs with configurable salt rounds
Granular Role-Based Access Control (RBAC) implementation
1 GitHub stars

ユースケース

Creating administrative dashboards with tiered user permission levels
Implementing secure authentication in microservices architectures
Building stateless REST APIs for mobile and web applications