How does this skill handle token security?

It uses short-lived access tokens (15 min) kept in memory and long-lived refresh tokens (30 days) stored in secure, httpOnly cookies to mitigate XSS and CSRF risks.

What is refresh token rotation?

Rotation is a security mechanism where every time a refresh token is used, it is invalidated and a new one is issued. This makes stolen tokens much harder to exploit.

Does it support silent refresh on the frontend?

Yes, it includes specialized Axios interceptors that automatically detect expired access tokens and request a new pair using the refresh token without user interruption.

Is password hashing included?

Absolutely. The implementation uses bcrypt with a recommended work factor of 12 to ensure user passwords are stored securely in the database.

MERN JWT Authentication

Name: MERN JWT Authentication
Author: chavangorakh1999

bychavangorakh1999

0•

API開発

Implements a secure, production-ready JWT authentication flow for MERN stack applications with refresh token rotation and silent refresh.

This skill provides a comprehensive blueprint for implementing industry-standard authentication in MERN (MongoDB, Express, React, Node.js) applications. It handles the complete lifecycle of user sessions, including secure password hashing with bcrypt, short-lived access tokens, and long-lived refresh tokens stored in httpOnly cookies. With built-in support for token rotation, reuse detection, and Axios interceptors for seamless frontend integration, it ensures your application follows modern security best practices while maintaining a smooth user experience.

主な機能

01httpOnly cookie storage for refresh tokens to prevent XSS

02Comprehensive backend middleware for route protection

03Axios interceptors for automatic silent token refresh

040 GitHub stars

05Secure refresh token rotation and reuse detection

06Password hashing using bcrypt with configurable work factors

ユースケース

01Building a secure user registration and login system for a web application

02Implementing persistent user sessions with silent refresh in React

03Protecting sensitive API endpoints using JWT-based middleware

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add chavangorakh1999/sde-skills jwt-auth

For use in Claude.ai and ChatGPT

主な機能

01httpOnly cookie storage for refresh tokens to prevent XSS

02Comprehensive backend middleware for route protection

03Axios interceptors for automatic silent token refresh

040 GitHub stars

05Secure refresh token rotation and reuse detection

06Password hashing using bcrypt with configurable work factors

ユースケース

01Building a secure user registration and login system for a web application

02Implementing persistent user sessions with silent refresh in React

03Protecting sensitive API endpoints using JWT-based middleware

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add chavangorakh1999/sde-skills jwt-auth

For use in Claude.ai and ChatGPT