Is role-based access control included?

Yes, the skill includes implementation patterns for route decorators that verify user roles, such as distinguishing between standard users and administrators.

Can I use these strategies with frameworks other than Fastify?

While the code examples are optimized for Fastify, the underlying security principles and logic can be easily adapted for Express, NestJS, or Koa.

How does this skill handle session management?

It utilizes a stateless JWT approach for access tokens combined with a database-backed refresh token system to ensure secure, long-term sessions.

What authentication methods does this skill support?

This skill covers JWT (JSON Web Tokens) with refresh token rotation, OAuth 2.0 integration (specifically Google), and custom API key authentication.

Does this include password security best practices?

Yes, it implements secure password hashing using bcrypt with a high cost factor and provides schemas for complex password validation.

Node.js Authentication Strategies

Name: Node.js Authentication Strategies
Author: IvanTorresEdge

byIvanTorresEdge

0•

API開発

Implements secure authentication patterns for Node.js APIs including JWT, OAuth 2.0, and API keys using a defense-in-depth approach.

This skill provides production-grade implementation patterns for securing Node.js applications with modern authentication methods. It features comprehensive guidance on JWT token handling with refresh token rotation, Google OAuth 2.0 integration, and secure password management using bcrypt and Zod validation. Designed primarily for Fastify-based environments but adaptable to other frameworks, it ensures that your backend services follow security best practices like short-lived access tokens, secure cookie handling, and role-based access control (RBAC) to protect sensitive user data.

主な機能

01JWT implementation with short-lived access tokens and secure refresh token rotation

02Google OAuth 2.0 integration for seamless third-party social authentication

03API key management with usage tracking and scoped permissions

04Secure password hashing with bcrypt and complex validation using Zod

05Role-based access control (RBAC) decorators for protected and admin-only routes

060 GitHub stars

ユースケース

01Adding social login capabilities to a web application via Google OAuth

02Implementing scoped API key access for external developers or internal services

03Building a secure user registration and login system with token-based session management

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ivantorresedge/molcajete.ai authentication-strategies

For use in Claude.ai and ChatGPT

Download Skill