How does it handle authorization?

It covers both Role-Based Access Control (RBAC) and granular Permission-Based Access Control via custom middleware and role hierarchies.

Does this skill support session-based auth?

Yes, it includes patterns for Express sessions using Redis for secure, stateful user management and CSRF protection.

Is JWT token refreshing included?

Yes, it provides a complete flow for short-lived access tokens and secure, database-backed refresh tokens for continuous sessions.

Can I use this for social logins?

Absolutely, it provides templates for OAuth2 integration using Passport.js for popular providers like Google and GitHub.

Secure Auth & Access Control Patterns

Name: Secure Auth & Access Control Patterns
Author: Microck

byMicrock

•

セキュリティとテスト

Implements robust authentication and authorization systems using JWT, OAuth2, sessions, and Role-Based Access Control (RBAC) for modern applications.

概要

The Auth Implementation Patterns skill provides a comprehensive library of security-focused coding patterns for developers building scalable access control systems. It covers critical implementation strategies including stateless JWT tokens with refresh token cycles, traditional session-based management with Redis, and delegated authentication via OAuth2 and Passport.js. Beyond simple login flows, the skill provides architectural guidance for sophisticated authorization models like Role-Based Access Control (RBAC) and granular permission-based systems, making it an essential tool for securing REST/GraphQL APIs and managing user identities in production environments.

主な機能

JWT and Refresh Token implementation with stateless verification
Hierarchical Role-Based Access Control (RBAC) middleware
Session-based authentication patterns using Redis and Express
Granular Permission-Based Access Control (PBAC) logic
OAuth2 and social login integration via Passport.js
89 GitHub stars

ユースケース

Implementing complex multi-level user permissions for enterprise software
Adding social login providers like Google or GitHub to web applications
Securing REST or GraphQL APIs with industry-standard token strategies

概要

主な機能

JWT and Refresh Token implementation with stateless verification
Hierarchical Role-Based Access Control (RBAC) middleware
Session-based authentication patterns using Redis and Express
Granular Permission-Based Access Control (PBAC) logic
OAuth2 and social login integration via Passport.js
89 GitHub stars

ユースケース

Implementing complex multi-level user permissions for enterprise software
Adding social login providers like Google or GitHub to web applications
Securing REST or GraphQL APIs with industry-standard token strategies