What authentication methods does this skill cover?

The skill includes implementation patterns for JWT (stateless), session-based (stateful), and OAuth2/OpenID Connect for social logins and SSO.

Is refresh token logic included?

Yes, the skill includes detailed patterns for generating, storing, verifying, and revoking refresh tokens to maintain secure user sessions.

How does it handle user permissions?

It provides logic for both Role-Based Access Control (RBAC) with hierarchies and granular Permission-Based Access Control (PBAC).

Which frameworks is this skill designed for?

The code patterns are primarily demonstrated using TypeScript and Express.js, but the architectural concepts are applicable to most backend frameworks.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

•

보안 및 테스팅

Implements secure authentication and authorization systems using JWT, OAuth2, session management, and RBAC patterns.

This skill provides comprehensive architectural guidance and production-ready boilerplate code for modern security implementations. It covers stateless token-based authentication with JWTs, stateful session management using Redis, and seamless social login integration via OAuth2 and Passport.js. Developers can leverage this skill to quickly build granular access control mechanisms, including Role-Based Access Control (RBAC) and permission-based policies, ensuring that APIs and applications remain secure, scalable, and compliant with industry best practices.

주요 기능

011 GitHub stars

02JWT-based stateless authentication with secure refresh token rotation

03Stateful session management patterns using Redis for high performance

04Social login and SSO integration via OAuth2 and OpenID Connect

05Granular Role-Based (RBAC) and Permission-Based Access Control systems

06Standardized middleware for identity verification and policy enforcement

사용 사례

01Implementing enterprise-grade multi-tier permission systems for SaaS platforms

02Securing REST or GraphQL APIs with stateless token-based access control

03Integrating social login providers like Google or GitHub into web applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/floraheritage auth-implementation-patterns

For use in Claude.ai and ChatGPT

Download Skill