Are the patterns compatible with TypeScript?

Yes, all provided patterns and examples are written in TypeScript, ensuring type safety and modern development standards.

How does it handle complex permissions?

The skill covers both Role-Based Access Control (RBAC) and Permission-Based Access Control (PBAC) to manage granular user rights.

Can this skill help with social login?

Yes, it includes implementation patterns for OAuth2 and social login integration for providers like Google and GitHub using Passport.js.

Does it support stateless authentication?

Absolutely. It provides detailed patterns for JWT-based stateless authentication, including secure refresh token handling and storage.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: Microck

byMicrock

•

보안 및 테스팅

Implements secure, scalable access control systems including JWT, OAuth2, and RBAC following industry-standard patterns.

소개

This skill equips Claude with specialized knowledge for architecting and implementing robust security layers in modern applications. It covers essential authentication strategies like stateless JWT flows with refresh tokens, stateful session management via Redis, and third-party social logins via OAuth2/Passport.js. Additionally, it offers comprehensive patterns for authorization, including Role-Based Access Control (RBAC) and granular Permission-Based Access Control, ensuring your APIs and services remain secure, scalable, and manageable while adhering to best security practices.

주요 기능

Stateful session management using Redis and express-session
Secure middleware development for API endpoint protection
JWT and refresh token implementation with rotation patterns
Role-Based and Permission-Based Access Control (RBAC/PBAC)
OAuth2 and social login integration via Passport.js
89 GitHub stars

사용 사례

Migrating legacy session-based systems to modern stateless JWT tokens
Designing complex permission structures for multi-tenant SaaS platforms
Securing REST and GraphQL APIs against unauthorized access

소개

주요 기능

Stateful session management using Redis and express-session
Secure middleware development for API endpoint protection
JWT and refresh token implementation with rotation patterns
Role-Based and Permission-Based Access Control (RBAC/PBAC)
OAuth2 and social login integration via Passport.js
89 GitHub stars

사용 사례

Migrating legacy session-based systems to modern stateless JWT tokens
Designing complex permission structures for multi-tenant SaaS platforms
Securing REST and GraphQL APIs against unauthorized access