Is PKCE supported for OAuth2 flows?

Yes, the skill specifically implements the Proof Key for Code Exchange (PKCE) flow, which is the current security standard for public and mobile clients.

What authentication methods are supported by this skill?

This skill covers JWT access and refresh tokens, OAuth2 with PKCE, session management, and robust Role-Based Access Control (RBAC).

How does this skill handle authorization?

It provides a structured RBAC model that defines permissions based on resources and actions, along with middleware to enforce these rules at the route level.

Does it include security best practices for password management?

Yes, it includes guidance on secure password hashing using bcrypt or argon2, and provides a checklist to ensure common mistakes like user enumeration are avoided.

Can I use these patterns for frontend and backend development?

While the code examples focus on Node.js and TypeScript, the architectural patterns and security principles are applicable to any modern full-stack application.

Authentication Patterns

Name: Authentication Patterns
Author: rohitg00

byrohitg00

•

604

•

보안 및 테스팅

Implements industry-standard authentication and authorization flows including JWT, OAuth2 with PKCE, and RBAC.

This Claude Code skill provides a comprehensive library of secure authentication patterns and authorization architectures for modern web applications. It streamlines the implementation of complex flows like OAuth2 Authorization Code with PKCE, JWT access and refresh token management, and robust Role-Based Access Control (RBAC). By incorporating best practices and explicitly warning against common anti-patterns—such as insecure JWT storage or user enumeration—it helps developers build production-ready, secure identity management systems while significantly reducing the risk of common security vulnerabilities.

주요 기능

01Secure middleware for authentication and role-based route protection

02Granular Role-Based Access Control (RBAC) and resource-level permission modeling

03604 GitHub stars

04OAuth2 Authorization Code flow implementation with PKCE for public clients

05Integrated security checklist for password hashing, CSRF, and token validation

06JWT management with secure access and refresh token rotation logic

사용 사례

01Building a secure REST API with JWT-based authentication and role-based permissions

02Auditing existing authentication code for security anti-patterns and vulnerabilities

03Implementing 'Sign in with' third-party providers using OAuth2 and PKCE flows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rohitg00/awesome-claude-code-toolkit authentication-patterns

For use in Claude.ai and ChatGPT

Download Skill