How does this skill protect against Cross-Site Scripting (XSS)?

The skill stores refresh tokens in httpOnly cookies, making them inaccessible to client-side JavaScript, which prevents attackers from stealing persistent sessions via XSS.

What is token rotation and why is it included?

Token rotation issues a new refresh token every time an access token is refreshed. This allows the system to detect if an old token is reused, which triggers an immediate revocation of all user sessions for safety.

Does this work with frontend frameworks other than React?

While the frontend examples use React and Axios interceptors, the backend implementation is standard Node.js/Express and can be used with any frontend technology that supports HTTP cookies.

Is password hashing included in the implementation?

Yes, the skill implements password hashing using bcrypt with a recommended work factor of 12 to ensure user credentials are stored securely in the database.

JWT Authentication for MERN

Name: JWT Authentication for MERN
Author: chavangorakh1999

bychavangorakh1999

0•

API 개발

Implements a production-grade JWT authentication system for MERN stack applications with token rotation and silent refresh.

This skill provides a comprehensive, production-ready implementation of JSON Web Token (JWT) authentication specifically tailored for the MERN (MongoDB, Express, React, Node.js) stack. It automates the setup of secure authentication flows, including registration, login, and logout, while prioritizing security through short-lived access tokens and long-lived refresh tokens stored in httpOnly cookies. By including advanced rotation mechanisms and reuse detection, it protects against common vulnerabilities like XSS and token theft, making it an essential blueprint for developers building secure, scalable web applications with Claude Code.

주요 기능

01Secure cookie management using httpOnly, Secure, and SameSite flags

020 GitHub stars

03Axios interceptors for seamless silent token refresh on the frontend

04Server-side session invalidation and secure password hashing with bcrypt

05Dual-token architecture with short-lived access and long-lived refresh tokens

06Automatic refresh token rotation and reuse detection/revocation

사용 사례

01Building a secure user authentication system for React-based web applications

02Implementing persistent login sessions with enhanced protection against XSS and CSRF

03Standardizing auth patterns and security middleware across MERN services

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add chavangorakh1999/sde-skills jwt-auth

For use in Claude.ai and ChatGPT

주요 기능

01Secure cookie management using httpOnly, Secure, and SameSite flags

020 GitHub stars

03Axios interceptors for seamless silent token refresh on the frontend

04Server-side session invalidation and secure password hashing with bcrypt

05Dual-token architecture with short-lived access and long-lived refresh tokens

06Automatic refresh token rotation and reuse detection/revocation

사용 사례

01Building a secure user authentication system for React-based web applications

02Implementing persistent login sessions with enhanced protection against XSS and CSRF

03Standardizing auth patterns and security middleware across MERN services