Is role-based access control included?

Yes, the skill includes implementation patterns for route decorators that verify user roles, such as distinguishing between standard users and administrators.

Can I use these strategies with frameworks other than Fastify?

While the code examples are optimized for Fastify, the underlying security principles and logic can be easily adapted for Express, NestJS, or Koa.

How does this skill handle session management?

It utilizes a stateless JWT approach for access tokens combined with a database-backed refresh token system to ensure secure, long-term sessions.

What authentication methods does this skill support?

This skill covers JWT (JSON Web Tokens) with refresh token rotation, OAuth 2.0 integration (specifically Google), and custom API key authentication.

Does this include password security best practices?

Yes, it implements secure password hashing using bcrypt with a high cost factor and provides schemas for complex password validation.

Node.js Authentication Strategies

Name: Node.js Authentication Strategies
Author: IvanTorresEdge

byIvanTorresEdge

API 개발

Implements secure authentication patterns for Node.js APIs including JWT, OAuth 2.0, and API keys using a defense-in-depth approach.

소개

This skill provides production-grade implementation patterns for securing Node.js applications with modern authentication methods. It features comprehensive guidance on JWT token handling with refresh token rotation, Google OAuth 2.0 integration, and secure password management using bcrypt and Zod validation. Designed primarily for Fastify-based environments but adaptable to other frameworks, it ensures that your backend services follow security best practices like short-lived access tokens, secure cookie handling, and role-based access control (RBAC) to protect sensitive user data.

주요 기능

JWT implementation with short-lived access tokens and secure refresh token rotation
Google OAuth 2.0 integration for seamless third-party social authentication
API key management with usage tracking and scoped permissions
Secure password hashing with bcrypt and complex validation using Zod
Role-based access control (RBAC) decorators for protected and admin-only routes
0 GitHub stars

사용 사례

Adding social login capabilities to a web application via Google OAuth
Implementing scoped API key access for external developers or internal services
Building a secure user registration and login system with token-based session management

소개

주요 기능

JWT implementation with short-lived access tokens and secure refresh token rotation
Google OAuth 2.0 integration for seamless third-party social authentication
API key management with usage tracking and scoped permissions
Secure password hashing with bcrypt and complex validation using Zod
Role-based access control (RBAC) decorators for protected and admin-only routes
0 GitHub stars

사용 사례

Adding social login capabilities to a web application via Google OAuth
Implementing scoped API key access for external developers or internal services
Building a secure user registration and login system with token-based session management