Can I use these patterns with frameworks other than Express?

Yes. Although the code examples are written in TypeScript/Express, the underlying architectural patterns for token handling, session storage, and role hierarchies are framework-agnostic.

How does this handle token security?

The patterns emphasize security best practices, such as using HTTP-only cookies for sessions, hashing refresh tokens before database storage, and implementing short-lived access tokens.

Does this skill support multi-factor authentication (MFA)?

While it focuses on core patterns like JWT and OAuth2, the implementation logic provided can be extended to include MFA provider integrations and verification steps.

Does it support hierarchical roles?

Yes, it includes specific patterns for role hierarchies where higher-level roles (like Admin) automatically inherit the permissions of lower-level roles (like Moderator or User).

Secure Authentication Patterns

Name: Secure Authentication Patterns
Author: Activer007

byActiver007

•

API 개발

Implements robust, production-grade authentication and authorization systems using industry-standard patterns like JWT, OAuth2, and RBAC.

소개

This skill provides specialized guidance for building secure access control systems, covering both authentication (identifying users) and authorization (managing permissions). It offers implementation patterns for stateless JWT workflows with refresh tokens, stateful session management via Redis, and third-party social login integration using Passport.js. Whether you are building a new API or securing an existing application, this skill helps you implement scalable security architectures including Role-Based Access Control (RBAC) and fine-grained permission systems while avoiding common security vulnerabilities.

주요 기능

OAuth2 and social login integration templates
Fine-grained permission-based policy enforcement
Session-based authentication using Redis storage
JWT implementation with secure refresh token rotation
Hierarchical Role-Based Access Control (RBAC)
1 GitHub stars

사용 사례

Securing REST or GraphQL APIs with stateless authentication
Implementing enterprise SSO or social login via Google and GitHub
Designing complex permission systems for multi-tenant applications

소개

주요 기능

OAuth2 and social login integration templates
Fine-grained permission-based policy enforcement
Session-based authentication using Redis storage
JWT implementation with secure refresh token rotation
Hierarchical Role-Based Access Control (RBAC)
1 GitHub stars

사용 사례

Securing REST or GraphQL APIs with stateless authentication
Implementing enterprise SSO or social login via Google and GitHub
Designing complex permission systems for multi-tenant applications