Does this skill support stateless authentication?

Yes, it includes detailed patterns for JWT implementation, including short-lived access tokens and secure, database-backed refresh token flows.

Can I implement social login with this skill?

Absolutely, the skill provides implementation patterns for OAuth2 and OpenID Connect using popular frameworks like Passport.js.

Is RBAC covered in this skill?

Yes, it includes implementation patterns for both Role-Based Access Control (RBAC) and more granular Permission-Based Access Control (PBAC).

How does it handle session security?

It provides best practices for stateful session management, including secure cookie configuration, HttpOnly flags, and Redis-backed session stores.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

Security & Testing

Implement secure authentication and authorization systems using industry-standard patterns like JWT, OAuth2, and RBAC.

About

This skill provides comprehensive guidance for designing and implementing robust access control systems in modern applications. It covers essential authentication strategies including stateless JWTs with refresh token flows, stateful session-based management using Redis, and third-party social login via OAuth2. Beyond identity verification, it offers structured patterns for authorization through Role-Based Access Control (RBAC) and granular permission systems, ensuring developers can build secure, scalable, and production-ready security architectures while avoiding common security pitfalls.

Key Features

JWT implementation with secure refresh token flows
Session-based authentication using Redis storage
OAuth2 and social login integration patterns
Role-Based Access Control (RBAC) hierarchies
Granular permission-based authorization systems
0 GitHub stars

Use Cases

Implementing social login (Google/GitHub) for web applications
Securing REST or GraphQL APIs against unauthorized access
Designing multi-tenant authorization logic for SaaS platforms

About

Key Features

JWT implementation with secure refresh token flows
Session-based authentication using Redis storage
OAuth2 and social login integration patterns
Role-Based Access Control (RBAC) hierarchies
Granular permission-based authorization systems
0 GitHub stars

Use Cases

Implementing social login (Google/GitHub) for web applications
Securing REST or GraphQL APIs against unauthorized access
Designing multi-tenant authorization logic for SaaS platforms