Can I use this for social logins?

Absolutely. It includes detailed patterns for OAuth2 and social login integration using industry-standard libraries like Passport.js.

Does it cover stateless authentication?

Yes, it features comprehensive patterns for JWT (JSON Web Tokens) and secure refresh token rotation for stateless, horizontally scalable architectures.

Does this skill support TypeScript?

Yes, all implementation patterns and code examples are provided in TypeScript to ensure type-safe security logic and better developer experience.

Is Role-Based Access Control (RBAC) included?

Yes, the skill provides structured patterns for both simple Role-Based and more granular Permission-Based Access Control systems.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

Security & Testing

Implements secure authentication and authorization systems using JWT, OAuth2, and advanced access control patterns.

About

This skill provides Claude with standardized, production-ready patterns for building robust access control systems in modern web applications. It covers essential security implementations including stateless JWT authentication with refresh token flows, traditional session management using Redis, and third-party OAuth2 integrations. Beyond simple logins, it provides clear structures for Role-Based Access Control (RBAC) and granular permission hierarchies, enabling developers to secure REST or GraphQL APIs while maintaining scalability and industry-standard security practices.

Key Features

Pre-built security middleware for Express and TypeScript
Session-based authentication with Redis store patterns
OAuth2 and social login integration using Passport.js
JWT and stateless refresh token implementation flows
Role-Based Access Control (RBAC) and permission-based hierarchies
0 GitHub stars

Use Cases

Integrating social login providers like Google and GitHub into web apps
Implementing complex multi-level user permissions and role hierarchies
Securing a Node.js REST API with stateless JWT authentication

About

Key Features

Pre-built security middleware for Express and TypeScript
Session-based authentication with Redis store patterns
OAuth2 and social login integration using Passport.js
JWT and stateless refresh token implementation flows
Role-Based Access Control (RBAC) and permission-based hierarchies
0 GitHub stars

Use Cases

Integrating social login providers like Google and GitHub into web apps
Implementing complex multi-level user permissions and role hierarchies
Securing a Node.js REST API with stateless JWT authentication