Can I use these patterns for GraphQL APIs?

Absolutely. While the examples use Express middleware, the core logic for token verification, role checking, and permission validation is designed to be framework and protocol agnostic.

Does it include Role-Based Access Control (RBAC)?

Yes, it includes patterns for both simple Role-Based Access Control and more granular Permission-Based Access Control, including role hierarchy logic.

Does this skill support both stateless and stateful authentication?

Yes, it provides implementation patterns for both stateless JWT-based authentication and stateful session-based management using tools like Express-Session and Redis.

How does this skill handle token security?

The patterns emphasize security best practices, including short-lived access tokens, hashed refresh tokens stored in the database, and secure cookie configurations to prevent XSS and CSRF.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

Security & Testing

Implements secure authentication and authorization systems using JWT, OAuth2, and robust access control patterns.

About

This skill provides Claude with specialized knowledge to design and implement industry-standard security architectures. It covers a wide range of patterns including stateless JWT flows with refresh tokens, stateful session management via Redis, and third-party social logins using OAuth2 and Passport.js. Beyond authentication, it offers detailed implementation strategies for Role-Based Access Control (RBAC) and permission-based authorization, making it an essential resource for securing APIs and managing complex user permissions in modern web applications.

Key Features

OAuth2 and social login patterns for Google and GitHub
0 GitHub stars
Granular Role-Based Access Control (RBAC) hierarchy systems
Stateless JWT implementation with secure refresh token rotation
Security middleware for protecting REST and GraphQL endpoints
Stateful session-based authentication with Redis integration

Use Cases

Refactoring legacy session-based auth to modern JWT architectures
Implementing social login and SSO for web applications
Building secure API backends with multi-tenant access control

About

Key Features

OAuth2 and social login patterns for Google and GitHub
0 GitHub stars
Granular Role-Based Access Control (RBAC) hierarchy systems
Stateless JWT implementation with secure refresh token rotation
Security middleware for protecting REST and GraphQL endpoints
Stateful session-based authentication with Redis integration

Use Cases

Refactoring legacy session-based auth to modern JWT architectures
Implementing social login and SSO for web applications
Building secure API backends with multi-tenant access control