Authentication & Authorization Patterns

About

This skill provides Claude with expert-level guidance and code patterns for building secure, scalable authentication and authorization layers. It covers high-level architectural decisions and low-level implementation details for stateless JWT flows, stateful session management via Redis, and multi-provider OAuth2 integrations. By following these industry-standard patterns, developers can ensure their APIs and applications are protected against common security vulnerabilities while maintaining a clean, maintainable codebase for complex permission structures.

Key Features

• Redis-backed session management for stateful applications
• 0 GitHub stars
• Hierarchical Role-Based Access Control (RBAC) and Permission-based logic
• Production-grade security middleware for Express and Node.js APIs
• JWT implementation with secure refresh token rotation and hashing
• Multi-provider OAuth2 and social login integration using Passport.js

Use Cases

• Architecting a secure authentication system for a new full-stack application
• Migrating from simple sessions to a scalable, stateless JWT architecture
• Implementing granular, permission-based access control for enterprise dashboards