How does it handle user permissions?

It provides robust patterns for both Role-Based Access Control (RBAC) with hierarchies and granular Permission-Based Access Control (PBAC).

Can I use this for both stateful and stateless systems?

Absolutely. The skill provides implementation patterns for both stateless JWT tokens and stateful session-based authentication using Redis.

Does it include refresh token logic?

Yes, it specifically covers secure refresh token rotation and database-backed revocation to maintain high security while providing a seamless user experience.

Does this skill support social logins?

Yes, it includes patterns for OAuth2 and social login integration using industry-standard libraries like Passport.js for providers like Google and GitHub.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: Activer007

byActiver007

Security & Testing

Implements secure, industry-standard access control systems including JWT, OAuth2, and role-based permissions.

About

This skill equips Claude with specialized knowledge for architecting and implementing robust authentication and authorization systems. It provides production-ready patterns for stateless JWT flows with refresh token rotation, traditional stateful session management using Redis, and third-party social login integration via OAuth2. By leveraging this skill, developers can ensure their applications follow security best practices for identity verification and granular permission enforcement, including Role-Based Access Control (RBAC) and permission-based logic for both REST and GraphQL APIs.

Key Features

Security-first middleware patterns for API and route protection
0 GitHub stars
JWT implementation with secure access and refresh token rotation logic
Session-based authentication patterns using Redis for stateful scaling
Multi-provider OAuth2 and social login integration strategies
Hierarchical Role-Based Access Control (RBAC) and permission-based logic

Use Cases

Building a secure login system for a web application with email and social login
Implementing granular permissions to restrict dashboard access to specific user roles
Hardening API security by migrating from simple API keys to robust JWT-based AuthN/AuthZ

About

Key Features

Security-first middleware patterns for API and route protection
0 GitHub stars
JWT implementation with secure access and refresh token rotation logic
Session-based authentication patterns using Redis for stateful scaling
Multi-provider OAuth2 and social login integration strategies
Hierarchical Role-Based Access Control (RBAC) and permission-based logic

Use Cases

Building a secure login system for a web application with email and social login
Implementing granular permissions to restrict dashboard access to specific user roles
Hardening API security by migrating from simple API keys to robust JWT-based AuthN/AuthZ