How does it handle token expiration in the frontend?

The skill sets up Axios interceptors that detect 401 Unauthorized errors and attempt to perform an automatic token refresh before retrying the original request.

What security best practices are included?

It includes a security checklist covering token validation, secure storage (httpOnly cookies), CORS configuration, and HTTPS requirements.

Does this skill support role-based access control (RBAC)?

Yes, it includes pre-configured authorization policies for various roles like Owner, Admin, Manager, and Staff, which can be applied directly to .NET controllers.

Is multi-tenancy supported?

Yes, the skill focuses on business isolation by extracting a 'business_id' claim from the JWT to ensure users only access data relevant to their organization.

Can I use this with .NET 8 and modern React versions?

Absolutely. The skill uses modern C# Program.cs patterns and React functional component hooks (like jwt-decode) that are compatible with the latest frameworks.

Full-Stack JWT Authentication

Name: Full-Stack JWT Authentication
Author: usmanali4073

byusmanali4073

•

Security & Testing

Implements secure JWT authentication and authorization flows across .NET APIs and React microfrontends.

About

This skill provides a standardized approach to implementing identity management and security across StyleMate microservices. It automates the configuration of JWT validation in .NET Program.cs, defines granular authorization policies, and sets up robust React integration including Axios interceptors for token handling and automatic refresh. By utilizing domain-specific patterns for claims-based authorization and business-level isolation, this skill ensures that both your backend services and frontend applications maintain a consistent and high-security posture.

Key Features

1 GitHub stars
Pre-configured role-based authorization policies (Owner, Admin, Manager, Staff)
Automated .NET API JWT validation and middleware configuration
Secure React route guards and JWT context hooks
React Axios interceptors for automatic token injection and 401 refresh logic
Claims extraction logic for enforcing business-level data isolation

Use Cases

Enforcing multi-tenant isolation using business_id claims across the full stack
Implementing automatic token refresh and unauthorized request handling in React apps
Securing a new .NET microservice with standardized JWT validation and identity middleware

About

Key Features

1 GitHub stars
Pre-configured role-based authorization policies (Owner, Admin, Manager, Staff)
Automated .NET API JWT validation and middleware configuration
Secure React route guards and JWT context hooks
React Axios interceptors for automatic token injection and 401 refresh logic
Claims extraction logic for enforcing business-level data isolation

Use Cases

Enforcing multi-tenant isolation using business_id claims across the full stack
Implementing automatic token refresh and unauthorized request handling in React apps
Securing a new .NET microservice with standardized JWT validation and identity middleware