Does it handle token expiration and refresh logic?

Yes, the skill provides specific patterns for short-lived access tokens and secure refresh token rotation to maintain long-lived sessions safely.

Can I use this for both REST and GraphQL?

Absolutely. The authentication strategies provided, such as JWT and session management, are protocol-agnostic and can be applied to any backend API architecture.

Does this skill support social login?

Yes, it includes comprehensive implementation patterns for OAuth2 and social providers like Google and GitHub using the Passport.js ecosystem.

How does it handle user permissions?

It includes patterns for both Role-Based Access Control (RBAC) with role hierarchies and more granular Permission-Based Access Control (PBAC) for specific resource actions.

Secure Auth & Access Control Patterns

Name: Secure Auth & Access Control Patterns
Author: HermeticOrmus

byHermeticOrmus

•

Security & Testing

Implements secure authentication and authorization systems using JWT, OAuth2, and role-based access control (RBAC) patterns.

This skill empowers Claude to design and implement industry-standard security architectures for modern web applications. It provides ready-to-use patterns for token-based authentication (JWT), stateful session management with Redis, social login via OAuth2, and granular access control strategies like RBAC and permission-based logic. Whether you are building a new API from scratch, migrating from legacy sessions to stateless tokens, or debugging complex security vulnerabilities, this skill ensures your access control logic is scalable, secure, and follows current security best practices.

Key Features

01JWT implementation with secure refresh token rotation flows

02Hierarchical Role-Based Access Control (RBAC) middleware

03Fine-grained Permission-Based Access Control (PBAC) logic

04Stateful session management integration using Express and Redis

05Social login and OAuth2 strategies via Passport.js

062 GitHub stars

Use Cases

01Securing REST or GraphQL APIs with stateless token-based authentication

02Implementing multi-provider social login for streamlined user onboarding

03Designing administrative dashboards with complex hierarchical permissions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/libreuiux-claude-code auth-implementation-patterns

For use in Claude.ai and ChatGPT

Download Skill