How does this skill handle token security?

It provides logic for secure token generation, validation, and storage recommendations, specifically advising against storing sensitive tokens in localStorage.

Which authentication methods does this skill cover?

This skill provides standardized implementations for JWT (JSON Web Tokens), OAuth 2.0, API keys, and traditional session-based authentication.

Can I use this for both Node.js and Python?

Yes, the skill includes reference implementations for Node.js (Express) and Python (Flask), including decorators for role-based access control.

Does this skill include security best practices?

Yes, it enforces industry standards such as using HttpOnly cookies, bcrypt hashing for passwords, rate limiting, and the implementation of essential security headers.

API Authentication

Name: API Authentication
Author: secondsky

bysecondsky

•

API 开发

Implements secure authentication mechanisms including JWT, OAuth 2.0, and API keys using production-ready standards.

关于

This skill equips Claude with the patterns and best practices necessary to build robust, secure authentication systems for modern web applications. It provides comprehensive guidance on implementing stateless JWT authentication, third-party OAuth 2.0 integrations, and secure service-to-service communication via API keys. By following this skill, developers can ensure their applications adhere to critical security requirements such as proper token storage, essential security headers, password hashing, and efficient error handling, significantly reducing the risk of common authentication vulnerabilities.

主要功能

Pre-configured security headers (HSTS, CSP, X-Frame-Options)
JWT implementation with access and refresh token rotation
21 GitHub stars
Middleware for role-based access control and token verification
OAuth 2.0 integration patterns for third-party providers
Secure API key management and validation logic

使用场景

Integrating Google, GitHub, or other social logins via OAuth 2.0
Building stateless authentication for React or Vue Single Page Applications
Securing backend microservices with service-to-service API keys

关于

主要功能

Pre-configured security headers (HSTS, CSP, X-Frame-Options)
JWT implementation with access and refresh token rotation
21 GitHub stars
Middleware for role-based access control and token verification
OAuth 2.0 integration patterns for third-party providers
Secure API key management and validation logic

使用场景

Integrating Google, GitHub, or other social logins via OAuth 2.0
Building stateless authentication for React or Vue Single Page Applications
Securing backend microservices with service-to-service API keys