Can I use this for Role-Based Access Control?

Yes, it includes detailed implementation patterns for both Role-Based Access Control (RBAC) and granular Permission-Based Access Control (PBAC).

Is this skill specific to a certain programming language?

The implementation examples are provided in TypeScript/Node.js, but the architectural patterns and security principles are applicable across most backend languages.

Does it include security for refresh tokens?

Yes, the skill demonstrates secure refresh token rotations, including database storage, token hashing, and revocation strategies to prevent unauthorized access.

What authentication methods does this skill support?

It covers JWT (JSON Web Tokens), stateful session-based authentication with Redis, and OAuth2/OpenID Connect for social logins like Google and GitHub.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

0•

安全与测试

Implements secure, scalable authentication and authorization systems using industry-standard patterns like JWT, OAuth2, and RBAC.

This skill provides comprehensive guidance and boilerplate for building robust security layers in modern applications. It covers essential patterns including stateless JWT authentication with refresh token flows, stateful session management via Redis, and delegated authentication through OAuth2/Passport.js. Beyond identity verification, it facilitates granular access control through Role-Based (RBAC) and Permission-Based (PBAC) models, helping developers migrate auth systems or debug complex security issues with production-grade code samples and standardized middleware architecture.

主要功能

01Stateful session management with Redis integration

02JWT and Refresh Token implementation patterns

03Role-Based (RBAC) and Permission-Based Access Control

04Standardized security middleware for Node.js environments

05OAuth2 and Social Login integration using Passport.js

060 GitHub stars

使用场景

01Building a secure SaaS platform with multi-tier user permissions

02Integrating Google or GitHub social login into an existing application

03Migrating from stateful sessions to stateless JWT-based authentication

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/hermetic-academy auth-implementation-patterns

For use in Claude.ai and ChatGPT

Download Skill