How does it handle token security?

The skill demonstrates refresh token rotation, secure hashing of stored tokens, and proper handling of access token expiration to minimize security risks.

Can I use this for Role-Based Access Control?

Yes, it provides specific patterns for both Role-Based Access Control (RBAC) and Permission-Based Access Control, including role hierarchy implementation.

Is this skill suitable for Node.js environments?

While the concepts are universal, the provided implementation patterns specifically feature TypeScript and Express examples using popular libraries like Passport.js and jsonwebtoken.

What authentication strategies does this skill cover?

It covers session-based authentication (stateful), JWT-based authentication (stateless), and OAuth2/OpenID Connect for social and enterprise logins.

Does it include security best practices for sessions?

Yes, it includes patterns for secure cookie configuration, HttpOnly flags, SameSite attributes, and Redis-backed session storage.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

安全与测试

Implements secure authentication and authorization systems including JWT, OAuth2, and session-based access control.

关于

This skill empowers Claude with expert-level knowledge to design and implement robust security architectures. It covers a comprehensive range of patterns, from stateless JWT implementations and refresh token rotation to stateful session management and complex authorization models like Role-Based Access Control (RBAC). Whether you are architecting a new REST API, integrating social logins, or troubleshooting security vulnerabilities, this skill provides the implementation patterns and best practices needed to ensure production-grade security and scalable access control.

主要功能

0 GitHub stars
Secure middleware patterns for API protection and identity management
Stateful session management patterns using Redis for horizontal scaling
Stateless JWT generation and verification with refresh token rotation
Granular Role-Based Access Control (RBAC) and permission hierarchies
OAuth2 and social login integration using industry-standard libraries

使用场景

Designing hierarchical permission systems for enterprise SaaS applications
Implementing social authentication providers like Google and GitHub
Securing REST or GraphQL APIs with stateless token-based authentication

关于

主要功能

0 GitHub stars
Secure middleware patterns for API protection and identity management
Stateful session management patterns using Redis for horizontal scaling
Stateless JWT generation and verification with refresh token rotation
Granular Role-Based Access Control (RBAC) and permission hierarchies
OAuth2 and social login integration using industry-standard libraries

使用场景

Designing hierarchical permission systems for enterprise SaaS applications
Implementing social authentication providers like Google and GitHub
Securing REST or GraphQL APIs with stateless token-based authentication