Is refresh token rotation included?

Yes, the skill includes patterns for secure refresh token handling, including database storage, hashing, and token revocation strategies.

Does this skill support both stateful and stateless authentication?

Yes, it provides comprehensive patterns for both stateful session-based authentication (using Redis) and stateless token-based authentication (using JWT).

Can I use this for social login integration?

Absolutely. The skill includes implementation patterns for OAuth2 and social logins like Google and GitHub using the Passport.js ecosystem.

How does it handle complex user permissions?

It provides boilerplate for both Role-Based Access Control (RBAC) with role hierarchies and more granular Permission-Based Access Control for fine-tuned security.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: Microck

byMicrock

•

API 开发

Implements secure, industry-standard authentication and authorization patterns including JWT, OAuth2, and RBAC.

关于

This skill provides comprehensive guidance and production-ready patterns for building robust access control systems. It covers the full spectrum of modern security needs, from stateless JWT implementations with refresh token rotation to stateful session management using Redis. Developers can leverage this skill to integrate social logins via Passport.js, design complex Role-Based Access Control (RBAC) hierarchies, and secure REST or GraphQL APIs. By following these established implementation patterns, you can ensure your application identity layer is scalable, maintainable, and resilient against common security vulnerabilities.

主要功能

81 GitHub stars
JWT implementation with secure refresh token rotation flows
Stateful session management patterns using Express and Redis
OAuth2 and social login integration via Passport.js
Hierarchical Role-Based Access Control (RBAC) middleware
Granular permission-based authorization logic

使用场景

Implementing enterprise-grade multi-tenant access control systems
Securing modern web APIs with stateless token-based authentication
Adding social login providers to existing user management workflows

关于

主要功能

81 GitHub stars
JWT implementation with secure refresh token rotation flows
Stateful session management patterns using Express and Redis
OAuth2 and social login integration via Passport.js
Hierarchical Role-Based Access Control (RBAC) middleware
Granular permission-based authorization logic

使用场景

Implementing enterprise-grade multi-tenant access control systems
Securing modern web APIs with stateless token-based authentication
Adding social login providers to existing user management workflows