Can I implement social login with this skill?

Yes, it includes patterns for OAuth 2.0 strategies, specifically demonstrating how to integrate Google authentication using Passport.js.

Does this skill support session-based auth or just JWT?

It covers both, including JWT refresh token strategies and patterns for traditional secure cookie-based session management.

Does it include Role-Based Access Control?

Yes, it provides a comprehensive RBAC middleware pattern for defining hierarchical permissions and enforcing them across API routes.

Is the password hashing implementation secure?

Yes, the skill follows security best practices by using bcrypt with asynchronous hashing and recommended salt rounds.

How does it handle API security for third-party access?

It includes a dedicated service pattern for generating, hashing, and validating secure API keys via custom headers.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: karchtho

bykarchtho

API 开发

Implements secure user authentication, token management, and role-based access control using industry-standard patterns.

关于

This skill provides comprehensive implementation patterns for securing modern web applications and APIs. It covers the full lifecycle of identity management, from password hashing with bcrypt and JWT-based session handling to complex OAuth 2.0 flows and Multi-Factor Authentication (MFA). By providing standardized boilerplate and best practices for refresh tokens, password reset flows, and Role-Based Access Control (RBAC), it ensures that developers can build robust, secure backend architectures while avoiding common security pitfalls in Express and Node.js environments.

主要功能

OAuth 2.0 integration (Google Strategy)
API Key authentication and MFA implementation
JWT and Refresh Token lifecycle management
Secure password hashing and reset workflows
0 GitHub stars
Role-Based Access Control (RBAC) middleware

使用场景

Securing REST APIs with token-based authorization
Implementing multi-tenant or role-specific access permissions
Building a secure user registration and login system

关于

主要功能

OAuth 2.0 integration (Google Strategy)
API Key authentication and MFA implementation
JWT and Refresh Token lifecycle management
Secure password hashing and reset workflows
0 GitHub stars
Role-Based Access Control (RBAC) middleware

使用场景

Securing REST APIs with token-based authorization
Implementing multi-tenant or role-specific access permissions
Building a secure user registration and login system