How does it help with JWT security?

It provides best practices for JWT handling, including short-lived access tokens, secure refresh token rotation in databases, and robust token verification middleware.

Can I use this for complex user permissions?

Yes, the skill covers Role-Based Access Control (RBAC) and granular Permission-Based Access Control to handle complex nested authorization logic.

Is it specific to a single programming language?

While the code examples are provided in TypeScript and Express, the underlying architectural patterns and security concepts are applicable across most modern backend stacks.

Does it cover both stateful and stateless auth?

Absolutely. It provides implementation examples for both stateless JWT tokens and stateful Redis-backed session management to suit different architecture needs.

Can this skill help with social login?

Yes, it includes patterns for implementing OAuth2 and social login using standard frameworks like Passport.js for providers like Google and GitHub.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: Microck

byMicrock

•

114

•

安全与测试

Implements secure access control systems using industry-standard JWT, OAuth2, and RBAC patterns to protect applications and APIs.

This skill provides comprehensive guidance for architecting and implementing robust security layers in modern applications. It covers essential authentication strategies like stateless JWTs with refresh tokens and stateful session management, alongside sophisticated authorization models including Role-Based Access Control (RBAC) and granular permission systems. Whether you are securing a REST API, integrating social login via OAuth2, or debugging complex security middleware, this skill ensures your implementation follows industry security best practices and scales effectively for production environments.

主要功能

01Stateful session management patterns using Redis for distributed storage

02JWT implementation with secure refresh token rotation flows

03Granular permission-based access control and policy enforcement middleware

04OAuth2 and social login integration using Passport.js and OpenID Connect

05Role-Based Access Control (RBAC) with support for role hierarchies

06114 GitHub stars

使用场景

01Migrating legacy session-based systems to modern OAuth2 or JWT standards

02Architecting a secure backend API with stateless token-based authentication

03Implementing complex multi-tenant authorization and user permission hierarchies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add microck/ordinary-claude-skills auth-implementation-patterns

For use in Claude.ai and ChatGPT

Download Skill