Authentication & Authorization Patterns

关于

This skill provides a comprehensive toolkit for building robust security layers within backend applications. It offers production-ready implementation patterns for stateless JWT authentication, stateful session management, and third-party social logins via OAuth2. Beyond basic login flows, it includes advanced logic for refresh token rotation, hierarchical Role-Based Access Control (RBAC), and fine-grained permission systems, ensuring developers can secure REST and GraphQL APIs against unauthorized access while maintaining horizontal scalability.

主要功能

• Stateful session-based management using Redis storage
• Stateless JWT authentication with secure refresh token rotation
• OAuth2 and social login integration patterns using Passport.js
• Hierarchical Role-Based Access Control (RBAC) middleware
• Fine-grained permission-based authorization for granular resource security
• 0 GitHub stars

使用场景

• Securing REST or GraphQL APIs with stateless token-based authentication
• Implementing complex multi-tier user permission systems in enterprise apps
• Adding Google, GitHub, or SSO social login capabilities to existing platforms