What is the difference between AuthN and AuthZ in this skill?

The skill distinguishes between Authentication (identity verification) and Authorization (permission management), providing specific code patterns for both logic layers.

Can this skill help with JWT refresh tokens?

Yes, it includes detailed patterns for managing short-lived access tokens and long-lived, database-backed refresh tokens with secure revocation logic.

Can I implement complex role hierarchies?

Yes, the skill covers Role-Based Access Control (RBAC) with defined hierarchies and middleware to enforce permissions across different user levels.

Does it support social login integration?

It provides implementation patterns for OAuth2 and OpenID Connect using popular libraries like Passport.js for providers like Google and GitHub.

Is this compatible with traditional session-based auth?

Absolutely, it includes patterns for Redis-backed stateful sessions for applications that require traditional cookie-based session management.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: GaitanS

byGaitanS

0•

安全与测试

Implements secure, scalable access control systems using modern patterns like JWT, OAuth2, and RBAC.

This skill provides comprehensive guidance and implementation patterns for securing modern web applications and APIs. It covers essential authentication strategies including stateless JWTs with secure refresh token flows, stateful session-based management using Redis, and external identity delegation via OAuth2. Beyond initial identity verification, it facilitates granular authorization through Role-Based Access Control (RBAC) and Permission-Based Access Control, ensuring that security and least-privilege principles are integrated directly into your application architecture.

主要功能

01Granular Role-Based Access Control (RBAC) with hierarchical permissions

02Standardized JWT implementation with access and refresh token rotation

03Stateful session management patterns using Express and Redis storage

04Social login integration using OAuth2 and Passport.js strategies

050 GitHub stars

06Secure middleware patterns for protecting REST and GraphQL endpoints

使用场景

01Building an enterprise-grade permission system with role-based access hierarchies

02Securing a Node.js backend with stateless JWT authentication and token revocation

03Implementing multi-provider social login for a customer-facing web application

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add gaitans/ai-mancare auth-implementation-patterns

For use in Claude.ai and ChatGPT

Download Skill