How does it handle user permissions?

It provides robust patterns for both Role-Based Access Control (RBAC) with hierarchies and granular Permission-Based Access Control (PBAC).

Can I use this for both stateful and stateless systems?

Absolutely. The skill provides implementation patterns for both stateless JWT tokens and stateful session-based authentication using Redis.

Does it include refresh token logic?

Yes, it specifically covers secure refresh token rotation and database-backed revocation to maintain high security while providing a seamless user experience.

Does this skill support social logins?

Yes, it includes patterns for OAuth2 and social login integration using industry-standard libraries like Passport.js for providers like Google and GitHub.

Authentication & Authorization Patterns

Name: Authentication & Authorization Patterns
Author: Activer007

byActiver007

0•

安全与测试

Implements secure, industry-standard access control systems including JWT, OAuth2, and role-based permissions.

This skill equips Claude with specialized knowledge for architecting and implementing robust authentication and authorization systems. It provides production-ready patterns for stateless JWT flows with refresh token rotation, traditional stateful session management using Redis, and third-party social login integration via OAuth2. By leveraging this skill, developers can ensure their applications follow security best practices for identity verification and granular permission enforcement, including Role-Based Access Control (RBAC) and permission-based logic for both REST and GraphQL APIs.

主要功能

01Security-first middleware patterns for API and route protection

020 GitHub stars

03JWT implementation with secure access and refresh token rotation logic

04Session-based authentication patterns using Redis for stateful scaling

05Multi-provider OAuth2 and social login integration strategies

06Hierarchical Role-Based Access Control (RBAC) and permission-based logic

使用场景

01Building a secure login system for a web application with email and social login

02Implementing granular permissions to restrict dashboard access to specific user roles

03Hardening API security by migrating from simple API keys to robust JWT-based AuthN/AuthZ

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add activer007/ordinary-claude-skills auth-implementation-patterns

For use in Claude.ai and ChatGPT

Download Skill