Does it include support for refresh tokens?

Yes, it provides a detailed pattern for implementing a secure refresh token flow, including token storage, rotation, and revocation logic.

Can I use this for complex user permissions?

Absolutely. It includes patterns for both Role-Based Access Control (RBAC) and more granular Permission-Based Access Control to handle complex authorization requirements.

What authentication strategies are covered?

This skill covers session-based authentication using Redis, token-based authentication using JWT, and delegated authentication via OAuth2 and OpenID Connect.

Is it compatible with social login?

Yes, the skill includes patterns for integrating third-party social logins like Google and GitHub using the Passport.js middleware framework.

Authentication Implementation Patterns

Name: Authentication Implementation Patterns
Author: Microck

byMicrock

•

安全与测试

Implements secure, industry-standard authentication and authorization systems including JWT, OAuth2, and role-based access control.

关于

This skill provides comprehensive architectural patterns and implementation guides for building production-grade access control systems. It covers a wide range of security paradigms, from stateless JWT and refresh token rotations to traditional stateful session management with Redis. By providing boilerplate for OAuth2 social logins and granular authorization models like RBAC and permission-based access, this skill helps developers secure APIs and web applications while adhering to modern security best practices and mitigating common vulnerabilities.

主要功能

81 GitHub stars
Hierarchical Role-Based Access Control (RBAC) systems
OAuth2 and Social Login integration via Passport.js
Stateful session management patterns using Express and Redis
Stateless JWT and secure refresh token flow implementation
Granular Permission-Based Access Control (PBAC) middleware

使用场景

Securing REST or GraphQL APIs with scalable token-based authentication
Designing complex multi-tenant authorization systems with distinct user roles
Adding social login providers like Google or GitHub to an existing application

关于

主要功能

81 GitHub stars
Hierarchical Role-Based Access Control (RBAC) systems
OAuth2 and Social Login integration via Passport.js
Stateful session management patterns using Express and Redis
Stateless JWT and secure refresh token flow implementation
Granular Permission-Based Access Control (PBAC) middleware

使用场景

Securing REST or GraphQL APIs with scalable token-based authentication
Designing complex multi-tenant authorization systems with distinct user roles
Adding social login providers like Google or GitHub to an existing application