What authentication strategies are covered?

This skill covers stateless JWT (JSON Web Tokens), stateful session-based authentication using Redis, and delegated authentication via OAuth2 and OpenID Connect.

Is this specific to a certain framework?

While the examples focus on Node.js and Express, the underlying security patterns and logic are applicable across most modern backend frameworks.

Does it support secure token refresh flows?

Absolutely. It includes patterns for short-lived access tokens and long-lived refresh tokens, including database-backed revocation and token hashing.

Authentication Implementation Patterns

Name: Authentication Implementation Patterns
Author: wshobson

bywshobson

•

23,194

安全与测试

Implements secure authentication and authorization systems using JWT, OAuth2, session management, and role-based access control.

关于

This skill equips Claude with specialized patterns for building production-grade access control systems. It provides comprehensive guidance on implementing stateless JWT authentication with refresh token rotation, stateful session management via Redis, and third-party social login through OAuth2. Beyond identity verification, the skill covers granular authorization models including Role-Based Access Control (RBAC) and Permission-Based Access Control (PBAC), ensuring developers can secure REST and GraphQL APIs using industry-standard security best practices and middleware patterns.

主要功能

JWT implementation with secure refresh token rotation flows
Stateful session management patterns using Redis storage
23,194 GitHub stars
Social login integration using OAuth2 and Passport.js
Secure password hashing and token verification strategies
Granular RBAC and PBAC middleware for resource protection

使用场景

Securing a RESTful API with stateless JWT tokens and middleware
Implementing a multi-tenant RBAC system for enterprise applications
Adding Google or GitHub social authentication to a Node.js backend

关于

主要功能

JWT implementation with secure refresh token rotation flows
Stateful session management patterns using Redis storage
23,194 GitHub stars
Social login integration using OAuth2 and Passport.js
Secure password hashing and token verification strategies
Granular RBAC and PBAC middleware for resource protection

使用场景

Securing a RESTful API with stateless JWT tokens and middleware
Implementing a multi-tenant RBAC system for enterprise applications
Adding Google or GitHub social authentication to a Node.js backend