Can I use this for mobile app authentication?

Absolutely, it includes patterns for OAuth 2.0 with PKCE, which is the security standard for mobile and single-page applications.

Does this skill help with passwordless login?

Yes, it provides detailed implementation guides for Passkeys, WebAuthn, and FIDO2 to enable biometric and phishing-resistant authentication.

Does it support multi-factor authentication?

Yes, it covers TOTP (Authenticator apps), SMS/Email OTP, and push notifications with detailed security and UX comparisons.

What password hashing methods are recommended?

The skill follows OWASP guidelines, recommending Argon2id for secure password hashing and verification to protect against brute-force attacks.

Authentication Patterns & Security

Name: Authentication Patterns & Security
Author: melodic-software

bymelodic-software

•

安全与测试

Implements industry-standard authentication flows including JWT, OAuth 2.0, and Passkeys while ensuring security best practices.

关于

The Authentication Patterns skill provides comprehensive, production-ready guidance for building secure login and authorization systems. It covers a wide array of modern methods, from passwordless Passkey/WebAuthn implementations and OAuth 2.0/OIDC flows with PKCE to traditional JWT management and MFA integration. By leveraging this skill, developers can ensure their applications follow OWASP recommendations for password hashing with Argon2, robust session management, and secure cookie configuration, significantly reducing the risk of common authentication vulnerabilities like credential stuffing or session hijacking.

主要功能

Step-by-step OAuth 2.0 and OIDC flow implementation with PKCE
OWASP-aligned password hashing and secure session management
Passwordless authentication via Passkeys, FIDO2, and WebAuthn
Multi-factor authentication (MFA/TOTP) setup and recovery
Secure JWT structure, algorithm selection, and token rotation
12 GitHub stars

使用场景

Implementing secure session management and HttpOnly cookie policies
Building a secure Single Page Application (SPA) login with OAuth 2.0
Adding phishing-resistant biometric authentication using Passkeys

关于

主要功能

Step-by-step OAuth 2.0 and OIDC flow implementation with PKCE
OWASP-aligned password hashing and secure session management
Passwordless authentication via Passkeys, FIDO2, and WebAuthn
Multi-factor authentication (MFA/TOTP) setup and recovery
Secure JWT structure, algorithm selection, and token rotation
12 GitHub stars

使用场景

Implementing secure session management and HttpOnly cookie policies
Building a secure Single Page Application (SPA) login with OAuth 2.0
Adding phishing-resistant biometric authentication using Passkeys