How does this skill prevent common authentication vulnerabilities?

The skill includes automated data validation checks that fail if it detects insecure practices, such as storing JWTs in localStorage or using symmetric HS256 signing in distributed environments.

Can Claude help me implement role-based permissions with this skill?

Absolutely. It provides specific patterns for both Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC), including how to encode roles into JWT claims.

What is the recommended token storage strategy in this skill?

The skill strictly enforces the use of httpOnly cookies for token storage to mitigate XSS-based token theft, rejecting implementations that rely on localStorage.

Does this skill support modern SPA authentication?

Yes, it prioritizes the Authorization Code flow with PKCE, which is the current industry standard for public clients like React, Vue, and mobile applications.

Secure Auth Patterns

Name: Secure Auth Patterns
Author: hjemmesidekongen

byhjemmesidekongen

0•

安全与测试

Implements industry-standard authentication and authorization architectures including OAuth 2.0, PKCE, and JWT best practices.

The Secure Auth Patterns skill equips Claude with advanced knowledge and automated validation for building robust, production-grade authentication systems. It enforces secure token storage strategies, guides the selection of appropriate OAuth 2.0 flows, and ensures correct JWT signing practices across distributed systems. By integrating specific security checkpoints, it proactively prevents critical vulnerabilities such as JWT leakage in localStorage, missing expiration claims, and insecure symmetric signing in microservices architectures.

主要功能

01Secure JWT configuration using asymmetric signing (RS256/ES256)

02Refresh token rotation and family invalidation strategies

03Architectural patterns for Role-Based (RBAC) and Attribute-Based (ABAC) Access Control

04OAuth 2.0 and PKCE flow implementation guidance for SPAs and mobile apps

050 GitHub stars

06Automated validation for httpOnly cookie storage and token expiration

使用场景

01Configuring secure JWT validation middleware for distributed microservices

02Implementing refresh token rotation with theft detection in a Node.js backend

03Architecting a secure authentication system for a Single Page Application using PKCE

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hjemmesidekongen/ai auth-patterns

For use in Claude.ai and ChatGPT