Does this skill support stateless authentication?

Yes, it provides detailed patterns for implementing stateless JWT (JSON Web Token) authentication, including secure refresh token rotations and storage.

How does it handle session security?

It includes best practices for session-based auth using Redis storage, secure cookie configurations, and same-site attribute strategies for CSRF protection.

Can I use this for social logins?

Absolutely. The skill includes implementation guides for OAuth2 and OpenID Connect using popular libraries like Passport.js for Google and GitHub integration.

Is it suitable for role-based access control?

Yes, it features comprehensive patterns for Role-Based Access Control (RBAC) and granular permission-based systems to manage different user access levels.

Secure Authentication Patterns

Name: Secure Authentication Patterns
Author: carloscroc

bycarloscroc

安全与测试

Implements industry-standard authentication and authorization patterns including JWT, OAuth2, and RBAC to secure web applications and APIs.

关于

This skill empowers developers to build production-grade security layers by providing standardized implementation patterns for modern authentication and authorization. It covers everything from stateless JWT management and refresh token flows to stateful session-based systems and third-party OAuth2 integrations. By utilizing established best practices for Role-Based Access Control (RBAC) and permission management, it helps eliminate common security vulnerabilities while ensuring scalable and maintainable access control for REST and GraphQL APIs.

主要功能

JWT and Refresh Token lifecycle management
OAuth2 and Social Login integration patterns
Permission-based middleware for granular security
Stateful session management with Redis storage
Role-Based Access Control (RBAC) frameworks
0 GitHub stars

使用场景

Adding Google or GitHub social login via Passport.js
Securing a Node.js REST API with stateless JWT authentication
Implementing hierarchical user permissions for admin dashboards

关于

主要功能

JWT and Refresh Token lifecycle management
OAuth2 and Social Login integration patterns
Permission-based middleware for granular security
Stateful session management with Redis storage
Role-Based Access Control (RBAC) frameworks
0 GitHub stars

使用场景

Adding Google or GitHub social login via Passport.js
Securing a Node.js REST API with stateless JWT authentication
Implementing hierarchical user permissions for admin dashboards