Does it handle secure token refresh logic?

Yes, the skill provides implementation patterns for short-lived access tokens combined with long-lived, database-backed refresh tokens for secure persistence.

Can I use this for Role-Based Access Control?

Yes, it includes specialized patterns for both hierarchical RBAC and granular permission-based access control systems.

What authentication strategies does this skill support?

It covers token-based (JWT), session-based (Redis/Express), and delegated authentication via OAuth2/OpenID Connect.

Is this skill suitable for securing APIs?

Absolutely. It provides middleware patterns, token validation logic, and header handling specifically designed for REST and GraphQL services.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

0•

Security & Testing

Implements secure access control systems using industry-standard JWT, OAuth2, and session management patterns.

This skill empowers Claude to design and implement robust security layers for modern web applications and APIs. It provides standardized patterns for identity verification and permission management, covering stateless JWT implementations, stateful session-based systems, and third-party social logins. Whether you are building hierarchical role-based access control (RBAC) or debugging complex token refresh flows, this skill ensures your security architecture follows industry best practices for scalability and protection against common vulnerabilities.

Key Features

01Fine-grained permission-based policy enforcement systems

02Third-party social login integration via OAuth2 and Passport.js

03Stateless JWT implementation with secure refresh token rotation

04Hierarchical Role-Based Access Control (RBAC) middleware

050 GitHub stars

06Stateful session-based authentication using Redis and Express

Use Cases

01Securing REST or GraphQL APIs with token-based authentication

02Implementing multi-tenant access control with custom user roles

03Migrating legacy session-based systems to stateless JWT architectures

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/after-the-third-cup auth-implementation-patterns

For use in Claude.ai and ChatGPT

Download Skill