What authentication methods does this skill cover?

The skill includes implementation patterns for JWT (stateless), session-based (stateful), and OAuth2/OpenID Connect for social logins and SSO.

Is refresh token logic included?

Yes, the skill includes detailed patterns for generating, storing, verifying, and revoking refresh tokens to maintain secure user sessions.

How does it handle user permissions?

It provides logic for both Role-Based Access Control (RBAC) with hierarchies and granular Permission-Based Access Control (PBAC).

Which frameworks is this skill designed for?

The code patterns are primarily demonstrated using TypeScript and Express.js, but the architectural concepts are applicable to most backend frameworks.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: HermeticOrmus

byHermeticOrmus

•

Security & Testing

Implements secure authentication and authorization systems using JWT, OAuth2, session management, and RBAC patterns.

About

This skill provides comprehensive architectural guidance and production-ready boilerplate code for modern security implementations. It covers stateless token-based authentication with JWTs, stateful session management using Redis, and seamless social login integration via OAuth2 and Passport.js. Developers can leverage this skill to quickly build granular access control mechanisms, including Role-Based Access Control (RBAC) and permission-based policies, ensuring that APIs and applications remain secure, scalable, and compliant with industry best practices.

Key Features

1 GitHub stars
JWT-based stateless authentication with secure refresh token rotation
Stateful session management patterns using Redis for high performance
Social login and SSO integration via OAuth2 and OpenID Connect
Granular Role-Based (RBAC) and Permission-Based Access Control systems
Standardized middleware for identity verification and policy enforcement

Use Cases

Implementing enterprise-grade multi-tier permission systems for SaaS platforms
Securing REST or GraphQL APIs with stateless token-based access control
Integrating social login providers like Google or GitHub into web applications

About

Key Features

1 GitHub stars
JWT-based stateless authentication with secure refresh token rotation
Stateful session management patterns using Redis for high performance
Social login and SSO integration via OAuth2 and OpenID Connect
Granular Role-Based (RBAC) and Permission-Based Access Control systems
Standardized middleware for identity verification and policy enforcement

Use Cases

Implementing enterprise-grade multi-tier permission systems for SaaS platforms
Securing REST or GraphQL APIs with stateless token-based access control
Integrating social login providers like Google or GitHub into web applications