Is it suitable for implementing social logins?

Absolutely, it provides implementation patterns for social providers like Google and GitHub using industry-standard libraries like Passport.js.

What authentication methods does this skill support?

It supports modern stateless methods like JWT (JSON Web Tokens) with refresh flows, stateful session-based auth, and delegated auth via OAuth2/OpenID Connect.

Does it address session security best practices?

Yes, the skill covers secure session configuration, including cookie safety (HttpOnly, SameSite) and server-side storage with Redis.

Can this skill help with role management?

Yes, it includes patterns for both Role-Based Access Control (RBAC) and more granular Permission-Based Access Control, including role hierarchy logic.

How does it handle resource-level protection?

It provides specific patterns for resource ownership validation, ensuring users can only access or modify data they specifically own or have permission for.

Auth Implementation Patterns

Name: Auth Implementation Patterns
Author: gwickman

bygwickman

0•

API Development

Implements secure access control systems using JWT, OAuth2, session management, and role-based permissions.

This skill provides comprehensive architectural patterns and implementation guides for building secure, scalable authentication and authorization systems. It covers the spectrum from stateless JWT and refresh token flows to stateful session management with Redis, alongside advanced access control strategies like Role-Based Access Control (RBAC) and resource ownership validation. Ideal for developers securing REST or GraphQL APIs, integrating social logins, or designing multi-tenant permission systems, it ensures industry-standard security practices are followed throughout the development lifecycle.

Key Features

01Stateless JWT and refresh token implementation patterns

02Granular Role-Based (RBAC) and Permission-Based Access Control

03Secure resource ownership and policy enforcement logic

04Stateful session management using Express and Redis

050 GitHub stars

06OAuth2 and OpenID Connect integration for social logins

Use Cases

01Building a hierarchical role system for enterprise applications

02Securing a Node.js REST API with JWT and refresh tokens

03Implementing Google or GitHub social login using Passport.js

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add gwickman/auto-dev-test-target-1 auth-implementation-patterns

For use in Claude.ai and ChatGPT

Download Skill