Is it compatible with Next.js App Router?

Absolutely. It includes specific implementations for Next.js Middleware, Server Components, and Server Actions to ensure type-safe, server-side security.

How does this skill handle brute-force protection?

The skill includes account lockout logic that tracks failed login attempts and temporarily restricts access after a specific threshold is met.

Does this skill support specific auth providers?

Yes, the patterns are designed to be customizable for major providers including NextAuth, Supabase Auth, Auth0, Clerk, and custom database-backed solutions.

Does it include Role-Based Access Control (RBAC)?

Yes, it provides a complete framework for defining roles, mapping them to specific permissions, and enforcing those rules across your application.

Authentication Patterns

Name: Authentication Patterns
Author: antoineschaller

byantoineschaller

•

Security & Testing

Implements secure authentication and authorization flows including session management, RBAC, and OAuth integration.

This skill provides a comprehensive collection of production-ready authentication and authorization patterns designed for modern web applications. It covers critical security implementations such as JWT versus session-based storage, Next.js middleware for route protection, and Role-Based Access Control (RBAC). Additionally, it includes robust logic for password management—including bcrypt hashing, cryptographically secure reset flows, and account lockout mechanisms to prevent brute-force attacks. Whether you are integrating OAuth with NextAuth or building a custom identity solution, this skill ensures your application adheres to security best practices and scales effectively.

Key Features

01Advanced Next.js middleware patterns for protecting client and server routes.

021 GitHub stars

03Brute-force protection logic through automated account lockout mechanisms.

04Comprehensive Session vs. JWT architectural comparisons and implementations.

05Secure password workflows including single-use reset tokens and hashing.

06Fine-grained Role-Based Access Control (RBAC) with permission-level checking.

Use Cases

01Building a secure custom credential system with password hashing and recovery flows.

02Securing a Next.js application with role-based dashboard access and middleware protection.

03Implementing OAuth providers like Google or GitHub using standardized integration patterns.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add antoineschaller/cortex-skills auth-patterns

For use in Claude.ai and ChatGPT

Download Skill