Can I use this for mobile app authentication?

Absolutely, it includes patterns for OAuth 2.0 with PKCE, which is the security standard for mobile and single-page applications.

Does this skill help with passwordless login?

Yes, it provides detailed implementation guides for Passkeys, WebAuthn, and FIDO2 to enable biometric and phishing-resistant authentication.

Does it support multi-factor authentication?

Yes, it covers TOTP (Authenticator apps), SMS/Email OTP, and push notifications with detailed security and UX comparisons.

What password hashing methods are recommended?

The skill follows OWASP guidelines, recommending Argon2id for secure password hashing and verification to protect against brute-force attacks.

Authentication Patterns & Security

Name: Authentication Patterns & Security
Author: melodic-software

bymelodic-software

•

Security & Testing

Implements industry-standard authentication flows including JWT, OAuth 2.0, and Passkeys while ensuring security best practices.

The Authentication Patterns skill provides comprehensive, production-ready guidance for building secure login and authorization systems. It covers a wide array of modern methods, from passwordless Passkey/WebAuthn implementations and OAuth 2.0/OIDC flows with PKCE to traditional JWT management and MFA integration. By leveraging this skill, developers can ensure their applications follow OWASP recommendations for password hashing with Argon2, robust session management, and secure cookie configuration, significantly reducing the risk of common authentication vulnerabilities like credential stuffing or session hijacking.

Key Features

01Step-by-step OAuth 2.0 and OIDC flow implementation with PKCE

02OWASP-aligned password hashing and secure session management

03Passwordless authentication via Passkeys, FIDO2, and WebAuthn

04Multi-factor authentication (MFA/TOTP) setup and recovery

05Secure JWT structure, algorithm selection, and token rotation

0612 GitHub stars

Use Cases

01Implementing secure session management and HttpOnly cookie policies

02Building a secure Single Page Application (SPA) login with OAuth 2.0

03Adding phishing-resistant biometric authentication using Passkeys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins authentication-patterns

For use in Claude.ai and ChatGPT

Download Skill