How does this skill handle security best practices?

It implements industry standards such as token rotation, secure cookie attributes (HttpOnly, SameSite), password hashing, and token revocation strategies.

Does it provide implementation examples for specific frameworks?

The patterns are primarily demonstrated using TypeScript and Express, though the underlying security logic is applicable to most backend frameworks.

What authentication methods does this skill support?

The skill covers JWT (stateless tokens), session-based (stateful) authentication, and OAuth2/OpenID Connect for social logins.

Can it help with complex user permissions?

Yes, it includes specialized patterns for both Role-Based Access Control (RBAC) and granular Permission-Based Access Control (PBAC).

Secure Authentication & Authorization Patterns

Name: Secure Authentication & Authorization Patterns
Author: Activer007

byActiver007

Security & Testing

Implements secure, industry-standard authentication and authorization patterns including JWT, OAuth2, and RBAC for robust access control.

About

This skill provides comprehensive guidance and implementation patterns for building secure user access systems within modern applications. It covers a wide spectrum of essential security protocols, including stateless JWT management with refresh token flows, traditional session-based authentication using Redis storage, and third-party social login via OAuth2. Beyond identity verification, it offers sophisticated authorization strategies like Role-Based Access Control (RBAC) and Permission-Based Access Control (PBAC), enabling developers to design granular, scalable, and audit-ready security architectures for any API or web service.

Key Features

Session-based authentication with secure cookie handling and Redis storage
0 GitHub stars
Social login integration using OAuth2 and OpenID Connect patterns
Granular Permission-Based Access Control (PBAC) for resource-level security
JWT and Refresh Token implementation with stateless scaling patterns
Hierarchical Role-Based Access Control (RBAC) middleware

Use Cases

Securing REST or GraphQL APIs with token-based authentication
Implementing enterprise-grade user permission and role hierarchies
Migrating from stateful sessions to stateless JWT authentication

About

Key Features

Session-based authentication with secure cookie handling and Redis storage
0 GitHub stars
Social login integration using OAuth2 and OpenID Connect patterns
Granular Permission-Based Access Control (PBAC) for resource-level security
JWT and Refresh Token implementation with stateless scaling patterns
Hierarchical Role-Based Access Control (RBAC) middleware

Use Cases

Securing REST or GraphQL APIs with token-based authentication
Implementing enterprise-grade user permission and role hierarchies
Migrating from stateful sessions to stateless JWT authentication