Security 568 installs

Authentication & Authorization Implementation Patterns

by wshobson/agents

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when…

Skill content

Industry-standard authentication and authorization patterns for building secure, scalable access control systems.

- Covers JWT (with refresh token flow), session-based, and OAuth2/social login strategies with production-ready code examples

- Includes role-based access control (RBAC), permission-based authorization, and resource ownership validation patterns

- Provides password hashing with bcrypt, rate limiting, and security best practices including token expiration and secure cookie flags

- Demonstrates common pitfalls to avoid: weak passwords, client-only auth checks, missing token expiration, and unvalidated password resets

Authentication & Authorization Implementation Patterns

Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.

When to Use This Skill

- Implementing user authentication systems

- Securing REST or GraphQL APIs

- Adding OAuth2/social login

- Implementing role-based access control (RBAC)

- Designing session management

- Migrating authentication systems

- Debugging auth issues

- Implementing SSO or multi-tenancy

Core Concepts

1. Authentication vs Authorization