Security
568 installs
Authentication & Authorization Implementation Patterns
by wshobson/agents
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when…
Skill content
Industry-standard authentication and authorization patterns for building secure, scalable access control systems. - Covers JWT (with refresh token flow), session-based, and OAuth2/social login strategies with production-ready code examples - Includes role-based access control (RBAC), permission-based authorization, and resource ownership validation patterns - Provides password hashing with bcrypt, rate limiting, and security best practices including token expiration and secure cookie flags - Demonstrates common pitfalls to avoid: weak passwords, client-only auth checks, missing token expiration, and unvalidated password resets Authentication & Authorization Implementation Patterns Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices. When to Use This Skill - Implementing user authentication systems - Securing REST or GraphQL APIs - Adding OAuth2/social login - Implementing role-based access control (RBAC) - Designing session management - Migrating authentication systems - Debugging auth issues - Implementing SSO or multi-tenancy Core Concepts 1. Authentication vs Authorization