auth-patterns

The auth-patterns skill provides a robust architectural framework for securing backend applications through industry-standard authentication and authorization methodologies. It is designed for senior developers and backend engineers who need to integrate identity management into Node.js or TypeScript-based microservices and web APIs. By utilizing this skill, developers can maintain high standards for user identity validation, access control, and credential protection while reducing the risk of security vulnerabilities in production environments.

• Authentication implementations covering JSON Web Tokens (JWT) with access and refresh token rotation, session-based storage using Redis, and OAuth 2.0 / OpenID Connect integration with Passport.js.

• Authorization patterns supporting Role-Based Access Control (RBAC) and attribute-aware checks, ensuring fine-grained permission enforcement across endpoints.

• Password security utilities including cryptographically secure hashing using bcrypt, alongside configurable password validation rules for length, complexity, and special character requirements.

• Security best practices for backend development, including mitigation strategies for common credential attacks and session management vulnerabilities.

• When invoking this skill, provide context regarding the specific authentication strategy (e.g., JWT vs. Session) and the required authorization model (e.g., role-based permissions).

• Use for setting up middleware, configuring token expiry policies, or defining user entity interfaces.

• Ensure environment variables for secrets (e.g., JWT_SECRET, JWT_REFRESH_SECRET) are defined, as the skill produces code scaffolds relying on these configurations.

• Suitable for greenfield projects or refactoring legacy authentication modules to meet current security compliance standards.