auth-implementation-patterns

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

1.19x

Quality

75%

Does it follow best practices?

Impact

100%

1.19x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/developer-essentials/skills/auth-implementation-patterns/SKILL.md

Evaluation results

100%

32%

JWT Authentication Service Module

JWT token management

Criteria

Without context

With context

jsonwebtoken package

100%

Access token expiry

100%

Refresh token expiry

100%

JWT payload fields

50%

100%

Separate JWT secrets

50%

100%

Bearer header extraction

100%

TokenExpiredError handling

60%

100%

Refresh token hashed

100%

Refresh returns access only

100%

All-devices logout

100%

401 on missing token

100%

Access Control Middleware for Multi-Tier SaaS Platform

RBAC and permission-based authorization

Criteria

Without context

With context

Role enum values

100%

Role hierarchy map

100%

hasRole uses hierarchy

100%

401 vs 403 distinction

100%

Admin bypasses ownership

100%

Permission enum format

100%

rolePermissions mapping

100%

requirePermission uses every()

100%

Admin has all permissions

100%

404 on missing resource

100%

403 on non-owner

100%

27%

Secure Session-Based Authentication for Healthcare Portal

Session auth, password security, and rate limiting

Criteria

Without context

With context

connect-redis store

100%

httpOnly cookie

100%

sameSite strict

100%

Conditional secure flag

100%

Cookie maxAge 24h

100%

resave and saveUninitialized

100%

Logout destroys session

100%

bcrypt saltRounds=12

100%

Zod password min length

100%

Zod character classes

100%

44%

100%

Rate limit headers config

100%

rate-limit-redis store

100%

Repository: Dicklesworthstone/pi_agent_rust
Commit: 47823e3

Evaluated: about 1 month ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

JWT Authentication Service Module Access Control Middleware for Multi-Tier SaaS Platform Secure Session-Based Authentication for Healthcare Portal

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.