auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
Install with Tessl CLI
npx tessl i github:Dicklesworthstone/pi_agent_rust --skill auth-implementation-patterns82
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific technologies and patterns (JWT, OAuth2, RBAC), uses natural trigger terms that developers would actually search for, and includes an explicit 'Use when...' clause with clear activation scenarios. The description is concise yet comprehensive, making it easy for Claude to select this skill appropriately.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and patterns: 'JWT, OAuth2, session management, and RBAC' along with outcomes 'build secure, scalable access control systems'. Also mentions specific use cases like 'implementing auth systems, securing APIs, debugging security issues'. | 3 / 3 |
Completeness | Clearly answers both what ('Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems') and when ('Use when implementing auth systems, securing APIs, or debugging security issues') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'authentication', 'authorization', 'JWT', 'OAuth2', 'session management', 'RBAC', 'auth systems', 'securing APIs', 'security issues'. These cover both technical terms and common variations. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on authentication/authorization domain with distinct triggers like 'JWT', 'OAuth2', 'RBAC', 'auth systems'. Unlikely to conflict with general coding or other security skills due to specific auth-focused terminology. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides comprehensive, executable authentication patterns with strong code examples covering JWT, sessions, OAuth2, and RBAC. However, it's overly verbose with conceptual explanations Claude doesn't need, and the monolithic structure would benefit from splitting into focused reference files. The lack of explicit implementation workflows for the complex scenarios mentioned (migration, debugging, SSO) limits its practical guidance.
Suggestions
Remove the 'Core Concepts' section explaining Authentication vs Authorization - Claude knows these definitions
Split the patterns into separate reference files (jwt-patterns.md, session-patterns.md, rbac-patterns.md) and make SKILL.md a concise overview with navigation
Add an explicit workflow section for common scenarios like 'Implementing auth from scratch' or 'Migrating auth systems' with validation checkpoints
Trim explanatory text around code examples - the code is self-documenting
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary conceptual explanations (Authentication vs Authorization definitions, OAuth2 descriptions) that Claude already knows. The code examples are valuable but the surrounding explanations add verbosity. | 2 / 3 |
Actionability | Provides fully executable TypeScript code examples with complete implementations for JWT, sessions, OAuth2, RBAC, and password security. Code is copy-paste ready with proper imports and error handling. | 3 / 3 |
Workflow Clarity | While individual patterns are clear, there's no explicit workflow for implementing auth systems end-to-end. Missing validation checkpoints for security-critical operations like token rotation or migration scenarios mentioned in 'When to Use'. | 2 / 3 |
Progressive Disclosure | References external files at the end (references/, assets/, scripts/) but the main content is a monolithic 400+ line document. The patterns could be split into separate files with SKILL.md serving as an overview with navigation. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (648 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.