auth-implementation-patterns

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing A...

1.11x

Quality

61%

Does it follow best practices?

Impact

100%

1.11x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/antigravity-auth-implementation-patterns/SKILL.md

Evaluation results

100%

Stateless Auth API with Session Revocation

JWT token lifecycle management

Criteria

Without context

With context

jsonwebtoken import

100%

Access token 15m expiry

100%

Refresh token 7d expiry

100%

Separate refresh secret

100%

Refresh token hashed in DB

100%

Refresh token DB lookup

100%

Revoke single token

100%

Revoke all tokens

100%

Bearer header extraction

100%

TokenExpiredError handling

100%

JsonWebTokenError handling

100%

No secrets in logs

100%

Without context: $0.3548 · 1m 33s · 13 turns · 62 in / 6,056 out tokens

With context: $0.5203 · 2m 4s · 16 turns · 17 in / 7,220 out tokens

100%

18%

Secure User Registration and Login Service

Password security and rate limiting

Criteria

Without context

With context

bcrypt library

100%

12 salt rounds

100%

Zod validation

100%

Min 12 chars

100%

Uppercase requirement

100%

Lowercase requirement

100%

Number requirement

100%

Special char requirement

100%

express-rate-limit

100%

RedisStore for rate limit

100%

API: 100 req / 1 min

100%

No plain passwords

100%

Without context: $0.3620 · 1m 42s · 15 turns · 15 in / 5,896 out tokens

With context: $0.9283 · 3m 1s · 39 turns · 85 in / 9,315 out tokens

100%

12%

Content Platform: Session Auth with Role-Based Access Control

Session management and RBAC

Criteria

Without context

With context

connect-redis import

100%

Redis session store

100%

resave and saveUninitialized false

100%

Cookie httpOnly

100%

Cookie secure production

100%

Cookie sameSite strict

100%

Cookie maxAge 24h

100%

RBAC role hierarchy

100%

Admin bypasses ownership

100%

Security event logging

50%

100%

Logout clears cookie

100%

Server-side auth check

100%

Without context: $0.2483 · 1m 2s · 11 turns · 60 in / 3,687 out tokens

With context: $0.4641 · 1m 43s · 20 turns · 302 in / 5,625 out tokens

Repository: boisenoise/skills-collections
Commit: 5c5ae21

Evaluated: 19 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Stateless Auth API with Session Revocation Secure User Registration and Login Service Content Platform: Session Auth with Role-Based Access Control

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.