auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
86
71%
Does it follow best practices?
Impact
97%
1.24xAverage score across 6 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/developer-essentials/skills/auth-implementation-patterns/SKILL.mdEvaluation results
100%
18%JWT Authentication Service Module
JWT token management
jsonwebtoken package
100%
100%
Access token expiry
80%
100%
Refresh token expiry
80%
100%
JWT payload fields
100%
100%
Separate JWT secrets
50%
100%
Bearer header extraction
100%
100%
TokenExpiredError handling
100%
100%
Refresh token hashed
100%
100%
Refresh returns access only
0%
100%
All-devices logout
100%
100%
401 on missing token
100%
100%
100%
Access Control Middleware for Multi-Tier SaaS Platform
RBAC and permission-based authorization
Role enum values
100%
100%
Role hierarchy map
100%
100%
hasRole uses hierarchy
100%
100%
401 vs 403 distinction
100%
100%
Admin bypasses ownership
100%
100%
Permission enum format
100%
100%
rolePermissions mapping
100%
100%
requirePermission uses every()
100%
100%
Admin has all permissions
100%
100%
404 on missing resource
100%
100%
403 on non-owner
100%
100%
100%
28%Secure Session-Based Authentication for Healthcare Portal
Session auth, password security, and rate limiting
connect-redis store
100%
100%
httpOnly cookie
100%
100%
sameSite strict
0%
100%
Conditional secure flag
100%
100%
Cookie maxAge 24h
0%
100%
resave and saveUninitialized
100%
100%
Logout destroys session
100%
100%
bcrypt saltRounds=12
0%
100%
Zod password min length
100%
100%
Zod character classes
100%
100%
Login rate limit config
44%
100%
Rate limit headers config
100%
100%
rate-limit-redis store
100%
100%
91%
3%Add Social Login to DevConnect API
OAuth2 social login with Passport.js
passport-google-oauth20 package
100%
100%
passport-github2 package
100%
100%
Env var strategy config
100%
100%
Find-or-create pattern
100%
100%
Provider ID stored
100%
100%
Profile fields stored
62%
100%
Google scope
100%
100%
session: false in callback
100%
100%
JWT generated after OAuth
100%
100%
FRONTEND_URL redirect
100%
100%
Access token expiry 15m
0%
0%
100%
30%Protect ShopAPI from Abuse with Rate Limiting
API-wide rate limiting and security hardening
General API limiter window
0%
100%
General API limiter max
0%
100%
app.use /api/ pattern
100%
100%
Auth limiter window
100%
100%
Auth limiter max
0%
100%
rate-limit-redis store
100%
100%
standardHeaders: true
62%
100%
legacyHeaders: false
100%
100%
Auth limiter on login route
100%
100%
Rate limit message
100%
100%
Redis client connected
87%
100%
Two separate limiters
100%
100%
92%
35%Implement Password Reset for MedTrack API
Secure password reset with token expiry
Cryptographically random token
100%
100%
Token expiry stored
100%
100%
Token validity checked server-side
100%
100%
Token single-use
100%
100%
bcrypt saltRounds 12
0%
100%
Zod min length 12
0%
100%
Zod character classes
0%
100%
401 on invalid token
0%
0%
ZodError handled
0%
100%
Token NOT returned to client
100%
100%
Password hash stored
100%
100%
Token hashed before storage
100%
100%
- Repository
- wshobson/agents
- Commit
70444e5
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.