Skill

security-auth

Provides authentication and authorization patterns including JWT with refresh tokens, OAuth2/OIDC, RBAC/ABAC, session management, and MFA. Includes TypeScript/NestJS code examples.

Typescript

NestJS

security

authentication

npx claudepluginhub fujigo-software/f5-framework-claude --plugin f5-core

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Authentication and authorization patterns for secure applications.

SKILL.md

Similar Skills

authentication-patterns

1.6k

Provides TypeScript patterns for JWT access/refresh tokens, Express auth middleware with RBAC, and OAuth2 PKCE flows in Node.js apps.

claude-code-toolkit

auth-implementation-patterns

Implements auth patterns like JWT, OAuth2, sessions, and RBAC for securing APIs. Use for user auth, API protection, social login, or debugging security issues.

developer-essentials

auth-implementation-patterns

Implements authentication and authorization patterns including JWT, OAuth2, session management, and RBAC for secure APIs and apps. Use when building auth systems, securing endpoints, or debugging issues.

superpowers

Stats

Parent Repo Stars20

Parent Repo Forks7

Last CommitFeb 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Security Auth Skill

Authentication and authorization patterns for secure applications.

Quick Reference

Authentication Methods

Method	Use Case	Security Level
JWT + Refresh	SPAs, Mobile apps	High
Session cookies	Traditional web apps	High
OAuth2/OIDC	Social login, SSO	High
API Keys	Service-to-service	Medium
MFA	High-security apps	Very High

Authorization Patterns

Pattern	Use Case	Complexity
RBAC	Most applications	Low-Medium
ABAC	Fine-grained control	High
ReBAC	Relationship-based	Medium
Permission Matrix	Admin panels	Low

JWT Token Service

export class TokenService {
  private readonly accessExpiry = '15m';   // Short-lived
  private readonly refreshExpiry = '7d';   // Rotate on use

  generateTokenPair(user: User): TokenPair {
    const accessToken = jwt.sign(
      { sub: user.id, type: 'access' },
      this.accessSecret,
      { expiresIn: this.accessExpiry }
    );

    const refreshToken = jwt.sign(
      { sub: user.id, type: 'refresh' },
      this.refreshSecret,
      { expiresIn: this.refreshExpiry }
    );

    return { accessToken, refreshToken };
  }
}

Password Hashing

import bcrypt from 'bcrypt';

// Hash password (cost factor 12)
const hash = await bcrypt.hash(password, 12);

// Verify password
const isValid = await bcrypt.verify(password, hash);

RBAC Guard (NestJS)

@Injectable()
export class RolesGuard implements CanActivate {
  constructor(private reflector: Reflector) {}

  canActivate(context: ExecutionContext): boolean {
    const requiredRoles = this.reflector.getAllAndOverride<Role[]>(
      ROLES_KEY, [context.getHandler(), context.getClass()]
    );
    if (!requiredRoles) return true;
    const { user } = context.switchToHttp().getRequest();
    return requiredRoles.some(role => user.roles?.includes(role));
  }
}

OAuth2/OIDC Flow

// Passport OAuth2 Strategy
passport.use(new OAuth2Strategy({
  authorizationURL: 'https://provider.com/oauth2/authorize',
  tokenURL: 'https://provider.com/oauth2/token',
  clientID: process.env.CLIENT_ID,
  clientSecret: process.env.CLIENT_SECRET,
  callbackURL: '/auth/callback',
}, (accessToken, refreshToken, profile, done) => {
  return done(null, profile);
}));

Anti-Patterns

// Storing passwords in plain text
user.password = plainPassword; // NEVER DO THIS

// Missing rate limiting on auth
app.post('/login', loginHandler); // ADD RATE LIMITING

// Long-lived access tokens
{ expiresIn: '30d' } // TOO LONG - use 15m max

F5 Quality Gates

Gate	Requirement
G2	Auth requirements documented
G2.5	Auth controls implemented
G3	Auth tests passing (90%+ coverage)