From billy-milligan
Provides authentication patterns for JWT with rotation/revocation, OAuth/OIDC with PKCE, Redis sessions with CSRF protection, multi-tenant auth, RBAC/ABAC, and data isolation best practices.
How this skill is triggered — by the user, by Claude, or both
Slash command
/billy-milligan:auth-patternsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
- **Prevent user enumeration**: Login errors must be identical for "user not found" and "wrong password".
crypto.timingSafeEqual for token comparison.references/jwt-implementation.md — Access/refresh tokens, rotation, httpOnly cookies, revocationreferences/oauth-oidc.md — Authorization code + PKCE, token exchange, provider integrationreferences/session-implementation.md — Redis sessions, session fixation, CSRF protectionreferences/multi-tenant-auth.md — Tenant context middleware, RLS, RBAC permission matrixreferences/tenant-data-isolation.md — Schema-per-tenant, database-per-tenant, hybrid tier routing, ABAC, org-level permissionsnpx claudepluginhub rnavarych/alpha-engineer --plugin billy-milliganProvides authentication and authorization patterns (JWT, OAuth2, session management, RBAC). Use when implementing auth systems, securing APIs, or debugging security issues.
Implements authentication and authorization patterns including JWT, OAuth2, session management, and RBAC. Use when building secure APIs or debugging auth issues.
Implements authentication and authorization patterns including JWT, OAuth2, session management, and RBAC for securing APIs and user login. Use when implementing auth systems or debugging security issues.