Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From billy-milligan
Provides authentication patterns for JWT with rotation/revocation, OAuth/OIDC with PKCE, Redis sessions with CSRF protection, multi-tenant auth, RBAC/ABAC, and data isolation best practices.
npx claudepluginhub rnavarych/alpha-engineer --plugin billy-milliganHow this skill is triggered — by the user, by Claude, or both
Slash command
/billy-milligan:auth-patternsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
- **Prevent user enumeration**: Login errors must be identical for "user not found" and "wrong password".
Provides decision trees, JWT references, and patterns for authentication/authorization including OAuth2, sessions, RBAC, ABAC, passkeys, MFA. Use for secure login, tokens, access control.
Implements authentication and authorization patterns: JWT, OAuth2, session management, RBAC. Helps secure APIs and debug auth issues.
Implements authentication and authorization patterns including JWT access/refresh tokens, OAuth2 with PKCE, RBAC middleware, and session management.
Share bugs, ideas, or general feedback.
crypto.timingSafeEqual for token comparison.references/jwt-implementation.md — Access/refresh tokens, rotation, httpOnly cookies, revocationreferences/oauth-oidc.md — Authorization code + PKCE, token exchange, provider integrationreferences/session-implementation.md — Redis sessions, session fixation, CSRF protectionreferences/multi-tenant-auth.md — Tenant context middleware, RLS, RBAC permission matrixreferences/tenant-data-isolation.md — Schema-per-tenant, database-per-tenant, hybrid tier routing, ABAC, org-level permissions