Auth Implementation Patterns
Skill Verified ActiveMaster authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
To provide developers with practical, secure, and scalable implementation patterns for authentication and authorization systems, enabling them to build robust access control mechanisms.
Features
- Master JWT authentication and refresh token flows
- Implement session-based authentication with secure cookies
- Integrate OAuth2 and social login via Passport.js
- Apply Role-Based Access Control (RBAC) and permission checks
- Enforce resource ownership for granular access control
- Demonstrate secure password handling with bcrypt
- Implement rate limiting for auth endpoints
Use Cases
- Implementing user authentication and registration systems
- Securing REST or GraphQL APIs with robust access control
- Adding social login options (Google, GitHub) via OAuth2
- Designing and enforcing granular permissions with RBAC
- Debugging and migrating existing authentication systems
Non-Goals
- Providing a full-fledged authentication service; it offers patterns and examples.
- Handling deployment or infrastructure setup for authentication systems.
- Covering every niche authentication scenario; focuses on common industry standards.
Installation
First, add the marketplace
/plugin marketplace add wshobson/agents/plugin install developer-essentials@claude-code-workflowsQuality Score
VerifiedTrust Signals
Similar Extensions
Auth0 Express OAuth2 JWT Bearer
100Use when adding Auth0 token validation to Express or Node.js APIs - integrates express-oauth2-jwt-bearer SDK to protect Node.js API endpoints with JWT Bearer authentication, scope-based RBAC, claim validation, and optional DPoP support
Oauth
96Implements OAuth 2.0/2.1 authorization flows in Fastify applications — configures authorization code with PKCE, client credentials, device flow, refresh token rotation, JWT validation, and token introspection/revocation endpoints. Use when setting up authentication, authorization, login flows, access tokens, API security, or securing Fastify routes with OAuth; also applies when troubleshooting token validation errors, mismatched redirect URIs, CSRF issues, scope problems, or RFC 6749/6750/7636/8252/8628 compliance questions.
Netlify Identity
100Use when the task involves authentication, user signups, logins, password recovery, OAuth providers, role-based access control, or protecting routes and functions. Always use `@netlify/identity`. Never use `netlify-identity-widget` or `gotrue-js` — they are deprecated.
Auth0 Nuxt
100Use when implementing Auth0 authentication in Nuxt 3/4 applications, configuring session management, protecting routes with middleware, or integrating API access tokens - provides setup patterns, composable usage, and security best practices for the @auth0/auth0-nuxt SDK
Auth0 Java Mvc Common
100Use when adding Auth0 login, logout, and callback handling to Java Servlet web applications - integrates com.auth0:mvc-auth-commons SDK for server-side Java apps using javax.servlet with session-based authentication. Triggers on AuthenticationController, AuthorizeUrl, Tokens, IdentityVerificationException, Java MVC auth.
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.