Auth Implementation Patterns
技能 已验证 活跃Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
To provide developers with practical, secure, and scalable implementation patterns for authentication and authorization systems, enabling them to build robust access control mechanisms.
功能
- Master JWT authentication and refresh token flows
- Implement session-based authentication with secure cookies
- Integrate OAuth2 and social login via Passport.js
- Apply Role-Based Access Control (RBAC) and permission checks
- Enforce resource ownership for granular access control
- Demonstrate secure password handling with bcrypt
- Implement rate limiting for auth endpoints
使用场景
- Implementing user authentication and registration systems
- Securing REST or GraphQL APIs with robust access control
- Adding social login options (Google, GitHub) via OAuth2
- Designing and enforcing granular permissions with RBAC
- Debugging and migrating existing authentication systems
非目标
- Providing a full-fledged authentication service; it offers patterns and examples.
- Handling deployment or infrastructure setup for authentication systems.
- Covering every niche authentication scenario; focuses on common industry standards.
安装
请先添加 Marketplace
/plugin marketplace add wshobson/agents/plugin install developer-essentials@claude-code-workflows质量评分
已验证类似扩展
Auth0 Express OAuth2 JWT Bearer
100Use when adding Auth0 token validation to Express or Node.js APIs - integrates express-oauth2-jwt-bearer SDK to protect Node.js API endpoints with JWT Bearer authentication, scope-based RBAC, claim validation, and optional DPoP support
Oauth
96为 Fastify 应用程序实现 OAuth 2.0/2.1 授权流程——配置 PKCE 授权码、客户端凭证、设备流、刷新令牌轮换、JWT 验证以及令牌内省/撤销端点。在设置身份验证、授权、登录流程、访问令牌、API 安全,或使用 OAuth 保护 Fastify 路由时使用;也适用于对令牌验证错误、重定向 URI 不匹配、CSRF 问题、范围问题或 RFC 6749/6750/7636/8252/8628 合规性问题的故障排除。
Netlify Identity
100用于身份验证、用户注册、登录、密码恢复、OAuth 提供商、基于角色的访问控制或保护路由和函数。始终使用 `@netlify/identity`。切勿使用 `netlify-identity-widget` 或 `gotrue-js` — 它们已弃用。
Auth0 Nuxt
100Use when implementing Auth0 authentication in Nuxt 3/4 applications, configuring session management, protecting routes with middleware, or integrating API access tokens - provides setup patterns, composable usage, and security best practices for the @auth0/auth0-nuxt SDK
Auth0 Java Mvc Common
100Use when adding Auth0 login, logout, and callback handling to Java Servlet web applications - integrates com.auth0:mvc-auth-commons SDK for server-side Java apps using javax.servlet with session-based authentication. Triggers on AuthenticationController, AuthorizeUrl, Tokens, IdentityVerificationException, Java MVC auth.
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.