auth-implementation-patterns

Sécurité & Conformité

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

Documentation

Authentication & Authorization Implementation Patterns

Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.

Use this skill when

Implementing user authentication systems
Securing REST or GraphQL APIs
Adding OAuth2/social login or SSO
Designing session management or RBAC
Debugging authentication or authorization issues

Do not use this skill when

You only need UI copy or login page styling
The task is infrastructure-only without identity concerns
You cannot change auth policies or credential storage

Instructions

Define users, tenants, flows, and threat model constraints.
Choose auth strategy (session, JWT, OIDC) and token lifecycle.
Design authorization model and policy enforcement points.
Plan secrets storage, rotation, logging, and audit requirements.
If detailed examples are required, open resources/implementation-playbook.md.

Safety

Never log secrets, tokens, or credentials.
Enforce least privilege and secure storage for keys.

Resources

resources/implementation-playbook.md for detailed patterns and examples.

Compétences similaires

Explorez d'autres agents de la catégorie Sécurité & Conformité

Voir tout le catalogue

sast-configuration

Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.

VOIR LA FICHE

AWS Penetration Testing

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.

VOIR LA FICHE

IDOR Vulnerability Testing

This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.

VOIR LA FICHE
Utiliser l'Agent auth-implementation-patterns - Outil & Compétence IA | Skills Catalogue | Skills Catalogue