Authentication & Authorization Implementation Patterns
Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.
Use this skill when
- •Implementing user authentication systems
- •Securing REST or GraphQL APIs
- •Adding OAuth2/social login or SSO
- •Designing session management or RBAC
- •Debugging authentication or authorization issues
Do not use this skill when
- •You only need UI copy or login page styling
- •The task is infrastructure-only without identity concerns
- •You cannot change auth policies or credential storage
Instructions
- •Define users, tenants, flows, and threat model constraints.
- •Choose auth strategy (session, JWT, OIDC) and token lifecycle.
- •Design authorization model and policy enforcement points.
- •Plan secrets storage, rotation, logging, and audit requirements.
- •If detailed examples are required, open
resources/implementation-playbook.md.
Safety
- •Never log secrets, tokens, or credentials.
- •Enforce least privilege and secure storage for keys.
Resources
- •
resources/implementation-playbook.mdfor detailed patterns and examples.