AgentSkillsCN

auth-implementation-patterns

掌握 JWT、OAuth2、会话管理,以及 RBAC 等身份认证与授权模式,构建安全、可扩展的访问控制系统。适用于认证系统的实施、API 的安全加固,或安全问题的排查与修复时使用。

SKILL.md
--- frontmatter
name: auth-implementation-patterns
description: Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

Authentication & Authorization Implementation Patterns

Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.

Use this skill when

  • Implementing user authentication systems
  • Securing REST or GraphQL APIs
  • Adding OAuth2/social login or SSO
  • Designing session management or RBAC
  • Debugging authentication or authorization issues

Do not use this skill when

  • You only need UI copy or login page styling
  • The task is infrastructure-only without identity concerns
  • You cannot change auth policies or credential storage

Instructions

  • Define users, tenants, flows, and threat model constraints.
  • Choose auth strategy (session, JWT, OIDC) and token lifecycle.
  • Design authorization model and policy enforcement points.
  • Plan secrets storage, rotation, logging, and audit requirements.
  • If detailed examples are required, open resources/implementation-playbook.md.

Safety

  • Never log secrets, tokens, or credentials.
  • Enforce least privilege and secure storage for keys.

Resources

  • resources/implementation-playbook.md for detailed patterns and examples.