AgentSkillsCN

auth-implementation-patterns

精通 JWT、OAuth2、会话管理与 RBAC 等身份验证与授权模式,构建安全且可扩展的访问控制体系。当您需要实现身份认证系统、保护 API 安全,或排查安全问题时,可使用此技能。

SKILL.md
--- frontmatter
version: 4.1.0-fractal
name: auth-implementation-patterns
description: Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

Authentication & Authorization Implementation Patterns

Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.

Use this skill when

  • Implementing user authentication systems
  • Securing REST or GraphQL APIs
  • Adding OAuth2/social login or SSO
  • Designing session management or RBAC
  • Debugging authentication or authorization issues

Do not use this skill when

  • You only need UI copy or login page styling
  • The task is infrastructure-only without identity concerns
  • You cannot change auth policies or credential storage

Instructions

  • Define users, tenants, flows, and threat model constraints.
  • Choose auth strategy (session, JWT, OIDC) and token lifecycle.
  • Design authorization model and policy enforcement points.
  • Plan secrets storage, rotation, logging, and audit requirements.
  • If detailed examples are required, open resources/implementation-playbook.md.

Safety

  • Never log secrets, tokens, or credentials.
  • Enforce least privilege and secure storage for keys.

Resources

  • resources/implementation-playbook.md for detailed patterns and examples.

🧠 Knowledge Modules (Fractal Skills)

1. implementation-playbook