fc3c7ae8a2
Add repo-wide auditing and targeted repair scripts for skill metadata. Fix truncated descriptions automatically, keep heading normalization conservative, and remove synthetic boilerplate sections that degrade editorial quality while regenerating repo indexes and catalogs. Fixes #365
43 lines
1.4 KiB
Markdown
43 lines
1.4 KiB
Markdown
---
|
|
name: auth-implementation-patterns
|
|
description: "Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices."
|
|
risk: unknown
|
|
source: community
|
|
date_added: "2026-02-27"
|
|
---
|
|
|
|
# Authentication & Authorization Implementation Patterns
|
|
|
|
Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.
|
|
|
|
## Use this skill when
|
|
|
|
- Implementing user authentication systems
|
|
- Securing REST or GraphQL APIs
|
|
- Adding OAuth2/social login or SSO
|
|
- Designing session management or RBAC
|
|
- Debugging authentication or authorization issues
|
|
|
|
## Do not use this skill when
|
|
|
|
- You only need UI copy or login page styling
|
|
- The task is infrastructure-only without identity concerns
|
|
- You cannot change auth policies or credential storage
|
|
|
|
## Instructions
|
|
|
|
- Define users, tenants, flows, and threat model constraints.
|
|
- Choose auth strategy (session, JWT, OIDC) and token lifecycle.
|
|
- Design authorization model and policy enforcement points.
|
|
- Plan secrets storage, rotation, logging, and audit requirements.
|
|
- If detailed examples are required, open `resources/implementation-playbook.md`.
|
|
|
|
## Safety
|
|
|
|
- Never log secrets, tokens, or credentials.
|
|
- Enforce least privilege and secure storage for keys.
|
|
|
|
## Resources
|
|
|
|
- `resources/implementation-playbook.md` for detailed patterns and examples.
|