auth-implementation-patterns

Sécurité & Conformité

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

Documentation

Authentication & Authorization Implementation Patterns

Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.

Use this skill when

Implementing user authentication systems
Securing REST or GraphQL APIs
Adding OAuth2/social login or SSO
Designing session management or RBAC
Debugging authentication or authorization issues

Do not use this skill when

You only need UI copy or login page styling
The task is infrastructure-only without identity concerns
You cannot change auth policies or credential storage

Instructions

Define users, tenants, flows, and threat model constraints.
Choose auth strategy (session, JWT, OIDC) and token lifecycle.
Design authorization model and policy enforcement points.
Plan secrets storage, rotation, logging, and audit requirements.
If detailed examples are required, open resources/implementation-playbook.md.

Safety

Never log secrets, tokens, or credentials.
Enforce least privilege and secure storage for keys.

Resources

resources/implementation-playbook.md for detailed patterns and examples.

Compétences similaires

Explorez d'autres agents de la catégorie Sécurité & Conformité

Voir tout le catalogue

Active Directory Attacks

This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.

VOIR LA FICHE

SQL Injection Testing

This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.

VOIR LA FICHE

mtls-configuration

Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.

VOIR LA FICHE
Utiliser l'Agent auth-implementation-patterns - Outil & Compétence IA | Skills Catalogue | Skills Catalogue