Skill

security-auth

Provides authentication and authorization patterns including JWT with refresh tokens, OAuth2/OIDC, RBAC/ABAC, session management, and MFA. Includes TypeScript/NestJS code examples.

TypeScript

NestJS

security

authentication

Popularity

Parent stars

Parent forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/f5-core:security-auth

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Authentication and authorization patterns for secure applications.

SKILL.md

133 lines · ~841 tokens

Stats

LanguagePython

Parent stars20

Parent forks7

MaintenanceFair

Last CommitFeb 4, 2026

Actions

View Source View Plugin View on GitHub View README

Security Auth Skill

Authentication and authorization patterns for secure applications.

Quick Reference

Authentication Methods

Method	Use Case	Security Level
JWT + Refresh	SPAs, Mobile apps	High
Session cookies	Traditional web apps	High
OAuth2/OIDC	Social login, SSO	High
API Keys	Service-to-service	Medium
MFA	High-security apps	Very High

Authorization Patterns

Pattern	Use Case	Complexity
RBAC	Most applications	Low-Medium
ABAC	Fine-grained control	High
ReBAC	Relationship-based	Medium
Permission Matrix	Admin panels	Low

JWT Token Service

export class TokenService {
  private readonly accessExpiry = '15m';   // Short-lived
  private readonly refreshExpiry = '7d';   // Rotate on use

  generateTokenPair(user: User): TokenPair {
    const accessToken = jwt.sign(
      { sub: user.id, type: 'access' },
      this.accessSecret,
      { expiresIn: this.accessExpiry }
    );

    const refreshToken = jwt.sign(
      { sub: user.id, type: 'refresh' },
      this.refreshSecret,
      { expiresIn: this.refreshExpiry }
    );

    return { accessToken, refreshToken };
  }
}

Password Hashing

import bcrypt from 'bcrypt';

// Hash password (cost factor 12)
const hash = await bcrypt.hash(password, 12);

// Verify password
const isValid = await bcrypt.verify(password, hash);

RBAC Guard (NestJS)

@Injectable()
export class RolesGuard implements CanActivate {
  constructor(private reflector: Reflector) {}

  canActivate(context: ExecutionContext): boolean {
    const requiredRoles = this.reflector.getAllAndOverride<Role[]>(
      ROLES_KEY, [context.getHandler(), context.getClass()]
    );
    if (!requiredRoles) return true;
    const { user } = context.switchToHttp().getRequest();
    return requiredRoles.some(role => user.roles?.includes(role));
  }
}

OAuth2/OIDC Flow

// Passport OAuth2 Strategy
passport.use(new OAuth2Strategy({
  authorizationURL: 'https://provider.com/oauth2/authorize',
  tokenURL: 'https://provider.com/oauth2/token',
  clientID: process.env.CLIENT_ID,
  clientSecret: process.env.CLIENT_SECRET,
  callbackURL: '/auth/callback',
}, (accessToken, refreshToken, profile, done) => {
  return done(null, profile);
}));

Anti-Patterns

// Storing passwords in plain text
user.password = plainPassword; // NEVER DO THIS

// Missing rate limiting on auth
app.post('/login', loginHandler); // ADD RATE LIMITING

// Long-lived access tokens
{ expiresIn: '30d' } // TOO LONG - use 15m max

F5 Quality Gates

Gate	Requirement
G2	Auth requirements documented
G2.5	Auth controls implemented
G3	Auth tests passing (90%+ coverage)

security-auth

Popularity

Invocation

Context Preview

SKILL.md

security-auth

Popularity

Invocation

Context Preview

SKILL.md

Security Auth Skill

Quick Reference

Authentication Methods

Authorization Patterns

JWT Token Service

Password Hashing

RBAC Guard (NestJS)

OAuth2/OIDC Flow

Anti-Patterns

F5 Quality Gates

Similar Skills

Security Auth Skill

Quick Reference

Authentication Methods

Authorization Patterns

JWT Token Service

Password Hashing

RBAC Guard (NestJS)

OAuth2/OIDC Flow

Anti-Patterns

F5 Quality Gates

Similar Skills