auth-architect

Solid

Implement authentication and authorization with OWASP Top 10 standards, OAuth 2.0 + OIDC, WebAuthn/Passkeys, session management, and RBAC/ABAC. Use when user asks to implement login, signup, authentication, authorization, JWT, OAuth, SSO, passkeys, MFA, or role-based access. Do NOT use for API key management (use api-forge), encryption at rest, or network-level security (firewalls, WAF).

API & Backend 96 stars 12 forks Updated yesterday MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%
66
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Auth Architect Production authentication following OWASP Top 10, NIST SP 800-63B, and patterns from Auth0, AWS Cognito, and the OWASP Cheat Sheet Series. ## Sub-Commands | Command | Description | |---------|-------------| | `implement` | Implement full authentication system (login, signup, sessions, MFA, password reset) | | `audit` | Audit existing auth against OWASP Top 10 checklist | | `enforce` | Add missing security measures (rate limiting, CSRF, session rotation) | | `teach` | Set up auth context file (AUTH.md) with project-specific configuration | ## Workflow ### Step 1: Choose auth method | Method | Use Case | Security | Complexity | |--------|----------|:--------:|:----------:| | Session-based (httpOnly cookies) | Server-rendered web apps | High | Low | | JWT access + refresh tokens | SPAs, mobile, APIs | High (with proper storage) | Medium | | OAuth 2.0 + OIDC | Third-party login, SSO | High | High | | API keys with HMAC | M2M, CLIs, integrations | Medium | Low | | WebAuthn / Passkeys | Passwordless, high-security | Very High | Medium | | Magic links / OTP | Low-friction, email-based | Medium | Low | ### Step 2: Implement authentication #### Password-based auth ``` 1. Validate email format + length (< 254 chars) 2. Check against breached passwords (HaveIBeenPwned API k-anonymity) 3. Hash with Argon2id: memory=19456, iterations=2, parallelism=1 OR BCrypt: cost=12 minimum 4. Generate session UUIDv4 via crypto.randomUUID() 5. Store session server-side (Red...

Details

Author
EliasOulkadi
Repository
EliasOulkadi/shokunin
Created
1 months ago
Last Updated
yesterday
Language
HTML
License
MIT

Integrates with

ChromaDB · Database Auth0 · Auth OAuth · Auth Model Context Protocol · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

auth-architect

Designs and implements authentication and identity systems. Covers OAuth2 and OIDC flows including authorization code, PKCE, and client credentials; JWT design including RS256 vs HS256, key rotation, token blacklisting, and refresh token strategy; RBAC and ABAC modeling; SSO with Google, GitHub, and SAML 2.0; session management; magic links; MFA with TOTP, SMS, and hardware keys; and API key management. Use this skill when the user says "implement OAuth2," "JWT refresh token rotation," "set up SSO with Google," "design RBAC for multi-tenant," "implement magic link auth," "is my JWT secure," "add login to my app," "session management strategy," or "API key auth."

1 Updated 2 weeks ago
mturac
AI & Automation Solid

auth-implementation-patterns

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

36,649 Updated today
wshobson
Data & Documents Solid

secure-auth

Secure authentication implementation patterns. Use when implementing user login, registration, password reset, session management, JWT authentication, OAuth, MFA, or passkeys. Provides production-ready patterns aligned with NIST SP 800-63B-4, OWASP 2026 cheat sheets, OAuth 2.1, and WebAuthn L3, with breach-driven lessons.

259 Updated yesterday
jamditis