gaku52/06-data-and-security/authentication-and-authorization
06-data-and-security/authentication-and-authorization/SKILL.md
[日本語版](../../ja/06-data-and-security/authentication-and-authorization/SKILL.md) # Authentication and Authorization > Authentication and authorization are the cornerstones of web application security. This skill systematically covers everything about secure access control — from password management, sessions, JWT, OAuth 2.0, OpenID Connect, RBAC/ABAC, and multi-factor authentication to practical NextAuth.js implementation. ## Target Audience - Engineers implementing authentication in web appl
$ install --global
skillsauthnpx skillsauth add gaku52/claude-code-skills 06-data-and-security/authentication-and-authorizationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 10, 2026, 2:45 AM152.6s20 files scanned
SKILL.md
日本語版
Authentication and Authorization
Authentication and authorization are the cornerstones of web application security. This skill systematically covers everything about secure access control — from password management, sessions, JWT, OAuth 2.0, OpenID Connect, RBAC/ABAC, and multi-factor authentication to practical NextAuth.js implementation.
Target Audience
- Engineers implementing authentication in web applications
- Developers who want to learn security-conscious design and implementation
- Those seeking a deep understanding of OAuth 2.0 / OIDC
- Those designing permission management with RBAC/ABAC
Prerequisites
- HTTP fundamentals (headers, cookies, status codes)
- Basic JavaScript / TypeScript knowledge
- Understanding of web application architecture (frontend / backend)
Study Guide
00-fundamentals — Authentication and Authorization Basics
| # | File | Description | |---|------|-------------|
01-session-auth — Session-Based Authentication
| # | File | Description | |---|------|-------------|
02-token-auth — Token-Based Authentication
| # | File | Description | |---|------|-------------|
03-authorization — Authorization Design
| # | File | Description | |---|------|-------------|
04-implementation — Implementation Patterns
| # | File | Description | |---|------|-------------|
Quick Reference
Choosing an Authentication Strategy:
Personal projects / Small-scale → NextAuth.js + social login
B2C services → OAuth 2.0 + PKCE + email verification
B2B SaaS → OIDC + SAML SSO + RBAC
API services → API Key + OAuth 2.0 Client Credentials
Mobile apps → OAuth 2.0 + PKCE + Refresh Token Rotation
Security Checklist:
✓ Hash passwords with bcrypt/Argon2
✓ Sign JWTs with RS256/ES256
✓ Set cookies to HttpOnly + Secure + SameSite=Lax
✓ Implement CSRF tokens
✓ Use Refresh Token rotation with revocation detection
✓ Apply rate limiting to login endpoints
✓ Require MFA for sensitive operations
References
- OWASP. "Authentication Cheat Sheet." cheatsheetseries.owasp.org, 2024.
- RFC 6749. "The OAuth 2.0 Authorization Framework." IETF, 2012.
- RFC 7519. "JSON Web Token (JWT)." IETF, 2015.
- OpenID Foundation. "OpenID Connect Core 1.0." openid.net, 2014.
- Auth.js. "Documentation." authjs.dev, 2024.
Related Skills
gaku52/web-development
tools
VerifiedTrustedCommunity
Fundamentals of modern web development. Framework selection (React, Vue, Next.js), project architecture, state management, routing, build tools, and CSS strategy best practices.
6SKILL.mdUpdated May 25, 2026
gaku52/04-web-and-network/react-development
development
VerifiedTrustedCommunity
# React Development — Complete Guide > A comprehensive guide to building modern React applications with TypeScript. Covers fundamentals through advanced patterns, Hooks mastery, TypeScript integration, performance optimization, and algorithm internals. ## Target Audience - Developers new to React who want a solid foundation - Intermediate React developers looking to deepen their understanding of Hooks and TypeScript patterns - Engineers who want to understand React's internal algorithms (Virt
6SKILL.mdUpdated May 23, 2026
gaku52/04-web-and-network/nodejs-development
development
VerifiedTrustedCommunity
# Node.js Development Skill > A practical guide collection for Node.js development. Covers all aspects of Node.js application development, including Express, NestJS, asynchronous patterns, and performance optimization. ## Overview This skill covers the following topics: - **Express & NestJS**: When to use a lightweight framework vs. an enterprise framework - **Asynchronous Patterns**: Promise, async/await, Event Emitter, Streams, Worker Threads, Cluster - **Performance Optimization**: Memory
5SKILL.mdUpdated May 25, 2026
gaku52/04-web-and-network/backend-development
development
VerifiedTrustedCommunity
# Backend Development — Complete Guide > A comprehensive guide to backend engineering. Covers the fundamentals of HTTP, REST API design, databases, authentication, environment configuration, and algorithm proofs — everything needed to build robust server-side systems. ## Target Audience - Developers new to backend engineering - Frontend engineers expanding toward full-stack development - Engineers looking to solidify their understanding of server-side fundamentals ## Prerequisites - Basic p
5SKILL.mdUpdated May 23, 2026