authentication

[Skill Scanner] Generic secret pattern detected The fragment outlines a coherent authentication/authorization blueprint with standard elements (JWT, OAuth2/OIDC, Redis-backed sessions, RBAC). However, practical deployment requires consolidation into a single cryptographic policy (prefer RS256 with proper key management), complete nonce/state handling, explicit CSRF protections, consistent token lifetimes, and guardrails to prevent token leakage in logs. When harmonized, the design is solid for production use; currently it should be treated as a high-signal blueprint requiring careful consolidation and hardening. LLM verification: This SKILL.md is a documentation+example implementation for authentication and authorization. It is internally coherent with its stated purpose and does not contain obvious malicious code or supply-chain download-execute patterns. The primary risks are insecure copy-paste of example code (HS256 usage, disabling signature verification for debugging, printing tokens), inclusion of placeholder strings that can trip secret scanners, and the normal high sensitivity of environment secrets and private