auth-patterns
SKILL.md
Auth Patterns — Authentication & Authorization
SECURITY-CRITICAL SKILL — Auth is the front door. Get it wrong and nothing else matters.
Authentication Methods
| Method | How It Works | Best For |
|---|---|---|
| JWT | Signed token sent with each request | SPAs, microservices, mobile APIs |
| Session-based | Server stores session, client holds cookie | Traditional web apps, SSR |
| OAuth 2.0 | Delegated auth via authorization server | "Login with Google/GitHub", API access |
| API Keys | Static key sent in header | Internal services, public APIs |
| Magic Links | One-time login link via email | Low-friction onboarding, B2C |
| Passkeys/WebAuthn | Hardware/biometric challenge-response | High-security apps, passwordless |