1
    Auth System Designer

    Auth System Designer

    by Arnstein Larsen

    Auth is where one wrong early decision becomes a security incident with your name on it — JWTs chosen for sessions because a tutorial used them, refresh token rotation implemented wrong, RBAC bolted on after the fact

    Updated Jun 2026
    Security scanned
    Optimized for Claude Code

    $9.99

    · or 50 credits

    30-day refund guarantee

    Secure checkout via Stripe

    Included in download

    • Determine the best token strategy (JWT vs Session) for your specific stack.
    • Architect multi-tenant permission models with secure data isolation.
    • Ready for Optimized for Claude Code
    • Instant install

    Sample input

    Design an auth system for a React/Node.js SaaS with a mobile app. We need multi-tenant RBAC and social login. Should we use JWTs or sessions?

    Sample output

    Recommended: Hybrid approach.

    1. Web: HttpOnly/Secure Cookies (Sessions) for CSRF protection.
    2. Mobile: JWTs with Refresh Token Rotation in Secure Storage.
    3. RBAC: Store 'org_id' and 'roles' in context; enforce via a single 'authorize(permission)' middleware to prevent logic drift.

    About This Skill

    Auth is where one wrong early decision becomes a security incident with your name on it — JWTs chosen for sessions because a tutorial used them, refresh token rotation implemented wrong, RBAC bolted on after the fact because nobody thought about permissions on day one. This skill designs your auth system from scratch: the right session strategy for your use case, token storage and rotation that doesn't create XSS or CSRF exposure, permission model that scales beyond three user types, and the OAuth/SSO integration path if you need it. Every recommendation comes with the security reasoning, so you understand why — not just what to implement. Use it before you write your first auth endpoint. Give it your app type, your user model, and your threat surface; it returns a complete auth architecture you can implement without discovering the problems at your first security review.

    Use Cases

    • Determine the best token strategy (JWT vs Session) for your specific stack.
    • Architect multi-tenant permission models with secure data isolation.
    • Design robust OAuth2/SSO flows and social login integrations.
    • Create secure password recovery and token rotation specifications.
    • Compare 'Build vs. Buy' options like Auth0, Clerk, or custom solutions.

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    No special permissions declared or detected

    Tags

    security
    architecture
    backend
    authentication
    saas

    Optimized for Claude Code, Cursor, Windsurf, and Aider.

    Creator

    Arnstein Larsen

    Frequently Asked Questions

    Learn More About AI Agent Skills

    More Premium Skills

    sast-configuration

    sast-configuration

    Automate the setup and optimization of Semgrep, SonarQube, and CodeQL for high-signal security testing.

    $103 installs

    designing-hybrid-context-layers

    Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

    $1015 installs

    ai-automation-qa-pack

    Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.

    $59 installs

    Bounty Security Pattern Master Library — 399 Vulnerability Patterns

    A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.

    $758 installs

    $10