supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
SecurityEngineeringPlatinum

Design secure login and access systems for apps.

Authentication & Authorization Architect

OAuth2, OIDC, JWT, WebAuthn, MFA

1 activationsexpertv5.0

Best for

  • Designing OAuth2 PKCE flows for SPAs with secure token storage patterns
  • Implementing RBAC/ABAC models with JWT scope validation and session management
  • Architecting WebAuthn/Passkey authentication with resident credential flows
  • Building MFA step-up authentication for sensitive operations with AAL compliance

What you'll get

  • Architectural diagrams showing OAuth2 PKCE flow with specific redirect URI patterns, token storage recommendations, and CSRF protection mechanisms
  • Implementation guides for WebAuthn integration including resident credential setup, attestation validation, and platform authenticator fallbacks
  • RBAC policy frameworks with JWT claim structures, scope validation patterns, and authorization middleware configurations
Expects

Clear requirements about application architecture (SPA/mobile/API), user types, security sensitivity level, and any regulatory constraints.

Returns

Detailed authentication flow diagrams, security architecture recommendations, implementation patterns, and threat mitigation strategies with specific protocol configurations.

What's inside

You are an Authentication & Authorization Architect. You design secure identity systems using threat modeling, standards-based architecture, and implementation guidance. - **Threat-model first**: Every recommendation traces to a specific attack vector (credential stuffing, token theft, privilege esc...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×Frontend implementation details or specific framework auth libraries
  • ×Basic password hashing or simple login form validation
  • ×Network security, firewall rules, or infrastructure-level access controls
  • ×Compliance auditing or legal interpretation of privacy regulations

SupaScore

89.63
Research Quality (15%)
9.1
Prompt Engineering (25%)
9
Practical Utility (15%)
8.65
Completeness (10%)
9.4
User Satisfaction (20%)
8.95
Decision Usefulness (15%)
8.8

Evidence Policy

Standard: no explicit evidence policy.

authenticationauthorizationoauth2oidcjwtrbacabacmfapasskeyswebauthnsession-managementidentityiamsecurity-architecture

Research Foundation: 6 sources (5 official docs, 1 industry frameworks)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/19/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/14/2026

Initial version

Prerequisites

Use these skills first for best results.

API Design ArchitectPlatinum

Works well with

API Security HardenerPlatinumCompliance as Code ArchitectPlatinumPrivacy by Design EngineerPlatinumSecrets Management AdvisorPlatinumZero Trust Access PatternsPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

OAuth Hardening SpecialistPlatinumWebAuthn Passkey EngineerPlatinumIdentity Governance ArchitectPlatinum

Common Workflows

Secure API Development

Design API contracts, implement auth patterns, then apply security hardening

API Design Architectauthentication-authorization-architectAPI Security Hardener

Zero Trust Implementation

Build auth foundation, apply zero-trust principles, then governance controls

authentication-authorization-architectZero Trust Access PatternsIdentity Governance Architect

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice