Jwt

springboot-security is a practical Spring Boot security guide for authentication, authorization, validation, CSRF/CORS, secrets, headers, rate limiting, and dependency checks. Use the springboot-security skill for Security Audit work or to harden a Java service with fewer security misconfiguration risks.

auth-implementation-patterns is a practical skill for designing and implementing authentication and authorization patterns, including sessions, JWT, OAuth2/OIDC, RBAC, and access control checks for APIs and apps.

The exploiting-jwt-algorithm-confusion-attack skill helps Security Audit workflows test JWT algorithm confusion, including RS256-to-HS256 downgrades, alg:none bypasses, and kid/jku/x5u header tricks. It is backed by a practical guide, reference examples, and a script for repeatable validation.

create-auth-skill helps add Better Auth to JS or TS apps with a planning-first workflow. It scans your repo, detects framework and database signals, asks structured setup questions, then guides route wiring, providers, auth pages, and migration-safe implementation.

oauth helps you implement and troubleshoot OAuth 2.0/2.1 in Fastify apps for login, access tokens, PKCE, refresh tokens, and route protection. Use it as an oauth guide for backend development when you need practical oauth usage, install steps, and help resolving redirect URI, scope, CSRF, or token validation issues.

security skill for OWASP patterns, secrets management, and security testing. Use it to review auth, user input, API keys, env vars, and repo hygiene, especially for Security Audit work.