This is a comprehensive authentication implementation skill designed to fill a critical gap in the skills repository. Currently, there are zero security-focused skills in the repo, making this a unique and high-value contribution.
Expert guidance for implementing production-grade authentication systems for developers, including:
- OAuth 2.0 with PKCE - Authorization code flow with security best practices
- SAML 2.0 - Enterprise SSO implementation
- JWT (JSON Web Tokens) - Stateless authentication with proper validation
- OpenID Connect (OIDC) - Identity layer on OAuth 2.0
- Passwordless Authentication - Magic links with security considerations
- Passkeys (WebAuthn/FIDO2) - Modern phishing-resistant authentication
- Biometric Authentication - Integration patterns
- Machine Identity Management - Authentication for AI agents and services
- Multi-Tenant Authentication - SaaS application patterns
- Enterprise SSO - SAML and OIDC integration
- Session Management - Production-grade session handling
- Common security pitfalls and how to avoid them
- Token lifecycle management
- Rate limiting and abuse prevention
- GDPR compliance considerations
- Security monitoring and observability
- 75% of enterprise SaaS deals are blocked by authentication issues
- 80% of data breaches involve compromised credentials
- AI agents are creating new machine identity challenges at scale
- Passwordless/passkeys are rapidly becoming standard
- First Security Skill - No competing skills in this domain
- Battle-Tested Patterns - Based on scaling CIAM to 1B+ users
- Modern Context - Includes machine identity for AI agents
- Comprehensive Coverage - From basic auth to enterprise requirements
name: authentication-implementation
description: Expert guidance for implementing secure authentication systems including OAuth 2.0, SAML, OIDC, JWT, passwordless authentication, passkeys, and biometrics. Covers protocol selection, security best practices, common pitfalls at scale, and enterprise patterns. Use when implementing login flows, SSO, API authentication, machine identity, or any identity management features.auth-implementation/
├── SKILL.md # Main skill file (comprehensive guidance)
└── README.md # This file
- OAuth 2.0 server implementation with PKCE
- JWT token management with validation
- Passwordless authentication (magic links)
- Passkeys (WebAuthn) client and server
- Session management with Redis
- Machine identity for AI agents
- Detailed security pitfall analysis
- Common vulnerability patterns and fixes
- Attack surface reduction strategies
- Security testing examples
- Monitoring and observability guidance
- Multi-tenant authentication
- SAML SSO implementation
- GDPR compliance considerations
- Migration strategies
- Token rotation patterns
- Service account patterns for AI agents
- Automated credential rotation
- Machine-scale authentication
- Workload identity integration
Once added to the skills repository, It will automatically use this skill when users need help with:
- "Implement OAuth 2.0 authentication for my API"
- "Add passwordless login to my application"
- "How do I implement SSO for enterprise customers?"
- "Set up authentication for my AI agent"
- "Migrate from passwords to passkeys"
- "Secure my API endpoints with JWT"
This skill is based on:
- 15+ years in cybersecurity and digital identity
- Experience scaling CIAM platform serving 1B+ users
- Published author of multiple cybersecurity books including "Don't Ever Think About Passwords Again"
- Patent holder in security systems (DDoS defense, searchable encryption)
- Provides actual implementation code, not just theory
- Based on patterns proven at billion-user scale
- Addresses modern challenges (AI agents, passkeys)
- Curated guidance with clear decision frameworks
- Security pitfalls highlighted throughout
- Enterprise patterns from real-world experience
- First and only authentication-focused skill
- Comprehensive coverage from basics to advanced
- Unique perspective on machine identity challenges