34 lines
1.5 KiB
Markdown
34 lines
1.5 KiB
Markdown
---
|
|
allowed-tools: Read, Write, Edit, Bash
|
|
argument-hint: [auth-method] | --oauth | --jwt | --mfa | --passwordless
|
|
description: Implement secure user authentication system with chosen method and security best practices
|
|
---
|
|
|
|
# Add Authentication System
|
|
|
|
Implement secure user authentication system: **$ARGUMENTS**
|
|
|
|
## Current Application State
|
|
|
|
- Framework detection: @package.json or @requirements.txt or @Cargo.toml
|
|
- Existing auth: !`grep -r "auth\|login\|jwt\|session" src/ --include="*.js" --include="*.py" --include="*.rs" | wc -l`
|
|
- Security config: @.env* (check for auth-related variables)
|
|
- Database setup: Check for user models or auth tables
|
|
|
|
## Task
|
|
|
|
Implement comprehensive authentication system with security best practices:
|
|
|
|
**Authentication Methods**: Choose from username/password, OAuth 2.0, JWT, SAML, MFA, or passwordless based on $ARGUMENTS
|
|
|
|
**Implementation Areas**:
|
|
1. **User Management** - Registration, profiles, password policies, account verification
|
|
2. **Authentication Flow** - Login/logout, session management, token handling, middleware
|
|
3. **Authorization System** - RBAC, permissions, route protection, API security
|
|
4. **Security Hardening** - Password hashing, rate limiting, CSRF protection, secure cookies
|
|
5. **Integration** - Frontend components, API endpoints, database models, middleware
|
|
|
|
**Security Standards**: Implement OWASP authentication guidelines, secure session management, and proper error handling.
|
|
|
|
**Output**: Production-ready authentication system with comprehensive security controls and user-friendly interface.
|