|
|
description: "Authentication and authorization patterns - JWT, OAuth2, sessions, RBAC, ABAC, passkeys, and MFA. Use for: authentication, authorization, jwt, oauth, oauth2, session, login, rbac, abac, passkey, mfa, totp, api key, token, auth, cookie, csrf, cors credentials, bearer token, refresh token, oidc."
|
|
|
+when_to_use: "Use when implementing authentication or authorization — e.g. 'add JWT login with refresh tokens', 'set up OAuth2 + PKCE', 'choose RBAC vs ABAC', 'add passkeys or MFA'. Covers sessions, cookies, token flows, and access-control models; reach for api-design-ops for the surrounding API shape."
|