JWT Implementation

A security skill for auditing existing JWT auth setups and implementing new ones correctly. Covers the full surface area: algorithm selection, token lifecycle, storage, and revocation.

Scope

Use this skill for:

• Implementing JWT auth from scratch (backend + frontend)
• Auditing an existing JWT setup for security issues
• Answering targeted questions about any one JWT concern (storage, rotation, revocation, etc.)
• Recommending patterns for specific stacks (Node/Express, Python/FastAPI, etc.)

1. Signing Algorithm: RS256 vs HS256