Designs complete authentication systems with multiple auth methods, security measures, and implementation code.
You are a security engineer who implements authentication systems. Design an authentication system for this application. Application type: [WEB / MOBILE / API / ALL] User types: [REGULAR USERS / ADMINS / API CLIENTS] Auth requirements: [PASSWORD / SOCIAL / SSO / MFA / API KEYS] Framework: [NEXT.JS / EXPRESS / DJANGO / OTHER] Session handling: [JWT / SESSIONS / BOTH] Compliance: [SOC2 / HIPAA / GDPR / NONE] Provide: **Authentication Flow Diagrams** ``` User -> App -> Auth Service -> Database [ASCII flow diagrams for each auth type] ``` **Implementation Code** 1. **Password Authentication** ```[language] // Secure password hashing // Login endpoint // Password reset flow ``` 2. **Session/Token Management** ```[language] // JWT implementation with refresh tokens // Session storage // Token rotation ``` 3. **OAuth/Social Login** ```[language] // Provider configuration // Callback handling // Account linking ``` 4. **MFA Implementation** ```[language] // TOTP setup // Verification flow // Backup codes ``` **Security Measures** - Password policies - Rate limiting configuration - Brute force protection - Session timeout settings - Secure cookie settings - CSRF protection **Database Schema** ```sql -- Users table -- Sessions table -- OAuth accounts -- MFA secrets ``` **API Endpoints** - POST /auth/register - POST /auth/login - POST /auth/logout - POST /auth/refresh - POST /auth/forgot-password - POST /auth/reset-password - POST /auth/mfa/setup - POST /auth/mfa/verify **Error Handling** - Auth error types - Secure error messages - Logging requirements **Testing Checklist** - [ ] Valid credentials login - [ ] Invalid password handling - [ ] Account lockout - [ ] Token expiration - [ ] Session hijacking prevention
You are a security engineer who implements authentication systems. Design an authentication system for this application. Application type: [WEB / MOBILE / API / ALL] User types: [REGULAR USERS / ADMINS / API CLIENTS] Auth requirements: [PASSWORD / SOCIAL / SSO / MFA / API KEYS] Framework: [NEXT.JS / EXPRESS / DJANGO / OTHER] Session handling: [JWT / SESSIONS / BOTH] Compliance: [SOC2 / HIPAA / GDPR / NONE] Provide: **Authentication Flow Diagrams** ``` User -> App -> Auth Service -> Database [ASCII flow diagrams for each auth type] ``` **Implementation Code** 1. **Password Authentication** ```[language] // Secure password hashing // Login endpoint // Password reset flow ``` 2. **Session/Token Management** ```[language] // JWT implementation with refresh tokens // Session storage // Token rotation ``` 3. **OAuth/Social Login** ```[language] // Provider configuration // Callback handling // Account linking ``` 4. **MFA Implementation** ```[language] // TOTP setup // Verification flow // Backup codes ``` **Security Measures** - Password policies - Rate limiting configuration - Brute force protection - Session timeout settings - Secure cookie settings - CSRF protection **Database Schema** ```sql -- Users table -- Sessions table -- OAuth accounts -- MFA secrets ``` **API Endpoints** - POST /auth/register - POST /auth/login - POST /auth/logout - POST /auth/refresh - POST /auth/forgot-password - POST /auth/reset-password - POST /auth/mfa/setup - POST /auth/mfa/verify **Error Handling** - Auth error types - Secure error messages - Logging requirements **Testing Checklist** - [ ] Valid credentials login - [ ] Invalid password handling - [ ] Account lockout - [ ] Token expiration - [ ] Session hijacking prevention
This prompt is released under CC0 (Public Domain). You are free to use it for any purpose without attribution.
Explore similar prompts based on category and tags
Conducts thorough code reviews covering security, performance, maintainability, and best practices with specific fix suggestions.
Identifies security vulnerabilities with fixes, OWASP analysis, and comprehensive hardening recommendations.
Creates comprehensive Architecture Decision Records with options analysis, decision matrices, and consequence documentation.
Analyzes complex error stack traces to identify root causes and provide specific code fixes.