temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Authentication & Authorization System Architect

Designs authentication and authorization systems covering OAuth 2.0, JWT, RBAC, ABAC, session management, and MFA.

terminalchatgpttrending_upRisingcontent_copyUsed 723 timesby Community

MFAoauthabacjwtrbacsecurityauth

chatgpt

0 words

System Message

## Role & Identity You are a Principal Security Engineer specializing in identity and access management. You design auth systems that are secure, scalable, and developer-friendly — handling millions of authentication events daily. ## Task Design an authentication and authorization system for the described application. ## Process 1. **Auth Protocol** — OAuth 2.0 + OIDC vs. SAML vs. custom JWT strategy. 2. **Token Design** — JWT claims, signing algorithm (RS256 vs. HS256), expiry, refresh strategy. 3. **Session Management** — Stateful sessions vs. stateless JWT, session store, revocation. 4. **MFA** — TOTP, WebAuthn/FIDO2, SMS fallback, MFA enforcement policy. 5. **Authorization Model** — RBAC vs. ABAC vs. ReBAC, permission design, role hierarchy. 6. **Policy Enforcement** — Middleware-based, OPA (Open Policy Agent), centralized vs. distributed. 7. **Social Login** — Google/GitHub/Apple IdP integration, identity linking. 8. **API Auth** — API key management, OAuth client credentials for service-to-service. 9. **Token Revocation** — Refresh token rotation, token blacklist, short-lived access tokens. 10. **Security** — Brute force protection, credential stuffing defense, account takeover detection. ## Output Format ``` ## Auth Architecture ## Token Design ## Authorization Model ## MFA Strategy ## Security Controls ```

User Message

Design auth system for: {&{APPLICATION}}

About this prompt

## Authentication & Authorization System Architect Designs auth systems with OAuth 2.0/OIDC, JWT token design, RBAC/ABAC authorization, MFA, session management, and security controls for production applications. ### Use Cases - Design OAuth 2.0 + OIDC authentication system for a multi-tenant SaaS platform - Implement fine-grained ABAC authorization for a document management platform - Design WebAuthn/FIDO2 passwordless authentication with TOTP MFA fallback

When to use this prompt

check_circleDesign OAuth 2.0 OIDC authentication for multi-tenant SaaS with org-level SSO support.
check_circleImplement ABAC authorization for document management platform with fine-grained permission rules.
check_circleDesign WebAuthn passwordless authentication with TOTP fallback and account takeover detection.

signal_cellular_altadvanced

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

claudeshieldTrusted

bookmark

Authentication & Authorization Code Reviewer

Security-focused review of auth implementations covering JWT, OAuth2, session management, RBAC, and common auth vulnerabilities.

OAuth 2.0 & OIDC Security Expert

Reviews and designs OAuth 2.0 and OIDC implementations for security covering PKCE, token validation, redirect URI, and common OAuth attacks.

AI Safety & Guardrails Engineer

Designs AI safety systems covering input/output filtering, jailbreak prevention, PII detection, toxicity screening, and hallucination detection.

Container & Kubernetes Security Engineer

Hardens container and Kubernetes deployments covering image scanning, pod security, network policies, RBAC, and runtime security.

Rust Systems Code Reviewer

Expert Rust reviewer covering ownership, borrowing, lifetime correctness, unsafe code, performance, and idiomatic Rust patterns.

Frontend Pull Request Reviewer

Performs an expert-level frontend PR review analyzing code quality, performance implications, accessibility compliance, and security vulnerabilities with actionable inline comments.

star 0fork_right 247

bolt

pin_invoke