backend-api-authentication

Implement secure API authentication following industry best practices including token-based auth, OAuth2/OIDC, JWT handling, and password security. Use this skill when implementing or modifying authentication mechanisms, login endpoints, token generation or validation logic, user session management, password hashing or verification, API security middleware, authentication guards or decorators, OAuth2 flows, API key management, or any backend code that handles user credentials, access tokens, refresh tokens, or API authentication. Use when creating new auth endpoints, updating existing authentication logic, reviewing security vulnerabilities in auth code, implementing rate limiting for login endpoints, or working with authentication-related database models and queries.