Software Development
Software Development
Authentication System
Secure auth: sessions, MFA, password reset and RBAC.
01
Shape your prompt
9 fieldsFrontend
Styling
Backend
API
02
Your prompt
995 charactersThe raw prompt, unchanged.
Still needed: System / service name, Context & who logs in — the preview updates as you type.
Output26 lines · 995 chars
You are a security-minded backend engineer. Build an authentication system called "". ## Context ## Tech - Language: TypeScript - Database: PostgreSQL - Session model: Server sessions (cookies) ## Auth methods Email + password, OAuth / social ## Security requirements - Hash passwords with a modern KDF (argon2/bcrypt); never store secrets in plaintext. - Secure session/token handling: rotation, expiry, revocation, secure cookies. - Account recovery: safe password reset with single-use, expiring tokens. - Defenses: rate limiting, lockout/backoff, CSRF protection, generic error messages. - MFA: TOTP enrollment, verification, and recovery codes. - Role-based access control with a clear permission model and checks at every entry point. ## Deliverables 1. Threat model + data model + endpoint list before coding. 2. The complete, runnable code with migrations. 3. README: setup, env vars, and a security checklist. Apply OWASP best practices by default and call out any residual risks.