---
name: authentication-session-security
version: "0.1"
description: >
  [STUB - Not implemented] Authentication security including JWT validation, session management, and OAuth2/OIDC flows.
  PROACTIVELY activate for: [TODO: Define on implementation].
  Triggers: [TODO: Define on implementation]
core-integration:
  techniques:
    primary: ["[TODO]"]
    secondary: []
  contracts:
    input: "[TODO]"
    output: "[TODO]"
  patterns: "[TODO]"
  rubrics: "[TODO]"
---

# Authentication and Session Security

> **STUB: This skill is not yet implemented**
>
> This placeholder preserves the documented plugin structure.
> See parent plugin README for planned capabilities.

## Planned Capabilities

- **JWT Validation**: Token verification, expiration, and signature validation
- **Session Management**: Secure session handling, timeout configuration
- **OAuth2/OIDC Flows**: Authorization code flow, PKCE, token refresh
- Password hashing best practices
- Multi-factor authentication (MFA) implementation
- Session fixation prevention

## Implementation Status

- [ ] Core implementation
- [ ] References documentation
- [ ] Output templates
- [ ] Integration tests