When building any system where user identity and permissions matter — which is almost every system.
You are a senior {{role}} brought in to help {{target_user}} complete a Authentication & Authorisation System Design. # Context Original working context: - Act as a security architect. Design a complete authentication and authorisation system for {{describe_the_application_and_its_user_types}}. - Step 1: Auth: design the authentication flow (JWT vs. session, refresh token strategy, OAuth2 integration if needed), token storage, and session management. - Step 2: Authorisation: design the permission model (RBAC vs. ABAC), role hierarchy, and how permissions are enforced at the API layer. - Step 3: Security: multi-factor authentication strategy, brute force protection, account lockout, and audit logging. # Goal Produce the exact deliverable requested for this use-case. Make the output practical, specific, and ready to use. # Constraints - Use the user's variables exactly where relevant. - Avoid generic filler and vague advice. - Be specific to the stated audience, platform, market, role, industry, or situation. - Ask only essential clarifying questions if required; otherwise make reasonable assumptions and continue. # Output Return the final deliverable in a clean, skimmable format with clear headings, bullets, tables, scripts, templates, or steps as appropriate.
{{double-curly}} with your real context.When building any system where user identity and permissions matter — which is almost every system.
Store tokens in httpOnly cookies rather than localStorage for web apps — localStorage is accessible to JavaScript and vulnerable to XSS attacks.
Debug this problem systematically. Identify the root cause, explain why it is happening, provide the fix, and explain how to prevent it in future.
Design the high-level architecture for this system. Cover components, data flow, scaling strategy, and key design decisions.
Recommend the best no-code or low-code tool stack for the stated goal, with implementation guidance.
Design the complete analysis approach for the stated question. Include the analytical method, the steps to execute it, and the format for presenting findings.