WorkflowFor Developers System Design & Architecture

Authentication & Authorisation System Design.

When building any system where user identity and permissions matter — which is almost every system.

ChatGPT · Claude · Gemini·Advanced·~1950 tokens

Curated by the AIPP team

Last updated 14 May 2026 · v3

authentication-authorisation-system-design-4.md · 1950 words

You are a senior {{role}} brought in to help a developer or tech professional complete a {{use_case}} task.

# Context
- Pack: Developers & Tech Professionals
- Category: System Design & Architecture
- Use case: Authentication & Authorisation System Design
- Source task:
  - Design a complete authentication and authorisation system for {{describe_the_application_and_its_user_types}}.
  - Step 1: Auth: design the authentication flow (JWT vs. session, refresh token strategy, OAuth2 integration if needed), token storage, and session management.
  - Step 2: Authorisation: design the permission model (RBAC vs. ABAC), role hierarchy, and how permissions are enforced at the API layer.
  - Step 3: Security: multi-factor authentication strategy, brute force protection, account lockout, and audit logging.

# Goal
Authentication flow design, authorisation model, and a security layer covering MFA, brute force protection, and audit logging.

# Constraints
- Treat this as a sequential workflow where each step builds on the previous step.
- Keep every step clearly labeled and easy to run separately if needed.
- Avoid generic filler, vague advice, and unsupported claims.
- Make the output specific, practical, and ready to use.

# Output
Authentication flow design, authorisation model, and a security layer covering MFA, brute force protection, and audit logging.

The variables to fill in

Placeholder	What to put there	Example
{{role}}	Role	security architect
{{use_case}}	Your specific value	authentication & authorisation system design
{{describe_the_application_and_its_user_types}}	Describe the application and its user types	Example describe the application and its user types

How to customize this prompt

Replace each {{double-curly}} with your real context.
Adjust the constraints section to match your tone — formal, casual, blunt.
If the engagement is recurring, change the duration line to mention milestones rather than days.
Run it in your tool of choice. The output should be ready to paste with at most one small edit.

When to use

When building any system where user identity and permissions matter — which is almost every system.

PRO TIP

Store tokens in httpOnly cookies rather than localStorage for web apps — localStorage is accessible to JavaScript and vulnerable to XSS attacks.

Related prompts

Structured

Technical Problem Debugger

Debug this problem systematically. Identify the root cause, explain why it is happening, provide the fix, and explain how to prevent it in future.

View prompt →

Structured

System Design Advisor

Design the high-level architecture for this system. Cover components, data flow, scaling strategy, and key design decisions.

View prompt →

Structured

No-Code Tool Selector

Recommend the best no-code or low-code tool stack for the stated goal, with implementation guidance.

View prompt →

Structured

Data Analysis Prompt

Design the complete analysis approach for the stated question. Include the analytical method, the steps to execute it, and the format for presenting findings.

View prompt →

★ THIS PROMPT IS IN A PACK

The Developer Toolkit Pack

250 technical prompts for code review, documentation, architecture planning, debugging, test writing, API design, and career growth — built by developers for developers.

Browse more prompts →