{"id":13598880,"url":"https://github.com/Dan6erbond/sk-auth","last_synced_at":"2025-04-10T10:30:34.097Z","repository":{"id":37101958,"uuid":"368258084","full_name":"Dan6erbond/sk-auth","owner":"Dan6erbond","description":"Authentication library for use with SvelteKit featuring built-in OAuth providers and zero restriction customization!","archived":false,"fork":false,"pushed_at":"2022-10-16T00:19:23.000Z","size":257,"stargazers_count":579,"open_issues_count":33,"forks_count":69,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-04-03T12:19:18.656Z","etag":null,"topics":["auth","oauth","svelte","sveltejs","sveltekit"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Dan6erbond.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-17T16:48:13.000Z","updated_at":"2025-03-06T08:21:48.000Z","dependencies_parsed_at":"2022-07-12T02:30:36.776Z","dependency_job_id":null,"html_url":"https://github.com/Dan6erbond/sk-auth","commit_stats":null,"previous_names":["dan6erbond/svelte-kit-auth"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dan6erbond%2Fsk-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dan6erbond%2Fsk-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dan6erbond%2Fsk-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dan6erbond%2Fsk-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Dan6erbond","download_url":"https://codeload.github.com/Dan6erbond/sk-auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248199136,"owners_count":21063641,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","oauth","svelte","sveltejs","sveltekit"],"created_at":"2024-08-01T17:00:57.726Z","updated_at":"2025-04-10T10:30:33.743Z","avatar_url":"https://github.com/Dan6erbond.png","language":"TypeScript","funding_links":[],"categories":["TypeScript","Svelte","🏃 SvelteKit Starter Kits and Integrations"],"sub_categories":["The _How To's?_"],"readme":"![SvelteKitAuth Banner](./res/banner.png)\n\n# SvelteKitAuth\n\n![License: MIT](https://img.shields.io/github/license/Jenyus-Org/graphql-utils)\n[![NPM Release](https://img.shields.io/npm/v/sk-auth)](https://www.npmjs.com/package/sk-auth)\n[![NPM Downloads](https://img.shields.io/npm/dw/sk-auth)](https://www.npmjs.com/package/sk-auth)\n[![NPM Type Definitions](https://img.shields.io/npm/types/sk-auth)](https://www.npmjs.com/package/sk-auth)\n\nAuthentication library for use with SvelteKit featuring built-in OAuth providers and zero restriction customization!\n\n## Installation\n\nSvelteKitAuth is available on NPM as `sk-auth`, it can be installed with NPM:\n\n```bash\nnpm i sk-auth --save\n```\n\nOr Yarn:\n\n```bash\nyarn add sk-auth\n```\n\n### Usage with Typescript\n\nSvelteKitAuth also comes with first-class support for Typescript out of the box, so no need to add an additional `@types/` dev dependency! 🎉\n\n## Getting Started\n\nSvelteKitAuth is very easy to setup! All you need to do is instantiate the `SvelteKitAuth` class, and configure it with some default providers, as well as a JWT secret key used to verify the cookies:\n\n***Warning**: env variables prefixed with `VITE_` can be exposed and leaked into client-side bundles if they are referenced in any client-side code. Make sure this is not the case, or consider using an alternative method such as loading them via dotenv directly instead.*\n\n```ts\nexport const appAuth = new SvelteKitAuth({\n  providers: [\n    new GoogleOAuthProvider({\n      clientId: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_ID,\n      clientSecret: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_SECRET,\n      profile(profile) {\n        return { ...profile, provider: \"google\" };\n      },\n    }),\n  ],\n  jwtSecret: import.meta.env.JWT_SECRET_KEY,\n});\n```\n\nIf you want to override or augment the default SvelteKit session to get access to the user in the `session` store, you can use the `getSession` hook:\n\n```ts\n// overriding the default session\nexport const { getSession } = appAuth;\n\n// augmenting it\nexport const getSession: GetSession = async (request) =\u003e {\n  const { user } = await appAuth.getSession(request);\n\n  return { user };\n};\n```\n\n## Callbacks\n\nSvelteKitAuth provides some callbacks, similar to NextAuth.js. Their call signatures are:\n\n```ts\ninterface AuthCallbacks {\n  signIn?: () =\u003e boolean | Promise\u003cboolean\u003e;\n  jwt?: (token: JWT, profile?: any) =\u003e JWT | Promise\u003cJWT\u003e;\n  session?: (token: JWT, session: Session) =\u003e Session | Promise\u003cSession\u003e;\n  redirect?: (url: string) =\u003e string | Promise\u003cstring\u003e;\n}\n```\n\n## Adding more Providers\n\nSvelteKitAuth uses a object-oriented approach towards creating providers. It is unopionated and allows you to implement any three-legged authentication flow such as OAuth, SAML SSO, and even regular credential logins by omitting the `signin()` route.\n\nYou can implement your own using the `Provider` base provider class, and by implementing the `signin()` and `callback()` methods:\n\n```ts\nexport abstract class Provider\u003cT extends ProviderConfig = ProviderConfig\u003e {\n  abstract signin\u003cLocals extends Record\u003cstring, any\u003e = Record\u003cstring, any\u003e, Body = unknown\u003e(\n    request: ServerRequest\u003cLocals, Body\u003e,\n  ): EndpointOutput | Promise\u003cEndpointOutput\u003e;\n\n  abstract callback\u003cLocals extends Record\u003cstring, any\u003e = Record\u003cstring, any\u003e, Body = unknown\u003e(\n    request: ServerRequest\u003cLocals, Body\u003e,\n  ): CallbackResult | Promise\u003cCallbackResult\u003e;\n}\n```\n\n`signin()` must return a generic endpoint output, this can be a redirect, or the path to the provider's sign-in page. When implementing a `HTTP POST` route, `signin()` can simply return an empty body and `callback()` should handle the user login flow.\n\n`callback()` takes a `ServerRequest` and must return a `CallbackResult` which is a custom type exported by `svelte-kit-auth`:\n\n```ts\nexport type Profile = any;\nexport type CallbackResult = [Profile, string | null];\n```\n\nThe first item in the tuple is the user profile, which gets stored in the token, and is provided to the `jwt()` callback as the second argument. The second item is a redirect route, which may be tracked using the `state` query parameter for OAuth providers, or other implementations depending on the sign-in method.\n\n### OAuth2\n\nSvelteKitAuth comes with a built-in OAuth2 provider that takes extensive configuration parameters to support almost any common OAuth2 provider which follows the OAuth2 spec. It can be imported from `sk-auth/providers` and configured with the following configuration object:\n\n```ts\nexport interface OAuth2ProviderConfig\u003cProfileType = any, TokensType extends OAuth2Tokens = any\u003e\n  extends OAuth2BaseProviderConfig\u003cProfileType, TokensType\u003e {\n  accessTokenUrl?: string;\n  authorizationUrl?: string;\n  profileUrl?: string;\n  clientId?: string;\n  clientSecret?: string;\n  scope: string | string[];\n  headers?: any;\n  authorizationParams?: any;\n  params: any;\n  grantType?: string;\n  responseType?: string;\n  contentType?: \"application/json\" | \"application/x-www-form-urlencoded\";\n}\n```\n\nSome values have defaults which can be seen below:\n\n```ts\nconst defaultConfig: Partial\u003cOAuth2ProviderConfig\u003e = {\n  responseType: \"code\",\n  grantType: \"authorization_code\",\n  contentType: \"application/json\",\n};\n```\n\nThe `OAuth2Provider` class can then be instantiated with the configuration to support the OAuth2 flow, including authorization redirect, token retrieval and profile fetching. It will also automatically handle the `state` and `nonce` params for you.\n\n## Motivation\n\nSvelteKitAuth is inspired by the [NextAuth.js](https://next-auth.js.org/) package built for the Next.js SSR framework for React. Unlike NextAuth.js it is completely unopinionated and only provides implementations for default flows, while still empowering users to add their own providers.\n\nAs it leverages classes and Typescript, the implementation of such providers is very straightforward, and in the future it will even be possible to register multiple SvelteKitAuth handlers in the same project, should the need arise, by leveraging a class-based client and server setup.\n\n## Examples\n\nLooking for help? Check out the [example app](./app/) in the repository source. Make something cool you want to show off? Share it with others [in the discussion section](https://github.com/Dan6erbond/sk-auth/discussions/72).\n\n## Contributing\n\n🚧 Work in Progress!\n\n## License\n\nThis project is licensed under the terms of the MIT license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDan6erbond%2Fsk-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FDan6erbond%2Fsk-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDan6erbond%2Fsk-auth/lists"}