{"id":50746989,"url":"https://github.com/zitadel/solidstart-auth","last_synced_at":"2026-06-10T22:01:42.075Z","repository":{"id":360011867,"uuid":"1248285382","full_name":"zitadel/solidstart-auth","owner":"zitadel","description":"Official Zitadel auth integration for SolidStart.","archived":false,"fork":false,"pushed_at":"2026-05-31T16:06:09.000Z","size":1111,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-31T17:14:52.488Z","etag":null,"topics":["auth","authentication","authn","authorization","authz","iam","identity","login","nodejs","solidstart","sso","typescript","zitadel"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/@zitadel/solidstart-auth","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zitadel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-24T12:47:44.000Z","updated_at":"2026-05-31T16:02:31.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/zitadel/solidstart-auth","commit_stats":null,"previous_names":["zitadel/solidstart-auth"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zitadel/solidstart-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zitadel%2Fsolidstart-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zitadel%2Fsolidstart-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zitadel%2Fsolidstart-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zitadel%2Fsolidstart-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zitadel","download_url":"https://codeload.github.com/zitadel/solidstart-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zitadel%2Fsolidstart-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34172196,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authentication","authn","authorization","authz","iam","identity","login","nodejs","solidstart","sso","typescript","zitadel"],"created_at":"2026-06-10T22:01:40.667Z","updated_at":"2026-06-10T22:01:42.068Z","avatar_url":"https://github.com/zitadel.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SolidStart Auth\n\nA [SolidStart](https://start.solidjs.com/) integration that provides seamless authentication with\nmultiple providers, session management, and SolidStart-native API route\npatterns.\n\nThis integration brings the power and flexibility of OAuth to SolidStart\napplications with full TypeScript support, SSR-friendly HTTP handling,\nand SolidStart-native patterns including API routes and server actions.\n\n### Why?\n\nModern web applications require robust, secure, and flexible authentication\nsystems. Integrating OAuth and session management with SolidStart applications requires careful consideration of\nframework patterns, server-side rendering, and TypeScript integration.\n\nHowever, a direct integration isn't always straightforward. Different types\nof applications or deployment scenarios might warrant different approaches:\n\n- **API Route Integration:** OAuth and auth flows operate at the HTTP level, while\n  SolidStart uses file-based API routes with GET and POST handler exports. A\n  proper integration should bridge this gap by providing handlers that plug\n  directly into SolidStart's routing system.\n- **HTTP Request Handling:** SolidStart API routes receive `APIEvent` objects\n  with a standard `request` property. This integration wraps the auth handler to\n  accept these event shapes without manual request bridging.\n- **Session and Request Lifecycle:** Proper session handling in SolidStart\n  requires SSR-friendly utilities that work with `createServerData$` and\n  server actions, while also providing client-side helpers for interactive flows.\n- **Route Protection:** Many applications need fine-grained authorization\n  beyond simple authentication. `getSession()` provides a clean server-side\n  primitive suitable for protecting routes and server functions.\n\nThis integration, `@zitadel/solidstart-auth`, aims to provide the flexibility\nto handle such scenarios. It allows you to leverage the full OAuth provider ecosystem\nwhile maintaining SolidStart best practices, ultimately leading to a more\neffective and less burdensome authentication implementation.\n\n## Installation\n\nInstall using NPM by using the following command:\n\n```sh\nnpm install @zitadel/solidstart-auth\n```\n\n## Usage\n\nTo use this integration, call `SolidAuth()` with your authentication configuration\nand export the resulting `GET` and `POST` handlers from your catch-all auth\nAPI route.\n\nFirst, create your auth configuration:\n\n```ts\n// src/lib/auth.ts\nimport { SolidAuth, type SolidAuthConfig } from '@zitadel/solidstart-auth';\nimport Zitadel from '@auth/core/providers/zitadel';\n\nconst authOptions: SolidAuthConfig = {\n  providers: [\n    Zitadel({\n      clientId: process.env.ZITADEL_CLIENT_ID,\n      clientSecret: process.env.ZITADEL_CLIENT_SECRET,\n      issuer: process.env.ZITADEL_DOMAIN,\n    }),\n  ],\n  secret: process.env.AUTH_SECRET,\n  trustHost: true,\n};\n\nexport const { GET, POST } = SolidAuth(authOptions);\nexport { authOptions };\n```\n\nThen wire up the API route:\n\n```ts\n// src/routes/api/auth/[...solidauth].ts\nexport { GET, POST } from '~/lib/auth';\n```\n\n#### Using the Authentication System\n\nThe integration provides several functions and hooks for handling\nauthentication:\n\n**Server Utilities:**\n\n- `SolidAuth(config)`: Creates `{ GET, POST }` route handlers\n- `getSession(request, config)`: Retrieves the current session server-side\n\n**Client Exports** (from `@zitadel/solidstart-auth/client`):\n\n- `signIn(provider?, options?)`: Client helper for sign-in\n- `signOut(options?)`: Client helper for sign-out\n\n**Basic Usage in a Route:**\n\n```tsx\n// src/routes/index.tsx\nimport { createServerData$ } from 'solid-start/server';\nimport { getSession } from '@zitadel/solidstart-auth';\nimport { authOptions } from '~/lib/auth';\n\nexport function routeData() {\n  return createServerData$(async (_, { request }) =\u003e {\n    return getSession(request, authOptions);\n  });\n}\n\nexport default function Home() {\n  const session = useRouteData\u003ctypeof routeData\u003e();\n\n  return (\n    \u003cmain\u003e\n      \u003cShow when={session()} fallback={\n        \u003ca href=\"/api/auth/signin\"\u003eSign in\u003c/a\u003e\n      }\u003e\n        \u003cp\u003eWelcome, {session()?.user?.name}\u003c/p\u003e\n        \u003ca href=\"/api/auth/signout\"\u003eSign out\u003c/a\u003e\n      \u003c/Show\u003e\n    \u003c/main\u003e\n  );\n}\n```\n\nPrefer client-side navigation? Use the client helpers:\n\n```tsx\n// src/components/AuthButtons.tsx\nimport { signIn, signOut } from '@zitadel/solidstart-auth/client';\n\nexport function SignInButton() {\n  return \u003cbutton onClick={() =\u003e signIn('zitadel')}\u003eSign in\u003c/button\u003e;\n}\n\nexport function SignOutButton() {\n  return \u003cbutton onClick={() =\u003e signOut()}\u003eSign out\u003c/button\u003e;\n}\n```\n\n##### Example: Advanced Configuration with Multiple Providers\n\nThis example shows how to use the integration with multiple OAuth\nproviders and custom session configuration:\n\n```ts\n// src/lib/auth.ts\nimport { SolidAuth, type SolidAuthConfig } from '@zitadel/solidstart-auth';\nimport Zitadel from '@auth/core/providers/zitadel';\nimport Google from '@auth/core/providers/google';\n\nconst authOptions: SolidAuthConfig = {\n  providers: [\n    Zitadel({\n      clientId: process.env.ZITADEL_CLIENT_ID,\n      clientSecret: process.env.ZITADEL_CLIENT_SECRET,\n      issuer: process.env.ZITADEL_DOMAIN,\n    }),\n    Google({\n      clientId: process.env.GOOGLE_CLIENT_ID,\n      clientSecret: process.env.GOOGLE_CLIENT_SECRET,\n    }),\n  ],\n  secret: process.env.AUTH_SECRET,\n  trustHost: true,\n  session: {\n    strategy: 'jwt',\n    maxAge: 30 * 24 * 60 * 60, // 30 days\n  },\n  callbacks: {\n    async jwt({ token, user }) {\n      if (user) (token as any).roles = (user as any).roles;\n      return token;\n    },\n    async session({ session, token }) {\n      (session.user as any).roles = (token as any).roles as\n        | string[]\n        | undefined;\n      return session;\n    },\n  },\n};\n\nexport const { GET, POST } = SolidAuth(authOptions);\nexport { authOptions };\n```\n\n## Known Issues\n\n- **SSR Required:** This integration requires SolidStart to be configured with\n  a server adapter. Ensure your `app.config.ts` specifies a compatible adapter\n  (e.g., `@solidjs/start/adapters/node`).\n- **Environment Configuration:** The integration relies on `AUTH_SECRET` and,\n  in many hosting scenarios, `AUTH_TRUST_HOST`. Ensure these are correctly set\n  in your environment for production.\n- **Callback URLs:** OAuth providers must be configured with the correct\n  callback URL: `[origin]/api/auth/callback/[provider]`.\n- **Type Augmentation:** If you attach additional properties (e.g., roles) to\n  the user session object, extend your app's types accordingly so consumers of\n  `session.user` remain type-safe.\n- **Redirect Semantics:** OAuth providers expect real browser navigations during\n  sign-in. The client helpers handle this for you — avoid manual `fetch()` calls\n  to provider endpoints unless you know you need credential/email flows.\n\n## Useful links\n\n- **[SolidStart](https://start.solidjs.com/):** The framework this integration\n  targets.\n\n## Contributing\n\nIf you have suggestions for how this integration could be improved, or\nwant to report a bug, open an issue — we'd love all and any contributions.\n\n## License\n\nApache-2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzitadel%2Fsolidstart-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzitadel%2Fsolidstart-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzitadel%2Fsolidstart-auth/lists"}