I'm super excited to announce Lucia 1.0! This has been a long time coming and I still can't believe how much support the project had over the development. It now has over 800 Github stars and nearly 3,000 NPM weekly downloads!
Lucia is a server-side authentication library for TypeScript that aims to be unintrusive, straightforward, and flexible. At its core, it’s a library for managing users and sessions, providing the building blocks for setting up auth just how you want. Database adapters allow Lucia to be used with any modern ORMs/databases and integration packages make it easy to implement things like OAuth. Unlike Auth.js, it's much more low-level and simple, giving you full control of auth.
Key features:
- Session based auth
- Support for popular databases/ORMs
- OAuth support
- Multiple auth methods with keys
- Email verification links and OTPs with tokens
Docs (I've worked super hard on this!): https://lucia-auth.com/?framework=sveltekit
Repo: https://github.com/pilcrowOnPaper/lucia
Working with Lucia
A simple example for email/password auth:
const user = await auth.createUser({
// how to identify user for authentication?
primaryKey: {
providerId: "email", // using email
providerUserId: "user@example.com", // email to use
password: "123456"
},
// custom attributes
attributes: {
email: "user@example.com"
}
});
const session = await auth.createSession(user.userId);
const sessionCookie = auth.createSessionCookie(session);
You can see that Lucia provides basic primitives that you can use however you want to implement your own auth.
Concepts of Lucia
Aside from users (which should be obvious), there's 2 other key concepts: Sessions and keys. One you understand the 3 concepts of Lucia, it should be pretty easy to use it.
Sessions
Sessions are how you validate and keep track of users. You create new sessions for a user and store the id of the session to the user’s browser or device. To validate a session, you can compare the session id stored in the client and the database.
Keys
When authenticating users (log in), you get the user data from an external provider, such as the email from the user’s input or the Github user id for social login. Keys allow you to link such external data from a provider with Lucia users stored in your database. This type of key can hold a password, which will be hashed and can be validated with Lucia’s API. This is mainly for implementing password logins.
For example, for email/password, “email” can be the provider id, the user’s email can be the provider user id, and the user’s password can be stored as the key’s password. For Github OAuth, “github” can be the provider id and the user’s GitHub user id can be the provider user id.
Top comments (0)