DEV Community


Posted on

Announcing Lucia 1.0 - A simple and flexible auth library with support for multiple databases and frameworks

I'm super excited to announce Lucia 1.0! This has been a long time coming and I still can't believe how much support the project had over the development. It now has over 800 Github stars and nearly 3,000 NPM weekly downloads!

Lucia is a server-side authentication library for TypeScript that aims to be unintrusive, straightforward, and flexible. At its core, it’s a library for managing users and sessions, providing the building blocks for setting up auth just how you want. Database adapters allow Lucia to be used with any modern ORMs/databases and integration packages make it easy to implement things like OAuth. Unlike Auth.js, it's much more low-level and simple, giving you full control of auth.

Key features:

  • Session based auth
  • Support for popular databases/ORMs
  • OAuth support
  • Multiple auth methods with keys
  • Email verification links and OTPs with tokens

Docs (I've worked super hard on this!):

Working with Lucia

A simple example for email/password auth:

const user = await auth.createUser({
    // how to identify user for authentication?
    primaryKey: {
        providerId: "email", // using email
        providerUserId: "", // email to use
        password: "123456"
    // custom attributes
    attributes: {
        email: ""
const session = await auth.createSession(user.userId);
const sessionCookie = auth.createSessionCookie(session);
Enter fullscreen mode Exit fullscreen mode

You can see that Lucia provides basic primitives that you can use however you want to implement your own auth.

Concepts of Lucia

Aside from users (which should be obvious), there's 2 other key concepts: Sessions and keys. One you understand the 3 concepts of Lucia, it should be pretty easy to use it.


Sessions are how you validate and keep track of users. You create new sessions for a user and store the id of the session to the user’s browser or device. To validate a session, you can compare the session id stored in the client and the database.


When authenticating users (log in), you get the user data from an external provider, such as the email from the user’s input or the Github user id for social login. Keys allow you to link such external data from a provider with Lucia users stored in your database. This type of key can hold a password, which will be hashed and can be validated with Lucia’s API. This is mainly for implementing password logins.

For example, for email/password, “email” can be the provider id, the user’s email can be the provider user id, and the user’s password can be stored as the key’s password. For Github OAuth, “github” can be the provider id and the user’s GitHub user id can be the provider user id.

Top comments (0)