Important
The library is being tested in production and will be tagged 1.0.0 once I'm confident it works.
Highly opinionated, minimal config OAuth protection for SvelteKit apps. Get login working in few lines of code - no complex setup, no custom UI, just secure authentication using your own OAuth 2.0/OIDC IdP hosted UI, such as AWS Cognito or auth0.
Install with your favorite package manager:
npm install --save @nekm/sveltekit-armor @sveltejs/kitCreate a src/hooks.server.ts and write:
import { armor, armorCookieSession } from '@nekm/sveltekit-armor';
const { handle: armorHandle } = armor({
oauth: {
clientId: 'foo',
clientSecret: 'bar',
baseUrl: 'https://myapp.auth.eu-west-1.amazoncognito.com',
issuer: 'https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_ABC123xyz',
},
session: armorCookieSession,
});
export const handle = armorHandle;Done. Entire app now requires login.
Access the tokens:
import {armorCookieSessionGet} from '@nekm/sveltekit-armor';
const tokens = armorCookieSessionGet(event.cookies);For simplicity, we provide you with a default cookie session, but it is recommended to write your own session storage to store tokens in your database.
Your app will now expose these routes:
/_armor/login- Redirect the user here to initiate a login./_armor/redirect/login- Configure your IdP to redirect here./_armor/logout- Only if logout endpoint is configured./_armor/redirect/logout- Only if logout endpoint is configured.
Assume you only want to protect routes prefixed by admin. Create a src/hooks.server.ts and write:
import { armor } from '@nekm/sveltekit-armor';
const { handle: armorHandle } = armor({ /* config */ });
export const handle = ({ event, resolve }) => {
if (event.url.pathname.startsWith('/admin')) {
return armorHandle({ event, resolve });
}
return resolve(event);
}This project complies with Semantic Versioning.
For a complete list of changes, and how to migrate between major versions, see releases page.
If you appreciate my work, then consider buying me a coffee. Donations are completely voluntary.
