Svelte Themes Logo Svelte Themes
Supakit screenshot

Supakit

Author Avatar Theme by J4w8n
Updated: 30 Jun 2024
39 Stars

A Supabase authentication helper for SvelteKit

Github

Categories

Vite Supabase Fullstack

Overview

Supakit is a Supabase auth helper specifically designed for SvelteKit. It offers several key features that differentiate it from the official Supabase SvelteKit auth helper. These features include the use of httpOnly cookie storage for enhanced security against XSS, including CSRF protection. It also provides additional functionalities such as a “Remember Me” feature, options to set flowType and debug for client auth, a callback route for server-side auth, and a confirm route for server-side token hash OTP verification. Supakit also includes a built-in server client, saving you the hassle of additional setup. It stores provider tokens and refresh tokens in separate httpOnly cookies and offers a secure client-side “session” store for immediate reactivity.

Features

  • HTTPOnly Cookie Storage: Supakit uses HTTPOnly cookie storage for enhanced security against XSS attacks, including CSRF protection.
  • “Remember Me” Feature: Supakit provides a “Remember Me” feature for user convenience.
  • FlowType and Debug Options: It allows users to set flowType and debug options for client auth.
  • Callback Route for Server-side Auth: Supakit offers a callback route for server-side auth, simplifying the setup process.
  • Confirm Route for Server-side Token Hash OTP Verification: It provides a confirm route for server-side token hash OTP verification for added security.
  • Built-in Server Client: Supakit includes a built-in server client, reducing the need for additional setup.
  • Separate HTTPOnly Cookies for Provider Tokens: Provider tokens and refresh tokens are stored in separate HTTPOnly cookies for better security.
  • Secure Client-side Session Store: Supakit offers a secure client-side “session” store that is hydrated with Supabase session information after auth events, ensuring immediate reactivity.
  • Option to Opt-out of Server-side Features: Users can opt-out of server-side features such as the server client and event.locals if needed.

Installation

To install Supakit, run the following commands:

npm install supakit
pnpm add supakit
yarn add supakit

Summary

Supakit is a Supabase auth helper specifically designed for SvelteKit. It offers enhanced security features such as HTTPOnly cookie storage and CSRF protection. It also provides additional functionalities like a “Remember Me” feature and options to set flowType and debug for client auth. With a built-in server client and a secure client-side “session” store, Supakit simplifies the auth setup process and ensures immediate reactivity after auth events.