Supakit
A Supabase authentication helper for SvelteKit
Overview
Supakit is a Supabase auth helper specifically designed for SvelteKit. It offers several key features that differentiate it from the official Supabase SvelteKit auth helper. These features include the use of httpOnly cookie storage for enhanced security against XSS, including CSRF protection. It also provides additional functionalities such as a "Remember Me" feature, options to set flowType and debug for client auth, a callback route for server-side auth, and a confirm route for server-side token hash OTP verification. Supakit also includes a built-in server client, saving you the hassle of additional setup. It stores provider tokens and refresh tokens in separate httpOnly cookies and offers a secure client-side "session" store for immediate reactivity.
Features
- HTTPOnly Cookie Storage: Supakit uses HTTPOnly cookie storage for enhanced security against XSS attacks, including CSRF protection.
- "Remember Me" Feature: Supakit provides a "Remember Me" feature for user convenience.
- FlowType and Debug Options: It allows users to set flowType and debug options for client auth.
- Callback Route for Server-side Auth: Supakit offers a callback route for server-side auth, simplifying the setup process.
- Confirm Route for Server-side Token Hash OTP Verification: It provides a confirm route for server-side token hash OTP verification for added security.
- Built-in Server Client: Supakit includes a built-in server client, reducing the need for additional setup.
- Separate HTTPOnly Cookies for Provider Tokens: Provider tokens and refresh tokens are stored in separate HTTPOnly cookies for better security.
- Secure Client-side Session Store: Supakit offers a secure client-side "session" store that is hydrated with Supabase session information after auth events, ensuring immediate reactivity.
- Option to Opt-out of Server-side Features: Users can opt-out of server-side features such as the server client and event.locals if needed.
Summary
Supakit is a Supabase auth helper specifically designed for SvelteKit. It offers enhanced security features such as HTTPOnly cookie storage and CSRF protection. It also provides additional functionalities like a "Remember Me" feature and options to set flowType and debug for client auth. With a built-in server client and a secure client-side "session" store, Supakit simplifies the auth setup process and ensures immediate reactivity after auth events.
- Svelte
Svelte is a modern front-end framework that compiles your code at build time, resulting in smaller and faster applications. It uses a reactive approach to update the DOM, allowing for high performance and a smoother user experience.
- Vite
Vite is a build tool that aims to provide a faster and leaner development experience for modern web projects
- Supabase
Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.
- Fullstack
A fullstack boilerplate provides a starter application that includes both frontend and backend. It should include database, auth, payments, user roles and other backend services to build a fully featured saas or webapps.
- Typescript
TypeScript is a superset of JavaScript, providing optional static typing, classes, interfaces, and other features that help developers write more maintainable and scalable code. TypeScript's static typing system can catch errors at compile-time, making it easier to build and maintain large applications.