lucia-authlucia-auth
59

Example Sveltekit Email Password Webauthn

screenshot of Example Sveltekit Email Password Webauthn
svelte
vite

Email and password example with 2FA and WebAuthn in SvelteKit

Github

Overview

The implementation of an authentication system in SvelteKit utilizing email and password paired with advanced security measures such as two-factor authentication (2FA) and WebAuthn demonstrates a comprehensive approach to user security. This example project stands out due to its integration with SQLite for database management, ensuring that developers can easily run and test the authentication framework. With features like password checks via HaveIBeenPwned and login throttling, it aims to provide a robust solution for modern web applications.

Designed for developers seeking to enhance their understanding of authentication processes, this system emphasizes security best practices while maintaining simplicity. However, it also comes with caveats and areas for improvement, making it ideal for those looking to expand upon an existing foundation.

Features

  • Email Verification: Ensures that users confirm their email addresses during the registration process, contributing to account authenticity.
  • Password Security Checks: Integrates with HaveIBeenPwned to check if the user's password has been compromised in any known data breaches, enhancing security.
  • Two-Factor Authentication (2FA): Adds an extra security layer by requiring users to provide a second form of verification, increasing protection against unauthorized access.
  • Recovery Codes for 2FA: Offers users backup codes to regain access to their accounts if they lose access to their primary 2FA method.
  • Rate Limiting and Login Throttling: Prevents brute-force attacks by limiting the number of login attempts within a set timeframe, enhancing overall security.
  • Passkey and Security Key Support: Users can log in using passkeys or hardware security keys for a password-less authentication experience.
  • Environment Configuration: Simple setup process, including the creation of a .env file for sensitive configurations like the encryption key, provides a secure and flexible environment.
  • Console Logging for Emails: During development, email logging is enabled to help developers test the authentication process without external email services.
svelte
Svelte

Svelte is a modern front-end framework that compiles your code at build time, resulting in smaller and faster applications. It uses a reactive approach to update the DOM, allowing for high performance and a smoother user experience.

vite
Vite

Vite is a build tool that aims to provide a faster and leaner development experience for modern web projects

typescript
Typescript

TypeScript is a superset of JavaScript, providing optional static typing, classes, interfaces, and other features that help developers write more maintainable and scalable code. TypeScript's static typing system can catch errors at compile-time, making it easier to build and maintain large applications.