Skip to content

Latest commit

 

History

History
267 lines (177 loc) · 10.5 KB

README.md

File metadata and controls

267 lines (177 loc) · 10.5 KB

SvelteKit Authentication Template


SvelteKit authentication template featuring Passkeys, social login (Apple and Google), mailbox verification and much more.
Preline and Shadcn variants available.

Demo (Preline)   |   Demo (Shadcn)

Features

  1. Passkey registration and authentication
  2. Apple sign in
  3. Google sign in / one-tap
  4. Mailbox verification (via a one time code or link)
  5. Dark mode with theme selection (light/dark/system)
  6. Preline and Shadcn variants

Screen recording

passlock-demo.mp4

Screenshots

Register a passkey

Creating a new account and passkey


Shadcn/ui variant

Shadcn/ui variant (dark mode)

Frameworks used

  1. Passlock - Serverless passkey platform
  2. Superforms - Makes form handling a breeze
  3. Lucia - Robust session management
  4. Tailwind - Utility-first CSS framework
  5. Preline - Tailwind UI library 1
  6. shadcn-svelte - Tailwind components for Svelte 2
  7. Melt UI - Headless component library for Svelte

[1] Uses native Svelte in place of Preline JavaScript
[2] See the shadcn branch

(back to top)

About

The future of web authenticaton lies in Passkeys. Learn how to add Passkey authentication to your SvelteKit app, perform facial or fingerprint recognition and more. You'll also learn how to use some of SvelteKit's hottest libraries and implement Google's latest social sign in feature.

Demos

I've deployed 2 live versions of this project:

  • Master demo - A version of the master branch (uses Preline + Melt UI)

  • Shadcn demo - A version of the shadcn branch (uses shadcn-svelte)

Getting started

Prerequisites

This example project uses the cloud based Passlock framework for passkey registration and authentication. Passlock is free for personal and commercial use. Create an account at passlock.dev

Clone this repo

git clone [email protected]:passlock-dev/passkeys.git

Navigate to the template

cd apps/sveltekit/preline or cd apps/sveltekit/shadcn

Install the dependencies

npm install

Set the environment variables

You'll need to set four variables:

  1. PUBLIC_PASSLOCK_TENANCY_ID
  2. PUBLIC_PASSLOCK_CLIENT_ID
  3. PUBLIC_APPLE_CLIENT_ID 1
  4. PUBLIC_APPLE_REDIRECT_URL 1
  5. PUBLIC_GOOGLE_CLIENT_ID 1
  6. PASSLOCK_API_KEY

[1] Optional - If not using Apple/Google set to an empty string

Where to find these variables

Your Passlock Tenancy ID, Client ID and Api Key (token) can be found in your Passlock console under settings and API Keys. Please see the section Sign in with google if using Google sign in.

Create a .env.local file containing the relevant credentials.

Tip

Alternatively you can download a ready made .env file from your passlock console settings:

Tenancy information -> Vite .env -> Download

(back to top)

Usage

Start the dev server

npm run dev

Note: by default this app runs on port 5174 when in dev mode (see vite.config.ts)

Register a passkey

Navigate to the home page page and complete the form. Assuming your browser supports passkeys (most do), you should be prompted to create a passkey.

Authenticate

Logout then navigate to the login page. You should be prompted to authenticate using your newly created passkey.


Tip

Prompting for an email address during authentication is optional but highly recommended.

Imagine the user hasn't created a passkey, or they signed up using Google. When they try to sign in using a passkey you might expect that they would receive an error telling them that no passkey can be found, but unfortunately that's not how browsers behave. Instead the browser/device will prompt them to use a passkey on another different device. In my experience this confuses 90% of users.

By asking for an email address we can check if they have a passkey registered in the backed or they have a linked Google account. This allows us to display a helpful message telling them to either sign up or login using their Google credentials.

(back to top)

Sign in with Google

This app also allows users to register/sign in using a Google account. It uses the latest sign in with google code, avoiding redirects.

Adding Google sign in

  1. Obtain your Google API Client ID
  2. Update your .env or .env.local to include a PUBLIC_GOOGLE_CLIENT_ID variable.
  3. Record your Google Client ID in your Passlock settings: Social Login -> Google Client ID

Important

Don't forget the last step!

Testing Google sign in

If all went well you should be able to register an account and then sign in using your Google credentials.

IMPORTANT! If you previously used the same email address with another authenticator (i.e. passkey or apple), you'll need to first delete the user in your Passlock console. We don't yet support account linking in this template but it's being developed now.

(back to top)

Sign in with Apple

Similar to Google, users can sign in using an Apple account, also without redirects, however that there are a few more steps and gotchas to be aware of...

  1. You need a (paid) Apple developer account
  2. You can't use Sign in with Apple without an App ID, however you don't need an app, just a registered App ID.
  3. You can't test using localhost, you'll need to tunnel a public, HTTPS url to your local server using something like ngrok.
  4. We still need to pass a redirect URL to Apple during the authentication call, even though we tell them to use a popup 🤯. In practice this means registering https://mysite.com with Apple and using it for PUBLIC_APPLE_REDIRECT_URL. Everything will still work even on https://mysite.com/login.
  5. Apple only returns the user data (first & last name) during the first call. In normal use this isn't an issue, but if during testing you delete your account and register again, you will also need to break the link in your apple account. Go to https://appleid.apple.com -> Sign in with Apple -> Passlock Demo -> Stop using Sign in with Apple.

Adding Apple sign in

  1. Create an Apple App ID with "Sign in with Apple" enabled
  2. Create an Apple Service ID with "Sign in with Apple" enabled
  3. Register the relevant website domains and redirect URLs with the service account
  4. Update your .env or .env.local to include the PUBLIC_APPLE_CLIENT_ID and PUBLIC_APPLE_REDIRECT_URL variables.
  5. Record your Apple Client ID in your Passlock settings: Social Login -> Apple Client ID

(back to top)

Mailbox verification

This starter project also supports mailbox verification emails (via Passlock):

Verifying mailbox ownership

You can choose to verify an email address during passkey registration. Take a look at src/routes/(other)/+page.svelte:

// Email a verification link
const verifyEmailLink: VerifyEmail = {
  method: 'link',
  redirectUrl: String(new URL('/verify-email', $page.url))
}

// Email a verification code
const verifyEmailCode: VerifyEmail = {
  method: 'code'
}

// If you want to verify the user's email during registration
// choose one of the options above and take a look at /verify/email/+page.svelte
let verifyEmail: VerifyEmail | undefined = verifyEmailCode

Customizing the verification emails

See the emails section of your Passlock console

(back to top)

Shadcn/ui variant

Shadcn/ui variant

Shadcn/ui variant

The default (master) branch uses Preline, however a shadcn-svelte variant is also available:

git checkout -b shadcn origin/shadcn

IMPORTANT: When switching between branches please re-install the NPM dependencies:

rm -r node_modules pnpm-lock.yaml
pnpm install

(back to top)

Documentation

Please see the developer docs

Questions? Problems

Please file an issue and I'll respond ASAP.