SvelteKit and Authentication—server- or client-side?
Struggling to know “the best way” of doing
1. Send
2. Do auth in the client, then send session object back to the server so that SvelteKit's backend can register
Does this make any sense? Any thoughts or opinions?
authsupabaseClient.auth.signIn({ email: form.email, password: form.password }); server- or client-side:1. Send
username and password to a server-side route (/api/login) which then runs supabaseClient.auth.signIn() server-side, gets back a user and session, registers session and returns data to client for Supabase to know who's logged in. (This is how I did my first SvelteKit + Supabase app according to https://www.youtube.com/watch?v=znZE6DEtVNs)2. Do auth in the client, then send session object back to the server so that SvelteKit's backend can register
session/login). This appears to be how most of the tutorials now are structured, but it feels kinda weird... Like, I feel the server should be the source of truth, not the web browser.Does this make any sense? Any thoughts or opinions?
YouTubeSvelte Mastery
So now we get into how to store the session with cookies which lets us have a much better redirect experience for users!
Timestamps
0:00 - Intro
0:55 - App Overview
2:20 - Signup Code
4:04 - Set Cookie Code
5:58 - Get Cookie Code
7:17 - Redirect Code
8:37 - Logout Code
10:47 - Summary
CODE
https://github.com/sveltemaster/supasveltekit-cookies...
Timestamps
0:00 - Intro
0:55 - App Overview
2:20 - Signup Code
4:04 - Set Cookie Code
5:58 - Get Cookie Code
7:17 - Redirect Code
8:37 - Logout Code
10:47 - Summary
CODE
https://github.com/sveltemaster/supasveltekit-cookies...
