►
From YouTube: SvelteKit Authentication with Github OAuth - Tom Wilson
Description
👋🏻 Hello,
This is a workshop on how to set up cookie-based session authentication using SvelteKit.
SvelteKit is the new way to build Svelte Applications, it combines the client and server in a clean and seamless bridge so you can build your applications in complete flow.
For more details check out:
https://blog.hyper.io/sveltekit-authentication/
Workshop Completed Github Repository:
https://github.com/hyper63/sveltekit-auth-workshop
Thank you for taking the workshop!
A
A
What
you
should
know
before
you
take
this
workshop
number
one
you
should
be
familiar
with
javascript
should
know
a
little
bit
about
the
fetch
api,
so
we're
going
to
use
the
fetch
api
quite
a
bit
and
if
you
don't
really
know
how
to
use
it,
I'll
have
a
link
to
go
check
out
the
documentation
of
fetch
and
we'll
be
using
version.
14
of
node.js,
we'll
just
make
sure
version.
A
A
All
right
so
getting
started,
we're
going
to
use
visual
studio
and
we're
actually
using
getpod.io.
Getpod.Io
is
a
great
toolkit.
It
allows
you
to
run
your
development
environment
in
the
cloud
using
visual
studio
code,
a
terminal
and
and
get
it's
it's
amazing,
and
it
works
in
sync
with
your
github
repository,
so
you
can
create
a
little
button
in
the
github
by
installing
an
extension
and
every
time
you
click
that
button,
it'll
launch,
git
pod
will
launch
a
project
in
get
pod.
I
o
definitely
encourage
you
to
check
that
out.
A
It's
made
my
life
much
much
simpler,
so
getting
started,
we're
going
to
use
the
spelt
command
line
and
again
since
swelt
kit
is
in
beta
the
command
line,
we're
going
to
do
createspell
using
npm.net
and
give
it
the
at
next
tag.
So
the
at
next
tag
will
let
us
know
that
we're
still
in
in
beta,
so
on
your
terminal
in
an
empty
directory.
A
So
the
first
question
is
the
directory
not
empty.
Do
we
want
to
continue,
and
the
answer
is
yes,
we
want
to
continue,
then
the
second
one
will
be
which
spelt
app
template.
Do
we
use
and
we're
going
to
use
the
skeleton
project?
The
skeleton
project
will
just
basically
give
us
an
empty
app.
The
spelt
kit
demo
app
is
awesome.
It
has
some
great
kind
of
example
code
in
there,
but
for
this
we're
just
going
to
use
the
skeleton
project
and
we're
going
to
just
say
no
to
typescript
no
to
eslint
and.
A
No
to
prettier,
okay,
so
now
we've
got
a
app
kind
of
set
up
for
svelte,
so
we
can
just
do
yarn.
You
could
use
npm
install,
but
I
am
really
used
to
using
yarn
so
we'll
use
yarn
to
pull
down
all
the
dependencies
and
build,
and
then
we
can
use
yarn
dev
to
run
our
application
now
with
git
pod.
I'm
going
to
open
this
in
the
preview
window,
which
should
give
us
a
little
browser
view
of
the
app
and
we're
going
to
set
that
to
the
side,
see.
A
So
we'll
launch
the
browser
preview.
There
we
go
all
right.
So
now
we
got
a
nice
little
split
screen
and
you
know
we
can
say
welcome
to
so
off
save
and
we
refresh.
We
can
see
this
now.
The
hot
module
reload
is
not
quite
set
up
here,
but
it
will
reload
as
you'll
see,
but
there's
a
little
trick
with
get
pod
to
get
all
the
web
sockets
firing.
But
we're
not
going
to
worry
about
that
right
now,
because
we're
going
to
focus
on
off.
A
The
easiest
way
to
do
that
is,
go
to
github
and
go
to
your
icon
and
go
to
settings
and
it
will
default
you
to
a
profile
page.
What
you
want
to
do
is
click
developer,
settings,
click
on
oauth,
apps
and
then
new
oauth
app
and
just
give
it
a
name.
I'm
going
to
call
mine
authy,
because
that
sounds
cute,
but
give
it
a
name.
And
then
what
we
want
to
do
is
give
it
a
home
page,
url
and
a.
A
Callback,
so
our
homepage
url
we're
going
to
just
do
htp,
calling
localhost
3000
and
then
the
callback
we're
going
to
do.
Http,
localhost,
3000,
slash,
call
and
we're
going
to
register
the
application,
and
that
will
take
you
to
the
application
view
screen
and
what
we
want
to
do
is
get
the
client
id.
A
So
we
want
to
copy
this
number
here
and
we'll
just
do
copy
and
then
we'll
go
to
our
terminal
and
I'm
going
to
create
a
well
we'll
go
to
our
file
folders
in
vs
code
and
we'll
create
a
new
file
in
the
root
directory.
So
we
want
to
be
in
the
root
directory:
do
a
new
file
and
we'll
call
it
dot
emb
and
in
that
dot,
emv
file,
we'll
open
it
up.
A
Stick
it
on
the
tab
here
and
we're
going
to
type
vipe
client
id
equals
and
then
we're
going
to
paste
that
id
in
there
now
we're
using
the
prefix
byte,
because
sveltkit's
built
on
vite
and
in
order
for
us
to
see
the
environment
variables,
we
need
to
use
byte
and
then
we're
going
to
add
another
one,
we'll
call
it
by
dot.
Client
secret
equals
and
we're
going
to
go
back
to
our
oauth
application
and
we're
going
to
click
generate
a
new
client
secret.
A
A
Static
directory
and
the
config
file
and
yarn
dot
dot.
Okay,
so
really
the
only
thing
we
didn't
want
to
add
is
dot
emv
and
the
npm
rc,
which
we
could
add
that
if
we
wanted
to
so
we're
going
to
create
a
branch
by
checking
out
dash
b
and
we're
going
to
call
this
branch
setup
and
we'll
just
do
one
dash
setup.
I
think
that'll
work,
okay
and
we're
going
to
commit.
A
B
B
A
A
We
want
to
actually
use
that
on
the
server,
so
we're
going
to
use
the
endpoints
feature
of
spelt
kit
and
we're
going
to
create
a
file
called
login.js,
and
this
works
similarly
to
a
express
endpoint
if
you've
used
it's
the
express
framework
and
it
keeps
putting
these
files
over
here
up
over
here,
I
want
them
over
here.
Okay,
so
with
this,
if
we
do
slash,
login
swelt
kit
is
going
to
be
looking
for
a
particular
handler
function
in
this
file.
In
this
case,
a
get
and
you'll
notice
each
function
kind
of
matches
the
verb.
A
A
A
B
A
So
now,
since
I'm
running
in
gitpod,
I
need
to
change
my
oauth
settings
a
little
bit
because
the
url
that
it
is
actually
on
is
a
little
bit
different
than
if
you
were
running
this
on
your
local
machine.
So
here
the
url
is
like
beige,
narwhal,
blah
blah
blah.
So
I
need
to
go
and
change
my
application
settings
to
that.
Url.
A
And
the
same
thing
with
my
callback
there
all
right,
so
I
think
I'm
good
to
go
now.
If
everything
works
out.
This
will
redirect
me
to
the
login
of
the
github
oauth
application.
So
when
I
click
login
using
github,
you
just
refresh
just
to
make
sure
everything's
loaded
great.
So
now
it's
taken
my
client
and
it
recognizes
this
app
authy
and
it's
asking
if
I
want
to
authorize
and
if
I
hit
authorize
authy
will
be
able
to
see
any
of
my
public
data.
A
That's
it!
That's
all
we
wanted
to
see.
So,
let's
select
authorize
now
what's
going
to
happen,
is
it's
going
to
try
to
call
callback,
but
callback
doesn't
exist
and
it's
passing
this
code?
So
that's
our
next
step
is
that
we
need
to
handle
that
callback
coming
back
from
github
and
I'm
going
to
see
if
this
simple
browser
works
because
that'll
be
easier
than
switching
back
and
forth
yeah.
I
didn't
think
it
would
work.
Maybe
I
don't
know
I
don't
know
why
it
won't
work,
we'll
just
switch
back
and
forth.
A
B
B
A
B
A
Okay,
so
now
we
need
to
add
a
callback
endpoint,
just
like
we
did
with
the
login
endpoint
we're
going
to
create
a
new
file
in
source
routes.
We're
going
to
call
it
callback.js
and
callback
is
actually
going
to
get
called
from
the
github
endpoint,
but
we
need
to
catch
it
with
the
same
handler
that
we
added
for
the
login.js
file,
export
a
sync
function,
get
and
we'll
get
a
request
back
and
then
what
we
want
to
return
is
some
response
right
like
that.
A
So
we're
going
to
get
a
code
and
we're
going
to
use
that
code
in
our
client
and
secret
id
and
make
another
call
to
github
to
give
us
an
access
token.
So
that'll
be
this
three-legged
handshake
with
the
identity
server
so
that
we
can
access
the
api
so
we're
gonna.
Do
client
id
equals
import
meta
environment
by
client.
A
A
A
A
Those
are
all
the
headers
we
want
to
send.
Finally,
we
need
to
send
a
body
and
that
body
we're
going
to
go
ahead
and
stringify,
and
it's
going
to
be
the
client
id
and
that'll
be
our
client
id
and
the
client
secret
and
that'll
be
our
secret
and
then
finally,
our
code,
okay
and
when
it
comes
back,
it's
going
to
come
back
as
a
response.
A
B
A
A
A
A
Maybe
that'll
give
us
a
a
simple,
pretty
print
here.
Okay,
so
we've
got
our
main
screen.
We
hit
log
in
using
github
and
when
it
comes
back
we
get
the
user.
So
we
actually
get
the
login
user.
With
all
the
public
information
pretty
cool,
we
are
making
progress.
We
have
logged
into
github
using
our
application,
but
we
don't
want
to
print
the
user.
A
A
All
right,
let's
go
ahead
and
fire
up
well
we're
going
to
have
to
install
some
things.
Let's
don't
do
that
yet,
okay!
So
that's
our
callback,
pretty
cool!
We
get
a
code
back
from
github,
then
we
call
github
to
give
us
an
access
token,
and
then
we
use
that
token
to
get
our
user
and
now
we're
just
sort
of
printing
the
user
out.
A
But
what
we
really
want
to
do
is
set
up
a
session
and
we're
going
to
just
use
the
user
login
information
as
a
unique
identifier
to
indicate
that
there's
a
session.
So
we
can
kind
of
store
it
on
the
cookie
and
it
will
be
public
information,
but
it
won't
be
anything
that
anyone
could
use
to
access
anything.
So
it's
a
good
way
to
demo
this.
A
A
So
we're
going
to
create
a
new
file
called
hooks.js
and
in
that
new
file,
we're
going
to
create
a
handler
called
export
sync
function,
handle
and
this
handler
will
be
a
middleware
kind
of
feature
where
we
can
do
some
stuff
before
the
request
goes
to
one
of
our
endpoints
and
then,
when
it's
resolved
we
can
do
some
stuff.
After
so
when
the
handle
gets
called.
It
gives
us
an
object,
and
on
that
object
we
have
a
request,
object
and
a
resolve
function.
A
Await
resolve
request
and
that
function
actually
will
do
all
the
processing
that's
going
on
now,
so
that
functional,
depending
on
the
route,
go
to
the
right
route,
whether
it's
login
index
or
callback,
and
that's
going
to
happen
when
we
call
resolve
requests.
So
here
we
can
kind
of
do
stuff
before
that,
and
here
we
can
do
stuff
after
so.
A
The
first
thing
we
want
to
do
is
set
a
cookie.
So
after
this
response
we
want
to
set
an
http
only
cookie,
which
can
only
be
modified
in
the
server
but
does
go
to
the
client
and
comes
back
so
we're
going
to
call
response.headers
and
we're
going
to
say,
set
cookie
and
we're
going
to
set
that
equal
to
a
string,
and
that
string
is
going
to
have
a
user
and
we're
going
to
need
something
here
and
then
it's
going
to
have
a
path.
A
A
A
A
A
Okay,
that
should
give
us
enough
to
see
how
this
thing
works
or
to
debug
any
bugs
that
we've
created
here
all
right,
so
we're
running
our
server.
And
now,
if
we
go
back
to
the
main
page,
we
should
get.
You
know
our
button
and
we
click
our
button.
We're
going
to
do
our
authentication,
it's
going
to
go
to
the
callback
it's
going
to
set
the
cookie
and
then
it's
going
to
come
back
to
the
screen.
So
if
everything
works
right,
it's
going
to
look
like
nothing
happened,
right,
go
figure!
A
So
let's
try
that
log
in
we
click
does
some
stuff
and
it
comes
back
here.
So
that's
a
good
sign.
That
means
nothing
happened,
and
here
we're
logging,
this
user
cookie,
and
you
can
see
it's
undefined,
it's
empty
empty
and
oh
there
it
is
t
wilson
63.,
so
the
cookie
was
set
and
when
it
came
back
a
second
time
to
show
the
main
page
from
the
redirect,
we
can
see
that
it's
set
in
this
cookie
user's
thing.
A
A
Request.Locals.User
equals
cookies.user
right
and
now
we
can
kind
of
pass
that
around.
So
now,
when
we
go
to
another
page,
we
can
access
that
as
a
session,
but
there's
one
more
step
to
get
there
and
that's
still
in
this
hooks
file.
We
need
to
add,
what's
called
a
get
session
function
and
this
get
session
function
basically
allows
us
to
pull
anything
from
the
request
and
add
it
in
a
little
session
object
so
that
it's
just
easier
to
get
at
in
our
page
routes.
So,
let's
create
that.
A
A
A
A
That
session
comes
straight
from
that
get
session
and
then
we're
going
to
just
return
some
props
and
we'll
call
it
user
and
set
it
to
session
user
like
that,
pretty
cool.
So
if
all
that
worked,
we
should
see
my
login
name
on
the
main
page.
So
if
we
hit
refresh-
and
we
don't
so-
let's
log
in
with
github-
and
we
do
cool
so
welcome-
t
wilson,
63
and
then
we
have
log
out
which
log
out
is
not
found
pretty
cool
and
now,
if
we
refresh
we're
logged
in
right,
which
is
really
nice.
A
B
A
Like
so
cool
okay,
so
we
got
a
log
out
button.
Let's
implement
a
log
out
endpoint
handler
and
that's
super
easy,
probably
have
an
idea
of
how
to
do
that
now.
So
we
in
our
routes,
folder,
we
create
a
logout.js
file
and
in
that
logout.js
file,
we're
going
to
export
a
sync
function
called
get
and
it's
going
to
take
a
request
object
and
what
we
want
to
do
is.
A
Let's
see
we
want
to
just
go
back
to
the
home
page,
okay,
so
that's
going
to
clear
out
that
local
user,
then
it's
going
to
come
into
our
hooks,
handle
method
and
in
this
case
local
user
will
be
null.
So
that's
going
to
make
it
blank
so
set
cookie.
Will
blank
out
the
username
return,
the
response
and
then,
when
it
reloads
the
home
page,
it's
going
to
parse
the
cookie
header
and
it's
going
gonna
find
that
it's
blank,
so
this
cookies
will
be
undefined
and
we
could
just
make
it
a
little
bit
clearer.
A
A
B
B
A
A
B
A
Okay,
so
that's
pretty
much
it
the
one
last
thing
I
want
to
show
you
is
how
you
might
go
about
protecting
a
list
of
routes
right,
so
you
may
have
a
set
of
routes
like
an
admin
section
or
a
pacific
section
that
you
want
to
protect
or
maybe
pacific
routes
you
want
to
protect,
or
vice
versa.
You
may
only
want
some
routes
unprotected
and
everything
else
protected.
A
So,
instead
of
going
to
each
page
and
doing
a
check
like
if
user,
you
know
every
single
time,
you
can
take
advantage
of
the
svelte
kit
layout
page,
which
wraps
all
the
pages
in
the
route.
So
we
can
create
a
new
file
and
we
do
underscore
underscore
layout.js
and
this
file
actually
wraps
around
all
of
the
page
requests.
A
A
A
A
But
if
we
go
home
and
we
log
in
and
then
we
go
to
an
admin
page,
we
can
check
that
and
you
can
definitely
play
around
with
that
and
see
how
it
goes
and-
and
you
can
do
all
kinds
of
things-
we're
just
using
a
regex
and
test.
But
you
could
do
an
array
of
pass
and
doing
includes
you
know
what
whatever
you
want
to
do
there,
but
that
should
give
you
some
idea
on
how
you
can
protect
your
your
routes
and
then
your
endpoints.
A
A
A
Really
nice
well
thought
out,
process
between
server
and
client
not
allow
you
to
operate
in
both
contexts
within
components
and
endpoints
and
give
you
just
a
really
simple
kind
of
set
of
functions
in
this
hooks
object
to
manage
kind
of
some
of
these
pieces,
so
give
it
a
try.
Let
me
know
what
you
think
and
yeah.
I
hope
you
have
fun
with
it.
Thanks
for
your
time,
see
you.