Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@convex-dev/convex-lucia-auth

Package Overview
Dependencies
Maintainers
13
Versions
5
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@convex-dev/convex-lucia-auth

Convex database adapter for Lucia Auth

  • 0.0.5
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
13
Created
Source

Convex Database Adapter + UI for Lucia Auth Library

This library enables authentication built entirely on top of Convex without any third-party platform. It uses Lucia for the authentication logic.

Screenshot of the app

Features:

  • Without any additional setup, you can sign in with an email+password combination
  • Sign out button
  • Session is preserved in localStorage
  • Passwords are securely hashed

This integration works! You can see a production deployment at this live site: https://get-convex.github.io/convex-lucia-auth-demo/.

Install

npm install @convex-dev/convex-lucia-auth

Checkout Docs for how to integrate the library into your app.

Deploying to production

In your production deployment's settings page configure this variable:

  • LUCIA_ENVIRONMENT=PROD

Note on CSRF protection

The React components use localStorage for storing the secret sessionId. This means that sessions are only preserved on pages served on the same subdomain, such as foo.example.com or username.github.io. This prevents CSRF attacks.

This does though invite an XSS attack. Make sure your app is not susceptable to XSS.

Convex currently doesn't support accessing cookies in queries and mutations, so cookie-based authentication can only be used in Convex HTTP actions.

What is Convex?

Convex is a hosted backend platform with a built-in database that lets you write your database schema and server functions in TypeScript. Server-side database queries automatically cache and subscribe to data, powering a realtime useQuery hook in our React client. There are also Python, Rust, ReactNative, and Node clients, as well as a straightforward HTTP API.

The database support NoSQL-style documents with relationships and custom indexes (including on fields in nested objects).

The query and mutation server functions have transactional, low latency access to the database and leverage our v8 runtime with determinism guardrails to provide the strongest ACID guarantees on the market: immediate consistency, serializable isolation, and automatic conflict resolution via optimistic multi-version concurrency control (OCC / MVCC).

The action server functions have access to external APIs and enable other side-effects and non-determinism in either our optimized v8 runtime or a more flexible node runtime.

Functions can run in the background via scheduling and cron jobs.

Development is cloud-first, with hot reloads for server function editing via the CLI. There is a dashbord UI to browse and edit data, edit environment variables, view logs, run server functions, and more.

There are built-in features for reactive pagination, file storage, reactive search, https endpoints (for webhooks), streaming import/export, and runtime data validation for function arguments and database data.

Everything scales automatically, and it’s free to start.

Keywords

FAQs

Package last updated on 15 May 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc