@lovable.dev/cloud-auth-js
Advanced tools
OAuth authentication library for Lovable projects.
npm install @lovable.dev/cloud-auth-js
Client setup:
import { newAuthClient } from "@lovable.dev/cloud-auth-js";
export const authClient = newAuthClient();
export const { signIn, signOut } = authClient;
TanStack Start route setup:
import { createFileRoute } from "@tanstack/react-router";
import { registerAuthRoutes } from "@lovable.dev/cloud-auth-js/server";
export const Route = createFileRoute("/api/auth/$")(registerAuthRoutes());
Sign in with the Lovable OAuth provider:
await authClient.signInWithLovable({
// Redirects here after successful authentication.
callbackURL: "/account",
});
signInWithLovable uses redirect mode outside an iframe and popup mode in live preview. Pass mode: "redirect" or mode: "popup" to force a flow.
Server env vars:
| Name | Description |
|---|---|
LOVABLE_TENANT_ID | Lovable tenant ID. |
LOVABLE_OAUTH_CLIENT_ID | Lovable OAuth client ID. |
LOVABLE_OAUTH_CLIENT_SECRET | Lovable OAuth client secret. |
LOVABLE_AUTH_SECRET | Secret used to sign auth cookies and tokens. |
LOVABLE_AUTH_TRUSTED_ORIGINS | Comma-separated trusted origins. |
import { createLovableAuth } from "@lovable.dev/cloud-auth-js";
import { supabase } from "./supabase/client";
const lovableAuth = createLovableAuth();
// Sign in with OAuth
const result = await lovableAuth.signInWithOAuth("google");
if (result.redirected) {
// Page is redirecting to OAuth provider
return;
}
if (result.error) {
console.error("Sign in failed:", result.error.message);
return;
}
await supabase.auth.setSession(result.tokens);
createLovableAuth(config?)Creates a Lovable auth instance.
Config options:
| Option | Type | Default | Description |
|---|---|---|---|
oauthBrokerUrl | string | "/~oauth/initiate" | OAuth broker initiate URL |
supportedOAuthOrigins | string[] | ["https://oauth.lovable.app"] | Allowed origins for OAuth postMessage |
signInWithOAuth(provider, options?)Initiates OAuth sign-in flow.
Parameters:
| Parameter | Type | Description |
|---|---|---|
provider | "google" | "apple" | OAuth provider |
options.redirect_uri | string | Custom redirect URI (defaults to window.location.origin) |
options.extraParams | Record<string, string> | Additional params to send to the OAuth broker |
Returns: Promise<SignInWithOAuthResult>
interface OAuthTokens {
access_token: string;
refresh_token: string;
}
interface LovableAuthConfig {
oauthBrokerUrl?: string;
supportedOAuthOrigins?: string[];
}
interface SignInWithOAuthOptions {
redirect_uri?: string;
extraParams?: Record<string, string>;
}
type SignInWithOAuthResult =
| { tokens: OAuthTokens; error: null; redirected?: false }
| { tokens?: undefined; error: Error; redirected?: false }
| { tokens?: undefined; error: null; redirected: true };
MIT
FAQs
Lovable Cloud Auth JS
The npm package @lovable.dev/cloud-auth-js receives a total of 820,670 weekly downloads. As such, @lovable.dev/cloud-auth-js popularity was classified as popular.
We found that @lovable.dev/cloud-auth-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
TrapDoor crypto stealer hits 36 malicious packages across npm, PyPI, and Crates.io, targeting crypto, DeFi, AI, and security developers.
Research
/Security News
Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets.
Security News
Socket found a malicious postinstall hook across 700+ GitHub repos, including PHP packages on Packagist and Node.js project repositories.