Support SvelteKit for getAuthCookieString and associated functions

[kbrgl]

Feature request

Support SvelteKit for getAuthCookieString and associated functions.

Is your feature request related to a problem? Please describe.

A breaking change in SvelteKit broke getAuthCookieString, setAuthCookie, deleteAuthCookie, etc. (sveltejs/kit#3384). This means server-side auth on SvelteKit is effectively broken, although you can use a workaround (supabase/supabase#5218).

Describe the solution you'd like

Support native fetch Request objects directly. One implementation approach may be to "expressify" these native requests by constructing a mock object which allows interop with the existing methods.

Describe alternatives you've considered

supabase/supabase#5218

[kbrgl]

Happy to send a PR if necessary, but before I do I think this feature warrants a discussion on what the API will look like.

[mayank99]

Worth mentioning that this is about more than just sveltekit. The web fetch API is the standard all new frameworks/runtimes (remix, astro, cloudflare workers, bun, fresh) seem to be adopting. I wouldn't be surprised if even Next.js does the same in a future release; they are already doing that for their new edge functions.

By supporting the fetch API, supabase would automatically add support for all of these.

[silentworks]

These methods are specific to this library being used with the Supabase stack, it doesn't break SvelteKit as you can construct, get and delete the cookie in your own application with your own methods. One of the methods is even marked that it is to work with Next and express. https://github.com/supabase/gotrue-js/blob/36856e719d16a71bc1fbef49dcde0d98df52e164/src/GoTrueApi.ts#L487-L488 If you need this functionality out of the box take a look at https://github.com/supabase-community/auth-helpers/tree/main/packages/sveltekit

[kbrgl]

Thanks for sharing the auth-helpers repo!

Would it be possible to get official documentation on how to construct, get, and delete the cookie on a custom stack like SvelteKit?

Currently, the Supabase docs set up an expectation of feature parity between SvelteKit and Next.js since Next.js isn't officially endorsed anywhere on the website. However, it was surprising as a user to find that a lot of the login code doesn't directly translate between the two stacks. It's difficult to write custom auth logic without reading the internal code of Supabase packages, which kind of defeats the purpose of using Supabase. Official docs about how Supabase expects your auth logic to be organized would go a long way towards making Supabase (even more!) ergonomic on other stacks.

[silentworks]

Thanks for sharing the auth-helpers repo!

Would it be possible to get official documentation on how to construct, get, and delete the cookie on a custom stack like SvelteKit?

Currently, the Supabase docs set up an expectation of feature parity between SvelteKit and Next.js since Next.js isn't officially endorsed anywhere on the website. However, it was surprising as a user to find that a lot of the login code doesn't directly translate between the two stacks. It's difficult to write custom auth logic without reading the internal code of Supabase packages, which kind of defeats the purpose of using Supabase. Official docs about how Supabase expects your auth logic to be organized would go a long way towards making Supabase (even more!) ergonomic on other stacks.

I will be changing the way how we do this in the auth-helpers project, you will be able to follow from that. But since this isn't library related code as this piece of code doesn't stop you from using this library with SvelteKit I don't think it's an issue.

[J0]

Hey team,

Going to close this issue as it has gone stale. Feel free to re-open / let me know if still relevant though

[mayank99]

afaict, the original issue wasn't addressed, but there is now an SSR package for all frameworks https://supabase.com/docs/guides/auth/server-side/email-based-auth-with-pkce-flow-for-ssr?framework=sveltekit