SvelteKit

Authentication for SvelteKit

Add auth with a single handle hook, server helpers, and a tiny vanilla client bootstrap — no UI-framework peer dependency required. Authdog reads the session on the server, the way SvelteKit intends.

Start building Read the docs

Session handle

src/hooks.server.ts

// src/hooks.server.ts
import { createAuthdogHandle } from "@authdog/sveltekit/server"
 
export const handle = createAuthdogHandle({
  publicKey: import.meta.env.PUBLIC_AUTHDOG_PUBLIC_KEY,
})

Built on web fundamentals

Everything SvelteKit apps need

A server handle and helpers that resolve sessions per request — with no UI-framework lock-in.

Session handle hook

Wire createAuthdogHandle once in hooks.server.ts and every request gets event.locals.authdog — a typed session resolved on the server, per request.

No UI-framework lock-in

A framework-agnostic handle plus a tiny vanilla client bootstrap means no extra peer dependency — it works across your whole SvelteKit app.

Server helpers

createAuthdogServer() resolves the full user on demand in +page.server.ts loads, form actions, and endpoints, and handles logout from a server route.

Secure by default

Tokens are validated against the trusted identity host and sessions ride secure, HTTP-only cookies read only on the server — never the browser.

Typed locals

Augment App.Locals once and event.locals.authdog is fully typed across your loads, actions, and endpoints — autocomplete for the session everywhere.

SSR ready

Built for SvelteKit's SSR model so the handle reads the session cookie on every request before your route renders — no protected content flash.

Read the session in a load

Auth from event.locals

The handle populates event.locals.authdog on every request, so any +page.server.ts load can branch on isAuthenticated or resolve the full user on demand — no providers, no client-side token handling.

+page.server.ts

// src/routes/profile/+page.server.ts
import { createAuthdogServer } from "@authdog/sveltekit/server"
 
export const load = async ({ request, locals }) => {
  const user = locals.authdog.isAuthenticated
    ? await authdog.getUser(request) : null
  return { user: user?.user ?? null }
}

Ship auth, not boilerplate

Authdog's SvelteKit integration resolves the session in the handle and exposes it through typed locals, so protecting a route is a single check.

1 hook

To resolve sessions everywhere

UI-framework peer dependencies

The handle and vanilla client bootstrap are framework-agnostic, so auth works across your whole SvelteKit app.

<1ms

Session read per request

The session cookie is parsed and verified in the handle before your route renders, so protected content never flashes.

Add auth to your SvelteKit app.

Install the SDK, wire up the handle, and read the session from event.locals today. Free to start, with secure defaults built in.

Start Building