Sveltekit starter template featuring Passkeys, Social Login (Apple & Google), CRUD operations and more...
Demo (Daisy UI) | Demo (Preline) | Demo (Shadcn)
- 🔑 Passkey registration and authentication
- 📱 Apple sign in
- ☝️ Google sign in / one-tap
- 📪 Mailbox verification (via a one time code or link)
- 💾 CRUD operations via Prisma
- 🌘 Dark mode with theme selection (light/dark/system)
- 🚀 Daisy UI, Preline & Shadcn/UI variants
passlock-demo.mp4
Creating a new account and passkey
Shadcn/ui variant (dark mode)
- Passlock - Serverless passkey platform
- Superforms - Makes form handling a breeze
- Lucia - Robust session management
- Prisma ORM - Typescript ORM
- Tailwind - Utility-first CSS framework
- Daisy UI = Tailwind UI library
- Preline UI - Tailwind UI library 1
- Shadcn UI - Tailwind components for Svelte
- Melt UI - Headless component library for Svelte
[1] Uses native Svelte in place of Preline JavaScript
- Node 18+
- pnpm (optional)
- This example project uses the cloud based Passlock framework for passkey registration and authentication. Passlock is free for personal and commercial use. Create an account at https://passlock.dev
Use the CLI to create a SvelteKit app. Choose from Daisy, Preline or Shadcn variants
pnpm create @passlock/sveltekitThen follow the instructions:
- PUBLIC_PASSLOCK_TENANCY_ID
- PUBLIC_PASSLOCK_CLIENT_ID
- PUBLIC_APPLE_CLIENT_ID (optional) 1
- PUBLIC_APPLE_REDIRECT_URL (optional) 1
- PUBLIC_GOOGLE_CLIENT_ID (optional) 1
- PASSLOCK_API_KEY
[1] If not using Apple/Google set to an empty string
Note
Your Passlock Tenancy ID, Client ID and API Key (token) can be found in your Passlock console under settings and API Keys.
Update your .env file with the relevant credentials.
Tip
Alternatively you can download a ready made .env file from your passlock console settings
Tenancy information -> Vite .env -> Download
pnpm run dev
Note: by default this app runs on port 5174 when in dev mode (see vite.config.ts)
Navigate to the home page page and complete the form. Assuming your browser supports passkeys (most do), you should be prompted to create a passkey.
Logout then navigate to the login page. You should be prompted to authenticate using your newly created passkey.
Tip
Prompting for an email address during authentication is optional but highly recommended.
Imagine the user hasn't created a passkey, or they signed up using a social provider. When they try to sign in using a passkey you might expect that they would receive an error telling them that no passkey can be found. Unfortunately that's not how browsers behave. Instead the browser/device will prompt them to use a passkey from a different device. In my experience this confuses 90% of users.
By asking for an email address we can check if they have a passkey registered in the backend or they have a linked social account. This allows us to display a helpful message telling them to either sign up or login using their Google credentials.
This template also supports Social Login from both Apple and Google..
Allow your users to register/sign in using a Google account. The app uses the latest sign in with google code, avoiding redirects.
- Obtain your Google API Client ID
- Update your
.envor.env.localto include aPUBLIC_GOOGLE_CLIENT_IDvariable. - Record your Google Client ID in your Passlock settings under
Social Login -> Google Client ID
Important
Don't forget the last step!
If all went well you should be able to register an account and then sign in using your Google credentials.
IMPORTANT! If you previously used the same email address with another authenticator (i.e. passkey or apple), you'll need to first delete the user in your Passlock console. This app doesn't yet support account linking (but it's coming in a couple of weeks)
Similar to Google, users can sign in using an Apple account, however there are a few more steps and gotchas to be aware of...
- You need a (paid) Apple developer account
- You must have an App ID, however you don't need an app, just a registered App ID
- You can't test using localhost, you'll need to tunnel a public, https url to your local server using something like ngrok
- We need to pass a redirect URL to Apple, even though we're not using redirects 🤯. In practice this means registering
https://mysite.comwith Apple and using it forPUBLIC_APPLE_REDIRECT_URL. Everything will work, even onhttps://mysite.com/login - Apple only returns user data for the first call. In normal use this isn't an issue, but if during testing you delete your account and register again, you will also need to break the link in your apple account. Go to https://appleid.apple.com ->
Sign in with Apple -> Passlock Demo -> Stop using Sign in with Apple
- Create an Apple App ID with "Sign in with Apple" enabled
- Create an Apple Service ID with "Sign in with Apple" enabled
- Register the relevant website domains and redirect URLs with the service account
- Update your
.envor.env.localto include thePUBLIC_APPLE_CLIENT_IDandPUBLIC_APPLE_REDIRECT_URLvariables. - Record your Apple Client ID in your Passlock settings: Social Login -> Apple Client ID
If all went well you should be able to register an account and sign in using your Apple id.
IMPORTANT! If you previously used the same email address with another authenticator (i.e. passkey or Google), you'll need to first delete the user in your Passlock console. This app doesn't yet support account linking (but it's coming in a couple of weeks)
This app also supports mailbox verification emails (via Passlock):
You can choose to verify an email address during passkey registration. Take a look at src/routes/(other)/+page.svelte:
// Email a verification link
const verifyEmailLink: VerifyEmail = {
method: 'link',
redirectUrl: String(new URL('/verify-email', $page.url))
}
// Email a verification code
const verifyEmailCode: VerifyEmail = {
method: 'code'
}
// If you want to verify the user's email during registration
// choose one of the options above and take a look at /verify/email/+page.svelte
let verifyEmail: VerifyEmail | undefined = verifyEmailCodeSee the emails section of your Passlock console
Please file an issue and I'll respond ASAP.