SSR Requirements

A version of light-auth is currently in development for client-side only applications, with providers compatible with the PCKSE protocol.
This version will be available soon, but for now, please use the SSR version of light-auth.

Understanding when you should use Light-Auth, and when not.

SSR-Only Authentication Framework

Light-Auth is specifically designed to work with frameworks that support server-side rendering (SSR). This architectural decision ensures secure authentication flows, proper cookie handling, and protection of sensitive credentials.

Compatible Frameworks

Next.js

Next.js

App Router and Pages Router

Astro

Astro

With SSR mode enabled

Nuxt.js

Nuxt.js

Vue-based SSR framework

SvelteKit

SvelteKit

Svelte-based SSR framework

Express

Express

Node.js web application framework

Why SSR is recommend ?

1

Secure Credential Handling

OAuth client secrets and tokens must be handled server-side to prevent exposure in client-side code.

2

HTTP-Only Cookies

Light-Auth uses HTTP-only cookies for session management, which require server-side processing.

3

OAuth Callback Handling

OAuth authentication flows require server endpoints to handle callbacks and token exchanges.

4

Token Refresh

Automatic token refresh mechanisms require server-side processing to securely store and update tokens.

Not Compatible with Client-Side Only Applications

Light-Auth is not compatible with client-side only applications built with frameworks like:

FrameworkTypeCompatibility
React with ViteClient-side onlyNot Compatible
Create React AppClient-side onlyNot Compatible
Vue with ViteClient-side onlyNot Compatible
Static Site GeneratorsPre-rendered static sitesNot Compatible
A version of light-auth is currently in development for client-side only applications, with providers compatible with the PCKSE protocol.