Goodbye Lucia Auth - hello NextJs?

I have been building web applications using Svelte and SvelteKit for most of the year (ca. 7 months) now. I really like SvelteKit and for be as a relative beginner with programming it felt rather natural.

You can easily code frontend and backend in JavaScript, have everything together in one codebase and easily deploy it. I deployed my apps on Cloudflare, Vercel, my own VPS, Digital Ocean, and Fly.io. Doing that with Svelte was super super easy. I wrote more about that a while ago here: Ever Increasing Power

Searching for the perfect tech stack

Like probably most beginners, I spent a considerable amount of time looking for the perfect tech stack. As they say, the grass is always greener on the other side. If you spend some time on X you see so many posts of people praising their own tech stack and pointing out the downsides of other frameworks, programming languages, packages, etc.

The issue is that the web seems to evolve very very fast. Especially with the wave of AI use cases, websites are not the same as they were just 12 months ago.

I also spent hours and hours looking for the perfect authentication solution for my SvelteKit apps. I thought I had found the ideal solution when I set up Supabase auth for two of my apps cattabu.com and eLearning Translator. The set up for Sign in with Google, GitHub and Magic Link was easy and worked well. At least until some users couldn’t log in because their magic links had been pre-checked by their (corporate) security softwares. This invalidated the links and didn’t let them log in. While there are workarounds, none of them made sense to me. I also struggled with the Supabase documentation and official tutorials which caused errors, even when using the tutorial line by line. Searching GitHub issues showed me that I wasn’t alone with this.

Hello, Lucia!

So then I decided to really learn about authentication and build a fool-proof auth solution using Lucia. If you look on Reddit, X, etc. most people seem to love Lucia especially with SvelteKit, so I thought I should give it a try as well. Lucia is a very barebones auth package which let’s you forces you to build most things like rate limiting or database schemas yourself. So far so good. I started building my own boilerplate for a login code and social login interface. This was a fun project while I was on holiday and spent a little time in the evenings when I felt like it. I almost finished it, before I read that Lucia is being deprecated in early 2025: https://github.com/lucia-auth/lucia/discussions/1707 The library will no longer supported and the creator @pilcrowonpaper (whom I admire for his work and efforts) will continue to work on a kind of educational version of Lucia which let’s you build most of the auth library yourself. At least that’s how I currently understand it.

I feel like that’s not the way I will be going with my apps in the future. I’d rather like to have an opinionated auth library which I can trust, even as a relative beginner.

So what’s next(js)?

• I don’t trust the Supabase Documentation enough to use it for future projects with SvelteKit.
• Lucia is being shut down.
• AuthJs is still in “experimental” state for SvelteKit.
• Hosted providers like Clerk.dev don’t have a SvelteKit SDK.

I haven’t fully decided yet, but I may switch to NextJs and use Clerk for authentication since I don’t want to spend years searching for the best tech stack that has no users (because I never get to build it big).