chore(release): bump package version(s) [skip ci]

* fix(frameworks): run check before building for @auth/sveltekit

* run format

.eslintrc.js

@@ -18,6 +18,7 @@ module.exports = {
       parserOptions: {
         project: [
           path.resolve(__dirname, "./packages/**/tsconfig.eslint.json"),
+          path.resolve(__dirname, "./packages/frameworks/**/tsconfig.json"),
           path.resolve(__dirname, "./apps/**/tsconfig.json"),
         ],
       },

.gitignore

@@ -86,3 +86,12 @@ packages/core/index.*
 packages/core/jwt
 packages/core/lib
 packages/core/providers
+
+
+# SvelteKit
+packages/frameworks-sveltekit/index.*
+packages/frameworks-sveltekit/client.*
+packages/frameworks-sveltekit/.svelte-kit
+packages/frameworks-sveltekit/package
+packages/frameworks-sveltekit/vite.config.js.timestamp-*
+packages/frameworks-sveltekit/vite.config.ts.timestamp-*

apps/playground-sveltekit/.eslintignore

@@ -0,0 +1,13 @@
+.DS_Store
+node_modules
+/build
+/.svelte-kit
+/package
+.env
+.env.*
+!.env.example
+
+# Ignore files for PNPM, NPM and YARN
+pnpm-lock.yaml
+package-lock.json
+yarn.lock

apps/playground-sveltekit/.eslintrc.cjs

@@ -1,24 +1,20 @@
 module.exports = {
-  root: true,
+	root: true,
-  parser: "@typescript-eslint/parser",
+	parser: '@typescript-eslint/parser',
-  extends: [
+	extends: ['eslint:recommended', 'plugin:@typescript-eslint/recommended', 'prettier'],
-    "eslint:recommended",
+	plugins: ['svelte3', '@typescript-eslint'],
-    "plugin:@typescript-eslint/recommended",
+	ignorePatterns: ['*.cjs'],
-    "prettier",
+	overrides: [{ files: ['*.svelte'], processor: 'svelte3/svelte3' }],
-  ],
+	settings: {
-  plugins: ["svelte3", "@typescript-eslint"],
+		'svelte3/typescript': () => require('typescript')
-  ignorePatterns: ["*.cjs", "build/**/*"],
+	},
-  overrides: [{ files: ["*.svelte"], processor: "svelte3/svelte3" }],
+	parserOptions: {
-  settings: {
+		sourceType: 'module',
-    "svelte3/typescript": () => require("typescript"),
+		ecmaVersion: 2020
-  },
+	},
-  parserOptions: {
+	env: {
-    sourceType: "module",
+		browser: true,
-    ecmaVersion: 2020,
+		es2017: true,
-  },
+		node: true
-  env: {
+	}
-    browser: true,
+};
-    es2017: true,
-    node: true,
-  },
-}

apps/playground-sveltekit/.gitignore

@@ -6,3 +6,7 @@ node_modules
 .env
 .env.*
 !.env.example
+.vercel
+.output
+vite.config.js.timestamp-*
+vite.config.ts.timestamp-*

apps/playground-sveltekit/.prettierignore

@@ -0,0 +1,13 @@
+.DS_Store
+node_modules
+/build
+/.svelte-kit
+/package
+.env
+.env.*
+!.env.example
+
+# Ignore files for PNPM, NPM and YARN
+pnpm-lock.yaml
+package-lock.json
+yarn.lock

apps/playground-sveltekit/.prettierrc

@@ -0,0 +1,6 @@
+{
+  "semi": false,
+  "plugins": ["prettier-plugin-svelte"],
+  "pluginSearchDirs": ["."],
+  "overrides": [{ "files": "*.svelte", "options": { "parser": "svelte" } }]
+}

apps/playground-sveltekit/package.json

@@ -1,43 +1,37 @@
 {
-  "name": "sveltekit-nextauth",
+	"name": "sveltekit-nextauth",
-  "private": true,
+	"private": true,
-  "version": "0.0.1",
+	"version": "0.0.1",
-  "scripts": {
+	"scripts": {
-    "dev": "vite dev",
+		"dev": "vite dev",
-    "build": "vite build",
+		"build": "vite build",
-    "preview": "vite preview",
+		"preview": "vite preview",
-    "start": "HOST=127.0.0.1 PORT=5173 ORIGIN=http://localhost:5173 node ./build",
+		"check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
-    "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
+		"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch"
-    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
+	},
-    "lint": "prettier --check . && eslint .",
+	"devDependencies": {
-    "format": "prettier --write ."
+		"@fontsource/fira-mono": "^4.5.10",
-  },
+		"@neoconfetti/svelte": "^1.0.0",
-  "devDependencies": {
+		"@sveltejs/adapter-auto": "next",
-    "@sveltejs/adapter-auto": "^1.0.0-next.80",
+		"@sveltejs/kit": "next",
-    "@sveltejs/adapter-node": "1.0.0-next.96",
+		"@types/cookie": "^0.5.1",
-    "@sveltejs/kit": "1.0.0-next.511",
+		"@typescript-eslint/eslint-plugin": "^5.45.0",
-    "@types/cookie": "^0.5.1",
+		"@typescript-eslint/parser": "^5.45.0",
-    "@typescript-eslint/eslint-plugin": "^5.35.1",
+		"eslint": "^8.28.0",
-    "@typescript-eslint/parser": "^5.35.1",
+		"eslint-config-prettier": "^8.5.0",
-    "eslint": "^8.22.0",
+		"eslint-plugin-svelte3": "^4.0.0",
-    "eslint-config-prettier": "^8.5.0",
+		"prettier": "^2.8.0",
-    "eslint-plugin-svelte3": "^4.0.0",
+		"prettier-plugin-svelte": "^2.8.1",
-    "prettier": "^2.7.1",
+		"svelte": "^3.54.0",
-    "prettier-plugin-svelte": "^2.7.0",
+		"svelte-check": "^2.9.2",
-    "svelte": "^3.49.0",
+		"tslib": "^2.4.1",
-    "svelte-check": "^2.8.1",
+		"typescript": "^4.9.3",
-    "svelte-preprocess": "^4.10.7",
+		"vite": "^4.0.0"
-    "tslib": "^2.4.0",
+	},
-    "typescript": "~4.8.2",
+	"dependencies": {
-    "vite": "^3.1.0"
+		"cookie": "0.5.0",
-  },
+		"@auth/core": "workspace:*",
-  "type": "module",
+		"@auth/sveltekit": "workspace:^"
-  "dependencies": {
+	},
-    "cookie": "0.5.0",
+	"type": "module"
-    "next-auth": "latest"
-  },
-  "prettier": {
-    "semi": false,
-    "singleQuote": false
-  }
 }

apps/playground-sveltekit/src/app.d.ts

@@ -1,4 +1,5 @@
 /// <reference types="@sveltejs/kit" />
+/// <reference types="next-auth-sveltekit" />
 import type {
   User as NextAuthUser,
   Session as NextAuthSession,
@@ -18,7 +19,8 @@ interface AppSession extends NextAuthSession {
 declare global {
   declare namespace App {
     interface Locals {
-      session: AppSession
+      // session: AppSession
+      getSession: () => Promise<AppSession>
     }
 
     interface Platform {}

apps/playground-sveltekit/src/app.html

@@ -2,10 +2,11 @@
 <html lang="en">
   <head>
     <meta charset="utf-8" />
-    <link rel="icon" href="%sveltekit.assets%/favicon.png" />
+    <link rel="icon" href="%sveltekit.assets%/favicon.ico" />
     <meta name="viewport" content="width=device-width" />
     %sveltekit.head%
   </head>
+
   <body>
     <div>%sveltekit.body%</div>
   </body>

apps/playground-sveltekit/src/hooks.server.ts

@@ -1,14 +1,7 @@
-import type { Handle } from "@sveltejs/kit"
+import SvelteKitAuth from "@auth/sveltekit"
-import { getServerSession, options as nextAuthOptions } from "$lib/next-auth"
+import GitHub from "@auth/core/providers/github"
+import { GITHUB_ID, GITHUB_SECRET } from "$env/static/private"
 
-export const handle: Handle = async function handle({
+export const handle = SvelteKitAuth({
-  event,
+  providers: [GitHub({ clientId: GITHUB_ID, clientSecret: GITHUB_SECRET })],
-  resolve,
+})
-}): Promise<Response> {
-  const session = await getServerSession(event.request, nextAuthOptions)
-  if (session) {
-    event.locals.session = session
-  }
-
-  return resolve(event)
-}

apps/playground-sveltekit/src/lib/SignInButton.svelte

@@ -0,0 +1,12 @@
+<script lang="ts">
+  export let provider: any
+</script>
+
+<form action={provider.signinUrl} method="POST">
+  {#if provider.callbackUrl}
+    <input type="hidden" name="callbackUrl" value={provider.callbackUrl} />
+  {/if}
+  <button type="submit" class="button">
+    <slot>Sign in with {provider.name}</slot>
+  </button>
+</form>

apps/playground-sveltekit/src/lib/next-auth.ts

@@ -1,144 +0,0 @@
-import type { ServerLoadEvent } from "@sveltejs/kit"
-import type { RequestInternal } from "next-auth"
-import type { NextAuthAction, NextAuthOptions } from "next-auth/core/types"
-import type { OutgoingResponse as NextAuthResponse } from "next-auth/core"
-import { NextAuthHandler } from "next-auth/core"
-import GithubProvider from "next-auth/providers/github"
-import cookie from "cookie"
-import {
-  GITHUB_CLIENT_ID,
-  GITHUB_CLIENT_SECRET,
-  NEXTAUTH_SECRET,
-} from "$env/static/private"
-import { PUBLIC_NEXTAUTH_URL } from "$env/static/public"
-
-// @ts-expect-error import is exported on .default during SSR
-const github = GithubProvider?.default || GithubProvider
-
-export const options: NextAuthOptions = {
-  providers: [
-    github({
-      clientId: GITHUB_CLIENT_ID,
-      clientSecret: GITHUB_CLIENT_SECRET,
-    }),
-  ],
-}
-
-const toSvelteKitResponse = async <
-  T extends string | any[] | Record<string, any>
->(
-  request: Request,
-  nextAuthResponse: NextAuthResponse<T>
-): Promise<Response> => {
-  const { cookies, redirect } = nextAuthResponse
-
-  const headers = new Headers()
-  for (const header of nextAuthResponse?.headers || []) {
-    // pass headers along from next-auth
-    headers.set(header.key, header.value)
-  }
-
-  // set-cookie header
-  if (cookies?.length) {
-    headers.set(
-      "set-cookie",
-      cookies
-        ?.map((item) => cookie.serialize(item.name, item.value, item.options))
-        .join(",") as string
-    )
-  }
-
-  let body = undefined
-  let status = nextAuthResponse.status || 200
-
-  if (redirect) {
-    let formData: FormData | null = null
-    try {
-      formData = await request.formData()
-    } catch {
-      // no formData passed
-    }
-    const { json } = Object.fromEntries(formData ?? [])
-    if (json !== "true") {
-      status = 302
-      headers.set("Location", redirect)
-    } else {
-      body = { url: redirect }
-    }
-  } else {
-    body = nextAuthResponse.body
-  }
-
-  // @ts-expect-error - body is a known HTML document or JSON object
-  return new Response(body, {
-    status,
-    headers,
-  })
-}
-
-const SKNextAuthHandler = async (
-  { request, url, params }: ServerLoadEvent,
-  options: NextAuthOptions
-): Promise<Response> => {
-  const [action, provider] = params.nextauth!.split("/")
-  let body: FormData | undefined
-  try {
-    body = await request.formData()
-  } catch {
-    // no formData passed
-  }
-  options.secret = NEXTAUTH_SECRET
-  const req: RequestInternal = {
-    host: PUBLIC_NEXTAUTH_URL,
-    body: Object.fromEntries(body ?? []),
-    query: Object.fromEntries(url.searchParams),
-    headers: request.headers,
-    method: request.method,
-    cookies: cookie.parse(request.headers.get("cookie") || ""),
-    action: action as NextAuthAction,
-    providerId: provider,
-    error: provider,
-  }
-
-  const response = await NextAuthHandler({
-    req,
-    options,
-  })
-
-  return toSvelteKitResponse(request, response)
-}
-
-export const getServerSession = async (
-  request: Request,
-  options: NextAuthOptions
-): Promise<App.Session | null> => {
-  options.secret = NEXTAUTH_SECRET
-
-  const session = await NextAuthHandler<App.Session>({
-    req: {
-      host: PUBLIC_NEXTAUTH_URL,
-      action: "session",
-      method: "GET",
-      cookies: cookie.parse(request.headers.get("cookie") || ""),
-      headers: request.headers,
-    },
-    options,
-  })
-
-  const { body } = session
-
-  if (body && Object.keys(body).length) {
-    return body as App.Session
-  }
-  return null
-}
-
-export const NextAuth = (
-  options: NextAuthOptions
-): {
-  GET: (event: ServerLoadEvent) => Promise<unknown>
-  POST: (event: ServerLoadEvent) => Promise<unknown>
-} => ({
-  GET: (event) => SKNextAuthHandler(event, options),
-  POST: (event) => SKNextAuthHandler(event, options),
-})

apps/playground-sveltekit/src/routes/+layout.server.ts

@@ -1,7 +1,12 @@
 import type { LayoutServerLoad } from "./$types"
 
-export const load: LayoutServerLoad = ({ locals }) => {
+export const load: LayoutServerLoad = (event) => {
+  console.log("layout server load", event.locals.getSession)
+  let session
+  if (event.locals.getSession) {
+    session = event.locals.getSession()
+  }
   return {
-    session: locals.session,
+    session,
   }
 }

apps/playground-sveltekit/src/routes/+layout.svelte

@@ -20,10 +20,10 @@
                 $page.data.session.user.name}</strong
             >
           </span>
-          <a href="/api/auth/signout" class="button">Sign out</a>
+          <a href="/auth/signout" class="button">Sign out</a>
         {:else}
           <span class="notSignedInText">You are not signed in</span>
-          <a href="/api/auth/signin" class="buttonPrimary">Sign in</a>
+          <a href="/auth/signin" class="buttonPrimary">Sign in</a>
         {/if}
       </p>
     </div>

apps/playground-sveltekit/src/routes/+page.svelte

@@ -1,7 +1,34 @@
+<script>
+  import { signIn, signOut } from "@auth/sveltekit/client"
+  import { page } from "$app/stores"
+</script>
+
 <h1>SvelteKit + NextAuth.js Example</h1>
 <p>
   This is an example site to demonstrate how to use <a
     href="https://kit.svelte.dev/">SvelteKit</a
   >
   with <a href="https://next-auth.js.org">NextAuth.js</a> for authentication.
+
+  {#if Object.keys($page.data.session || {}).length}
+    {#if $page.data.session.user.image}
+      <span
+        style="background-image: url('{$page.data.session.user.image}')"
+        class="avatar"
+      />
+    {/if}
+    <span class="signedInText">
+      <small>Signed in as</small><br />
+      <strong
+        >{$page.data.session.user.email || $page.data.session.user.name}</strong
+      >
+    </span>
+    <button on:click={() => signOut()} class="button">Sign out</button>
+  {:else}
+    <span class="notSignedInText">You are not signed in</span>
+    <button on:click={() => signIn("github")}>Sign In with GitHub</button>
+    <button on:click={() => signIn("credentials", { redirect: false })}
+      >Sign In credentials</button
+    >
+  {/if}
 </p>

apps/playground-sveltekit/src/routes/api/auth/[...nextauth]/+server.ts

@@ -1,3 +0,0 @@
-import { NextAuth, options } from "$lib/next-auth"
-
-export const { GET, POST } = NextAuth(options)

apps/playground-sveltekit/svelte.config.js

@@ -1,14 +1,15 @@
-import adapter from "@sveltejs/adapter-node" // or use https://github.com/sveltejs/kit/tree/master/packages/adapter-auto
+import adapter from '@sveltejs/adapter-auto';
-import preprocess from "svelte-preprocess"
+import { vitePreprocess } from '@sveltejs/kit/vite';
 
 /** @type {import('@sveltejs/kit').Config} */
 const config = {
-  // Consult https://github.com/sveltejs/svelte-preprocess
+	// Consult https://kit.svelte.dev/docs/integrations#preprocessors
-  // for more information about preprocessors
+	// for more information about preprocessors
-  preprocess: preprocess(),
+	preprocess: vitePreprocess(),
-  kit: {
-    adapter: adapter(),
-  },
-}
 
-export default config
+	kit: {
+		adapter: adapter()
+	}
+};
+
+export default config;

apps/playground-sveltekit/tsconfig.json

@@ -1,17 +1,17 @@
 {
-  "extends": "./.svelte-kit/tsconfig.json",
+	"extends": "./.svelte-kit/tsconfig.json",
-  "compilerOptions": {
+	"compilerOptions": {
-    "allowJs": true,
+		"allowJs": true,
-    "checkJs": true,
+		"checkJs": true,
-    "esModuleInterop": true,
+		"esModuleInterop": true,
-    "forceConsistentCasingInFileNames": true,
+		"forceConsistentCasingInFileNames": true,
-    "resolveJsonModule": true,
+		"resolveJsonModule": true,
-    "skipLibCheck": true,
+		"skipLibCheck": true,
-    "sourceMap": true,
+		"sourceMap": true,
-    "strict": true
+		"strict": true
-  }
+	}
-  // Path aliases are handled by https://kit.svelte.dev/docs/configuration#alias
+	// Path aliases are handled by https://kit.svelte.dev/docs/configuration#alias
-  //
+	//
-  // If you want to overwrite includes/excludes, make sure to copy over the relevant includes/excludes
+	// If you want to overwrite includes/excludes, make sure to copy over the relevant includes/excludes
-  // from the referenced tsconfig.json - TypeScript does not merge them in
+	// from the referenced tsconfig.json - TypeScript does not merge them in
 }

apps/playground-sveltekit/vite.config.js

@@ -0,0 +1,8 @@
+import { sveltekit } from '@sveltejs/kit/vite';
+
+/** @type {import('vite').UserConfig} */
+const config = {
+	plugins: [sveltekit()]
+};
+
+export default config;

apps/playground-sveltekit/vite.config.ts

@@ -1,8 +0,0 @@
-import { sveltekit } from "@sveltejs/kit/vite"
-import type { UserConfig } from "vite"
-
-const config: UserConfig = {
-  plugins: [sveltekit()],
-}
-
-export default config

package.json

@@ -5,12 +5,13 @@
   "repository": "https://github.com/nextauthjs/next-auth.git",
   "scripts": {
     "build:app": "turbo run build --filter=next-auth-app",
-    "build": "turbo run build --filter=next-auth --filter=@next-auth/* --no-deps",
+    "build": "turbo run build --filter=next-auth --filter=@next-auth/* --filter=@auth/* --no-deps",
     "lint": "turbo run lint --filter=!next-auth-docs --parallel",
     "test": "turbo run test --concurrency=1 --filter=!@next-auth/pouchdb-adapter --filter=!@next-auth/upstash-redis-adapter --filter=!next-auth-* --filter=[HEAD^1]",
     "clean": "turbo run clean --no-cache",
     "dev:db": "turbo run dev --parallel --continue --filter=next-auth-app...",
     "dev": "turbo run dev --parallel --continue --filter=next-auth-app... --filter=!./packages/adapter-*",
+    "dev:kit": "turbo run dev --parallel --continue --filter=sveltekit-nextauth...",
     "dev:docs": "turbo run dev --filter=next-auth-docs",
     "email": "cd apps/dev && pnpm email",
     "release": "release",
@@ -31,7 +32,7 @@
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^6.0.0",
     "husky": "^7.0.4",
-    "prettier": "2.7.1",
+    "prettier": "2.8.1",
     "pretty-quick": "^3.1.2",
     "semver": "7.3.5",
     "stream-to-array": "2.3.0",
@@ -69,5 +70,10 @@
       "type": "opencollective",
       "url": "https://opencollective.com/nextauth"
     }
-  ]
+  ],
+  "pnpm": {
+    "overrides": {
+      "undici": "5.11.0"
+    }
+  }
 }

packages/core/README.md

@@ -0,0 +1,3 @@
+# Auth.js
+
+Authentication for the web.

packages/core/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@auth/core",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Authentication for the web.",
-  "homepage": "https://next-auth.js.org",
+  "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth.git",
   "author": "Balázs Orbán <info@balazsorban.com>",
   "contributors": [
@@ -44,7 +44,7 @@
     "@panva/hkdf": "1.0.2",
     "cookie": "0.5.0",
     "jose": "4.11.1",
-    "oauth4webapi": "2.0.4",
+    "oauth4webapi": "2.0.5",
     "preact": "10.11.3",
     "preact-render-to-string": "5.2.3"
   },

packages/frameworks-sveltekit/.eslintrc.cjs

@@ -0,0 +1,24 @@
+module.exports = {
+  root: true,
+  parser: "@typescript-eslint/parser",
+  extends: [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended",
+    "prettier",
+  ],
+  plugins: ["svelte3", "@typescript-eslint"],
+  ignorePatterns: ["*.cjs", "client.*", "index.*"],
+  overrides: [{ files: ["*.svelte"], processor: "svelte3/svelte3" }],
+  settings: {
+    "svelte3/typescript": () => require("typescript"),
+  },
+  parserOptions: {
+    sourceType: "module",
+    ecmaVersion: 2020,
+  },
+  env: {
+    browser: true,
+    es2017: true,
+    node: true,
+  },
+}

packages/frameworks-sveltekit/.prettierignore

@@ -0,0 +1,7 @@
+.DS_Store
+node_modules
+/build
+/.svelte-kit
+/package
+/index.*
+/client.*

packages/frameworks-sveltekit/README.md

@@ -0,0 +1,3 @@
+# SvelteKit Auth
+
+Authentication for SvelteKit.

packages/frameworks-sveltekit/package.json

@@ -0,0 +1,67 @@
+{
+  "name": "@auth/sveltekit",
+  "version": "0.1.3",
+  "description": "Authentication for SvelteKit.",
+  "homepage": "https://sveltekit.authjs.dev",
+  "repository": "https://github.com/nextauthjs/next-auth.git",
+  "author": "Thang Huu Vu <hi@thvu.dev>",
+  "contributors": [
+    "Thang Huu Vu <hi@thvu.dev>",
+    "Balázs Orbán <info@balazsorban.com>",
+    "Nico Domino <yo@ndo.dev>",
+    "Lluis Agusti <hi@llu.lu>",
+    "Iain Collins <me@iaincollins.com"
+  ],
+  "scripts": {
+    "dev": "svelte-package -w",
+    "clean": "rm -rf client.* index.* package",
+    "build": "pnpm clean && pnpm check && svelte-package && node ./scripts/postbuild.js && rm -rf package",
+    "preview": "vite preview",
+    "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
+    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
+    "test:unit": "vitest",
+    "lint": "prettier --plugin-search-dir . --check . && eslint .",
+    "format": "prettier --plugin-search-dir . --write ."
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.28.1",
+    "@sveltejs/adapter-auto": "next",
+    "@sveltejs/kit": "next",
+    "@sveltejs/package": "1.0.0-next.6",
+    "@typescript-eslint/eslint-plugin": "^5.45.0",
+    "@typescript-eslint/parser": "^5.45.0",
+    "eslint": "^8.28.0",
+    "eslint-config-prettier": "^8.5.0",
+    "eslint-plugin-svelte3": "^4.0.0",
+    "next-auth": "workspace:*",
+    "prettier": "2.8.1",
+    "prettier-plugin-svelte": "^2.8.1",
+    "svelte": "^3.54.0",
+    "svelte-check": "^2.9.2",
+    "tslib": "^2.4.1",
+    "typescript": "^4.9.3",
+    "vite": "^4.0.0",
+    "vitest": "^0.25.3"
+  },
+  "dependencies": {
+    "@auth/core": "workspace:*"
+  },
+  "type": "module",
+  "types": "./index.d.ts",
+  "files": [
+    "client.*",
+    "index.*",
+    "src"
+  ],
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js"
+    },
+    "./client": {
+      "types": "./client.d.ts",
+      "import": "./client.js"
+    },
+    "./package.json": "./package.json"
+  }
+}

packages/frameworks-sveltekit/playwright.config.ts

@@ -0,0 +1,11 @@
+import type { PlaywrightTestConfig } from "@playwright/test"
+
+const config: PlaywrightTestConfig = {
+  webServer: {
+    command: "npm run build && npm run preview",
+    port: 4173,
+  },
+  testDir: "tests",
+}
+
+export default config

packages/frameworks-sveltekit/scripts/postbuild.js

@@ -0,0 +1,13 @@
+// After build, copy the files in ./package to the root directory, excluding the package.json file.
+import fs from "fs/promises"
+import path from "path"
+
+const __dirname = path.dirname(new URL(import.meta.url).pathname)
+
+const root = path.join(__dirname, "..")
+const pkgDir = path.join(root, "package")
+
+await fs.cp(pkgDir, root, {
+  recursive: true,
+  filter: (src) => !src.includes("package.json"),
+})

packages/frameworks-sveltekit/src/app.d.ts

@@ -0,0 +1,20 @@
+// eslint-disable-next-line @typescript-eslint/triple-slash-reference
+/// <reference types="@sveltejs/kit" />
+
+// See https://kit.svelte.dev/docs/types#app
+// for information about these interfaces
+// and what to do when importing types
+declare namespace App {
+  // interface Error {}
+  interface Locals {
+    getSession: () => Promise<unknown>
+  }
+  // interface PageData {}
+  // interface Platform {}
+}
+
+declare module "$env/static/private" {
+  export const AUTH_SECRET: string
+  export const AUTH_TRUST_HOST: string
+  export const VERCEL: string
+}

packages/frameworks-sveltekit/src/lib/client.ts

@@ -0,0 +1,106 @@
+import type {
+  LiteralUnion,
+  SignInOptions,
+  SignInAuthorizationParams,
+  SignOutParams,
+} from "next-auth/react"
+import type {
+  BuiltInProviderType,
+  RedirectableProviderType,
+} from "next-auth/providers/index"
+
+/**
+ * Client-side method to initiate a signin flow
+ * or send the user to the signin page listing all possible providers.
+ * Automatically adds the CSRF token to the request.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#signin)
+ */
+export async function signIn<
+  P extends RedirectableProviderType | undefined = undefined
+>(
+  providerId?: LiteralUnion<
+    P extends RedirectableProviderType
+      ? P | BuiltInProviderType
+      : BuiltInProviderType
+  >,
+  options?: SignInOptions,
+  authorizationParams?: SignInAuthorizationParams
+) {
+  const { callbackUrl = window.location.href, redirect = true } = options ?? {}
+
+  // TODO: Support custom providers
+  const isCredentials = providerId === "credentials"
+  const isEmail = providerId === "email"
+  const isSupportingReturn = isCredentials || isEmail
+
+  // TODO: Handle custom base path
+  const signInUrl = `/auth/${
+    isCredentials ? "callback" : "signin"
+  }/${providerId}`
+
+  const _signInUrl = `${signInUrl}?${new URLSearchParams(authorizationParams)}`
+
+  // TODO: Handle custom base path
+  // TODO: Remove this since Sveltekit offers the CSRF protection via origin check
+  const csrfTokenResponse = await fetch("/auth/csrf")
+  const { csrfToken } = await csrfTokenResponse.json()
+
+  const res = await fetch(_signInUrl, {
+    method: "post",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      "X-Auth-Return-Redirect": "1",
+    },
+    // @ts-expect-error -- ignore
+    body: new URLSearchParams({
+      ...options,
+      csrfToken,
+      callbackUrl,
+    }),
+  })
+
+  const data = await res.clone().json()
+  const error = new URL(data.url).searchParams.get("error")
+
+  if (redirect || !isSupportingReturn || !error) {
+    // TODO: Do not redirect for Credentials and Email providers by default in next major
+    window.location.href = data.url ?? callbackUrl
+    // If url contains a hash, the browser does not reload the page. We reload manually
+    if (data.url.includes("#")) window.location.reload()
+    return
+  }
+
+  return res
+}
+
+/**
+ * Signs the user out, by removing the session cookie.
+ * Automatically adds the CSRF token to the request.
+ *
+ * [Documentation](https://next-auth.js.org/getting-started/client#signout)
+ */
+export async function signOut(options?: SignOutParams) {
+  const { callbackUrl = window.location.href } = options ?? {}
+  // TODO: Custom base path
+  // TODO: Remove this since Sveltekit offers the CSRF protection via origin check
+  const csrfTokenResponse = await fetch("/auth/csrf")
+  const { csrfToken } = await csrfTokenResponse.json()
+  const res = await fetch(`/auth/signout`, {
+    method: "post",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      "X-Auth-Return-Redirect": "1",
+    },
+    body: new URLSearchParams({
+      csrfToken,
+      callbackUrl,
+    }),
+  })
+  const data = await res.json()
+
+  const url = data.url ?? callbackUrl
+  window.location.href = url
+  // If url contains a hash, the browser does not reload the page. We reload manually
+  if (url.includes("#")) window.location.reload()
+}

packages/frameworks-sveltekit/src/lib/index.ts

@@ -0,0 +1,75 @@
+import { AUTH_SECRET, AUTH_TRUST_HOST, VERCEL } from "$env/static/private"
+import { dev } from "$app/environment"
+
+import { AuthHandler, type AuthOptions, type AuthAction } from "@auth/core"
+import type { Handle } from "@sveltejs/kit"
+
+export async function getServerSession(
+  req: Request,
+  options: AuthOptions
+): Promise<unknown> {
+  options.secret ??= AUTH_SECRET
+  options.trustHost ??= true
+
+  const url = new URL("/api/auth/session", req.url)
+  const response = await AuthHandler(
+    new Request(url, { headers: req.headers }),
+    options
+  )
+
+  const { status = 200 } = response
+
+  const data = await response.json()
+
+  if (!data || !Object.keys(data).length) return null
+
+  if (status === 200) {
+    return data
+  }
+  throw new Error(data.message)
+}
+
+interface SvelteKitAuthOptions extends AuthOptions {
+  /**
+   * @default '/auth'
+   */
+  prefix?: string
+}
+
+const actions: AuthAction[] = [
+  "providers",
+  "session",
+  "csrf",
+  "signin",
+  "signout",
+  "callback",
+  "verify-request",
+  "error",
+  "_log",
+]
+
+/** The main entry point to @auth/sveltekit */
+function SvelteKitAuth({
+  prefix = "/auth",
+  ...options
+}: SvelteKitAuthOptions): Handle {
+  options.secret ??= AUTH_SECRET
+  options.trustHost ??= !!(AUTH_TRUST_HOST ?? VERCEL ?? dev)
+
+  return ({ event, resolve }) => {
+    const [action] = event.url.pathname.slice(prefix.length + 1).split("/")
+    const isAuth = actions.includes(action as AuthAction)
+
+    if (!event.locals.getSession)
+      event.locals.getSession = async () =>
+        getServerSession(event.request, options)
+
+    if (!event.url.pathname.startsWith(prefix + "/") || !isAuth) {
+      return resolve(event)
+    }
+
+    return AuthHandler(event.request, options)
+  }
+}
+
+export default SvelteKitAuth

packages/frameworks-sveltekit/svelte.config.js

@@ -0,0 +1,15 @@
+import adapter from "@sveltejs/adapter-auto"
+import { vitePreprocess } from "@sveltejs/kit/vite"
+
+/** @type {import('@sveltejs/kit').Config} */
+const config = {
+  // Consult https://kit.svelte.dev/docs/integrations#preprocessors
+  // for more information about preprocessors
+  preprocess: vitePreprocess(),
+
+  kit: {
+    adapter: adapter(),
+  },
+}
+
+export default config

packages/frameworks-sveltekit/tests/test.ts

@@ -0,0 +1,6 @@
+import { expect, test } from "@playwright/test"
+
+test("index page has expected h1", async ({ page }) => {
+  await page.goto("/")
+  expect(await page.textContent("h1")).toBe("Welcome to SvelteKit")
+})

packages/frameworks-sveltekit/tsconfig.json

@@ -0,0 +1,18 @@
+{
+  "extends": "./.svelte-kit/tsconfig.json",
+  "compilerOptions": {
+    "allowJs": true,
+    "checkJs": true,
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "skipLibCheck": true,
+    "sourceMap": true,
+    "strict": true
+  },
+  // Path aliases are handled by https://kit.svelte.dev/docs/configuration#alias
+  //
+  // If you want to overwrite includes/excludes, make sure to copy over the relevant includes/excludes
+  // from the referenced tsconfig.json - TypeScript does not merge them in
+  "exclude": ["scripts", "*.js", ".svelte-kit"]
+}

packages/frameworks-sveltekit/vite.config.js

@@ -0,0 +1,11 @@
+import { sveltekit } from "@sveltejs/kit/vite"
+
+/** @type {import('vite').UserConfig} */
+const config = {
+  plugins: [sveltekit()],
+  test: {
+    include: ["src/**/*.{test,spec}.{js,ts}"],
+  },
+}
+
+export default config

pnpm-workspace.yaml

@@ -1,5 +1,6 @@
 packages:
   - "packages/**"
-  - "packages/frameworks/**"
+  # - "packages/frameworks/**"
   - "apps/dev"
+  - "apps/playground-sveltekit"
   - "docs"