authentication
Val Town is a collaborative website to build and scale JavaScript apps.
Deploy APIs, crons, & store data β all from the browser, and deployed in milliseconds.
Viewing readonly version of main branch: v53View latest version
A modular authentication library for Val Town with support for multiple OAuth providers.
This implementation provides a complete GitHub OAuth 2.0 flow with the following features:
- GitHub OAuth 2.0 Authorization Code Flow - Secure OAuth implementation
- JWT-based Session Management - Stateless authentication tokens
- CSRF Protection - State parameter validation to prevent attacks
- Secure HTTP-only Cookies - Prevents XSS token theft
- Hono Middleware - Easy integration with Hono applications
- React Hooks & Components - Ready-to-use frontend components
- Modular Architecture - Adapter pattern for multiple auth providers
auth/
βββ core/
β βββ types.ts # TypeScript interfaces
β βββ signer.ts # JWT signing/verification
β βββ adapters.ts # Auth provider implementations
βββ hono/
β βββ createMiddleware.ts # Middleware factory
β βββ github.ts # GitHub-specific routes
βββ react/
β βββ createHook.ts # React hook factory
β βββ createComponents.ts # Component factory
β βββ github.tsx # GitHub components
βββ index.ts # Main exports
-
Environment Variables
GITHUB_CLIENT_ID=your_github_client_id GITHUB_CLIENT_SECRET=your_github_client_secret JWT_SECRET=your_secure_jwt_secret -
GitHub OAuth App Configuration
- Authorization callback URL:
https://your-domain.com/auth/github/callback - Requested scopes:
user:email,read:user
- Authorization callback URL:
import { Hono } from "hono";
import { createGitHubAuthRoutes, githubAuthMiddleware } from "./auth/hono/github.ts";
const app = new Hono();
// Add auth routes
const authRoutes = createGitHubAuthRoutes();
app.route("/", authRoutes);
// Protect API routes
app.get("/api/me", githubAuthMiddleware, (c) => {
const user = c.get("user");
return c.json(user);
});
- CSRF Protection: State parameter validation
- Secure Cookies: HttpOnly, Secure, SameSite=Lax
- JWT Validation: Proper token verification with expiration
- Environment Variables: No hardcoded secrets
- Error Handling: Proper error bubbling and logging
- Val Town Adapter: Throws "not implemented" error
- Password Adapter: Throws "not implemented" error
These will be implemented in future steps.
Run the main.tsx file to see a working demonstration of the GitHub OAuth flow with a beautiful UI built using React and TailwindCSS.
- Implement Val Town API key authentication
- Implement password-based authentication
- Add refresh token support
- Add user profile management
- Add role-based access control