npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@workos-inc/authkit-ssr

v0.0.1-alpha.0

Published

> [!WARNING] >This is prerelease software. APIs may change without notice.

Downloads

59

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

mthadley-workosmthadley-workosmark-workosmark-workosgrinichgrinichnpm-workosnpm-workoscameron-workoscameron-workosgjtorikiangjtorikianchance-workoschance-workospeakematt-workospeakematt-workosnicknisinicknisinickcollissonnickcollisson

Keywords

Readme

@workos-inc/authkit-ssr

[!WARNING] This is prerelease software. APIs may change without notice.

A framework-agnostic authentication library for WorkOS with a modular adapter system for server-side rendered applications.

Features

  • Framework-agnostic core: Common authentication logic that works across platforms
  • Adapter pattern: Simple interface for framework-specific implementations
  • Session management: Secure cookie-based authentication
  • JWT handling: Token validation, parsing, and refresh
  • Type-safe API: Full TypeScript support

Installation

# Using npm
npm install @workos-inc/authkit-ssr

# Using pnpm
pnpm add @workos-inc/authkit-ssr

# Using yarn
yarn add @workos-inc/authkit-ssr

Quick Start

  1. Configure AuthKit with your WorkOS credentials:
import { configure, createAuthKitFactory } from '@workos-inc/authkit-ssr';

configure({
  clientId: 'your-client-id',
  apiKey: 'your-workos-api-key',
  redirectUri: 'https://yourdomain.com/auth/callback',
  cookiePassword: 'must-be-at-least-32-characters-long-secret',
});
  1. Create a storage adapter for your framework:
import { SessionStorage, createAuthKitFactory } from '@workos-inc/authkit-ssr';

// Create your framework-specific storage adapter
class MyFrameworkStorage implements SessionStorage<MyRequest, MyResponse> {
  cookieName: string;
  
  constructor(cookieName = 'wos-session') {
    this.cookieName = cookieName;
  }

  async getSession(request: MyRequest): Promise<string | null> {
    // Framework-specific implementation to get cookie
    return getCookieFromRequest(request, this.cookieName);
  }

  async saveSession(response: MyResponse, sessionData: string): Promise<MyResponse> {
    // Framework-specific implementation to set cookie
    return setCookieOnResponse(response, this.cookieName, sessionData);
  }

  async clearSession(response: MyResponse): Promise<MyResponse> {
    // Framework-specific implementation to clear cookie
    return clearCookieOnResponse(response, this.cookieName);
  }
}

// Create your AuthKit instance
const authKit = createAuthKitFactory<MyRequest, MyResponse>({
  storage: new MyFrameworkStorage(),
});
  1. Use AuthKit in your application:
// Validate a session
const { user, claims } = await authKit.withAuth(request);

// Generate an authorization URL
const authUrl = await authKit.getAuthorizationUrl({
  returnPathname: '/dashboard',
});

// Refresh a session
const refreshResult = await authKit.refreshSession(session);

Core Concepts

Session Management

AuthKit SSR uses encrypted cookies to store session information. It handles:

  • Token encryption/decryption (using iron-webcrypto)
  • JWT validation and parsing
  • Session refresh logic
  • Session termination

Adapter System

The adapter pattern uses a storage interface to abstract framework-specific concepts:

interface SessionStorage<TRequest, TResponse> {
  getSession(request: TRequest): Promise<string | null>;
  saveSession(response: TResponse, sessionData: string): Promise<TResponse>;
  clearSession(response: TResponse): Promise<TResponse>;
}

Each framework adapter implements this interface to handle its specific request/response objects.

Configuration

AuthKit can be configured in multiple ways:

Environment Variables

WORKOS_CLIENT_ID=your-client-id
WORKOS_API_KEY=your-api-key
WORKOS_REDIRECT_URI=https://yourdomain.com/auth/callback
WORKOS_COOKIE_PASSWORD=must-be-at-least-32-characters-long

Programmatic Configuration

import { configure } from '@workos-inc/authkit-ssr';

configure({
  clientId: 'your-client-id',
  apiKey: 'your-api-key',
  redirectUri: 'https://yourdomain.com/auth/callback',
  cookiePassword: 'must-be-at-least-32-characters-long',
  cookieName: 'your-custom-cookie-name', // Default: 'wos-session'
  cookieMaxAge: 60 * 60 * 24 * 30, // 30 days in seconds
  cookieSameSite: 'lax', // 'strict', 'lax', or 'none'
});

API Reference

Core API

  • configure(config): Set up AuthKit with your WorkOS configuration
  • getConfig(key): Get a specific configuration value
  • createAuthKitFactory(options): Create an instance of AuthKit for your framework

AuthKit Instance API

  • withAuth(request): Validate the current session and return user data
  • getAuthorizationUrl(options): Generate a WorkOS authorization URL
  • getSignInUrl(options): Generate a sign-in URL
  • getSignUpUrl(options): Generate a sign-up URL
  • refreshSession(session): Refresh an existing session
  • saveSession(response, sessionData): Save session data to a response
  • getLogoutUrl(session, response, options): End a user session

Security

AuthKit uses iron-webcrypto for secure, encrypted cookies with the following security features:

  • Encrypted cookies (AES-256-CBC)
  • HMAC validation (SHA-256)
  • Customizable cookie settings (HttpOnly, SameSite, etc.)
  • Token refresh mechanism

License

MIT