Wocha Docs

SvelteKit SDK

SvelteKit adapter with server-side OAuth and encrypted cookie sessions.

@wocha/sveltekit is the SvelteKit adapter for Wocha authentication using the BFF pattern. OAuth runs on server routes; sessions are stored in encrypted httpOnly cookies.

Installation

pnpm add @wocha/sveltekit
Or scaffold with the CLI
npx @wocha/cli init --framework sveltekit

Peer dependencies: @sveltejs/kit ^2.0, Svelte 4 or 5.

Environment variables

.env
WOCHA_CLIENT_ID=your-client-id
WOCHA_CLIENT_SECRET=your-client-secret
WOCHA_ISSUER=https://my-tenant.auth.wocha.ai

Auth route handler

Create src/routes/auth/[...wocha]/+server.ts:

import { createWochaHandler, wochaAuthConfigFromEnv } from "@wocha/sveltekit/server";
 
const config = wochaAuthConfigFromEnv()!;
 
export const GET = createWochaHandler(config);
export const POST = createWochaHandler(config);

Route protection

Add to src/hooks.server.ts:

import { greetHandle } from "@wocha/sveltekit/server";
 
export const handle = greetHandle(undefined, {
  publicPaths: ["/", "/about"],
});

Client stores

<script lang="ts">
  import { session, user, org, signIn, signOut } from "@wocha/sveltekit/client";
</script>
 
{#if $session}
  <p>Hello, {$user?.email}</p>
{/if}

Server helpers

import { getSession, requireSession } from "@wocha/sveltekit/server";
 
export async function load({ cookies }) {
  const session = await getSession(cookies);
  if (!session) throw redirect(302, "/auth/login");
  return { session };
}

Learn more

On this page