Building a Svelte Passkey Login Page

This tutorial shows developers how to integrate passkeys into a Svelte app. Besides passkey authentication, simple session management is also implemented.

We aim to make the Internet a safer place using passkeys. That's why we want to support developers with tutorials on how to implement passkeys.

1. Introduction

2. Prerequisites

3. Svelte Passkey Repository Structure

4. Set Up the Svelte project

5. Set Up the Corbado UI Component for Passkey Authentication

5.1 Set Up your Corbado Account and Project

5.2 Embed the UI Component in your Frontend

5.3 Set Up the Profile Page

5.4 Start Using Passkeys

6. Conclusion

1. Introduction

In this blog post, we'll be walking through the process of building a sample application with passkey authentication using Svelte. We'll cover how to embed the Corbado UI component and implement passkey login functionality for a seamless user experience.

If you want to see the finished code, please have a look at our sample application GitHub repository:

The result looks as follows:

Svelte Passkeys Login Page

2. Prerequisites

This tutorial assumes basic familiarity with Svelte, HTML, CSS and JavaScript. Lets dive in! Moreover, you need to have Node and NPM installed on your machine.

3. Svelte Passkey Repository Structure

Lets first discuss the structure of our project (full GitHub repo):

.
├── .env
├── package.json
└── src
    ├── app.html
    └── routes
        ├── +layout.svelte
        ├── +layout.server.ts
        ├── +page.svelte
        └── profile
            └── +page.svelte

The rest of the files of this project can be ignored for the purpose of this tutorial.

4. Set Up the Svelte Project

In the following, we explain step-by-step what needs to be done to successfully set up the Svelte project.

Lets start out by initializing a new Svelte project. In this tutorial, were using Svelte version 4.2.7:

npm create svelte@latest example-passkeys-svelte

In the installation guide steps, we select the following (if youre asked to install or update the create-svelte package, click Yes to proceed):

App template: Skeleton project
Type checking with TypeScript: We're using TypeScript here, but feel free to choose whatever you prefer
Additional options: We're using ESLint and Prettier

If you're asked to proceed click "Yes"

cd example-passkeys-svelte

Let's also install the Corbado web-js dependency:

npm i @corbado/web-js

Optionally, you can also install the Corbado web-js types for an enhanced typescript experience:

npm i -D @corbado/types

If you run

npm install

and

npm run dev

the sample Svelte skeleton application starts at http://localhost:5173:

Svelte Passkeys Skeleton

5. Set Up the Corbado UI Component for Passkey Authentication

5.1 Set up your Corbado account and project

Visit the Corbado developer panel to sign up and create your account (you'll see the passkey sign-up in action here!).

Svelte Corbado Developer Panel Sign-up

In the project setup wizard, begin by selecting an appropriate name for your project. For the product selection, opt for "Corbado Complete". Subsequently, specify your technology stack and select "DEV along with "Corbado session management" options. Afterwards, you'll get more foundational setup guidance.

Next, choose "Web app" as an application type and Svelte as your framework. In the application settings, define your application url and relying party id as follows:

App settings

Application URL: Provide the URL where you embedded the UI component, here: http://localhost:5173.
Relying Party ID: Provide the domain (no protocol, no port and no path) where passkeys should be bound to, here: localhost

Lastly, retrieve your project ID from the developer panel and store it in your environment file. You can find it here under Corbado API access.

Your environment file should look like this:

VITE_CORBADO_PROJECT_ID=<your-project-id>

You'll need it later to embed the Corbado UI component in your Svelte app.

5.2 Embed the UI Component in the Frontend

Now, lets jump back to the code we created from step 4.

First, we'll disable ssr as that's currently not supported by the Corbado web-js package, but we're working on it ;)

We'll do that by creating a +layout.server.ts file with the following content:

export const ssr = false;

Then, we'll create our outer layout which will handle the initialization of our Corbado project. It acts as a boundary that only renders the rest of the app once the Corbado project is initialized.

<script lang="ts">
    import Corbado from "@corbado/web-js";
    import {onMount} from "svelte";
    const PROJECT_ID = import.meta.env.VITE_CORBADO_PROJECT_ID;
 
    let isInitialized = false;
    onMount(async () => {
        await Corbado.load({
            projectId: PROJECT_ID,
            darkMode: 'off'
        });
        isInitialized = true; // Set to true once Corbado is initialized
    });
</script>
 
<div>
    {#if isInitialized}
        <slot></slot>
    {/if}
</div>

Next, we modify the home page. The home page is the file in src/routes/+page.svelte. This file contains the sign up / login UI component and navigates to /profile once the user is authenticated.

<script lang="ts">
    import Corbado from '@corbado/web-js';
    import {onMount} from 'svelte';
 
    let authElement: HTMLDivElement;
 
    onMount(() => {
        Corbado.mountAuthUI(
            authElement, {
                onLoggedIn: () => window.location.href = "/profile",
            })
    })
</script>
 
<div bind:this={authElement}></div>

5.3 Set Up the Profile Page

Lastly, let's create the profile page under /profile. This page will show the user's name and user ID and provide a button to log out. If the user isn't logged in, we'll display a link back to the homepage.

<script lang="ts">
    import Corbado from "@corbado/web-js";
    import {onMount} from "svelte";
 
    let user: SessionUser | undefined;
 
    onMount(() => {
        user = Corbado.user
    })
 
    async function handleLogout() {
        await Corbado.logout()
        window.location.href = "/"
    }
</script>
 
<div>
    {#if (user)}
        <h1>
            Profile Page
        </h1>
        <p>
            User-id: {user.sub}
        </p>
        <p>
            Name: {user.name}
        </p>
        <button on:click={handleLogout}>
            Logout
        </button>
    {:else}
        <h1>
            You aren't logged in.
        </h1>
        <p>Go <a href="/">Home</a></p>
    {/if}
</div>

This page has content that should only be visible to authenticated users. Therefore, we use Corbado session management in the code above.

5.4 Start Using Passkeys

If everything is set up and installed, run the application with

npm run dev

You should see the following screen:

Svelte Passkeys Login Page

After successful sign up / login, you see the profile page:

Svelte Passkeys Profile Page

6. Conclusion

This tutorial showed how easy it is to add passwordless authentication with passkeys to a Svelte app using Corbado. Besides the passkey-first authentication, Corbado provides simple session management, that we used for a retrieval of basic user data. If you want to read more about how you can leverage Corbados session management to retrieve backend data, please check out our documentation here or if you want to add Corbado to your existing app with existing users, please see our documentation here.

If you want to learn how you can retrieve user authentication state as well as wells as user information on the server side, take a look at our Sveltekit blogpost.