Console #175 - Interview with Pilcrow of Lucia - simple auth library that works alongside your database
Featuring OpenMoji, Flax Engine, and Awesome TypeScript
This space is reserved for sponsors that support us to keep the newsletter going! Want to support Console? Send us a note at email@example.com
Browse through open source projects on OpenSourceHub.io, add your project to get more exposure and connect with other maintainers and contributors!
Open-source emojis for designers, developers and everyone else.
Flax Engine is a high quality modern 3D game engine written in C++ and C#. From stunning graphics to powerful scripts - Flax can give everything for your games.
stars: 4086 last commit: today
Lucia is a simple and flexible user and session management library that provides an abstraction layer between your app and your database. It's bare-bones by design, keeping everything easy to use and understand.
Join thousands of other open-source enthusiasts and developers in the Open Source Hub Discord server to continue the discussion on the projects in this week's email!
🎙️ Interview With Pilcrow of Lucia - simple auth library that works alongside your database
Hey! Thanks for joining us! Let us start with your background.
Hi! I’m just a hobbyist programmer from Japan. I currently use TypeScript and my favorite framework right now is Astro. SvelteKit is pretty cool too.
What’s your most controversial programming opinion?
JSON Web Tokens (JWTs) aren’t that great. It’s definitely easy to implement at first, but since it wasn’t made for such use cases in the first place, you have to add things like refresh tokens to make it as secure as regular tokens. It’s definitely usable but like any other thing, it requires care to get it right.
What is your favorite software tool?
The only software tool I use for programming is VSCode. I just use the stock MacOS browser, notes, and terminal. If you include JS libraries, Astro. It’s such a joy to use - I highly recommend it.
Why was Lucia started?
The biggest reason was that existing services were too rigid. I had to write some pretty hacky code to get them to work for my use cases. Not having my own user table was an issue too. I started to implement my own authentication using JWTs (gasp) but I was writing the same code over and over again, so I decided to make a library.
I initially thought about making a library that handled everything for you (something akin to NextAuth.js), but I quickly realized that I had to implement tons of configuration and callbacks to make it as flexible as I wanted. So I made a 180 and decided that Lucia will only provide basic primitives. `lucia-sveltekit`, a precursor to Lucia that used JWTs for SvelteKit ,was released a few days later. We later moved to use sessions and made it framework-agnostic.
How does Lucia work?
I don’t think there’s much to explain. It just makes queries to your databases. To support multiple databases, we provide database adapters which provide standard methods like `getUser()` that Lucia can call.
Where did the name for Lucia come from?
I reaaaaaaally suck at naming things so I name my projects based on locations (countries, cities, lakes, mountains, etc). Lucia is based on the small Caribbean country of Saint Lucia. That means Lucia is pronounced loo-shya.
Who, or what was the biggest inspiration for Lucia?
The idea to use database adapters to support multiple databases was based on NextAuth.js, a popular auth library for Next.js (now Auth.js). Aside from that, I just built what I wanted.
Are there any overarching goals of Lucia that drive design or implementation?
Simple is better than easy. I try to make the APIs easy to understand and use. I don’t think being simple inherently makes something better, but it does differentiate us from other solutions and I think limiting the scope of the project is important.
If so, what trade-offs have been made in Lucia as a consequence of these goals?
Naturally, it means there’s a bit more boilerplate to get started and it’s not really beginner friendly. But I’m totally fine with that since the resulting code is pretty easy to read, and I don’t think you should Lucia if you have zero backend experience.
What is the most challenging problem that’s been solved in Lucia, so far?
Honestly I struggled the most with Github Actions. But, if I had to pick one, it was making everything runtime agnostic and keeping the dependencies to a minimal. Lucia works with Deno, Bun, and Cloudflare Workers (Edge) in addition to Node.js. I had to read quite a bit on the Web Crypto API since we can’t use Node’s standard module.
Is Lucia intended to eventually be monetized if it isn’t monetized already?
I’m not planning to monetize it. I don’t even take donations right now.
What are you most proud of?
That it’s still continuing a year later. I’d never thought I’d be still working on it, let alone getting thousands of GitHub stars and weekly downloads. Lucia also got nominated for GitNations’ OSAwards this year!
Have you ever experienced burnout? How did you deal with it?
Yes, and when that happens I just stop working on it. Fortunately Lucia doesn’t have a lot of big bugs, or just bugs in general, due to its simple nature so it doesn’t suffer a lot when I take a break.
If you plan to continue developing Lucia, where do you see the project heading next?
I’ve pretty much crammed everything I wanted to add to Lucia in the past year. High quality documentation and guides are going to be key for a well maintained library so my main focus is on those right now.
What motivates you to continue contributing to Lucia?
I just enjoy working on it. And hearing people recommend Lucia to other devs is always great. But that’s pretty much it. It’s still a fun side-project for me.
Are there any other projects besides Lucia that you’re working on?
Want to join the conversation about one of the projects featured this week? Drop a comment, or see what others are saying!