While developing a new application with SvelteKit, I figured I’d go for an off-the-shelf solution for authentication.

I quickly found myself frustrated with Auth.js, since they promote using OAuth provided by big tech companies and discourage credential-based auth. I thought, what the heck, let’s try rolling my own auth and see how hard it is.

It’s not difficult at all, it just requires a little forethought and care in the implementation. Having gone through this once, I’m not scared of building my own auth solution for projects moving forward. While there are advantages to not rebuilding the same system every time, given how critical authentication is, having control and responsibility for it seems like a worthwhile trade-off.

(If anybody catches an error in how I implemented my authentication system—please tell me!)