Lucia Auth

Lucia is an open-source project that provides educational resources and implementation guides for building authentication systems in JavaScript and TypeScript applications. Originally launched as a full authentication library in 2022 by pilcrow, the project transitioned to an educational resource model where instead of abstracting authentication behind a library API, it teaches developers how to implement auth from first principles using standard Web APIs. The guides cover session management with cookies, password hashing using the Web Crypto API with PBKDF2, email verification flows, OAuth 2.0 and OpenID Connect integration, two-factor authentication with TOTP, magic link authentication, and session invalidation. The code examples use SQLite for demonstration but are designed to work with any database through placeholder client interfaces. Lucia references several companion projects from the same author: the Oslo package collection provides runtime-agnostic, fully-typed utilities for cryptography and auth operations with minimal dependencies; Arctic is an OAuth 2.0 client library supporting over 50 providers including Google, GitHub, GitLab, Discord, Twitch, Slack, and Microsoft; and The Copenhagen Book is a free online resource covering web authentication concepts including session vs token authentication, CSRF protection, password security, and OAuth security best practices. All example code is licensed under the Zero-Clause BSD license, allowing unrestricted use without attribution.