How to verify Identity in SvelteKit

jsandler18 · February 18, 2022, 9:21pm

I am trying to write an app using SvelteKit, and I have run into an issue and I am not sure of the best way to proceed.

My problem is that I want to use Netlify Identity to manage users in my app, but I cannot figure out how to verify users’ identity on the server with SvelteKit endpoints. I know that the Netlify Functions Docs state that the context parameter will contain the decoded JWT claims if the JWT is provided and is valid. That is great, but with SvelteKit, Netlify automatically turns the framework’s endpoints into a single Netlify Function called “render”. This is very convenient for code that doesn’t require auth, but there doesn’t seem to be any way to access this verified JWT from within the SvelteKit endpoints.

The only option I can think of is to ignore SvelteKit’s notion of endpoints entirely and just rely purely on Netlify Functions. I am wondering if this is the correct way to do this, or is there a better way? Can I somehow get this identity passed into the SvelteKit endpoints? Can I somehow verify the JWT within the endpoints?

How should I proceed?

talves · February 18, 2022, 9:57pm

I’ve not done this myself, but awhile back saw Clayton Farr took a really good stab at it here:

It’s a little more than what you are asking for, but the pertinent pieces should be there to answer your question.

jsandler18 · February 18, 2022, 10:09pm

I’ve seen this post, but it doesn’t answer my question. I read through the code and as far as I can tell, it manually sets the JWT as a cookie so the SvelteKit endpoints can access it, but then it just extracts the claims from the JWT without verifying the signature.

hrishikesh · February 24, 2022, 6:23pm

Hey @jsandler18,

Sorry for the delay. Let me just confirm if we’re looking at the same thing here.

By this line, it appears to me that, you’re trying to verify the signature and only that part is the problem. I’m assuming everything else is working?

So if you’re just having troubles verifying, Here’s how that would work:

To “verify” the validity of JWT, you need to know the JWT password. Now, Netlify sets a unique JWT password for each site and there’s no way for you to see it. So you can’t do the verification yourself. However, if you’re seeing a user in context.clientContext in Netlify Functions, you can be sure it’s verified by Netlify.
However, if you have Business plan, you can set a custom JWT secret to sign and decide your JWTs. You can use that password to verify your tokens in the functions. However, you’d have to set the password as an environment variable too, to be able to access them in Functions.

jsandler18 · February 24, 2022, 6:38pm

By this line, it appears to me that, you’re trying to verify the signature and only that part is the problem. I’m assuming everything else is working?

This is correct

However, if you’re seeing a user in context.clientContext in Netlify Functions, you can be sure it’s verified by Netlify.

This is the core of my issue. SvelteKit endpoints don’t have access to this field as far as I am aware, even though they are running as a function. My question is how do I verify the JWT if I cannot access this field.

hrishikesh · February 24, 2022, 6:40pm

Interesting. Could you spin up a quick reproduction repo so I could take a look at that?

jsandler18 · February 24, 2022, 7:11pm

It’s right in the docs: Routing • Docs • SvelteKit, specifically: Types • Docs • SvelteKit

turns Endpoints into Functions, but the Endpoints RequestHandler Type does not have access to this context

hrishikesh · February 27, 2022, 2:35pm

What I meant was, a reproduction repo is what would help us directly check what is happening and what we can suggest. Unfortunately, we do not have the bandwidth to spin up a test case for each and every thread, so it really helps when we have the reproduction right in front of us.

jsandler18 · February 27, 2022, 3:00pm

Sure thing.

I created this very basic repo:

The issue in question occurs here:

github.com

jsandler18/netlify-test/blob/main/src/routes/index.ts

import type { RequestHandler } from "@sveltejs/kit";

const get: RequestHandler = async (event) => {
    // This function gets placed into a Netlify function called 'render'.
    // How do I access context.clientContext from 'event', when 'event' does
    // not have such a field?
    console.log("In Netlify Functions")
    return {
        status: 200,
        body: {isLoggedIn: false}
    }
}

export {get}

hrishikesh · February 27, 2022, 4:32pm

By just looking at the above code (not the repo yet), I see a simple error:

context.clientContext is not a field in event. context is a different argument. Did you try:

const get: RequestHandler = async (event, context) => {
  console.log(context.clientContext)
}

jsandler18 · February 27, 2022, 4:57pm

I can’t add a context argument. This is my point. The type of RequestHandler is

interface RequestHandler<
  Params = Record<string, string>,
  Output extends Body = Body
> {
  (
    event: RequestEvent<Params>
  ): RequestHandlerOutput<Output>;
}

interface RequestEvent<Params = Record<string, string>> {
  request: Request;
  url: URL;
  params: Params;
  locals: App.Locals;
  platform: Readonly<App.Platform>;
}

This is a SvelteKit Endpoint, which is an abstraction over serverless functions. Netlify Functions seems to automatically map these abstract serverless functions into something that is compatible with Netlify Functions. This is lovely, but my question is basically is that context argument completely lost in this translation, or is there some way to get at it?

hrishikesh · February 27, 2022, 4:57pm

Thanks for explaining. I’ll check and revert.

hrishikesh · February 27, 2022, 5:18pm

I checked further, and looks like:

github.com/sveltejs/kit

Is it possible to add custom netlify functions

opened 09:19PM - 27 Apr 21 UTC

closed 03:25PM - 18 Aug 21 UTC

loweisz

pkg:adapter-netlify

Hey there 👋 I'm trying to deploy my svelte kit app to netlify, which seems to… be working perfectly, when using the adapter. However, I also wanted to deploy a custom function of mine and I noticed that this function is never deployed to netlify. Only the function called `render`. I also noticed that when I add my custom function to the specified `functions` directory and then run `npm run build`, my custom function is removed from the `functions` folder and only the `render` function is still there. I'm wondering am I missing something here or is it currently not possible to add a custom function to netlify when using the adapter ? Thanks in advance 🙇‍♂️

there it was being discussed if the context argument should be passed on to the function or not. Well, I tried and it doesn’t seem as if it’s passed at the moment, but I think you can deploy a custom Netlify Function and use that. Does that work for your use case?

jsandler18 · February 27, 2022, 7:42pm

I see. Thank you for settling this. Looks like I will have to find another way around it.