Last week the author of Lucia Auth announced that the Lucia auth library will be deprecated in 2025. As it is used in all supastarter versions, many customers have asked us how this will effect supastarter and how we will move forward.
To answer these questions, we need to take a look at the current state of Lucia auth and how it is used in the app.
Current state of Lucia auth
Lucia auth has from the beginning been a library which core principle was to be lightweight and flexible, which meant compared to other libraries like Auth.js (NextAuth) it was not tightly integrated with the framework and did not have a too opinionated approach.
This flexibility was one of the main reasons why many people liked it and why we decided to use it in supastarter.
The functionality of Lucia was split into multiple packages:
oslo- A set of auth utilities for things like encoding, hashing and tokens (https://oslojs.dev/)arctic- A collection of oAuth clients for popular providers (https://arcticjs.dev/)lucia- The main package with session managment helpers and database adapters (https://lucia-auth.com/)
Already a year ago, the author of Lucia announced that he was planning to remove the database adapters from the core package as it was not a core functionality of an auth library and made the package significantly more complex and less flexible. After long consideration and feedback from the community, the realization was that without the database adapters, Lucia was basically just a set of session management utilities and would not need to be a dedicated library.
Instead, the Lucia project (and the documentation website) will become a open source resource for learning about auth and session management.
What does this mean for supastarter?
For supastarter, this means that we will remove the Lucia auth package from the app and keep using the oslo and arctic packages in combination with a project-tailored integration of Prisma.
This means that with a few lines of code changes and without any changes to the database schema, you will be able to remove the deprecated Lucia auth package and keep the existing feature set of your supastarter app.
We are already working on a migration guide to help you upgrade your supastarter app and will likely not take more than a few minutes to apply. We will publish it in our docs in the coming days.
Beyond that, we are also considering adding further auth providers to supastarter like Clerk or Supabase Auth to give you more options. We would love to hear your feedback on this!
Follow us on Twitter to stay updated on all news about supastarter.
Keep hacking and have a great day!
The ultimate starter kit to build a scalable and production-ready SaaS
Save endless hours of development time and focus on what's important for your customers with our SaaS starter kits for Next.js 15 and Nuxt 3
Get startedStay up to date
Sign up for our newsletter and we will keep you updated on everything going on with supastarter.