Lucia

Validate bearer tokens

For apps that can't use cookies, store the session ID in localstorage and send it to the server as a bearer token.

fetch("https://api.example.com", {
	headers: {
		Authorization: `Bearer ${sessionId}`
	}
});

In the server, you can use Lucia.readBearerToken() to get the session ID from the authorization header and validate the session with Lucia.validateSession().

const authorizationHeader = request.headers.get("Authorization");
const sessionId = lucia.readBearerToken(authorizationHeader ?? "");
if (!sessionId) {
	return new Response(null, {
		status: 401
	});
}

const { session, user } = await lucia.validateSession(sessionId);