// the find
sergiodxa/remix-auth
Simple Authentication for Remix
Remix Auth is a Passport.js-inspired authentication library for Remix and React Router, built on the Web Fetch API. It uses a strategy pattern where each auth method (form, OAuth2, GitHub, etc.) is a separate npm package. Primarily useful for developers who want a familiar Passport-style setup without pulling in Node.js-specific session infrastructure.
The Web Fetch API foundation means it works in edge runtimes and serverless environments where Node's http module isn't available. The strategy pattern keeps the core tiny and lets you swap auth methods without touching your application code. Session storage is left entirely to the application — you can use cookies, Redis, or anything React Router supports, without the library fighting you. TypeScript generics flow the user type through from strategy to session cleanly, so you're not casting at call sites.
The ecosystem fragmentation is a real maintenance risk — the README itself warns that community strategies may not be updated to the latest version, which means OAuth2 flows through older strategy packages could break on major version bumps. There's no built-in CSRF protection; the FormStrategy example relies on you to add it separately, which is easy to miss. The core library is essentially just a thin coordinator — if you're not also managing your own session storage and session reading in every protected route, you're writing a lot of repetitive boilerplate that other frameworks (like NextAuth or Lucia) handle for you. The AsyncLocalStorage escape hatch for passing extra data to strategies is a code smell that signals the authenticate signature is probably too narrow.