First-party by design
Not Passport, Sanctum, or OAuth. No client IDs, redirect URIs, or PKCE — just the patterns that carry their weight when you own both the client and the API.
Short-lived access JWTs and rotating refresh tokens on the server — with a TypeScript client and a Nuxt module that mirror the contract exactly. One package on each side, documented together.
lukk is documented as one story with two sides:
lukk-core) and Nuxt module (lukk-nuxt). Attaches the bearer, refreshes before requests fail, and drives the browser ceremonies.Throughout these docs, a feature page shows both sides: what you configure on the server, and how you call it from the client. New here? Start with the Introduction.