FAQ

No. Kernia is the Python server implementation. JavaScript clients talk to its HTTP routes with cookies included.

Yes, for compatible routes and payloads. The frontend can use the Better Auth JavaScript client where the HTTP contract is compatible, while Python packages, imports, and CLI commands remain Kernia names.

Cookie names are wire compatibility identifiers. Changing them would break browser clients and conformance tests that expect the established cookie contract. Treat them as protocol names, not Python import names.

Check that the frontend sends credentials: "include", CORS allows credentials, the API origin is trusted, and the session cookie domain matches the backend host.

await fetch("http://localhost:8000/api/auth/get-session", {
  credentials: "include",
});

Use SQLAlchemy with PostgreSQL for most production SaaS apps. Use SQLite for local prototypes, Mongo when your application is already document-based, Redis as secondary storage, and memory only for tests or examples.

No. The UI should show not-configured or disabled states until the backend has the required credentials and admin config enables the method. Do not fake successful OAuth, SSO, email, SMS, or Stripe flows in the demo.

Plugins can contribute tables, indexes, and fields. Run kernia info --app app.auth:auth to inspect contributors, then run kernia generate or your adapter-specific migration process.

Provider callback URLs must match the public auth mount exactly. For a FastAPI backend mounted at /api/auth, Google should receive a callback like https://api.example.com/api/auth/callback/google.

No. Frontend navigation is presentation only. Admin config, user management, billing setup, SSO, SCIM, and API key routes must enforce authorization on the backend.