I'd love to experiment with this but I don't have a Google account and their Terms and Privacy Policy are not privacy-friendly (especially since they may change at any time). It would be nice to be able to use different OAuth providers so users can choose which they prefer. Having a provider interface would also help develop the necessary abstractions to make this example app more useful to a broader audience.

Yeah, I get it (about not liking Google's approach to privacy - or lack thereof). I did not add generic OAuth support because that requires a redirect and was intentionally avoiding it for my SPA.

There are similar approaches that avoid redirect such as Auth0 (commercial but initial level is free). The Google code can be removed and replaced with something else. In general, the approach, from a SvelteKit perspective, should be the same.

You could fork the project. It would not be hard to add OAuth2 support.

They're downright heinous. It's all good though after I was here I stumbled upon https://github.com/Dan6erbond/sk-auth

That one looks pretty good. It seems to be positioning itself as an alternative to Passport.js for SvelteKit. From my understanding, it appears to require redirects which is what I wanted to avoid (for my UI). But this project is really just an example project rather than a package you can drop into an existing project.

Cool. Since you have the skill to do that (I know it's not easy) I'd wager there'd be quite a few people who'd like to see Strapi used as an Auth provider giving them control over their own identity provider. :D

There is a YouTube video on that... https://www.youtube.com/watch?v=WgX87HDrAss.