Skip to main content

Password Authentication

This guide explains how to implement and customize email/password authentication in your application. The starter kit provides a complete authentication system with email verification support.

Overview

Built-in features include:

  • Sign up with automatic email verification
  • Sign in with email/password
  • Password reset functionality
  • Customizable email templates
  • Rate limiting and security features

Client-Side Authentication

Authentication utilities are located in src/lib/auth-utils.ts

Callback URLs

You can customize authentication callback URLs by modifying the callbackUrls object in src/lib/auth-utils.ts:

  • afterSignIn: Redirect after successful sign in
  • afterSignUp: Redirect after registration
  • verifyEmail: Email verification page
  • resetPassword: Password reset page

First, import the required dependencies:

import { authClient } from "better-auth/client";

Sign Up Flow

The sign up functionality is defined in src/lib/auth-utils.ts:

const signUp = async ({ email, password, name }) => {
    const result = await authClient.signUp({
        email,
        password,
        data: { name }
    });
    
    if (result.success) {
        // User created successfully
        // If email verification is enabled:
        // - Verification email is automatically sent
        // - User needs to verify email before signing in
        // - Redirect to verification pending page
    }
};

Sign In Process

The sign in process is handled in src/lib/auth-utils.ts:

const signIn = async ({ email, password }) => {
    const result = await authClient.signIn({
        email,
        password
    });

    if (result.success) {
        // User authenticated
        if (result.emailVerified) {
            // Redirect to dashboard
        } else {
            // Show verification required message
            // Option to resend verification email
        }
    }
};

Email Verification

Enable Verification

Configure email verification in src/lib/auth.ts:

export const auth = betterAuth({
    emailAndPassword: {
        enabled: true,
        requireEmailVerification: true, // Make email verification mandatory
        verificationEmailTimeout: 24 * 60 * 60, // 24 hours
    }
});

Manual Verification Control

// Resend verification email
const resendVerification = async (email) => {
    await authClient.sendVerificationEmail({ email });
};

// Check verification status
const checkVerification = async () => {
    const status = await authClient.getVerificationStatus();
    return status.verified;
};
tip

For email template customization and advanced email settings, see the Email Configuration guide.

Password Reset

Request Reset

const requestPasswordReset = async (email) => {
    await authClient.sendResetEmail({ email });
    // User receives reset instructions via email
};

Complete Reset

const resetPassword = async ({ token, newPassword }) => {
    const result = await authClient.resetPassword({
        token,
        password: newPassword
    });

    if (result.success) {
        // Password updated successfully
        // User can now sign in with new password
    }
};

Security Options

Configure security settings in src/lib/auth.ts:

export const auth = betterAuth({
    emailAndPassword: {
        minimumPasswordLength: 8,
        passwordStrengthCheck: true,
        loginRateLimit: {
            window: 15 * 60, // 15 minutes
            max: 5 // attempts
        },
        resetPasswordTimeout: 60 * 60, // 1 hour
    }
});
Development Testing

For local development:

  1. Use Mailtrap to catch all outgoing emails
  2. Set allowUnverifiedLogin: true temporarily to bypass email verification
  3. Check your server logs for email content and verification links
Security Note

In production:

  • Always enable email verification
  • Use secure SMTP settings
  • Set appropriate rate limits
  • Implement proper error handling