Authentication

better-auth setup, sessions, magic link, credentials, and how generated apps wire environment variables.

better-auth

Generated apps use better-auth with configurable providers:

• Google and GitHub OAuth
• Magic link
• Email and password (credentials)

Sessions and device lists follow better-auth defaults. Copy variables from .env.example and fill secrets before first login.

Environment checklist

• OAuth client IDs and secrets per provider
• BETTER_AUTH_SECRET (or generated equivalent)
• Email provider keys when using magic link

Session management

Sessions are HTTP-only cookies by default. Use the generated session helpers in server components and route handlers to read the current user.

Related guides

• OAuth providers
• Two-factor (TOTP)
• Passkeys
• Super admin