Leave Localhost logoLeave LocalhostDocs
Authentication

Authentication Methods

The application supports multiple authentication methods out-of-the-box, giving your users flexibility in how they access your product. You can enable or disable these.

The application supports multiple authentication methods out-of-the-box, giving your users flexibility in how they access your product. You can enable or disable these methods in packages/backend/convex/auth.ts.

Available Methods

  1. Email and Password: The standard authentication method. Email verification is required before sign-in, and password reset is enabled.
  2. Magic Links: Passwordless email authentication where users receive a secure login link via email. Powered by Resend.
  3. Google OAuth: Social sign-in using Google accounts.
  4. Microsoft OAuth: Social sign-in using Microsoft Entra ID (formerly Azure AD).

Configuring Methods

To enable or disable specific methods, edit the createAuth function in auth.ts:

export const createAuth = (ctx: GenericCtx<DataModel>) => {
  return betterAuth({
    // ...
    emailAndPassword: {
      enabled: true, // Set to false to disable
      requireEmailVerification: true,
      sendResetPassword: async ({ user, url }) => {
        // Send Better Auth's reset URL.
      },
    },
    emailVerification: {
      sendVerificationEmail: async ({ user, url }) => {
        // Send Better Auth's verification URL.
      },
      sendOnSignIn: true,
    },
    socialProviders: {
      google: { ... },
      // ...
    },
    plugins: [
      magicLink({ ... }),
      // ...
    ],
  });
};

See individual provider documentation for setup instructions and environment variable requirements.

On this page