Authentication
Authentication Methods
The application supports multiple authentication methods out-of-the-box, giving your users flexibility in how they access your product. You can enable or disable these.
The application supports multiple authentication methods out-of-the-box, giving your users flexibility in how they access your product. You can enable or disable these methods in packages/backend/convex/auth.ts.
Available Methods
- Email and Password: The standard authentication method. Email verification is required before sign-in, and password reset is enabled.
- Magic Links: Passwordless email authentication where users receive a secure login link via email. Powered by Resend.
- Google OAuth: Social sign-in using Google accounts.
- Microsoft OAuth: Social sign-in using Microsoft Entra ID (formerly Azure AD).
Configuring Methods
To enable or disable specific methods, edit the createAuth function in auth.ts:
export const createAuth = (ctx: GenericCtx<DataModel>) => {
return betterAuth({
// ...
emailAndPassword: {
enabled: true, // Set to false to disable
requireEmailVerification: true,
sendResetPassword: async ({ user, url }) => {
// Send Better Auth's reset URL.
},
},
emailVerification: {
sendVerificationEmail: async ({ user, url }) => {
// Send Better Auth's verification URL.
},
sendOnSignIn: true,
},
socialProviders: {
google: { ... },
// ...
},
plugins: [
magicLink({ ... }),
// ...
],
});
};See individual provider documentation for setup instructions and environment variable requirements.