Leave Localhost logoLeave LocalhostDocs
Authentication

Email & Password Authentication

Email and password authentication is enabled with required email verification and password reset support.

Email and password authentication is enabled in the starter. New password accounts must verify their email address before they can sign in.

Configuration

It is configured in packages/backend/convex/auth.ts:

emailAndPassword: {
  enabled: true,
  requireEmailVerification: true,
  sendResetPassword: async ({ user, url }) => {
    // Sends Better Auth's reset URL through the email facade.
  },
},
emailVerification: {
  sendVerificationEmail: async ({ user, url }) => {
    // Sends Better Auth's verification URL through the email facade.
  },
  sendOnSignIn: true,
},

Email Verification

On signup, Better Auth creates the account without a session and sends a verification email. The product app shows a "check your email" state and lets the user resend the verification email. If an unverified password user tries to sign in, Better Auth denies the login and sends another verification email.

Verification links use Better Auth's built-in /verify-email route and token handling. The app does not parse or store verification tokens itself.

Password Reset

The login form includes a forgot-password flow. Users request a reset email, Better Auth sends a provider-generated reset URL, and that URL redirects back to the localized /reset-password page with a validated token.

The app submits the new password through Better Auth's /reset-password endpoint. It does not create custom reset tokens.

Required Email Setup

Password signup verification, password reset, magic-link sign-in, and invitations require Resend auth email configuration:

RESEND_API_KEY=
RESEND_AUTH_FROM_EMAIL=

Use a verified sender/domain in production.

Existing Accounts

Existing unverified password accounts remain unable to sign in until their email is verified. They can request a fresh verification email from the login flow.

On this page