Server email OTP authentication
It appears, from reading the docs, that email-and-password can be done if you're doing server-side auth only, however email-OTP is not currently supported. Am I missing something? I've got it working by having the server use the client library, but that's kind of ugly. Thanks!
3 Replies
Hey @chris_st, Any of the auth options needs to use server side for the service in general (email and password doesn't have to bed done server side), you form will run client side and than the funtion is run and calls the server in which is does the rest of the logic.
Email OTP is supported you can do it a few ways:
1. Using the email verfication when using email & password: https://www.better-auth.com/docs/authentication/email-password#email-verification, this will make the user have to verfiy their email after signing in / up with thier email.
2. passwordless using Email OTP: https://www.better-auth.com/docs/plugins/email-otp or Magic Link: https://www.better-auth.com/docs/plugins/magic-link theses are plugin's however rather than builtin as an authentication option, this will send a code or magic link with token to the user just like verfiying their email, making it a form of passwordless authentication while when you use this you use
authClient.signIn.magicLink() it will create the user they don't already exist.
So if you are looking to just verify a users email when using email & password auth use the https://www.better-auth.com/docs/authentication/email-password#email-verification but if you are looking for passwordless auth you can use either Email OTP: https://www.better-auth.com/docs/plugins/email-otp or Magic Link: https://www.better-auth.com/docs/plugins/magic-link .
Hope that helpsEmail OTP | Better Auth
Email OTP plugin for Better Auth.
Magic link | Better Auth
Magic link plugin
Email & Password | Better Auth
Implementing email and password authentication with Better Auth.
@Jacob Thanks for the tips - yeah, I'd seen those docs already. I guess my original post wasn't clear. I don't want to use any client-side javascript at all. Some of the auth techniques, like username/password, can be done entirely server-side, but as near as I can tell, email/otp cannot at the moment. I may look into implementing it in the future, but for now I'm trying to get something built, and the work-around I have is good enough for now. Finishing that project comes first.
@chris_st I mean at the end of the day it's just a wrapper around an api, so you could just call the api. but on the server if you are just doing email/OTP you can do something like this:
auth.api.signInMagicLink(); and auth.api.magicLinkVerify(); just pass the email through and then the token and you''l be set. seems like all methods that you can use on the client you can do on the server through auth.api hope that might help