Email is a key part of Better Auth, required for all users regardless of their authentication method. Better Auth provides email and password authentication out of the box, and a lot of utilities to help you manage email verification, password reset, and more.
Email Verification
Email verification is a security feature that ensures users provide a valid email address. It helps prevent spam and abuse by confirming that the email address belongs to the user.
Adding Email Verification to Your App
To enable email verification, you need to pass a function that sends a verification email with a link.
- sendVerificationEmail: This function is triggered when email verification starts. It accepts three arguments:
user
: The user object containing the email address.url
: The verification URL the user must click to verify their email.token
: A verification token used to complete the email verification.
Triggering Email Verification
You can initiate email verification in two ways:
1. During Sign-up
To automatically send a verification email at signup, set emailVerification.sendOnSignUp
to true
.
This sends a verification email when a user signs up. For social logins, email verification is skipped, and the email is marked as verified unless the provider isn't listed in the trustedProviders
option.
2. Require Email Verification
If you enable require email verification, users must verify their email before they can log in. And every time a user tries to sign in, sendVerificationEmail
is called.
This only works if you have sendVerificationEmail
implemented and if the user is trying to sign in with email and password.
if a user tries to sign in without verifying their email, you can handle the error and show a message to the user.
3. Manually
You can also manually trigger email verification by calling sendVerificationEmail
.
Verifying the Email
If the user clicks the provided verification URL, their email is automatically verified, and they are redirected to the callbackURL
.
For manual verification, you can send the user a custom link with the token
and call the verifyEmail
function.
Password Reset Email
Password reset allows users to reset their password if they forget it. Better Auth provides a simple way to implement password reset functionality.
You can enable password reset by passing a function that sends a password reset email with a link.
Check out the Email and Password guide for more details on how to implement password reset in your app.