Authentication

TanStarter uses Better Auth for authentication, a TypeScript-native authentication library.

Setup

Environment Variables

Generate a random secret and add it to your environment variables file:

openssl rand -base64 32

.env

BETTER_AUTH_SECRET=your_generated_secret

Website Configuration

In most cases, the default configuration works fine. If you need to change it, modify the auth config in src/config/website.ts:

export const websiteConfig: WebsiteConfig = {
  // ...
  auth: {
    enable: true,
    enableGoogleLogin: true,     // Enable Google login
    enableCredentialLogin: true, // Enable email/password login
    enableDeleteAccount: true,   // Allow users to delete their account
  },
  // ...
};

Option	Type	Default	Description
enable	boolean	true	Enable/disable authentication
enableGoogleLogin	boolean	true	Enable Google OAuth login
enableCredentialLogin	boolean	false	Enable email/password login
enableDeleteAccount	boolean	true	Allow users to delete their account

Google OAuth (Optional)

If Google login is enabled, you need to configure Google OAuth:

Go to Google Cloud Console
Create a new project
Go to APIs & Services > Credentials
Click Create Credentials > OAuth client ID
Configure the consent screen if prompted
Select Web application as the application type
Add http://localhost:3000 and https://your-domain.com to Authorized JavaScript origins
Add http://localhost:3000/api/auth/callback/google and https://your-domain.com/api/auth/callback/google to Authorized redirect URIs
Copy the Client ID and Client Secret to your environment variables file:

.env

GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret

If you are setting up your environment, you can now go back to the Environment Configuration and continue. The rest of this document can be read later.

Environment Configuration

Set up environment variables

Authentication Architecture

The authentication system in TanStarter consists of the following components:

auth.ts

client.ts

types.ts

Auth Routes

TanStarter provides the following authentication routes:

Route	Description
`/auth/login`	Login page
`/auth/register`	Registration page
`/auth/forgot-password`	Password reset request
`/auth/reset-password`	Password reset form
`/auth/error`	Error page

References

Next Steps

Now that you understand how authentication works in TanStarter, you might want to explore these related features:

Email

Configure email services

Payment

Configure Stripe payments

Database

Configure database

Deployment

Deploy to Cloudflare Workers

Authentication

Learn how to set up and use authentication with Better Auth in TanStarter

TanStarter uses Better Auth for authentication, a TypeScript-native authentication library.

Setup

Environment Variables

Generate a random secret and add it to your environment variables file:

openssl rand -base64 32

.env

BETTER_AUTH_SECRET=your_generated_secret

Website Configuration

In most cases, the default configuration works fine. If you need to change it, modify the auth config in src/config/website.ts:

export const websiteConfig: WebsiteConfig = {
  // ...
  auth: {
    enable: true,
    enableGoogleLogin: true,     // Enable Google login
    enableCredentialLogin: true, // Enable email/password login
    enableDeleteAccount: true,   // Allow users to delete their account
  },
  // ...
};

Option	Type	Default	Description
enable	boolean	true	Enable/disable authentication
enableGoogleLogin	boolean	true	Enable Google OAuth login
enableCredentialLogin	boolean	false	Enable email/password login
enableDeleteAccount	boolean	true	Allow users to delete their account

Google OAuth (Optional)

If Google login is enabled, you need to configure Google OAuth:

Go to Google Cloud Console
Create a new project
Go to APIs & Services > Credentials
Click Create Credentials > OAuth client ID
Configure the consent screen if prompted
Select Web application as the application type
Add http://localhost:3000 and https://your-domain.com to Authorized JavaScript origins
Add http://localhost:3000/api/auth/callback/google and https://your-domain.com/api/auth/callback/google to Authorized redirect URIs
Copy the Client ID and Client Secret to your environment variables file:

.env

GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret

If you are setting up your environment, you can now go back to the Environment Configuration and continue. The rest of this document can be read later.

Environment Configuration

Set up environment variables

Authentication Architecture

The authentication system in TanStarter consists of the following components:

auth.ts

client.ts

types.ts

Auth Routes

TanStarter provides the following authentication routes:

Route	Description
`/auth/login`	Login page
`/auth/register`	Registration page
`/auth/forgot-password`	Password reset request
`/auth/reset-password`	Password reset form
`/auth/error`	Error page

Setup

Environment Variables

Website Configuration

Google OAuth (Optional)

Environment Configuration

Authentication Architecture

Auth Routes

References

Next Steps

Email

Payment

Database

Deployment

Table of Contents

Authentication

Setup

Environment Variables

Website Configuration

Google OAuth (Optional)

Environment Configuration

Authentication Architecture

Auth Routes

References

Next Steps

Email

Payment

Database

Deployment

Table of Contents