Authentication

Note: The setup guides below explain how we configured the boilerplate. You don’t need to perform these steps yourself.

​

Features

• 🔐 Multiple Authentication Methods
  • Email & Password
  • Social Providers (Google)
  • Email Verification
  • Password Reset Flow
• 💳 Payment Integration (Stripe & Polar.sh)
• 🛡️ Protected Routes
• 🔒 Session Management

​

Quick Start

1. Set up environment variables: in the .env file in apps/server

# Auth Configuration
AUTH_SECRET="your-auth-secret"
CORS_ORIGIN="http://localhost:3001"

# OAuth Providers
GOOGLE_CLIENT_ID="your-google-client-id"
GOOGLE_CLIENT_SECRET="your-google-client-secret"

# Email (Resend)
RESEND_API_KEY="your-resend-api-key"

NEXT_PUBLIC_SERVER_URL=http://localhost:3000
NEXT_PUBLIC_APP_URL=http://localhost:3001

2. Install dependencies:

bun add better-auth @better-auth/stripe @polar-sh/better-auth

​

Authentication Methods

​

Email & Password

• Email verification
• Password reset flow
• Secure password hashing
• Rate limiting

​

Social Providers

• Google OAuth
• More providers coming soon

​

Protected Routes

// middleware.ts
export const config = {
  matcher: [
    "/dashboard/:path*",
    "/settings/:path*",
    "/api/protected/:path*",
  ],
};

​

Session Management

• Secure cookie storage
• Automatic session refresh
• Cross-subdomain support

​

Integration with Payments

• Polar.sh (primary)
• Stripe (fallback)
• Subscription management
• Customer portal

​

Security Best Practices

1. Password Security
   • Strong password hashing
   • Rate limiting
   • Password complexity requirements
2. Session Security
   • Secure session storage
   • Session timeout
   • CSRF protection
   • Secure cookies
3. OAuth Security
   • Token validation
   • State parameter
   • Secure client secrets

​

Next Steps

• Set up Email & Password auth
• Set up Social auth
• Configure protected routes
• Set up session management