emailAndPassword
Handles email/password authentication for Better Auth, covering sign-up, sign-in, email verification, password reset flows, and password hashing configuration.
Setup & Installation
What This Skill Does
Handles email/password authentication for Better Auth, covering sign-up, sign-in, email verification, password reset flows, and password hashing configuration. Supports policies like minimum length, token expiry, and session revocation on reset. Hashing defaults to scrypt but can be swapped for Argon2id or any custom algorithm.
Wiring up password reset flows, email verification gates, and hashing policies from scratch involves non-trivial timing-attack mitigations and token lifecycle management that this handles out of the box.
When to use it
- Setting up email verification that blocks sign-in until the address is confirmed
- Sending password reset emails with single-use, expiring tokens
- Revoking all active sessions when a user resets their password
- Switching from scrypt to Argon2id for password hashing with custom cost parameters
- Configuring minimum and maximum password length requirements at the server level
Similar Skills
best-practices
A checklist of modern web development standards covering HTTPS, CSP headers, input sanitization, deprecated API avoidance, and HTML validity.
auth0-android
Adds authentication to native Android apps using the Auth0 SDK.
auth0-angular
Adds authentication to Angular apps using the @auth0/auth0-angular SDK.
auth0-aspnetcore-api
Adds JWT access token validation to ASP.