A comprehensive, enterprise-ready authentication service built with Next.js and Better Auth, featuring OAuth/OIDC provider capabilities, multi-language support, and advanced security features.
- Multiple Auth Methods: Email/password, magic links, OTP (email and SMS), passkeys, usernames, anonymous authentication
- Two-Factor Authentication (2FA): Support for additional security layers
- JWT Support: Token-based authentication with JWT
- Session Management: Secure session handling with device tracking
- Email Verification: Required email verification on signup
- Password Reset: Secure password reset flow with email notifications
- Full OAuth 2.0 & OpenID Connect Provider: Allow third-party applications to authenticate users
- Dynamic Client Management: Create and manage OAuth clients through admin panel
- Scope Management: Configurable OAuth scopes with multi-language descriptions
- Consent Flow: User-friendly consent screen for OAuth authorization
- API Key Management: Generate and manage API keys with rate limiting
- Multi-Tenant Organizations: Support for team-based access control
- Organization Management: Create and manage organizations
- Member Invitations: Invite users to organizations via email
- SSO Integration: Ready for Single Sign-On integrations
- Multi-Language Support: English and Chinese (Simplified)
- Locale-aware Email Templates: Localized email notifications
- Dynamic Language Switching: User-friendly language switcher in UI
- Localized Content: Terms of service and privacy policies in multiple languages
- User Management: Create, edit, and manage user accounts
- OAuth Client Management: Create and manage OAuth clients
- Dashboard Statistics: Real-time statistics and metrics
- Admin Privileges: Role-based access control
- Modern Tech Stack: Next.js 15, React 19, TypeScript 5
- Type-Safe Database: Kysely ORM with PostgreSQL
- Component Library: Radix UI with Tailwind CSS
- Form Handling: React Hook Form for form validation
- Node.js 12+
- PostgreSQL database
- SMTP server for email functionality
- Clone the repository:
git clone <repository-url>
cd better-auth.zhuoling.space- Install dependencies:
npm install- Set up environment variables:
Create a .env.local file in the root directory:
# Database
DATABASE_URL=postgresql://user:password@localhost:5432/better_auth
# App Configuration
BETTER_AUTH_URL=http://localhost:3000
# Branding Configuration (optional)
# You can configure branding via environment variables or branding.json file
# Priority: Environment variables > branding.json > default (Zhuoling.Space)
# Option 1: Use JSON string in environment variable
BRANDING_CONFIG={"appName":"Your App","platformName":"Your Platform","serviceName":"Your Services","companyName":"Your Company","contactEmail":{"legal":"legal@example.com","privacy":"privacy@example.com","dpo":"dpo@example.com"},"serviceDescription":{"en":"your service description","zh":"ζ¨ηζε‘ζθΏ°"}}
# Option 2: Use individual environment variables
BRANDING_APP_NAME=Your App
BRANDING_PLATFORM_NAME=Your Platform
BRANDING_SERVICE_NAME=Your Services
BRANDING_COMPANY_NAME=Your Company
BRANDING_EMAIL_LEGAL=legal@example.com
BRANDING_EMAIL_PRIVACY=privacy@example.com
BRANDING_EMAIL_DPO=dpo@example.com
BRANDING_SERVICE_DESC_EN=your service description
BRANDING_SERVICE_DESC_ZH=ζ¨ηζε‘ζθΏ°
# Email Configuration
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USER=your-email@example.com
SMTP_PASSWORD=your-email-password
SMTP_FROM_EMAIL=noreply@example.com
SMTP_FROM_NAME=Your App Name
# Better Auth Secret (generate a secure random string)
BETTER_AUTH_SECRET=your-secret-key-here
# Better Auth URL, the base URL of your app
# Optional: Admin Configuration
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=secure-password- Run database migrations:
npm run migrate- Seed the database (optional if you don't need an admin user):
npm run seed- Start the development server:
npm run dev- Open http://localhost:3000 in your browser.
better-auth.zhuoling.space/
βββ migrations/ # Database migrations
βββ seeds/ # Database seed data
βββ src/
β βββ app/ # Next.js app router pages
β β βββ [locale]/ # Localized routes (en, zh)
β β β βββ (front)/ # Public pages (login, register, etc.)
β β β βββ account/ # User account pages
β β βββ admin/ # Admin panel pages
β β βββ api/ # API routes
β βββ components/ # React components
β β βββ ui/ # Reusable UI components
β βββ content/ # Markdown content (terms, privacy policy)
β βββ hooks/ # React hooks
β βββ lib/ # Core libraries
β βββ auth.ts # Better Auth configuration
β βββ db/ # Database models and connection
β βββ email/ # Email templates and utilities
β βββ i18n/ # Internationalization
β βββ oauth-clients.ts # OAuth utilities
βββ public/ # Static assets
βββ package.json
Email templates are located in src/lib/email/templates/ and support:
- Email verification
- Password reset
- Magic link authentication
- OTP (One-Time Password) codes
Templates are localized and support HTML content.
Add new languages by:
- Adding the locale to
src/lib/i18n/common.ts - Creating a dictionary file in
src/lib/i18n/dictionaries/ - Adding localized content in
src/content/
The platform supports dynamic branding configuration. You can customize:
- Application name, platform name, service name, company name
- Contact email addresses (legal, privacy, DPO)
- Service descriptions in multiple languages
Configuration Methods:
-
Environment Variables (highest priority):
- Set
BRANDING_CONFIGas a JSON string, or - Use individual
BRANDING_*environment variables
- Set
-
branding.json file (medium priority):
- Create a
branding.jsonfile in the project root - See
branding.jsonfor an example (Paperlib configuration)
- Create a
-
Default (fallback):
- Defaults to Zhuoling.Space branding if no configuration is provided
Template Syntax:
- i18n dictionaries support template variables:
{{appName}},{{platformName}}, etc. - MDX content files can use JSX components:
<BrandAppName />,<BrandPlatformName />, etc. - Escape characters: Use
\{{for literal{{,\\for literal\
OAuth clients are managed through the admin panel at /admin/clients. Configure:
- Client ID and secret
- Redirect URLs
- Allowed scopes
- Client type (confidential/public)
npm run dev- Start development server with Turbopacknpm run build- Build for productionnpm run start- Start production servernpm run lint- Run ESLintnpm run migrate- Run database migrationsnpm run seed- Seed database with initial data
- Password Hashing: Secure password storage
- CSRF Protection: Built-in CSRF protection
- Rate Limiting: API key rate limiting support
- Session Security: Secure session management
- Email Verification: Required email verification
- 2FA Support: Additional security layer
- Passkey Support: WebAuthn/FIDO2 authentication
POST /api/auth/sign-in- User sign inPOST /api/auth/sign-up- User registrationPOST /api/auth/sign-out- User sign outPOST /api/auth/verify-email- Email verification
GET /api/auth/oauth/authorize- OAuth authorization endpointPOST /api/auth/oauth/token- OAuth token endpointGET /api/auth/.well-known/openid-configuration- OIDC discovery
GET /api/admin/stats- Dashboard statisticsGET /api/admin/oauth-clients- List OAuth clientsPOST /api/admin/oauth-clients- Create OAuth clientGET /api/admin/oauth-clients/[clientId]- Get OAuth client details
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Better Auth - Authentication framework
- Next.js - React framework
- Shadcn - Component library
- Tailwind CSS - Utility-first CSS framework
For issues, feature requests, or questions, please open an issue on the GitHub repository.
Built with β€οΈ using Next.js and Better Auth