Docs

User & Accounts

Beyond authenticating users, better auth also provides a set of methods to manage users. This includes, updating user information, changing passwords, and more.

User table

The user table stores the user data. The user table has the following fields:

  • id: The user id.
  • email: The email of the user.
  • name: The name of the user.
  • image: The image of the user.
  • createdAt: The creation date of the user.
  • updatedAt: The last update date of the user.

The user table can be extended by plugins to store additional data. When a plugin extends a user table it's infered by the type system and can be used in the client.

Update User

Update User Information

To update user information, you can use the updateUser function provided by the client. The updateUser function takes an object with the following properties:

await user.update({
    image: "https://example.com/image.jpg",
    name: "John Doe",
})

Change Password

Password of a user isn't stored in the user table. Instead, it's stored in the account table. To change the password of a user, you can use the changePassword function provided by the client. The changePassword function takes an object with the following properties:

await user.changePassword({
    newPassword: "newPassword123",
    currentPassword: "oldPassword123",
    revokeOtherSessions: true, // revoke all other sessions the user is signed into
});

Set Password

If a user was registered using oAuth or other providers, they won't have a password. In this case, you can use the setPassword function to set a password for the user. This will create a new credential account with the password.

await user.setPassword({
    password,
});

Accounts

Better Auth supports multiple authentication methods. Each authentication method is called a provider. For example, email and password authentication is a provider, Google authentication is a provider, etc.

When a user signs in using a provider, an account is created for the user. The account stores the authentication data returned by the provider. This data includes the access token, refresh token, and other information returned by the provider.

Account table

The account table stores the authentication data of the user. The account table has the following fields:

  • id: The unique identifier of the account.
  • userId: The id of the user.
  • accountId: The id of the account. (optional)
  • providerId: The id of the provider. (optional)
  • accessToken: The access token of the account. Returned by the provider. (optional)
  • refreshToken: The refresh token of the account. Returned by the provider. (optional)
  • expiresAt: The time when the access token expires. (optional)
  • password: The password of the account. Mainly used for email and password authentication. (optional)

Account linking

Account linking allows users to link multiple authentication methods to the same account. This is useful when users want to sign in using different methods.

By default better auth allows account linking for all providers. You can disable account linking by setting accountLinking.enabled to false.

const auth = new BetterAuth({
    account: {
       accountLinking: {
            enabled: false,
       }
    },
});

You can also specify, the list of providers that should be trusted. When a user signs in using a trusted provider, if the provider returns a verfied email, the user is automatically signed in.

const auth = new BetterAuth({
    account: {
       accountLinking: {
            enabled: true,
            trustedProviders: ["email-password", "google"],
       }
    },
});

On this page

User table
Update User
Update User Information
Change Password
Set Password
Accounts
Account table
Account linking
Edit on GitHub