User & Accounts
Beyond authenticating users, better auth also provides a set of methods to manage users. This includes, updating user information, changing passwords, and more.
User table
The user table stores the user data. The user table has the following fields:
id
: The user id.email
: The email of the user.name
: The name of the user.image
: The image of the user.createdAt
: The creation date of the user.updatedAt
: The last update date of the user.
The user table can be extended by plugins to store additional data. When a plugin extends a user table it's infered by the type system and can be used in the client.
Update User
Update User Information
To update user information, you can use the updateUser
function provided by the client. The updateUser
function takes an object with the following properties:
Change Password
Password of a user isn't stored in the user table. Instead, it's stored in the account table. To change the password of a user, you can use the changePassword
function provided by the client. The changePassword
function takes an object with the following properties:
Set Password
If a user was registered using oAuth or other providers, they won't have a password. In this case, you can use the setPassword
function to set a password for the user. This will create a new credential account with the password.
Accounts
Better Auth supports multiple authentication methods. Each authentication method is called a provider. For example, email and password authentication is a provider, Google authentication is a provider, etc.
When a user signs in using a provider, an account is created for the user. The account stores the authentication data returned by the provider. This data includes the access token, refresh token, and other information returned by the provider.
Account table
The account table stores the authentication data of the user. The account table has the following fields:
id
: The unique identifier of the account.userId
: The id of the user.accountId
: The id of the account. (optional)providerId
: The id of the provider. (optional)accessToken
: The access token of the account. Returned by the provider. (optional)refreshToken
: The refresh token of the account. Returned by the provider. (optional)expiresAt
: The time when the access token expires. (optional)password
: The password of the account. Mainly used for email and password authentication. (optional)
Account linking
Account linking allows users to link multiple authentication methods to the same account. This is useful when users want to sign in using different methods.
By default better auth allows account linking for all providers. You can disable account linking by setting accountLinking.enabled
to false
.
You can also specify, the list of providers that should be trusted. When a user signs in using a trusted provider, if the provider returns a verfied email, the user is automatically signed in.