Better Auth RS

The most comprehensive authentication framework for Rust. Inspired by Better Auth.

Features

• Plugin Architecture - Extend and customize authentication flows
• Type Safety - Leverages Rust's type system for compile-time guarantees
• Async First - Built on Tokio with full async/await support
• Database Agnostic - Support for multiple databases through adapter pattern
• Web Framework Integration - First-class Axum support
• OpenAPI - Built-in OpenAPI spec generation
• Middleware - CSRF, CORS, rate limiting, body size limits

Quick Start

Add to your Cargo.toml:

[dependencies]
better-auth = "0.4"

use better_auth::{BetterAuth, AuthConfig};
use better_auth::plugins::EmailPasswordPlugin;
use better_auth::adapters::MemoryDatabaseAdapter;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = AuthConfig::new("your-very-secure-secret-key-at-least-32-chars-long")
        .base_url("http://localhost:3000")
        .password_min_length(8);

    let auth = BetterAuth::new(config)
        .database(MemoryDatabaseAdapter::new())
        .plugin(EmailPasswordPlugin::new().enable_signup(true))
        .build()
        .await?;

    println!("Authentication system ready!");
    println!("Registered plugins: {:?}", auth.plugin_names());

    Ok(())
}

Axum Integration

Enable the axum feature:

[dependencies]
better-auth = { version = "0.4", features = ["axum"] }

use better_auth::{BetterAuth, AuthConfig};
use better_auth::plugins::EmailPasswordPlugin;
use better_auth::adapters::MemoryDatabaseAdapter;
use better_auth::handlers::AxumIntegration;
use std::sync::Arc;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = AuthConfig::new("your-secret-key");

    let auth = Arc::new(
        BetterAuth::new(config)
            .database(MemoryDatabaseAdapter::new())
            .plugin(EmailPasswordPlugin::new())
            .build()
            .await?
    );

    let app = auth.axum_router();

    let listener = tokio::net::TcpListener::bind("0.0.0.0:3000").await?;
    axum::serve(listener, app).await?;

    Ok(())
}

Crate Structure

Plugins

API Endpoints

Endpoints are registered by plugins:

# Authentication
POST /sign-up/email          # User registration
POST /sign-in/email          # Email-based login
POST /sign-in/username       # Username-based login

# Password Management
POST /forget-password        # Password reset request
POST /reset-password         # Password reset confirmation
POST /change-password        # Change password (authenticated)
POST /set-password           # Set password (authenticated)

# Email Verification
POST /send-verification-email
POST /verify-email

# Session Management
GET  /sessions               # List active sessions
POST /revoke-session         # Revoke a session

# Account Management
GET  /accounts               # List linked accounts
POST /unlink-account         # Unlink an account

# Organization (multi-tenant)
POST /organization/create           # Create organization
POST /organization/update           # Update organization
POST /organization/delete           # Delete organization
GET  /organization/list             # List user's organizations
GET  /organization/get-full-organization
POST /organization/set-active       # Set active organization
POST /organization/leave            # Leave organization
POST /organization/check-slug       # Check slug availability

# Organization Members
GET  /organization/get-active-member
GET  /organization/list-members
POST /organization/remove-member
POST /organization/update-member-role

# Organization Invitations
POST /organization/invite-member
GET  /organization/get-invitation
GET  /organization/list-invitations
POST /organization/accept-invitation
POST /organization/reject-invitation
POST /organization/cancel-invitation

# RBAC
POST /organization/has-permission   # Check permissions

Database Adapters

• MemoryDatabaseAdapter - In-memory storage for development and testing
• SqlxAdapter - PostgreSQL with connection pooling (sqlx-postgres feature)

Migrations

SQL migration files are provided in the migrations/ directory. Apply them with any migration tool or directly:

export DATABASE_URL="postgresql://user:pass@localhost:5432/better_auth"
psql "$DATABASE_URL" -f migrations/001_create_core_tables.sql
psql "$DATABASE_URL" -f migrations/002_create_organization_tables.sql

Feature Flags

[features]
axum = []           # Axum web framework integration
derive = []         # Custom entity derive macros (AuthUser, MemoryUser, etc.)
sqlx-postgres = []  # PostgreSQL database support
redis-cache = []    # Redis caching (planned)

Examples

See examples/README.md for detailed documentation.

# Basic usage (in-memory)
cargo run --example basic_usage

# PostgreSQL
export DATABASE_URL="postgresql://user:pass@localhost:5432/better_auth"
cargo run --example postgres_usage --features sqlx-postgres

# Axum web server with interactive demo
cargo run --example axum_server --features axum

# Custom entity types with derive macros
cargo run --example custom_entities --features derive

# SQLx custom entities (standalone project)
cargo run -p sqlx-custom-entities

# Sea-ORM with migration (standalone project)
cargo run -p sea-orm-migration-example

License

Licensed under either of:

• MIT License
• Apache License, Version 2.0

at your option.