better-auth 0.7.0

The most comprehensive authentication framework for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225

# Better Auth RS

The most comprehensive authentication framework for Rust. Inspired by [Better Auth](https://www.better-auth.com/).

[![Crates.io](https://img.shields.io/crates/v/better-auth.svg)](https://crates.io/crates/better-auth)
[![Documentation](https://docs.rs/better-auth/badge.svg)](https://docs.rs/better-auth)
[![CI](https://github.com/better-auth-rs/better-auth-rs/actions/workflows/ci.yml/badge.svg)](https://github.com/better-auth-rs/better-auth-rs/actions/workflows/ci.yml)
[![License](https://img.shields.io/crates/l/better-auth.svg)](LICENSE-MIT)

## Features

- **Plugin Architecture** - Extend and customize authentication flows
- **Type Safety** - Leverages Rust's type system for compile-time guarantees
- **Async First** - Built on Tokio with full async/await support
- **Database Agnostic** - Support for multiple databases through adapter pattern
- **Web Framework Integration** - First-class Axum support
- **OpenAPI** - Built-in OpenAPI spec generation
- **Middleware** - CSRF, CORS, rate limiting, body size limits

## Quick Start

Add to your `Cargo.toml`:

```toml
[dependencies]
better-auth = "0.6"
```

```rust
use better_auth::{BetterAuth, AuthConfig};
use better_auth::plugins::EmailPasswordPlugin;
use better_auth::adapters::MemoryDatabaseAdapter;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = AuthConfig::new("your-very-secure-secret-key-at-least-32-chars-long")
        .base_url("http://localhost:3000")
        .password_min_length(8);

    let auth = BetterAuth::new(config)
        .database(MemoryDatabaseAdapter::new())
        .plugin(EmailPasswordPlugin::new().enable_signup(true))
        .build()
        .await?;

    println!("Authentication system ready!");
    println!("Registered plugins: {:?}", auth.plugin_names());

    Ok(())
}
```

### Axum Integration

Enable the `axum` feature:

```toml
[dependencies]
better-auth = { version = "0.6", features = ["axum"] }
```

```rust
use better_auth::{BetterAuth, AuthConfig};
use better_auth::plugins::EmailPasswordPlugin;
use better_auth::adapters::MemoryDatabaseAdapter;
use better_auth::handlers::AxumIntegration;
use std::sync::Arc;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = AuthConfig::new("your-secret-key");

    let auth = Arc::new(
        BetterAuth::new(config)
            .database(MemoryDatabaseAdapter::new())
            .plugin(EmailPasswordPlugin::new())
            .build()
            .await?
    );

    let app = auth.axum_router();

    let listener = tokio::net::TcpListener::bind("0.0.0.0:3000").await?;
    axum::serve(listener, app).await?;

    Ok(())
}
```

## Crate Structure

| Crate | Description |
|-------|-------------|
| [`better-auth`](https://crates.io/crates/better-auth) | Main crate, re-exports and Axum integration |
| [`better-auth-core`](https://crates.io/crates/better-auth-core) | Core abstractions: traits, config, middleware, error handling |
| [`better-auth-api`](https://crates.io/crates/better-auth-api) | Plugin implementations (email/password, session management, organization, etc.) |
| [`better-auth-derive`](https://crates.io/crates/better-auth-derive) | Derive macros for custom entity types (`AuthUser`, `MemoryUser`, etc.) |

## Plugins

| Plugin | Status | Description |
|--------|--------|-------------|
| Email/Password | Done | Sign up/sign in with email & password, username support |
| Password Management | Done | Password reset, change, set |
| Email Verification | Done | Email verification workflows |
| Session Management | Done | Session listing and revocation |
| Account Management | Done | Account linking and unlinking |
| Organization | Done | Multi-tenant organizations with RBAC |
| OAuth | Planned | Social sign-in (OAuth 2.0) |
| Two-Factor Auth | Planned | TOTP, backup codes |

## API Endpoints

Endpoints are registered by plugins:

```
# Authentication
POST /sign-up/email          # User registration
POST /sign-in/email          # Email-based login
POST /sign-in/username       # Username-based login

# Password Management
POST /forget-password        # Password reset request
POST /reset-password         # Password reset confirmation
POST /change-password        # Change password (authenticated)
POST /set-password           # Set password (authenticated)

# Email Verification
POST /send-verification-email
GET  /verify-email

# Session Management
GET  /list-sessions          # List active sessions
POST /revoke-session         # Revoke a session

# Account Management
GET  /list-accounts          # List linked accounts
POST /unlink-account         # Unlink an account

# Organization (multi-tenant)
POST /organization/create           # Create organization
POST /organization/update           # Update organization
POST /organization/delete           # Delete organization
GET  /organization/list             # List user's organizations
GET  /organization/get-full-organization
POST /organization/set-active       # Set active organization
POST /organization/leave            # Leave organization
POST /organization/check-slug       # Check slug availability

# Organization Members
GET  /organization/get-active-member
GET  /organization/list-members
POST /organization/remove-member
POST /organization/update-member-role

# Organization Invitations
POST /organization/invite-member
GET  /organization/get-invitation
GET  /organization/list-invitations
POST /organization/accept-invitation
POST /organization/reject-invitation
POST /organization/cancel-invitation

# RBAC
POST /organization/has-permission   # Check permissions
```

## Database Adapters

- **MemoryDatabaseAdapter** - In-memory storage for development and testing
- **SqlxAdapter** - PostgreSQL with connection pooling (`sqlx-postgres` feature)

### Migrations

SQL migration files are provided in the `migrations/` directory. Apply them with any migration tool or directly:

```bash
export DATABASE_URL="postgresql://user:pass@localhost:5432/better_auth"
psql "$DATABASE_URL" -f migrations/001_create_core_tables.sql
psql "$DATABASE_URL" -f migrations/002_create_organization_tables.sql
```

## Feature Flags

```toml
[features]
axum = []           # Axum web framework integration
derive = []         # Custom entity derive macros (AuthUser, MemoryUser, etc.)
sqlx-postgres = []  # PostgreSQL database support
redis-cache = []    # Redis caching (planned)
```

## Examples

See [examples/README.md](examples/README.md) for detailed documentation.

```bash
# Basic usage (in-memory)
cargo run --example basic_usage

# PostgreSQL
export DATABASE_URL="postgresql://user:pass@localhost:5432/better_auth"
cargo run --example postgres_usage --features sqlx-postgres

# Axum web server with interactive demo
cargo run --example axum_server --features axum

# Custom entity types with derive macros
cargo run --example custom_entities --features derive

# SQLx custom entities (standalone project)
cargo run --manifest-path examples/sqlx-custom-entities/Cargo.toml

# Sea-ORM with migration (standalone project)
cargo run --manifest-path examples/sea-orm-migration/Cargo.toml
```

## License

Licensed under either of:

- [MIT License](LICENSE-MIT)
- [Apache License, Version 2.0](LICENSE-APACHE)

at your option.