Skip to main content

Auth features

Better Auth plugins are wired only through explicit Nest v1 controllers. Anything not exposed there is unsupported for product and compliance reviews.
CapabilitySupportedNotes
Email + passwordYesPOST /api/v1/auth/sign-in, sign-up
Email OTPYesVerify + passwordless sign-in
Google / Apple / Microsoft OAuthYesWhen env configured; JWT via JwtIssuerService
Enterprise OIDC SSOYesPOST /api/v1/auth/sso/authorize, GET .../callback
Magic link sign-inNoPlugin removed; reset links are password-reset only
TOTP / 2FA on sign-inNotwoFactor() removed from factory
Phone / WhatsApp OTPNophoneNumber() removed
Reintroduce magic link, phone OTP, or 2FA only behind dedicated /api/v1/auth/* handlers that issue credentials through JwtIssuerService, matching social and SSO flows.

Other platform features

  • Multi-tenant organizations (/api/v1/organizations/*)
  • Email via Kafka to fluide-utils (Resend templates)
  • Redis-backed cache (sessions, rate limits, OTP); in-memory fallback
  • Drizzle migrations as single source of schema truth
See Enterprise SSO for operator setup.