Authentication

Providers

Credentials, Google, and GitHub authentication providers.

Credentials

Email and password authentication with OTP email verification. The provider is configured in lib/auth/config.ts.

Passwords are hashed with bcryptjs (cost 12). Users must verify their email via a 6-digit OTP before they can log in.

Validation rules

Defined in lib/schemas/auth.ts:

Name: 1-64 characters
Email: Valid email format, max 255 characters
Password: 8-72 characters, must contain at least one uppercase letter and one digit

Google OAuth

Create OAuth credentials at Google Cloud Console
Add authorized redirect URI: https://yourdomain.com/api/auth/callback/google
Set environment variables:

NEXT_PUBLIC_AUTH_GOOGLE="true"
AUTH_GOOGLE_ID=""
AUTH_GOOGLE_SECRET=""

GitHub OAuth

Create an OAuth app at GitHub Developer Settings
Set authorization callback URL: https://yourdomain.com/api/auth/callback/github
Set environment variables:

NEXT_PUBLIC_AUTH_GITHUB="true"
AUTH_GITHUB_ID=""
AUTH_GITHUB_SECRET=""

Disabling a provider

Set NEXT_PUBLIC_AUTH_GOOGLE or NEXT_PUBLIC_AUTH_GITHUB to "false" (or remove the variable) to hide the button from the login form.

Authentication Overview

How authentication works in Creator using Auth.js.

Auth Guards

How to protect API routes and pages with authentication and authorization guards.

On this page

Credentials Validation rules Google OAuth GitHub OAuth Disabling a provider

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.