Authentication
Email/password, magic links, password reset, MFA, and social sign-in — powered by Better Auth and ready to toggle.
Overview
SiteKnock's built-in authentication is powered by Better Auth. It provides secure, cookie-based sessions and a full set of sign-in methods, with pre-built pages and server-side session validation out of the box.
Prefer to use an external provider like Supabase, Convex, or Firebase? See External Auth (BaaS).
Sign-in methods
Enable any combination of methods in your config (or with toggles in Studio):
"auth": {
"enabled": true,
"credentials": { "enabled": true, "signUp": true, "resetPassword": true, "emailVerification": true },
"social": { "enabled": true, "providers": [{ "provider": "google", "enabled": true }] },
"magicLink": { "enabled": true },
"mfa": { "enabled": true }
}
| Method | What it adds |
|---|---|
| Credentials | Email + password sign-in, optional sign-up, password reset, and email verification |
| Social | One-click sign-in with Google, GitHub, and other providers |
| Magic link | Passwordless sign-in via an emailed link |
| MFA | Time-based one-time password (TOTP) two-factor authentication |
Some methods imply others. Magic link automatically enables email, since it needs to send the link. Studio resolves these dependencies for you.
Pre-built pages
You get ready-made, branded, fully localized auth pages:
- Sign-in and sign-up
- "Magic link sent" confirmation
- Password reset
- MFA enrollment and verification
These live in your frontend and inherit your theme and branding.
Sessions and security
Sessions use secure, HTTP-only cookies. Protected backend routes validate the session on the server — the source of truth is always server-side:
const session = await auth.api.getSession({ headers: req.headers })
if (!session) {
res.status(401).json({ error: "Unauthorized" })
return
}
Configure in Studio
In Studio you can toggle each sign-in method, configure social provider credentials, set the post-login dashboard page, and manage the sibling organizations and billing features.