@@ -18,13 +18,29 @@ Used in server-side configuration injection.
1818## TypeScript Usage
1919
2020``` typescript
21- import { AuthConfig , AuthPluginConfig , AuthProviderConfig , MutualTLSConfig } from ' @objectstack/spec/system' ;
22- import type { AuthConfig , AuthPluginConfig , AuthProviderConfig , MutualTLSConfig } from ' @objectstack/spec/system' ;
21+ import { AdvancedAuthConfig , AuthConfig , AuthPluginConfig , AuthProviderConfig , EmailAndPasswordConfig , EmailVerificationConfig , MutualTLSConfig , SocialProviderConfig } from ' @objectstack/spec/system' ;
22+ import type { AdvancedAuthConfig , AuthConfig , AuthPluginConfig , AuthProviderConfig , EmailAndPasswordConfig , EmailVerificationConfig , MutualTLSConfig , SocialProviderConfig } from ' @objectstack/spec/system' ;
2323
2424// Validate data
25- const result = AuthConfig .parse (data );
25+ const result = AdvancedAuthConfig .parse (data );
2626```
2727
28+ ---
29+
30+ ## AdvancedAuthConfig
31+
32+ Advanced / low-level Better-Auth options
33+
34+ ### Properties
35+
36+ | Property | Type | Required | Description |
37+ | :--- | :--- | :--- | :--- |
38+ | ** crossSubDomainCookies** | ` Object ` | optional | Share auth cookies across subdomains (critical for * .example.com multi-tenant) |
39+ | ** useSecureCookies** | ` boolean ` | optional | Force Secure flag on cookies |
40+ | ** disableCSRFCheck** | ` boolean ` | optional | ⚠ Disable CSRF check — security risk, use with caution |
41+ | ** cookiePrefix** | ` string ` | optional | Prefix for auth cookie names |
42+
43+
2844---
2945
3046## AuthConfig
@@ -39,6 +55,11 @@ const result = AuthConfig.parse(data);
3955| ** providers** | ` Object[] ` | optional | |
4056| ** plugins** | ` Object ` | optional | |
4157| ** session** | ` Object ` | optional | |
58+ | ** trustedOrigins** | ` string[] ` | optional | Trusted origins for CSRF protection. Supports wildcards (e.g. "https://* .example.com"). The baseUrl origin is always trusted implicitly. |
59+ | ** socialProviders** | ` Record<string, Record<string, any>> ` | optional | Social/OAuth provider map forwarded to better-auth socialProviders. Keys are provider ids (google, github, apple, …). |
60+ | ** emailAndPassword** | ` Object ` | optional | Email and password authentication options forwarded to better-auth |
61+ | ** emailVerification** | ` Object ` | optional | Email verification options forwarded to better-auth |
62+ | ** advanced** | ` Object ` | optional | Advanced / low-level Better-Auth options |
4263| ** mutualTls** | ` Object ` | optional | Mutual TLS (mTLS) configuration |
4364
4465
@@ -70,6 +91,42 @@ const result = AuthConfig.parse(data);
7091| ** scope** | ` string[] ` | optional | Requested permissions |
7192
7293
94+ ---
95+
96+ ## EmailAndPasswordConfig
97+
98+ Email and password authentication options forwarded to better-auth
99+
100+ ### Properties
101+
102+ | Property | Type | Required | Description |
103+ | :--- | :--- | :--- | :--- |
104+ | ** enabled** | ` boolean ` | ✅ | Enable email/password auth |
105+ | ** disableSignUp** | ` boolean ` | optional | Disable new user registration via email/password |
106+ | ** requireEmailVerification** | ` boolean ` | optional | Require email verification before creating a session |
107+ | ** minPasswordLength** | ` number ` | optional | Minimum password length (default 8) |
108+ | ** maxPasswordLength** | ` number ` | optional | Maximum password length (default 128) |
109+ | ** resetPasswordTokenExpiresIn** | ` number ` | optional | Reset-password token TTL in seconds (default 3600) |
110+ | ** autoSignIn** | ` boolean ` | optional | Auto sign-in after sign-up (default true) |
111+ | ** revokeSessionsOnPasswordReset** | ` boolean ` | optional | Revoke all other sessions on password reset |
112+
113+
114+ ---
115+
116+ ## EmailVerificationConfig
117+
118+ Email verification options forwarded to better-auth
119+
120+ ### Properties
121+
122+ | Property | Type | Required | Description |
123+ | :--- | :--- | :--- | :--- |
124+ | ** sendOnSignUp** | ` boolean ` | optional | Automatically send verification email after sign-up |
125+ | ** sendOnSignIn** | ` boolean ` | optional | Send verification email on sign-in when not yet verified |
126+ | ** autoSignInAfterVerification** | ` boolean ` | optional | Auto sign-in the user after email verification |
127+ | ** expiresIn** | ` number ` | optional | Verification token TTL in seconds (default 3600) |
128+
129+
73130---
74131
75132## MutualTLSConfig
@@ -91,3 +148,6 @@ const result = AuthConfig.parse(data);
91148
92149---
93150
151+
152+ ---
153+
0 commit comments