Skip to content

Accounts

Creating accounts, verifying and changing emails, handling passwords, and managing a user's sessions. Each guide shows the setup that enables the routes, then how to use them.

  • Registration

    POST /register, the allowlist that keeps model columns from being mass-assigned, and custom request schemas.

    Registration →

  • Email flows

    Verify, reset, and change-email with signed single-use tokens, over your own EmailSender.

    Email flows →

  • Passwords

    How passwords are stored, setting one on an OAuth-only account, and resetting a forgotten one.

    Passwords →

  • Devices & sessions

    List a user's active sessions, revoke one, or sign out everywhere.

    Devices & sessions →

Where to start

Pick the task you're tackling

Letting users sign up? Registration (it also shows the base setup that produces the auth routes).

Verifying emails or resetting forgotten passwords? Email flows.

OAuth users who need a password too? Passwords.

A "manage devices" or "sign out everywhere" screen? Devices & sessions.

Start with Registration →