ObjectStackObjectStack

Auth Config

Auth Config protocol schemas

Better-Auth Configuration Protocol

Defines the configuration required to initialize the Better-Auth kernel.

Used in server-side configuration injection.

Source: packages/spec/src/system/auth-config.zod.ts

TypeScript Usage

import { AuthConfig, AuthPluginConfig, AuthProviderConfig, MutualTLSConfig } from '@objectstack/spec/system';
import type { AuthConfig, AuthPluginConfig, AuthProviderConfig, MutualTLSConfig } from '@objectstack/spec/system';

// Validate data
const result = AuthConfig.parse(data);

AuthConfig

Properties

PropertyTypeRequiredDescription
secretstringoptionalEncryption secret
baseUrlstringoptionalBase URL for auth routes
databaseUrlstringoptionalDatabase connection string
providersObject[]optional
pluginsObjectoptional
sessionObjectoptional
mutualTlsObjectoptionalMutual TLS (mTLS) configuration

AuthPluginConfig

Properties

PropertyTypeRequiredDescription
organizationbooleanEnable Organization/Teams support
twoFactorbooleanEnable 2FA
passkeysbooleanEnable Passkey support
magicLinkbooleanEnable Magic Link login

AuthProviderConfig

Properties

PropertyTypeRequiredDescription
idstringProvider ID (github, google)
clientIdstringOAuth Client ID
clientSecretstringOAuth Client Secret
scopestring[]optionalRequested permissions

MutualTLSConfig

Properties

PropertyTypeRequiredDescription
enabledbooleanEnable mutual TLS authentication
clientCertRequiredbooleanRequire client certificates for all connections
trustedCAsstring[]PEM-encoded CA certificates or file paths
crlUrlstringoptionalCertificate Revocation List (CRL) URL
ocspUrlstringoptionalOnline Certificate Status Protocol (OCSP) URL
certificateValidationEnum<'strict' | 'relaxed' | 'none'>Certificate validation strictness level
allowedCNsstring[]optionalAllowed Common Names (CN) on client certificates
allowedOUsstring[]optionalAllowed Organizational Units (OU) on client certificates
pinningObjectoptionalCertificate pinning configuration

On this page

TypeScript UsageAuthConfigPropertiesAuthPluginConfigPropertiesAuthProviderConfigPropertiesMutualTLSConfigProperties