Production-ready authentication starter with Better Auth, OAuth providers, and email verification. Built with Next.js 15, Radix UI, and Drizzle ORM.
| 🔐 Authentication | 👤 User Management | 📧 Email System |
|---|---|---|
| OAuth (Google, GitHub) | Profile with avatars | Email verification |
| Email/Password | Secure sessions | Magic link login |
| Session management | Multiple auth providers | Password reset |
✅ Multiple sign-in methods - Email/password, Google OAuth, GitHub OAuth
✅ Email verification - Powered by Nodemailer
✅ Session management - Token-based with device tracking
✅ Password reset flow - Secure token-based reset
✅ Profile management - Update name, email, profile picture
✅ Type-safe - Full TypeScript + Drizzle ORM
✅ Modern UI - Radix UI components + Tailwind CSS
✅ Production-ready - Error handling, validation, security best practices
- Node.js 18+
- PostgreSQL database (or use Neon for free)
- pnpm (or npm/yarn)
- Clone the repository
git clone https://github.com/Radian-os/radian-auth-template.git
cd radian-auth-template
pnpm install-
Set up environment variables
Create a
.env.localfile in the root directory:
# Database
DATABASE_URL="postgresql://user:password@localhost:5432/dbname"
# Better Auth
BETTER_AUTH_SECRET="run: openssl rand -base64 32"
NEXT_PUBLIC_APP_URL="http://localhost:3000"
# Google OAuth (optional)
GOOGLE_CLIENT_ID="your-google-client-id"
GOOGLE_CLIENT_SECRET="your-google-client-secret"
# GitHub OAuth (optional)
GITHUB_CLIENT_ID="your-github-client-id"
GITHUB_CLIENT_SECRET="your-github-client-secret"
# SMTP (for emails with Nodemailer)
SMTP_HOST="smtp.example.com"
SMTP_PORT="587"
SMTP_SECURE="false"
SMTP_USER="your-smtp-username"
SMTP_PASS="your-smtp-password"
EMAIL_FROM="noreply@example.com"- Run database migrations
pnpm db:generate
pnpm db:migrate
pnpm db:push
pnpm db:studio- Start the development server
pnpm devOpen http://localhost:3000 🎉
- Go to Google Cloud Console
- Create a new project or select existing one
- Navigate to APIs & Services → Credentials
- Click Create Credentials → OAuth client ID
- Choose Web application
- Add authorized redirect URI:
http://localhost:3000/api/auth/callback/google
- Copy Client ID and Client Secret to
.env.local
- Go to GitHub Developer Settings
- Click New OAuth App
- Fill in the details:
- Application name: Your app name
- Homepage URL:
http://localhost:3000 - Authorization callback URL:
http://localhost:3000/api/auth/callback/github
- Click Register application
- Generate a Client Secret
- Copy Client ID and Client Secret to
.env.local
- Get SMTP credentials from your email provider
- Add
SMTP_HOST,SMTP_PORT,SMTP_SECURE,SMTP_USER,SMTP_PASS, andEMAIL_FROMto.env.local - Use
SMTP_SECURE="true"for port465; useSMTP_SECURE="false"for ports like587 - Make sure
EMAIL_FROMis allowed by your SMTP provider
- Framework: Next.js 15 (App Router)
- Language: TypeScript
- Authentication: Better Auth
- Database: PostgreSQL + Drizzle ORM
- UI Components: Radix UI
- Styling: Tailwind CSS
- Email: Nodemailer
- Deployment: Vercel
View ER Diagram
- USER - Core user profiles (email, name, profile picture)
- SESSION - Active login sessions with device tracking
- ACCOUNT - OAuth connections (Google, GitHub) + password storage
- VERIFICATION - Temporary tokens for email verification, magic links, password resets
Important:
- Update OAuth redirect URIs in Google/GitHub to your production URL
- Use a different
NEXT_PUBLIC_APP_URLfor production
✅ Password hashing - Bcrypt with proper salting
✅ CSRF protection - Built into Better Auth
✅ Session tokens - Secure, revocable tokens instead of JWT
✅ Email verification - Required before full access
✅ Rate limiting - Built-in protection against brute force
✅ Secure cookies - HttpOnly, Secure, SameSite flags
Contributions are welcome! Please feel free to submit a Pull Request.
MIT License - feel free to use this template for your projects!
- Better Auth for the authentication library
- Radix UI for accessible components
- shadcn/ui for component inspiration