Welcome back to the Better-Auth Basics series! 🚀
In Episode 1, we set up Better-Auth with Drizzle ORM and implemented sign-up and login functionality. It worked great… but there’s a big flaw:
👉 Anyone can sign up with any random email — even one they don’t own.
That’s obviously not safe for production. So in this post, we’ll fix that by adding Email Verification with Better-Auth.
❌ The Problem Without Verification
Right now, a user can type any email address on the registration page, and the server will happily accept it.
That means fake accounts, spam signups, and security risks. We need a way to make sure the person actually owns the email they’re registering with.
✅ Email Verification with Better-Auth
The good news? Better-Auth already has email verification built in for email/password authentication. We just need to configure it. Let’s go step by step.
🛠 Step 1: Configure an Email Provider
For sending verification emails, I used Resend.
- Create a Resend account
- Add your custom domain
- Generate an API key
- Save it in your
.envfile:
RESEND_API_KEY=your-api-key
🛠 Step 2: Create Email Templates
Inside Resend, configure simple templates for your verification emails.
This is the message your users will see in their inbox with the verification link.
🛠 Step 3: Enable Email Verification in Better-Auth
In your Better-Auth configuration, enable the verification features:
import { betterAuth } from "better-auth/server";
import { schema } from "../db/schema";
export const auth = betterAuth({
schema,
emailAndPassword: {
enabled: true,
requireEmailVerification: true,
},
emailVerification: {
sendOnSignUp: true,
autoSignInAfterVerification: true,
async sendVerificationEmail({ user, url, token }, request) {
await sendVerificationEmail({ email: user.email, url, token });
},
},
});
🛠 Step 4: Send Verification Email on Sign Up
Better-Auth will now automatically send a verification email when a new user registers.
- After sign-up, redirect the user to a verify page in your app.
- Tell them to check their inbox for the verification link.
// app/verify/page.tsx
export default function VerifyPage() {
return (
<div>
<h1>Verify Your Email</h1>
<p>
We’ve sent you a link. Please check your inbox and click it to activate your account.
</p>
</div>
);
}
🛠 Step 5: Testing the Flow
- Register with a real email address
- Check your inbox → you’ll see the verification email
- Click the link → the server validates it
- You’re automatically signed in and redirected to the homepage 🎉
Here’s what the successful response looks like:
{
"status": 200,
"message": "Email verified and user signed in"
}
🎉 And That’s It!
With just a few lines of configuration, we added secure email verification to our Better-Auth setup.
Now:
- Users must prove they own their email
- Fake signups are blocked
- Onboarding is safer and more production-ready
📌 What’s Next?
This was Episode 2 of Better-Auth Basics.
In future episodes, we’ll cover:
- 👥 Role-based authentication
- ⚡ Rate limiting
- 🛡 Middleware for protecting routes Stay tuned — we’re just getting started.
🔗 Stay Connected
- 📽️ Youtube: code_unhinged
- 🐦 Twitter (X): zul_rayat
- 💻 GitHub: devrayat000
- 💼 LinkedIn: zim-rayat
- 📷 Instagram: rayatttttttt
- 📘 Facebook: rayat.ass
💬 Got questions? Drop them in the comments — I reply to every one!
👍 Don’t forget to like, share, and subscribe for more dev content.
Top comments (0)