BA
Better Auth4mo ago
iatomic.btc

1. Is it possible to auto turn on 2FA for user (2.) I need help with this authflow

--- 🔐 Sign Up Flow 1. Enter Email → User provides their email address. 2. Send OTP → System sends an OTP to the email (type: "email-verification"). 3. Enter OTP → User enters the received OTP. → If valid: proceed → If invalid: reject and prompt retry 4. Set Password → Prompt the user to create a password. 5. Create Account → Register the user in the system. 6. Auto Sign-In --- 🔑 Sign In Flow 1. Enter Credentials → User inputs email and password. 2. Verify Credentials → If invalid: reject → If valid: proceed 3. Send OTP → System sends OTP to the user's email ( "sign-in"). 4. Enter OTP → User inputs the OTP. → If valid: sign in → If invalid: reject and prompt retry --- What I've tried 
// Sign up with OTP verification
const signUpWithOtp = async (email: string, otp: string, password: string) => {
  try {
    // Step 1: Send OTP to email
    await authClient.emailOtp.sendVerificationOtp({
      email,
      type: "email-verification",
    });

    // Step 2: Verify the OTP
    await authClient.emailOtp.verifyEmail({
      email,
      otp,
    });

    // Step 3: Sign up with email and password
    const { data, error } = await authClient.signUp.email({
      email,
      password,
      name: "John Doe"
    });

    if (error) {
      throw error;
    }

    return data;
  } catch (error) {
    console.error("Sign up error:", error);
    throw error;
  }
};
// Sign up with OTP verification
const signUpWithOtp = async (email: string, otp: string, password: string) => {
  try {
    // Step 1: Send OTP to email
    await authClient.emailOtp.sendVerificationOtp({
      email,
      type: "email-verification",
    });

    // Step 2: Verify the OTP
    await authClient.emailOtp.verifyEmail({
      email,
      otp,
    });

    // Step 3: Sign up with email and password
    const { data, error } = await authClient.signUp.email({
      email,
      password,
      name: "John Doe"
    });

    if (error) {
      throw error;
    }

    return data;
  } catch (error) {
    console.error("Sign up error:", error);
    throw error;
  }
};
The issue with this is that authClient.emailOtp.verifyEmail also checks if the user exists already and obviously it doesn't so i get "User not found" from that block
10 Replies
sebastian
sebastian4mo ago
For the sign up code you provided, this is just over-engineering and can be done way easier. (Calling 3 times auth-client) 
plugins: [
        emailOTP({ 
            async sendVerificationOTP({ email, otp}) { 
                await sendEmailService({
                    to: email,
                    subject: "Verify your email",
                    text: otp,
                    emailType: "verify"
                })
            }, 
            sendVerificationOnSignUp: true,
        }) 
    ]
plugins: [
        emailOTP({ 
            async sendVerificationOTP({ email, otp}) { 
                await sendEmailService({
                    to: email,
                    subject: "Verify your email",
                    text: otp,
                    emailType: "verify"
                })
            }, 
            sendVerificationOnSignUp: true,
        }) 
    ]
This will send an OTP-email anytime a user sign ups to their e-mail. Enable requireEmailVerification: true, to prevent users from signin in before confirming their mail. This is just for the backend part. For the client i think you will get along on how to track the e-mail state and verify the OTP.
sebastian
sebastian4mo ago
These docs have everything you need: https://www.better-auth.com/docs/plugins/email-otp
Email OTP | Better Auth
Email OTP plugin for Better Auth.
iatomic.btc
iatomic.btcOP4mo ago
Hi thinks i've done the signup but for the signin afterb authClient.signIn.email it creates the session immediately so the otp verification is it possible to turn on 2FA without the user's passwd
sebastian
sebastian4mo ago
Look for the Two-factor plugin in the docs.
iatomic.btc
iatomic.btcOP4mo ago
i have, it's not mentioned on there asked here so know if there is a way to bypass it or smthn
sebastian
sebastian4mo ago
What do you mean by not mentioned here? What are you trying to do exactly?
iatomic.btc
iatomic.btcOP4mo ago
turn on 2FA on signup without using the user's passwd
sebastian
sebastian4mo ago
Do you mean like to automatically turn on 2fa after sign up? Yeah i think that it could be possible with some db hook or maybe two factor plugin has some option that does that automatically
iatomic.btc
iatomic.btcOP4mo ago
yh that's what I'm trying to do the plugin doesn't have that option
sebastian
sebastian4mo ago
Then create a hook that would capture the user password and call the 2fa enable

Did you find this page helpful?