Hashing E-Mails
Does anyone have experience with writing and reading emails as hash from the dabase using oAuth and Magic-Link as authentication options? I tried some approaches using databaseHooks for storing the email as hash and Better Auths hooks for finding the hased email in the database but i just cant seem to get it to work.
4 Replies
I just want to double check, and I've seen other users who aren't aware, but you understand that once something is hashed, it can't be un-hashed, right?
The thing is, email is very much baked into the internals of Better-auth that there are many cases where you can't control how Better-auth looks-for/uses emails
Any reason you want to hash emails though, this is not standard?
Hey, i understand the question but yeah, i do understand that hashing the email is one way. The thing is, my app needs to GDPR compliant. As far as i now, this means that i must not store email in clear text. Since the only authentication methods will be oAuth and magic-link (no email and password), i thought about just hashing the emails on sign-up and then also hash them for lookups during sign-in (basically on every write and read operation on the db) since the user needs to enter their email in clear text anyway. Does that make sense?
You'll need to do some testing on your end, but I can't guarantee that everything will work very smoothly though.
You'll need to use Better-auth hooks to take the in-coming
email from whatever endpoint and hash that.
Make sure to salt it, since hashing is still not compliant enough to GDPR.
I'll give you an example hook to have an understanding, but I won't be able to help you through all of the oAuth endpoints and stuff since that's a lot of time - if you have any questions and stuff afterwards I'm happy to help
Something like this for the hook:
Regarding OAuth, it's a little more tricky. I recommend just using the
mapProfileToUser function to hash it there: