Multi Step Authentication Flow
hello,
I’d like to implement a multi-step authentication flow. My use cases include:
A combined sign in / create account page that, after collecting the email, redirects to:
Sign in (collect password, then possibly 2FA)
Sign up (collect password, send OTP, verify OTP, then collect additional info)
I don’t want to share the email or other sensitive data via query params or browser storage. Ideally, I’d like to use a temporary session with a session token in a cookie, so I can retrieve the state securely on each route.
Is there an easy way to do this, or do I need to create a custom plugin for this flow? Any recommended approach or example would be appreciated!
1 Reply
https://www.better-auth.com/docs/plugins/2fa
https://better-auth-extended.jsolano.de/docs/plugins/onboarding
However the plugin uses additional fields in the user table rather than a temporary session. Say you have a step that only should be completed once, and the user completes that step and then decides so sign out. Onboarding wasn't completed as there are still required steps missing. Then the user shouldn't be prompted a step that was already completed after a previous sign up/in.
Two-Factor Authentication (2FA) | Better Auth
Enhance your app's security with two-factor authentication.
Onboarding | better-auth-extended
Easily add onboarding to your authentication flow.