d3163a5bff
- pgSchema "mesh" with 4 tables isolating the peer mesh domain - Enums: visibility, transport, tier, role - audit_log is metadata-only (E2E encryption enforced at broker/client) - Cascade on mesh delete, soft-delete via archivedAt/revokedAt Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2.5 KiB
title, description, url
| title | description | url |
|---|---|---|
| Overview | Learn how to authenticate users in your extension. | /docs/extension/auth/overview |
Overview
TurboStarter uses Better Auth to handle authentication. It's a secure, production-ready authentication solution that integrates seamlessly with many frameworks and provides enterprise-grade security out of the box.
One of the core principles of TurboStarter is to do things **as simple as possible**, and to make everything **as performant as possible**.Better Auth provides an excellent developer experience with minimal configuration required, while maintaining enterprise-grade security standards. Its framework-agnostic approach and focus on performance makes it the perfect choice for TurboStarter.
Recently, Better Auth announced an incorporation of Auth.js (27k+ stars on Github), making it even more powerful and flexible.
You can read more about Better Auth in the official documentation.
To keep things simple and secure, **the extension shares the same authentication session with your web app.**This is a common approach used by popular services like Notion and Google Workspace. The benefits include:
- Users only need to sign in once through the web app
- The extension automatically inherits the authenticated session
- Sign out actions are synchronized across platforms
- Reduced security surface area and complexity
Before setting up extension authentication, make sure to first configure authentication for your web app and then head back to the extension code.
The following sections cover everything you need to know about authentication in your extension: