This library is in early development. Expect breaking changes.
Guides

OAuth Providers

Configure OAuth providers and sign in with `signIn.social()`.

This guide demonstrates OAuth setup using Google. Other providers follow the same pattern.

Create a Google OAuth App

  1. Go to Google Cloud Console
  2. Create a new project or select an existing one
  3. Navigate to APIs & Services > Credentials
  4. Click Create Credentials > OAuth client ID
  5. Set the authorized redirect URI to:
http://localhost:3000/api/auth/callback/google

Add Environment Variables

.env
GOOGLE_CLIENT_ID="your-client-id"
GOOGLE_CLIENT_SECRET="your-client-secret"

Configure server/auth.config.ts

server/auth.config.ts
import { defineServerAuth } from '@onmax/nuxt-better-auth/config'

export default defineServerAuth({
  socialProviders: {
    google: {
      clientId: process.env.GOOGLE_CLIENT_ID as string,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
    },
  },
})

Add a Sign-In Button

pages/login.vue
<script setup lang="ts">
definePageMeta({ auth: 'guest' })
const { signIn } = useUserSession()
</script>

<template>
  <button
    type="button"
    @click="signIn.social({ provider: 'google' })"
  >
    Continue with Google
  </button>
</template>
For OAuth flows (signIn.social), Better Auth handles the browser redirect to the provider. No manual fetchSession/waitForSession step is needed before that redirect. callbackURL is optional. When your app configures auth.redirects.authenticated (or has a safe ?redirect= query), the module can use that as the fallback callback URL.

OAuth can work without a database using stateless (JWE) session cookies, but there are tradeoffs:

  • No persistent account/session management (cannot list or revoke sessions)
  • Limited server-side visibility into linked accounts
  • You must accept that account state lives in encrypted cookies

If you need durable account records or admin/session management, use a database-backed setup.

Other Providers

Better Auth supports 20+ providers (Apple, Discord, Facebook, etc). The pattern is identical:

  1. Create OAuth app, get client ID/secret
  2. Add {PROVIDER}_CLIENT_ID and {PROVIDER}_CLIENT_SECRET to .env
  3. Reference credentials in server/auth.config.ts
  4. Call signIn.social({ provider: 'providerId' })
Edit on GitHub
Previous

Role‑Based Access

Next

Custom Database