Better Auth Integration
复制一个包含安装步骤和本插件的完整Markdown指南的设置命令。
Better Auth与 @capgo/capacitor-social-login 当您希望在设备上实现原生登录,但仍希望Better Auth在您的后端创建和管理会话时。
本页重点介绍两种最佳集成模式:
- 原生令牌传递(Google、Apple和Facebook)
- Better Auth通用OAuth(Auth0、Okta、Keycloak和自定义OIDC服务器)
使用哪种模式
标题:使用哪种模式使用原生令牌传递
标题:使用原生令牌传递使用 SocialLogin.login() 首先,然后将返回的令牌发送到Better Auth中 authClient.signIn.social() 当您使用:
- 苹果
使用更好的身份验证:通用 OAuth
标题:使用更好的身份验证:通用 OAuth当您使用时,让更好的身份验证拥有整个 OAuth 重定向流:
- Auth0
- Okta
- Keycloak
- GitHub
- OneLogin
- 任何自定义 OAuth2 或 OIDC 提供商
这保持了会话交换在更好的身份验证侧,并避免了在两个系统之间重复重定向逻辑。
更好的认证服务器设置
更好的认证服务器设置首先使用您要支持的社交提供商配置更好的认证:
import { betterAuth } from 'better-auth';
export const auth = betterAuth({ baseURL: process.env.BETTER_AUTH_URL, socialProviders: { google: { clientId: process.env.GOOGLE_CLIENT_ID as string, clientSecret: process.env.GOOGLE_CLIENT_SECRET as string, }, apple: { clientId: process.env.APPLE_CLIENT_ID as string, clientSecret: process.env.APPLE_CLIENT_SECRET as string, appBundleIdentifier: process.env.APPLE_APP_BUNDLE_IDENTIFIER as string, }, facebook: { clientId: process.env.FACEBOOK_CLIENT_ID as string, clientSecret: process.env.FACEBOOK_CLIENT_SECRET as string, }, }, trustedOrigins: ['https://appleid.apple.com'],});更好的认证客户端设置
更好的认证客户端设置import { createAuthClient } from 'better-auth/client';
export const authClient = createAuthClient({ baseURL: 'https://auth.example.com',});如果您使用 React,则使用应用程序已经使用的更好的认证 React 客户端包。令牌传递模式保持不变。
Google 示例
Google 示例这是原生移动 Google 登录的最干净的集成路径:
import { SocialLogin } from '@capgo/capacitor-social-login';import { authClient } from '@/lib/auth-client';
const googleResult = await SocialLogin.login({ provider: 'google', options: { scopes: ['profile', 'email'], },});
if (googleResult.result.responseType !== 'online' || !googleResult.result.idToken) { throw new Error('Google online mode with idToken is required for Better Auth.');}
await authClient.signIn.social({ provider: 'google', idToken: { token: googleResult.result.idToken, accessToken: googleResult.result.accessToken?.token, }, callbackURL: '/dashboard',});Apple 示例
Apple 示例对于 Apple,传递相同的 nonce 给原生登录请求和 Better Auth:
import { SocialLogin } from '@capgo/capacitor-social-login';import { authClient } from '@/lib/auth-client';
const nonce = crypto.randomUUID();
const appleResult = await SocialLogin.login({ provider: 'apple', options: { scopes: ['email', 'name'], nonce, },});
if (!appleResult.result.idToken) { throw new Error('Apple idToken is required for Better Auth.');}
await authClient.signIn.social({ provider: 'apple', idToken: { token: appleResult.result.idToken, nonce, accessToken: appleResult.result.accessToken?.token, }, callbackURL: '/dashboard',});Facebook 示例
Facebook 示例Better Auth 文档了两个 Facebook 手续模式:
- iOS 有限登录:传递 nonce 给原生登录请求和 Better Auth:
idToken - 访问令牌流:将访问令牌作为 both
token和accessToken
与从 @capgo/capacitor-social-login:
import { SocialLogin } from '@capgo/capacitor-social-login';import { authClient } from '@/lib/auth-client';
const facebookResult = await SocialLogin.login({ provider: 'facebook', options: { permissions: ['email', 'public_profile'], },});
const betterAuthToken = facebookResult.result.idToken ? { token: facebookResult.result.idToken, } : facebookResult.result.accessToken?.token ? { token: facebookResult.result.accessToken.token, accessToken: facebookResult.result.accessToken.token, } : null;
if (!betterAuthToken) { throw new Error('Facebook idToken or access token is required for Better Auth.');}
await authClient.signIn.social({ provider: 'facebook', idToken: betterAuthToken, callbackURL: '/dashboard',});Better Auth 的通用 OAuth 提供商
通用 OAuth 提供商对于 Auth0、Okta、Keycloak、GitHub、Microsoft Entra ID 和类似的提供商,Better Auth 的 Generic OAuth 插件通常比从 SocialLogin.login({ provider: 'oauth2' }).
Better Auth 服务器
复制到剪贴板import { betterAuth } from 'better-auth';import { genericOAuth } from 'better-auth/plugins';
export const auth = betterAuth({ plugins: [ genericOAuth({ config: [ { providerId: 'keycloak', discoveryUrl: 'https://sso.example.com/realms/mobile/.well-known/openid-configuration', clientId: process.env.KEYCLOAK_CLIENT_ID as string, clientSecret: process.env.KEYCLOAK_CLIENT_SECRET as string, }, ], }), ],});Better Auth 客户端
Better Auth 的 Generic OAuth 插件通常比从import { createAuthClient } from 'better-auth/client';import { genericOAuthClient } from 'better-auth/client/plugins';
export const authClient = createAuthClient({ baseURL: 'https://auth.example.com', plugins: [genericOAuthClient()],});
await authClient.signIn.oauth2({ providerId: 'keycloak', callbackURL: '/dashboard',});Better Auth Generic OAuth 的提供者示例
Better Auth Generic OAuth 提供者示例Better Auth 提前配置了多个提供者的帮助程序。这些是您在社交登录插件文档中看到的额外提供者示例的最接近匹配。
Auth0
Auth0import { betterAuth } from 'better-auth';import { auth0, genericOAuth } from 'better-auth/plugins';
export const auth = betterAuth({ plugins: [ genericOAuth({ config: [ auth0({ providerId: 'auth0', domain: 'dev-example.eu.auth0.com', clientId: process.env.AUTH0_CLIENT_ID as string, clientSecret: process.env.AUTH0_CLIENT_SECRET as string, scopes: ['openid', 'profile', 'email', 'offline_access'], }), ], }), ],});await authClient.signIn.oauth2({ providerId: 'auth0', callbackURL: '/dashboard',});Microsoft Entra ID
Microsoft Entra IDimport { betterAuth } from 'better-auth';import { genericOAuth, microsoftEntraId } from 'better-auth/plugins';
export const auth = betterAuth({ plugins: [ genericOAuth({ config: [ microsoftEntraId({ providerId: 'entra', tenantId: 'common', clientId: process.env.AZURE_CLIENT_ID as string, clientSecret: process.env.AZURE_CLIENT_SECRET as string, scopes: ['openid', 'profile', 'email', 'User.Read'], }), ], }), ],});await authClient.signIn.oauth2({ providerId: 'entra', callbackURL: '/dashboard',});Okta
Oktaimport { betterAuth } from 'better-auth';import { genericOAuth, okta } from 'better-auth/plugins';
export const auth = betterAuth({ plugins: [ genericOAuth({ config: [ okta({ providerId: 'okta', issuer: 'https://dev-12345.okta.com/oauth2/default', clientId: process.env.OKTA_CLIENT_ID as string, clientSecret: process.env.OKTA_CLIENT_SECRET as string, scopes: ['openid', 'profile', 'email', 'offline_access'], }), ], }), ],});await authClient.signIn.oauth2({ providerId: 'okta', callbackURL: '/dashboard',});Keycloak
Keycloakimport { betterAuth } from 'better-auth';import { genericOAuth, keycloak } from 'better-auth/plugins';
export const auth = betterAuth({ plugins: [ genericOAuth({ config: [ keycloak({ providerId: 'keycloak', issuer: 'https://sso.example.com/realms/mobile', clientId: process.env.KEYCLOAK_CLIENT_ID as string, clientSecret: process.env.KEYCLOAK_CLIENT_SECRET as string, scopes: ['openid', 'profile', 'email', 'offline_access'], }), ], }), ],});await authClient.signIn.oauth2({ providerId: 'keycloak', callbackURL: '/dashboard',});GitHub 使用手动通用 OAuth 配置
GitHub 没有在通用 OAuth 页面上提供 Better Auth 助手,因此请使用手动配置:GitHub does not have a Better Auth helper on the Generic OAuth page, so use manual configuration:
import { betterAuth } from 'better-auth';import { genericOAuth } from 'better-auth/plugins';
export const auth = betterAuth({ plugins: [ genericOAuth({ config: [ { providerId: 'github', clientId: process.env.GITHUB_CLIENT_ID as string, clientSecret: process.env.GITHUB_CLIENT_SECRET as string, authorizationUrl: 'https://github.com/login/oauth/authorize', tokenUrl: 'https://github.com/login/oauth/access_token', userInfoUrl: 'https://api.github.com/user', scopes: ['read:user', 'user:email'], pkce: true, }, ], }), ],});await authClient.signIn.oauth2({ providerId: 'github', callbackURL: '/dashboard',});注意事项和警告
标题为“注意事项和警告”的部分-
使用Google在线模式 Better Auth需要
idToken,所以google.mode: 'offline'不是这个手续流程的合适选择。 -
重用Apple的nonce 生成一次,发送到Apple原生登录,然后发送相同的值到Better Auth。
-
根据平台不同,处理Facebook 在iOS上,Limited Login给你一个ID令牌。其他流程可能只给你一个访问令牌。
-
除非有原因,否则不要混合通用OAuth流程 如果Better Auth拥有OAuth提供者配置,Better Auth也应该拥有重定向流程。
进一步阅读
标题:进一步阅读- Better Auth Google提供者文档
- Better Auth Apple提供者文档
- Better Auth Facebook提供者文档
- Better Auth通用OAuth插件文档
- 社交登录OAuth2和OIDC提供者
从Better Auth Integration继续
标题:从Better Auth Integration继续如果您正在使用 Better Auth Integration 规划身份验证和帐户流程,连接它 使用@capgo/capacitor-social-login 使用@capgo/capacitor-social-login的原生功能 @capgo/capacitor-social-login 查看@capgo/capacitor-social-login的实现细节 @capgo/capacitor-passkey 查看@capgo/capacitor-passkey的实现细节 @capgo/capacitor-native-biometric 查看@capgo/capacitor-native-biometric的实现细节 两因素身份验证 查看两因素身份验证的实现细节