ObjectStackAuth Endpoints
Auth Endpoints protocol schemas
Authentication Endpoint Specification
Defines the canonical HTTP endpoints for the authentication service.
Based on better-auth v1.4.18 endpoint conventions.
NOTE: ObjectStack's auth implementation uses better-auth library which has
established endpoint conventions. This spec documents those conventions as
the canonical API contract.
Source: packages/spec/src/api/auth-endpoints.zod.ts
TypeScript Usage
import { AuthEndpoint, AuthFeaturesConfig, AuthProviderInfo, DeviceRequestResponse, DeviceTokenResponse, EmailPasswordConfigPublic, GetAuthConfigResponse } from '@objectstack/spec/api';
import type { AuthEndpoint, AuthFeaturesConfig, AuthProviderInfo, DeviceRequestResponse, DeviceTokenResponse, EmailPasswordConfigPublic, GetAuthConfigResponse } from '@objectstack/spec/api';
// Validate data
const result = AuthEndpoint.parse(data);AuthEndpoint
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| signInEmail | Object | ✅ | |
| signUpEmail | Object | ✅ | |
| signOut | Object | ✅ | |
| getSession | Object | ✅ | |
| forgetPassword | Object | ✅ | |
| resetPassword | Object | ✅ | |
| sendVerificationEmail | Object | ✅ | |
| verifyEmail | Object | ✅ |
AuthFeaturesConfig
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| twoFactor | boolean | ✅ | Two-factor authentication enabled |
| passkeys | boolean | ✅ | Passkey/WebAuthn support enabled |
| magicLink | boolean | ✅ | Magic link login enabled |
| organization | boolean | ✅ | Multi-tenant organization support enabled |
AuthProviderInfo
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| id | string | ✅ | Provider ID (e.g., google, github, microsoft, okta) |
| name | string | ✅ | Display name (e.g., Google, GitHub) |
| enabled | boolean | ✅ | Whether this provider is enabled |
| type | Enum<'social' | 'oidc'> | ✅ | Provider type |
DeviceRequestResponse
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| code | string | ✅ | Short-lived device code used for polling |
| verificationUrl | string | ✅ | URL the user should open in a browser |
| expiresAt | string | ✅ | ISO timestamp when the code expires |
| interval | number | ✅ | Recommended polling interval in seconds |
DeviceTokenResponse
Union Options
This schema accepts one of the following structures:
Option 1
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| status | string | ✅ |
Option 2
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| status | string | ✅ | |
| token | string | ✅ | Bearer token to store in credentials file |
| user | Object | ✅ |
Option 3
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| status | string | ✅ |
EmailPasswordConfigPublic
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| enabled | boolean | ✅ | Whether email/password auth is enabled |
| disableSignUp | boolean | optional | Whether new user registration is disabled |
| requireEmailVerification | boolean | optional | Whether email verification is required |
GetAuthConfigResponse
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| emailPassword | Object | ✅ | Email/password authentication config |
| socialProviders | Object[] | ✅ | Available social/OAuth providers |
| features | Object | ✅ | Enabled authentication features |