LukeParke/better-auth
1
0
Fork 0
mirror of https://github.com/LukeHagar/better-auth.git synced 2025-12-09 12:27:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: new user delete flow (#2704)

Browse Source 
* feat: new user delete flow

* fix: modify and add test cases
This commit is contained in:
Rahul Mishra
2025-05-24 01:16:10 +05:30
committed by GitHub
parent 9cc2e3d8ab
commit bc2bc2e9fd
5 changed files with 150 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/content/docs/concepts/users-accounts.mdx
View File

@@ -111,7 +111,8 @@ Once enabled, you can call `authClient.deleteUser` to permanently delete user da
### Adding Verification Before Deletion
For added security, youll likely want to confirm the users intent before deleting their account. A common approach is to send a verification email. Better Auth provides a `sendDeleteAccountVerification` utility for this purpose.
For added security, youll likely want to confirm the users intent before deleting their account. A common approach is to send a verification email. Better Auth provides a `sendDeleteAccountVerification` utility for this purpose.
This is especially needed if you have OAuth setup and want them to be able to delete their account without forcing them to login again for a fresh session.
Heres how you can set it up:
@@ -176,14 +177,24 @@ await authClient.deleteUser({
The user must have a `fresh` session token, meaning the user must have signed in recently. This is checked if the password is not provided.
<Callout type="warn">
By default `session.freshAge` is set to `60 * 60 * 24` (1 day). You can change this value by passing the `session` object to the `auth` configuration. If it is set to `0`, the freshness check is disabled.
By default `session.freshAge` is set to `60 * 60 * 24` (1 day). You can change this value by passing the `session` object to the `auth` configuration. If it is set to `0`, the freshness check is disabled. It is recommended not to disable this check if you are not using email verification for deleting the account.
</Callout>
```ts title="delete-user.ts"
await authClient.deleteUser();
```
3. The user must provide a token generated by the `sendDeleteAccountVerification` callback.
3. Enabled email verification (needed for OAuth users)
As OAuth users don't have a password, we need to send a verification email to confirm the user's intent to delete their account. If you have already added the `sendDeleteAccountVerification` callback, you can just call the `deleteUser` method without providing any other information.
Note that this would fail if they have a password. In that case, you need to provide the password to delete the account.
```ts title="delete-user.ts"
await authClient.deleteUser({});
```
4. If you have a custom delete account page and sent that url via the `sendDeleteAccountVerification` callback.
Then you need to call the `deleteUser` method with the token to complete the deletion.
```ts title="delete-user.ts"
await authClient.deleteUser({