Operate Your Project
Account Management
Manage your profile, security settings, connected accounts, and active sessions from the Banata Auth dashboard.
Your Account page is where you manage your own profile and security settings as a dashboard administrator. It is split into two sub-pages:
- Profile -- Your name, avatar, email, connected social accounts, and account deletion.
- Security -- Your password, two-factor authentication, and active sessions.
When you navigate to /account, you are automatically redirected to the Profile page.
Profile
The Profile page lets you update your personal information and manage the sign-in methods linked to your account.
Updating Your Name and Avatar
You can change your display name and avatar directly from the dashboard:
- Click Edit next to your name to enter edit mode, then save your changes.
- To update your avatar, click the upload button on the avatar image and choose a file (max 2 MB). To remove it, click Remove.
Behind the scenes, these changes call authClient.updateUser().
Changing Your Email
To change your email address:
- Click Change email on the Profile page.
- Enter your new email address and click Send verification.
- Check your inbox for a verification email and click the link to confirm.
Your email does not change until you complete the verification step.
await authClient.changeEmail({
newEmail: "new@example.com",
callbackURL: window.location.href,
});Connected Accounts
The Connected Accounts section shows every sign-in method linked to your account:
- Email & Password -- Indicates whether you have a password credential set.
- Social accounts -- Each linked OAuth provider (GitHub, Google, etc.) with an Unlink button to remove it.
- Link new accounts -- Buttons to connect a GitHub or Google account if you have not already linked one.
Deleting Your Account
You can permanently delete your account from the bottom of the Profile page. To confirm, type DELETE in the confirmation field and submit. A confirmation email is sent before deletion is finalized.
Warning: Account deletion is irreversible. All your data, sessions, and linked accounts will be permanently removed.
Security
The Security page is where you manage your authentication credentials and review active sessions.
Changing Your Password
To change your password:
- Enter your current password.
- Enter a new password (minimum 8 characters) and confirm it.
- Click Change password.
The submit button is disabled until both password fields match.
await authClient.changePassword({
currentPassword: "old-password",
newPassword: "new-password",
revokeOtherSessions: false,
});Setting Up Two-Factor Authentication (TOTP)
TOTP-based two-factor authentication adds an extra layer of security to your account. Here is the step-by-step setup flow:
- Click Enable two-factor authentication on the Security page.
- Enter your password to confirm your identity.
- A TOTP secret is generated. Copy the secret key into your authenticator app (Google Authenticator, Authy, 1Password, etc.).
- Enter the 6-digit code from your authenticator app to verify.
- Save the backup codes that are displayed after successful verification.
Once 2FA is enabled, you can:
- Disable 2FA -- Requires your password for confirmation.
- Regenerate backup codes -- Also requires your password. This generates a fresh set and invalidates the previous codes.
About backup codes: These are one-time-use codes for signing in when you lose access to your authenticator app. Copy them and store them somewhere secure. Each code can only be used once.
Managing Active Sessions
The Active Sessions section lists every device where you are currently signed in. Each entry shows:
- Browser and OS -- For example, Chrome on Windows or Safari on macOS.
- IP address -- When available.
- Session start date.
- Current session badge -- Highlights the session belonging to your current browser.
You have two actions available:
- Revoke -- End a specific session (not available for your current session).
- Sign out other devices -- Revoke all sessions except the current one.
Auth Client Methods
If you are building a custom account management UI, the following authClient methods are available. All methods return { data, error }.
| Method | Description |
|---|---|
authClient.updateUser({ name, image }) | Update profile name and avatar |
authClient.changeEmail({ newEmail, callbackURL }) | Initiate email change with verification |
authClient.changePassword({ currentPassword, newPassword }) | Change account password |
authClient.listAccounts() | List all connected sign-in methods |
authClient.unlinkAccount({ providerId }) | Remove a linked social account |
authClient.linkSocial({ provider, callbackURL }) | Link a new social OAuth provider |
authClient.deleteUser({ callbackURL }) | Initiate account deletion |
authClient.twoFactor.enable({ password }) | Begin TOTP 2FA setup |
authClient.twoFactor.verifyTotp({ code }) | Verify TOTP code to complete setup |
authClient.twoFactor.disable({ password }) | Disable 2FA |
authClient.twoFactor.generateBackupCodes({ password }) | Regenerate backup codes |
authClient.listSessions() | List all active sessions |
authClient.revokeSession({ token }) | Revoke a specific session |
authClient.revokeOtherSessions() | Revoke all sessions except current |
Client Plugins
The dashboard auth client includes the twoFactorClient() plugin for 2FA methods. If you are building a custom UI, import it from the react package:
import { createAuthClient } from "better-auth/react";
import { twoFactorClient } from "@banata-auth/react/plugins";
const authClient = createAuthClient({
plugins: [twoFactorClient()],
});
// Now available:
// authClient.twoFactor.enable()
// authClient.twoFactor.verifyTotp()
// authClient.twoFactor.disable()
// authClient.twoFactor.generateBackupCodes()Additional client plugins re-exported from @banata-auth/react/plugins:
adminClient()-- TypedauthClient.admin.*helpers for user management and impersonation.multiSessionClient()-- Multi-session support.usernameClient()-- Username-based authentication.
Next Steps
- Settings -- Configure your project name and team.
- Authentication -- Set up authentication methods for your project.
- Radar & Bot Protection -- Configure bot detection for your auth endpoints.