Concepts
Authentication

Authentication Concepts

Optare provides a comprehensive authentication system built on top of Better Auth and extended with enterprise features.

Authentication Methods

1. Email & Password

Standard email/password login with bcrypt hashing.

2. Social Login (OAuth)

Support for social providers (e.g., Twitter). Additional providers can be configured via Better Auth plugins.

3. Enterprise SSO

For enterprise plans, we support:

  • SAML 2.0
  • OIDC

Multi-Factor Authentication (MFA)

Optare supports 2FA via TOTP (Time-based One-Time Password).

  • Enforcement: Admins can enforce MFA for their organization.
  • Backup Codes: Users receive backup codes upon setup.

Sessions

Sessions are managed via the session table.

  • Token-based: Secure, HTTP-only cookies.
  • Revocation: Sessions can be revoked remotely (e.g., on password change).
IntroductionRoles & Permissions