Authentication
High-level overview of BetterForms authentication strategies and building blocks.
BetterForms supports multiple authentication strategies to fit different application needs. This page orients you to the available options, how authentication is enabled, and the core concepts used across all workflows. Detailed, step-by-step guides are provided in the linked pages.
Supported Methods
Basic Authentication
Email/password with a
Userstable in the helper fileRegistration, email verification, login, logout, password reset, and magic-link sign-in
Query & Cookie Based Auth (Roll your own)
Smart links that can include a time-bound token in the URL query
Cookie/session-based access for trusted flows
OAuth
Sign-in with external identity providers (e.g., Auth0, Okta, Google)
Use your identity provider to authenticate users while BetterForms signs them into the app
Building Blocks
Authentication Actions (used on pages)
authLogin,authLogout,authRegister,authForgot,authMagicRequest,authReset,authVerify,authResendOAuth-specific:
authLoginOauth(preferred),oauthLoginHook(legacy alias still supported)To initiate OAuth login, use a
pathaction to/oauth/{provider}(e.g.,/oauth/google)
Hooks (FileMaker)
onLogin,onRegistration,onAuthNotifier(email delivery and notifications)
Data Model & Flow
Users are stored in the helper file with hashed passwords (for Basic Auth)
Verification, reset, and magic-link tokens are delivered through the URL and consumed by the relevant actions
Auth UIs can read
model.authMessage,model.authMessageCode,model.authMessageType, andBF.authGetLastFeedback()
Enabling Authentication on Pages
Authentication is enabled per page in the IDE. If a page requires auth, unauthenticated users are redirected to your login page.
After a successful login, users are redirected back to the original page by default. Returning a
pathaction fromonLoginoverrides this.For custom auth UIs, use the Actions listed above. See also Custom Login Pages.
Default Auth Pages and Slugs
If you implement custom auth screens, assign navigation slugs so the system can route correctly:
Login:
loginRegister:
login/signupEmail Verification:
login/verifyPassword Reset:
login/resetMagic Link Landing Page:
login/magic
Attach the appropriate Actions to the relevant pages:
Registration page β
authRegisterVerification page β
authVerify(recommended to run inonFormLoad)Forgot page β
authForgotMagic link request page β
authMagicRequestto email a one-time sign-in linkMagic link landing page β
authLogin(recommended to run inonFormLoad) to redeem the token from the URLReset page β
authResetLogin page β
authLoginLogout button/link β
authLogout
Tokens at a Glance
Verification, password reset, and magic-link flows rely on time-bound tokens delivered via URL query parameters.
The
authVerify,authReset, and magic-linkauthLoginflows read the token from the URL; you generally do not need to parse or store tokens manually.In practice, the magic-link flow is usually split into two pages or steps:
authMagicRequestto send the email, thenauthLoginto consume the token after the user opens the link.Once redeemed, tokens are cleared from the helper file.
Error Handling
Authentication pages can read feedback from
model.authMessage,model.authMessageCode, andmodel.authMessageType.The latest auth result is also available through
BF.authGetLastFeedback().Real auth failures continue to flow through the normal BetterForms error pipeline.
Success/info auth states update the auth feedback contract but are not pushed into the global error stack.
For new UI, prefer mapping from
auth.*codes to your own localized copy instead of parsing the English message text.For UI examples, see Custom Login Pages and BF Utility Functions.
Email Delivery
Verification, reset, and magic-link emails are sent from your FileMaker server via
onAuthNotifier. Ensure SMTP is configured there during setup.
Version Note
Magic-link authentication was added in BetterForms
3.4.x.
See the dedicated pages for step-by-step workflows and best practices:
Last updated
Was this helpful?