Beta
The Neon Auth with Better Auth is in Beta. Share your feedback on Discord or via the Neon Console.
Complete these steps before taking your application to production with Neon Auth.
Auth production checklist
0%Add your production domain(s) to enable OAuth and email verification redirects. See Configure trusted domains.
Replace shared SMTP (
auth@mail.myneon.app) with your own email service for reliable delivery and higher limits. A custom email provider is also required if you want to use verification links instead of verification codes. See Email provider configuration below.Set up your own Google and GitHub OAuth apps to replace shared development keys. See OAuth production setup.
Email verification is not enabled by default. Since anyone can sign up for your application, enabling email verification adds an important verification step to ensure users own their email address. See Email verification guide.
Disable the "Allow Localhost" setting in your project's Settings → Auth page. This setting is enabled by default for development but should be disabled in production to improve security. See Localhost access below.
Email provider
Neon Auth uses a shared SMTP provider (auth@mail.myneon.app) by default for development and testing. For production, configure your own email provider for better deliverability and higher sending limits.
Configure custom SMTP
In your project's Settings → Auth page, configure your email provider:
- Select Custom SMTP provider
- Enter your SMTP credentials:
- Host: Your SMTP server hostname (e.g.,
smtp.gmail.com) - Port: SMTP port (typically
465for SSL or587for TLS) - Username: Your SMTP username
- Password: Your SMTP password or app-specific password
- Sender email: Email address to send from
- Sender name: Display name for sent emails
- Host: Your SMTP server hostname (e.g.,
- Click Save
Email provider requirements
- Verification links: Require a custom email provider
- Verification codes: Work with shared or custom email providers
- Password reset: Works with shared or custom email providers
note
The shared email provider (auth@mail.myneon.app) is suitable for development and testing. For production applications, use a custom email provider for better deliverability and to avoid rate limits.
Localhost access
The "Allow Localhost" setting in your project's Settings → Auth page is enabled by default to allow authentication requests from localhost during development.
Disable for production
For production environments, disable this setting to improve security:
- Go to Settings → Auth in your Neon project
- Find the Allow Localhost toggle
- Disable the toggle
important
Only enable "Allow Localhost" for local development. Disabling this setting in production prevents unauthorized authentication requests from localhost, improving your application's security posture.
Need help?
Join our Discord Server to ask questions or see what others are doing with Neon. For paid plan support options, see Support.