Skip to content
pycolors /docs
Starter FreeUpdated April 27, 2026

Auth Concept

Understand how authentication is modeled in Starter Free and how to wire it safely to your provider.

StarterAuth

OverviewLink to section

Authentication is the entry point of every SaaS product.

Starter Free gives you a complete authentication surface:

  • login
  • register
  • forgot password
  • validation
  • loading states
  • error states
  • redirect flows

But no provider is wired.

This is intentional.

Core idea

Starter Free defines the auth UX contract. You plug in the provider when your product becomes real.

Mental modelLink to section

Auth UI is stable. Auth implementation is replaceable.

LayerResponsibility
UIForms, states, validation, feedback
RoutingRedirects, protected pages
ProviderSessions, tokens, identity
Backend (later)permissions, roles, access control

What Starter Free gives youLink to section

Included

  • login / register / forgot password screens
  • form validation and error states
  • loading and disabled states
  • redirect flows
  • AuthShell layout

Not included (on purpose)

  • session management
  • JWT / cookies
  • OAuth providers
  • email delivery
  • password reset backend

Auth routesLink to section

routes
app/(auth)/
  login/
  register/
  forgot-password/

AuthShell patternLink to section

components/auth/auth-shell.tsx
<AuthShell
  title="Welcome back"
  description="Sign in to your account"
  footer={...}
/>

FlowsLink to section

User submits form
→ validate inputs
→ call signIn()
→ redirect to /dashboard
User creates account
→ validate inputs
→ call signUp()
→ redirect to /dashboard
User submits email
→ always show success state
→ never reveal if email exists

Wiring your providerLink to section

Starter Free is provider-agnostic:

  • Auth.js / NextAuth
  • Clerk
  • Supabase Auth
  • Custom backend
auth-action.ts
async function onSubmit(values) {
  await signIn(values.email, values.password);
  router.push("/dashboard");
}

UX rulesLink to section

Prefer

  • clear error messages
  • disabled submit while loading
  • consistent redirects
  • explicit success states

Avoid

  • generic errors
  • double submissions
  • no feedback states
  • leaking user existence

On this page

OverviewMental modelWhat Starter Free gives youAuth routesAuthShell patternFlowsWiring your providerUX rules