User Accounts add authentication and users to your app. They handle sign-up, sign-in, logout, and storing users.

Overview

Every Anything project can add User Accounts. As you chat with Anything, it manages adding the authentication details - from setting up secure login flows to writing the code that only shows your app’s content to logged in users. Use User Accounts to:
  • Let users sign up and sign in
  • Protect private content and features
  • Store data per user
  • Personalize experiences
  • Build apps with many users

Chat

Anything updates your app to add User Accounts if you chat about adding users. Try a prompt like: ‘Let users sign up’ or ‘Store data per user’ When Anything recognizes you want to add user accounts, it:
  1. Enables User Accounts in your project
  2. Adds special pages for Sign up, Sign in, and Logout
  3. Creates special tables in your app’s database to store user information (auth_users, auth_accounts, etc.)
  4. Adds checks to your pages and functions to protect content that needs to be signed in to view
  5. Updates everything to make sure your pages and functions work with the new users tables and signed in user
You will know it’s working when you see the sign up, sign in, and logout pages in your app on the Canvas or Project Selector, or if you see the special user tables in your database viewer.

Finding the sign up, sign in and log out pages in Project Selector. Checking the auth tables in the database.

How It Works - In the App

When you enable User Accounts, Create adds:

Authentication Pages

  • Sign In Page - /account/signin
  • Sign Up Page - /account/signup
  • Logout Page - /account/logout
You can customize the look and feel of these pages by prompting Create to change them. Once User Accounts is enabled, you can also create components for the sign in, sign up, and logout functionality. This lets you embed this functionality anywhere. Under the hood, it uses the same auth routes as the pages. These pages contain special code to update the user in the database when they sign up/in and handle common errors.

User Tables

Create makes 4 special tables:
  • auth_users: Tracks users in your app
  • auth_accounts: Tracks auth methods (email/password, Google, etc.)
  • auth_sessions: Database-backed user sessions
  • auth_verification_token: 2FA verification tokens
Most used: auth_users (core profiles) and auth_accounts (login methods)
Most of the time, you won’t need to worry about these implementation details. Create handles storing and managing user data automatically. However, understanding the underlying structure can help build more complex features or debug authentication flows.
Built-in fields in auth_users:
  • id: Unique identifier for each user
  • name: User’s display name (optional)
  • email: User’s email address
  • emailVerified: Tracks if email has been verified
  • image: Profile image URL (optional)
  • auth_accounts: Links to the auth methods for the user
Built-in fields in auth_accounts:
  • id: Unique identifier for each auth method
  • userId: Links to the user in auth_users
  • type: Authentication type (e.g. “credentials” for email/password)
  • provider: Auth provider (e.g. “credentials”, “google”)
  • providerAccountId: ID from the provider
  • refresh_token: OAuth refresh token
  • access_token: OAuth access token
  • expires_at: Token expiration
  • token_type: Type of token (e.g. “bearer”)
  • scope: OAuth scopes
  • id_token: OAuth ID token
  • session_state: Session state
  • password: Hashed password (for credentials provider)
Storing Additional User Information: You can prompt Create to store additional profile information per user, like “Store the user’s bio, location, and phone number”. Create will either add these fields directly to the auth_users table or create a linked profile table with these fields that connects to auth_users via the user’s ID. This keeps your user data organized while maintaining the core authentication tables. Linking Data to Users: When you prompt Create to store data per user (like posts, preferences, or settings), Create automatically adds a user_id field to those database tables. This user_id connects each piece of data to the specific user in the auth_users table who owns it. That lets your app later grab the data for a specific user.

Signed In User

When you prompt Create to protect a page or show content per user on a page, e.g. “When user is signed in, show their profile in top right” or “If the user isn’t signed in, don’t show the notification settings”, Create can now add code to grab the current signed in user’s info and change the behavior of the app based on it. Pages, Functions, and Components can now all check the current signed in user, grab their information from the database, and use it to show/hide info, or change their behavior. Create automatically handles auth redirects. You can link pages as normal. If a user needs to be signed in to view a page, Create will check if they are. If they’re not, it will redirect them to the Sign In page, and once signed in, redirect them back to the original page. Just prompt Create on which pages should be protected with sign in vs. public.

How It Works - For your Users

Create uses Next Auth and JWT (JSON Web Token) authentication to manage user sessions:
  • When users sign up or sign in, Create saves the user’s information in the database and stores a secure cookie in their browser
  • This cookie keeps users logged in as they browse your app
  • When users visit a protected page or use a protected function, Create checks this cookie
  • If no valid cookie exists, Create redirects them to the sign-in page
  • To let users log out, add a link to /account/logout in your app’s signed-in experience
  • When users visit the logout route, Create removes the cookie and ends their session

Real World Example

Let’s say you have an AI app with:
  • Landing page (at /)
  • AI homework creator (at /app)
To add user accounts:
  1. Prompt “Add users to the app. They should sign up and sign in to view the homework creator”
  2. Protect access to the homework creator page by either:
    • Prompting: “Only let signed in users view the homework creator”
    • Manually: Go to /app page > 3-dot menu > Settings > “Require account to view”
  3. Publish changes
  4. Now:
    • / remains public
    • /app redirects to sign-in
    • After sign-in, users access /app
    • Add personalization: “When user is logged in, show their profile in top right and store their AI generations”
    • Add special behavior: “If this is the users first time, show them an onboarding flow where they can fill out their profile”

Customizing Auth Pages

Modify the built-in authentication pages through chat: 
Add a logo to the signin page

Make the sign in and sign up pages look like the rest of the app
Create will:
  • Update the look and feel of your pages
  • Add your logo
  • Maintain they key sign in / sign up code that stores the user
Common customizations:
  • Adding branding elements
  • Adding additional auth methods (Google, Facebook, etc.)
  • Modifying form fields
  • Changing styles
  • Adding terms of service / privacy policy
  • Adding testimonials or other social proof
For the default email/password sign up, when adding additional fields to collect during sign up (like name, phone number, etc.), make sure those fields are optional in the database. By default, only email and password should be required fields for the sign up page to work properly. Another option is to collect additional profile information later in the app after a user is already signed up with the essential fields.

Flows and Redirects

Prompt Create on how you want the flow to work. 
Let users hit the sign up button and go to the sign up page

Then after sign up, send them to the dashboard logged in
Create handles authentication flows automatically:
  • Sign Up:
    1. User submits signup form
    2. Create validates and stores account
    3. Sets auth cookie
    4. Redirects to page you prompt
  • Sign In:
    1. User visits page that requires sign in
    2. Create checks for auth cookie
    3. If no cookie, redirects to sign in page you prompt
    4. User enters credentials
    5. Create verifies account
    6. Sets auth cookie
    7. Returns to original page
  • Sign Out:
    1. User clicks logout
    2. Create clears auth cookie with the route /account/logout
    3. Redirects to public page you prompt

Storing User Data

By default, Create stores the following information about users:
  • Email (required) - Used for login and account recovery
  • Password (hashed) - Securely stored using industry best practices
  • User ID - Unique identifier to link user data across tables
  • Created Date - When the account was created
  • Last Login - Most recent sign in
You can prompt Create to store additional information per user. Create will update your database to make sure that each piece of user specific information is stored with a user_id that links back to the user in your auth_users table. Example prompts: 
Add a bio field to user profiles

Store user preferences like theme and notification settings

Let users upload a profile picture
Create will:
  • Add the new fields to your database schema
  • Update queries to store/retrieve the data
  • Link everything to the correct user using their user_id
  • Add UI elements to display and edit the information

Using User Data

You can use the information you store about each user in your app. Just prompt Create. Some examples:
  • “Show the logged in user’s tasks in the main feed”
  • “Show a feed with all users posts”
  • “If the user is logged in, show a profile image in the top right. Otherwise, show the sign up / sign in buttons”
Create will update your Pages, Functions, and Components to use the user data. You can also manually access and change user information from the Database Viewer.

Profiles

Build user profiles by:
  1. Adding Profile Fields:
    • Prompt Create to add profile fields
    • Add avatar, bio, social links
    • Create will update the database to add the fields and update the queries to use them
  2. Creating Profile Pages:
    • Prompt Create to create profile pages
    • Create will update the pages to grab the user’s profile data and display it
  3. Handling Updates:
    • Prompt Create to create profile edit forms
    • Create will update the pages/functions to update a user in the database

Roles and Permissions

Add custom roles to control access:
  1. Add Role Field:
    • Prompt Create to add “role” or similar field for each user
    • Describe the values you want to use like “admin”, “member” and how you want behavior to change
    • Create will update the database to add the field and update the queries to use it
  2. Check Roles:
    • Reference roles in prompts
    • Example: “If signed in user is admin, show settings”
    • Create handles the logic

Auth Methods

Create supports multiple auth methods. Choose the ones that fit your app’s needs. You can turn on or off each auth method in the Project Settings.

Finding the Project Settings

Email/Password

  • Default authentication method
  • Secure password hashing
  • No additional setup required
  • You can turn it off in Project Settings
  • Detailed guide here

Google

  • Social login using Google accounts
  • You’ll need to get a Google Client ID and Secret from Google
  • Full setup guide

Facebook

  • Social login using Facebook accounts
  • You’ll need to get a Facebook App ID and Secret from Facebook
  • Full setup guide

X

  • Social login using X/Twitter accounts
  • You’ll need to get a Twitter Client ID and Secret from X
  • Full setup guide

Testing

Verify your User Accounts setup:
  1. Enable auth on a test page
  2. Publish changes
  3. Open an incognito window
  4. Verify redirect to sign-in
  5. Create test account
  6. Confirm access after auth

Troubleshooting

If authentication isn’t working:
  • Verify User Accounts is enabled for project. Do you see the sign up, sign in, and logout pages in the Project Selector? Do you see the auth tables in the database?
  • Check page/function auth settings
  • Review the database - check the auth_users table to make sure the user was created
  • Test with a fresh account
  • Review our Get Help Article for more

Error Codes

If one of your users runs into an error while signing in / signing up, or you do while testing, check the URL for ?error=[code]. It can give you a hint on what might be wrong.

Finding the error code in the URL

Common error codes and fixes:
  • OAuthSignin/Callback: OAuth configuration issue
    • Check provider settings and keys
    • Verify redirect URLs
  • OAuthAccountNotLinked: Email already used with different auth method
    • User should sign in with original method (e.g. Google instead of email)
  • CredentialsSignin: Wrong email/password
    • Double-check credentials
    • Reset password if needed
  • EmailCreateAccount: Email already registered
    • Use sign in instead
    • Reset password if needed
  • AccessDenied: Permission issue
    • Check access settings
    • Verify allowed domains
  • Configuration: System setup issue
    • Check auth configuration
    • Verify environment variables

FAQs

See Also

  • Databases - Store user data and content
  • Pages - Create protected routes
  • Publishing - Go live with your authenticated app