Better Auth
Overview
Zeus uses Better Auth as its authentication solution, supporting email/password login and social login (GitHub, Google).Architecture
GitHub Login Flow
Native Client Authentication (Desktop / iOS)
Desktop and iOS native clients use a dual-token mechanism:| Token Type | Validity | Storage |
|---|---|---|
| accessToken (JWT) | 1 hour | Desktop: JSON file / iOS: Keychain |
| refreshToken (opaque) | 30 days | Desktop: JSON file / iOS: Keychain |
- Both tokens are issued at login (via
/api/auth/jwtor device authorization flow) - Before each API call, the client checks if the accessToken is about to expire (< 5 minutes)
- When expired, the client automatically calls
POST /api/auth/refreshto get a new accessToken - If the refreshToken is also expired, the user is automatically logged out
Related Documentation
JWT Service Authentication
Dual-layer JWT authentication between Web and AI Backend
Database
Authentication-related database tables (user, session, account)