logoBetter-Auth-Kit
Plugins

Legal Consent

Ensure legal compliance by requiring users to accept terms of service, privacy policy, age verification, and other consent requirements during sign-up.

VersionDownloadsLicense

There is an existing bug, we're investigating it.

In some cases, you may need to require your users to accept certain compliances before they can sign up. The purpose of this plugin is to provide a way to keep record, or evidence, of the user's consent to the compliances.

Supported compliances include: Terms of Service, Privacy Policy, Age Verification, Marketing Consent, and Cookie Consent.

Currently, we provide both a basic form of record keeping, which is a boolean field in the user model indicating if the user has accepted the compliance, and optionally the ability to save the version of the consent form which the user agreed to. In the future, we plan to expand this by providing the option to enable more detailed record keeping, such as timestamps, IP addresses, device information, and more, saved in a separate table. This makes to be better evidence of the user's consent to the compliances.

1. Install the plugin

npm install @better-auth-kit/legal-consent

2. Initialize the plugin

auth.ts
import { legalConsent } from "@better-auth-kit/legal-consent";
 
export const auth = betterAuth({
  plugins: [
    legalConsent({
      requireTOS: true,
      requirePrivacyPolicy: true,
      requireMarketingConsent: true,
      requireCookieConsent: true,
    }),
  ],
});

3. Run Migrations

Make sure to run migrations after configuring the plugin.

npx @better-auth/cli migrate
Learn more about the migrate/generate commands here.

4. Sign up methods

Add the following methods to your sign up page.

auth.api.signUpEmail({
 body: {
    email: "some_email@example.com",
    password: "some_password",
    tosAccepted: true,
    privacyPolicyAccepted: true,
    ageVerified: true,
    marketingConsentAccepted: true,
    cookieConsentAccepted: true,
 }
});

The types may not appear in your IDE for the signUp method, this is a limitation of Better Auth. Once you enable a given legal consent, you should be fine to pass that value into the sign up method and safely ignore the type error.

Note: You do not need to pass all the legal consent values, only the ones you enabled.

What does it do?

By utilizing the legalConsent plugin, you can require the following legal consents on your sign-up routes:

  • Terms of Service
  • Privacy Policy
  • Age Verification
  • Marketing Consent
  • Cookie Consent

Whenever a user signs up, the plugin requires you to pass additional data to the signup method. The data can vary depending on the legal consent requirements you have set. For example, if you require the user to accept the terms of service, you must pass tosAccepted: true to the signup method. After the plugin has verified the given data is all valid, it will pass those legal consent values to the user data that will be created.

Options

You can enable the following legal compliance options:

legalConsent({
  tosAccepted: true,
  privacyPolicyAccepted: true,
  ageVerified: true,
  marketingConsentAccepted: true,
  cookieConsentAccepted: true
});

You can also choose to save the version of the legal consent agreement.

legalConsent({
  tosVersion: "1.0",
  privacyPolicyVersion: "1.0",
  ageVerificationVersion: "1.0",
  marketingConsentVersion: "1.0",
  cookieConsentVersion: "1.0",
});

If the version is provided, it will save the version of the legal consent agreement in the user model. Otherwise, it will save the agreement as a boolean.

If you had updated the plugin to include versions, make sure to run migrations again! By default, the plugin will save the boolean value. By adding the version, it will save the version string.

Configuring the schema

You can configure the name of these fields by passing the schema option to the plugin.

legalConsent({
  schema: {
    userModelName: "user",
    tosAccepted: "tosAccepted",
    privacyPolicyAccepted: "privacyPolicyAccepted",
    ageVerified: "ageVerified",
    marketingConsentAccepted: "marketingConsentAccepted",
    cookieConsentAccepted: "cookieConsentAccepted",
  },
});

Schema

Table: user

Note: Not all keys will be in the table as it depends on if you enabled each compliance, as well as if you changed the name of a given schema field.

Pan and zoom to explore the schema.

Fields:

  • tosAccepted: Wether the user accepted the TOS.
  • privacyPolicyAccepted: Wether the user accepted the privacy policy.
  • ageVerified: Wether the user verified their age.
  • marketingConsentAccepted: Wether the user accepted the marketing consent.
  • cookieConsentAccepted: Wether the user accepted the cookie consent.
Edit on GitHub

On this page