Email Password
Configure email and password sign-up, sign-in, password reset, and sessions.
Email/password is a core Kernia sign-in method. It creates a credential account row, stores a hashed password, can auto-create a session after sign-up, and supports password reset through the verification table.
Server configuration
import os
from kernia import KerniaOptions
from kernia.auth import init
from kernia.types.init_options import EmailPasswordOptions
from .db import adapter
auth = init(KerniaOptions(
database=adapter,
secret=os.environ["KERNIA_SECRET"],
base_url=os.environ["KERNIA_BASE_URL"],
email_and_password=EmailPasswordOptions(
enabled=True,
require_email_verification=False,
min_password_length=8,
max_password_length=128,
auto_sign_in=True,
),
))Routes
/api/auth/sign-up/emailBody: { "email": "user@example.com", "password": "secure-password", "name": "Jane" }. Creates a user and credential account.
/api/auth/sign-in/emailBody: { "email": "user@example.com", "password": "secure-password", "remember_me": true }. Verifies the password and sets the session cookie.
/api/auth/forget-passwordBody: { "email": "user@example.com", "redirect_to": "https://app.example.com/reset" }. Creates a reset token without leaking account existence.
/api/auth/reset-passwordBody: { "token": "reset-token", "password": "new-secure-password" }. Consumes the verification row and updates the credential password.
Client usage
await fetch("/api/auth/sign-in/email", {
method: "POST",
credentials: "include",
headers: { "content-type": "application/json" },
body: JSON.stringify({ email, password, remember_me: true }),
});Troubleshooting
INVALID_CREDENTIALSmeans either the user is missing, the credential account is missing, or password verification failed.EMAIL_NOT_VERIFIEDis returned whenrequire_email_verification=Trueand the user has not verified their email.- Password length errors are controlled by
min_password_lengthandmax_password_length.