Skip to main content
User Accounts let people sign up, sign in, and stay logged in to your app. Ask the agent and it handles the rest, from login pages to storing users in your database. Use User Accounts to:
  • Let users sign up and sign in
  • Protect pages so only logged-in users can see them
  • Store data per user
  • Personalize the experience

Getting started

Say something like “add sign up and login” or “let users create accounts.” Anything will:
  1. Enable User Accounts in your project
  2. Add sign up, sign in, and logout pages
  3. Create auth tables in your database to store users
  4. Add checks to your pages and functions so only logged-in users can access protected content
You’ll know it’s working when you see the auth pages in the Project Selector and the auth tables in your database viewer.

Auth pages

Anything creates three pages:
  • /account/signup
  • /account/signin
  • /account/logout
You can customize how they look. Say “add a logo to the sign in page” or “make the auth pages match my brand.” You can also create sign-in and sign-up components to embed anywhere in your app.

Auth tables

Anything creates four tables in your database:
TableWhat it stores
auth_usersUser profiles (email, name, image)
auth_accountsLogin methods per user (email/password, Google, etc.)
auth_sessionsActive sessions
auth_verification_tokenEmail verification and magic link tokens
You don’t need to manage these directly. Anything handles it. But knowing the structure helps if you’re debugging or building advanced features.

Protected pages

Tell Anything which pages require sign-in and which are public. If someone visits a protected page without being logged in, Anything redirects them to sign in and sends them back after. 
Only signed-in users should see the dashboard. Keep the landing page public.

How sessions work

When someone signs up or signs in, Anything stores a secure cookie in their browser. That cookie keeps them logged in as they browse your app.
  • Protected pages and functions check the cookie before loading
  • No valid cookie? Anything redirects to sign-in
  • Logout clears the cookie and ends the session
Passwords are hashed with bcrypt. Sessions use JWT tokens.

Example

Say you have a landing page at / and an AI homework creator at /app.
  1. Say “add sign up and login, only signed-in users can use the homework creator”
  2. Or protect manually: go to the /app page, open the 3-dot menu > Settings > “Require account to view”
  3. Publish
Now / stays public, /app redirects to sign-in, and after login users land on /app. From there: 
When the user is logged in, show their profile in the top right and store their AI generations

If this is the user's first time, show them an onboarding flow

Customizing auth pages

Add a logo to the sign in page

Make the sign in and sign up pages match the rest of my app

Add a terms of service checkbox to sign up
If you add extra fields to sign up (like name or phone number), make sure they’re optional in the database. Only email and password should be required for sign up to work. You can collect additional info after the user creates their account.

Flows and redirects

Tell Anything where to send users after sign up, sign in, and logout. 
After sign up, send users to the dashboard. After logout, send them to the homepage.
Anything handles the full flow automatically: form validation, storing the account, setting the session cookie, and redirecting.

User data

By default, Anything stores email, a hashed password, user ID, and created date. You can add anything else: 
Add a bio field to user profiles

Store user preferences like theme and notification settings

Let users upload a profile picture
Anything adds the fields to your database, updates the queries, and wires up the UI.

Using user data

Reference user data in your prompts and Anything updates your pages and functions to use it. 
Show the logged-in user's tasks in the main feed

If the user is logged in, show a profile image in the top right. Otherwise show sign up and sign in buttons.
You can also view and edit user data from the Database Viewer.

Roles and permissions

Add roles to control who can do what. Describe the roles you want and how behavior should change: 
Add an admin role. If the signed-in user is admin, show the settings page. Otherwise hide it.

Auth methods

Anything supports five sign-in methods. Toggle them on or off in Project Settings.
MethodSetupGuide
Email/PasswordNone, enabled by default. Passwords hashed with bcrypt.Guide
GoogleRequires a Google Client ID and SecretGuide
AppleComing soon
FacebookRequires a Facebook App ID and SecretGuide
X (Twitter)Requires an X Client ID and SecretGuide
Anything also supports magic links for passwordless sign-in. Ask the agent to “add magic link login” and it sets up email-based sign-in with no password required.
Per Apple’s App Store guidelines, Google and Facebook SSO cannot be present in iOS builds until Sign in with Apple is available. Don’t add Google or Facebook login to mobile apps yet.

Testing

  1. Publish your changes
  2. Open an incognito window
  3. Visit a protected page and confirm it redirects to sign-in
  4. Create a test account and confirm you can access the page

Troubleshooting

If auth isn’t working:
  • Check that User Accounts is enabled. You should see sign up, sign in, and logout pages in the Project Selector and auth tables in the database.
  • Check page settings to confirm the page requires sign-in
  • Open the auth_users table to verify the user was created
  • Test with a fresh account in incognito
  • See Get Help for more

Error codes

If someone hits an error during sign in or sign up, check the URL for ?error=[code].
Common error codes and fixes:
  • OAuthSignin/Callback: OAuth configuration issue
    • Check provider settings and keys
    • Verify redirect URLs
  • OAuthAccountNotLinked: Email already used with different auth method
    • User should sign in with original method (e.g. Google instead of email)
  • CredentialsSignin: Wrong email/password
    • Double-check credentials
    • Reset password if needed
  • EmailCreateAccount: Email already registered
    • Use sign in instead
    • Reset password if needed
  • AccessDenied: Permission issue
    • Check access settings
    • Verify allowed domains
  • Configuration: System setup issue
    • Check auth configuration
    • Verify environment variables

Databases

Store user data and content

Publishing

Go live with auth