Feature Request: Email Domain Filtering and Passwordless Login Toggle
Problem
Self-hosted Typebot instances often need to restrict signups to specific email domains (e.g., @company.com) or control whether magic link/passwordless authentication is available.
Currently, there's no way to:
- Restrict signups to specific email domains
- Disable magic link authentication (force OAuth-only)
Proposed Solution
Add two new environment variables:
| Variable |
Default |
Description |
ALLOWED_EMAIL_DOMAINS |
(empty) |
Comma-separated list of allowed email domains. When set, only users with emails from these domains can sign in. |
EMAIL_LOGIN_ENABLED |
true |
Set to false to disable magic link/passwordless email authentication. |
Use Cases
- Enterprise deployments: Restrict to corporate email domains only (
ALLOWED_EMAIL_DOMAINS=company.com,subsidiary.com)
- OAuth-only mode: Disable email login and require OAuth providers (
EMAIL_LOGIN_ENABLED=false)
- Multi-tenant: Allow specific partner domains
Implementation Notes
- Domain filtering happens in Better Auth database hooks (before user creation)
- Invalid domain attempts return a clear error message listing allowed domains
- Works with both OAuth and magic link authentication
Dependencies
This feature depends on the Better Auth migration (#2360).
Feature Request: Email Domain Filtering and Passwordless Login Toggle
Problem
Self-hosted Typebot instances often need to restrict signups to specific email domains (e.g.,
@company.com) or control whether magic link/passwordless authentication is available.Currently, there's no way to:
Proposed Solution
Add two new environment variables:
ALLOWED_EMAIL_DOMAINSEMAIL_LOGIN_ENABLEDtruefalseto disable magic link/passwordless email authentication.Use Cases
ALLOWED_EMAIL_DOMAINS=company.com,subsidiary.com)EMAIL_LOGIN_ENABLED=false)Implementation Notes
Dependencies
This feature depends on the Better Auth migration (#2360).