Client
The browser entry exports a single Better Auth React client:
import { authClient } from "@tikab-interactive/fusion-auth/client";
// email/password
await authClient.signUp.email({ email, password, name });
await authClient.signIn.email({ email, password });
await authClient.signOut();
// reactive session in components
const { data: session, isPending } = authClient.useSession();It is created with the genericOAuthClient() plugin already wired in, so the
client half of any OIDC providers you add server-side via
plugins is ready to use.
Server code never reaches the browser
/server and /session are server-only — they pull in the database, Node
crypto, and Better Auth's server runtime. The package's exports map declares a
browser condition that points those two entries at throwing stubs, so a stray
client import fails loudly instead of bundling Node code into your app:
| Entry | Browser resolves to | Server resolves to |
|---|---|---|
/client | authClient | authClient |
/server | throwing stub | createAuth + API tokens |
/session | throwing stub | getSession / requireSession |
This is the real browser stub for /server, embedded from source — note the
signatures still typecheck (so client builds compile) while every call throws:
/**
* Browser stub for @tikab-interactive/fusion-auth/server. The real module is
* server-only (DB + node crypto + Better Auth's server runtime); any client
* import resolves here and throws if used. Use the /client entry in the browser.
*/
function serverOnly(): never {
throw new Error(
"@tikab-interactive/fusion-auth/server is server-only. Use @tikab-interactive/fusion-auth/client in the browser.",
);
}
export function createAuth(_options?: unknown): never {
return serverOnly();
}
export type Auth = never;
export type CreateAuthOptions = Record<string, never>;
// API tokens are server-only (DB + node crypto). Stubs keep client builds
// typechecking; calling any of these in the browser throws.
export const createApiToken = serverOnly;
export const listApiTokens = serverOnly;
export const revokeApiToken = serverOnly;
export const verifyApiToken = serverOnly;
export type CreatedApiToken = never;The /session stub behaves the same way, pointing you at server functions:
@tikab-interactive/fusion-auth/session is server-only. Use createServerFn handlers.