Type-Safe Validation
AuthCore includes 20+ production-ready Zod validation schemas for type-safe input validation across your application.
How It Works
Automatic Integration
AuthCore components and API routes use built-in validation automatically. You don't need to do anything - it just works!
✅ AuthForm, SecuritySettings, and all components have validation built-in
✅ API routes validate inputs automatically using internal utilities
✅ No setup required - production-ready out of the box
Optional Zod Schemas (For Your Custom Code)
Want to build custom forms or API routes? Use our exported Zod schemas for type-safe validation with TypeScript inference.
✨ Import from: codalware-auth/validation
✨ Use in your own forms, API routes, and business logic
✨ Full TypeScript type inference and autocomplete
Available Schemas
Authentication & User Management
emailSchemaEmail validation (max 255 chars)
passwordSchemaPassword strength (8-128 chars, uppercase, lowercase, numbers, symbols)
loginSchemaLogin credentials
registerSchemaUser registration
passwordResetRequestSchemaRequest password reset
passwordResetSchemaReset with token
passwordChangeSchemaChange password (authenticated)
emailVerificationSchemaVerify email token
Two-Factor Authentication
totpCodeSchema6-digit TOTP code
twoFactorSetupSchema2FA setup data
twoFactorVerificationSchema2FA verification
backupCodeSchemaBackup code validation
Organizations & Tenants
domainSchemaDomain validation
subdomainSchemaSubdomain validation
createTenantSchemaCreate organization
updateTenantSchemaUpdate organization
Security Settings
accountLockoutSchemaAccount lockout config
emailRestrictionSchemaAllowlist/blocklist
securitySettingsSchemaComplete security config
waitlistSchemaWaitlist entries
System & Utilities
paginationSchemaPage, limit, sort params
auditActionSchemaAudit log action types
webhookEventSchemaWebhook event types
webhookConfigSchemaWebhook configuration
Password Strength Indicator
Real-Time Password Validation
The PasswordStrengthIndicator component provides real-time feedback on password strength requirements as users type.
✅ Visual progress bar showing strength (weak/medium/strong)
✅ Checklist of requirements (uppercase, lowercase, numbers, symbols)
✅ Automatic integration with AuthForm component
✅ Configurable based on your security settings
Usage
Automatic Integration
The AuthForm component automatically includes the refreshed password strength indicator for registration flows—complete with glassmorphic chrome, requirement tracking, and inline recommendations. No additional setup required!
Usage Examples
Client-Side Form Validation
Server-Side API Validation
Type Inference
Custom Schema Composition
Helper Functions
When to Use Zod Schemas
✅ Use Zod Schemas When:
- • Building custom forms or inputs
- • Creating custom API routes
- • Validating user input in business logic
- • Need TypeScript type inference
- • Want reusable validation across client/server
- • Composing complex validation logic
ℹ️ No Need to Use When:
- • Using
AuthFormcomponent (already validated) - • Using
SecuritySettingscomponent (already validated) - • Using any AuthCore pre-built component
- • AuthCore API routes handle it automatically
- • Internal validation is sufficient
Why Zod?
Type Safety
Full TypeScript type inference. Your IDE knows exactly what data looks like after validation.
Reusable
Same validation logic works on client and server. Write once, validate everywhere.
Composable
Mix and match schemas. Extend, combine, or customize to fit your needs.
Fast
Zod is one of the fastest validation libraries. No performance overhead.
Better Errors
Human-readable error messages. Easy to display to users or log for debugging.
Battle-Tested
Production-ready validation patterns used by thousands of applications.