User Settings

NuxtBase ships a user settings area at /dashboard/settings.

It is split into two practical sections:

profile
security

Profile Settings

The profile card supports:

avatar upload
display name update
email change with verification

Avatar upload goes through /api/users/avatar, while name and email updates use Better Auth client actions.

Email Change Behavior

Changing email is not an instant field update.

The shipped flow is:

user enters a new email address
app requests an email change through Better Auth
verification email is sent
callback returns to /dashboard/settings?emailChange=verified
settings page shows a success state and clears the pending email-change message

That means working email delivery still matters inside settings, not only during sign-up.

Password Management

Password behavior depends on linked account state.

If the user already has a credential account, settings shows a change password flow. If the user signed up through OAuth only, settings can show a set password flow instead.

The credential flow also supports revoking other sessions after a password change.

Two-Factor Authentication

The settings security area includes a full TOTP setup and disable flow.

The current UX supports:

QR code setup
manual secret copy
backup codes
verification before enabling
role-appropriate disable flows

One useful implementation detail:

users with a password account can confirm with password
OAuth-only users disabling 2FA confirm with a TOTP code instead

Passkeys

Passkeys are managed directly from settings.

Users can:

add a passkey
choose authenticator attachment preference
rename an existing passkey
remove a passkey

The UI also shows when each passkey was created.

What Buyers Should Test

upload a new avatar
change the display name
start an email change and complete the verification link
change or set a password depending on the account type
enable 2FA and save backup codes
register, rename, and remove a passkey