Email Plugin

Overview

The Email plugin provides transactional email capabilities with support for multiple providers and automatic failover. It enables Authula and other plugins to send verification emails, password reset links, and other transactional messages with configurable provider support.

Features

• Multi-Provider Support — Use SMTP or Resend as your email provider
• Automatic Fallback — Configure a backup provider that activates when the primary fails
• HTML & Text Support — Send both plain text and HTML email formats
• Template Ready — Built-in support for Go template rendering (HTML/text)
• Environment Variable Support — Securely configure credentials via environment variables

Configuration

Standalone Mode

[plugins.email]
enabled = true
provider = "smtp" # Options: "smtp", "resend"
# You can set/override `from_address` using the `FROM_ADDRESS` environment variable.
from_address = "noreply@example.com"
tls_mode = "starttls" # Options: "off", "starttls", "tls"
# Optional: Fallback provider if primary fails
# fallback_provider = "resend" # Optional backup: "smtp" or "resend"

# SMTP Configuration (when provider = "smtp")
[plugins.email.smtp]
host = "smtp.gmail.com"
port = 587
user = "your-email@gmail.com"
pass = "your-app-password"

# Resend Configuration (when provider = "resend")
# [plugins.email.resend]
# NOTE: it is recommended to set the Resend API key via the RESEND_API_KEY environment variable rather than hardcoding it here.
# api_key = ""

Library Mode

import (
	emailplugin "github.com/Authula/authula/plugins/email"
	emailplugintypes "github.com/Authula/authula/plugins/email/types"
)

emailplugin.New(emailplugintypes.EmailPluginConfig{
	Enabled:          true,
	Provider:         emailplugintypes.ProviderResend,
	FromAddress:      "from@example.com",
	TLSMode:          emailplugintypes.SMTPTLSModeStartTLS,
	FallbackProvider: emailplugintypes.ProviderSMTP,
}),

Configuration Options

SMTP Options

Provider Details

SMTP Provider

Connects to any SMTP-compliant server (Gmail, SendGrid, AWS SES, etc.). Uses opportunistic TLS for secure connections and supports SMTP authentication.

Resend Provider

Integrates with Resend email API for simple API-based sending with built-in deliverability optimization.

API Reference

The Email plugin does not expose any HTTP endpoints. It operates as an internal service used by other plugins (e.g., Email & Password, Magic Link) to send transactional emails.

Database Schema

The Email plugin doesn't create any database tables.

Plugin Capabilities

The Email plugin doesn't have any hooks and capabilities.

Environment Variables

Configure your provider credentials via environment variables:

SMTP Provider:

SMTP_HOST="smtp.gmail.com"
SMTP_PORT="587"
SMTP_USER="your-email@gmail.com"
SMTP_PASS="your-app-password"

Resend Provider:

RESEND_API_KEY="re_xxxxxxxxxxxx"

Fallback Behavior

When a fallback provider is configured, emails are first attempted via the primary provider. If that fails, the plugin automatically tries the fallback provider. This ensures email delivery even if the primary provider experiences issues.

Security Recommendations

• Use Environment Variables — Store SMTP credentials and API keys in environment variables, not in configuration files
• Enable TLS — Always use tls_mode = "tls" or tls_mode = "starttls" in production for encrypted connections
• App Passwords — When using Gmail or similar providers, use app-specific passwords instead of your main account password
• Rate Limiting — Be aware of provider rate limits; consider utilizing the rate limit plugin to prevent hitting limits and ensure reliable delivery
• From Address Verification — Ensure your from_address is verified with your email provider to prevent delivery issues
• SPF/DKIM/DMARC — Configure DNS records for your sending domain to improve deliverability and prevent spoofing