Normalization inconsistency
* Calling
auth.api.createUser() will normalize the username to lower case (as is documented).
* Calling auth.api.adminUpdateUser will not normalize the username to lower case....auth.api.setUserPassword always returns `{status:true}`
auth.api.setUserPassword always returns
{status:true}FAILED_TO_GET_SESSION in user signout (latest version)
Hi there,
I am using:
"better-auth": "^1.3.24",...
Sveltekit error Error: Cannot use relative URL (/api/auth/get-session)
Error: Cannot use relative URL (/api/auth/get-session) with global fetch — use `event.fetch` instead: https://svelte.dev/docs/kit/web-standards#fetch-apis
at globalThis.fetch
Error: Cannot use relative URL (/api/auth/get-session) with global fetch — use `event.fetch` instead: https://svelte.dev/docs/kit/web-standards#fetch-apis
at globalThis.fetch
auth.api.getSession has incorrect return type since v1.3.13
In https://github.com/better-auth/better-auth/pull/3983 the return type was adjusted to include
options and path which are always undefined during runtime. Those excess properties actually cause issues in TanStack Start due to TypeScript errors caused by non-serialisable types. I have a feeling those two properties have erroneously ended up in the PR and are completely unintended there and should be removed.
Would appreciate if somebody and confirm this. Happy to open a PR myself if it turns out to require a fix....Social Sign In (with VIDEO)-> getting session from other user !!
Better Auth Version: 1.3.18
I have big problems with users getting Sessions from other users. I got this with magic Link. It got fixed in Last patches,
But as you can see in the Video it happens still on Social Sign in (Discord)...
Stripe Plugin Type Error
Hi everyone!
I tried setting up the Stripe plugin using the official guide.
My project is configured with:...
OAuthProxyOptions Bug
Hey 👋 I’m hitting a TS4023 issue with better-auth.
When I export my
createAuthConfig, I get:
TS4023: Exported variable 'createAuthConfig' has or is using name 'OAuthProxyOptions' from external module ".../better-auth/dist/plugins/oauth-proxy/index" but cannot be named.
Version: better-auth@1.2.11.../admin/set-role API allows setting non existent role values
Hi guys.
I'm not sure if this is a bug, so I want to ask. I'm using the
/admin/set-role api to set a role, and I noticed that i can set a random value and it still return vaild. Is this correct or not?...
auth.api.removeTeamMember returns success but doesn't delete database records
The removeTeamMember API consistently returns { message: 'Team member removed successfully.' } but fails to actually delete the team membership record from the database. Direct Prisma queries confirm the record remains unchanged after the API call. This occurs with proper organization context and permissions, while addTeamMember works correctly on the same data.
Bug: Unable to filter listMembers
Issue:
When using organization plugins, I encountered an issue with filtering members by role using the
filterOperator: "contains".
I have a member with multiple roles (e.g., owner,member). When I apply a filter to the listMembers function to retrieve members with a specific role (e.g., member) using the contains operator, the function does not behave as expected....Error: No transactions support in neon-http driver - unable_to_create_user
Signup is not working on all of my Better Auth projects. This is the error:
```
2025-09-18T11:23:56.744Z ERROR [Better Auth]: Error: No transactions support in neon-http driver
2025-09-18T11:23:56.745Z ERROR [Better Auth]: unable_to_create_user...
removeMember does not remove the user from teamMembers table associated with org
Hello, I noticed if using teams with the organization plugin, auth.api.removeMember does not remove the user from teamMember table.
I would assume removing a member from an organization would also remove them from all teams tied to the organization as well. I'm wondering if anyone else ran into this. I'm using v1.3.8 with nextjs and prisma by the way.
I would like to note, i have just made a new bug report as well. The removeTeamMember is returning success, but does not delete the user from teamMember table....
File size increased 10x in 1.3.8 or later vs 1.3.7
I just discovered this when working on a project with the latest version (1.3.11). I noticed a small SignUpForm component was bundling to over 250kb of JS, which just made no sense at all. so I debugged where it came from, almost all betterauth! after some version changing, it seems it broke in 1.3.8, with 1.3.7 being the latest safe version. it gets worse in later versions, but no where near as expontential as in 1.3.8.
1.3.7:
15:47:38 [vite] dist/client/_astro/SignUpForm.C5hTQ5R5.js 28.75 kB │ gzip: 10.71 kB
1.3.8:...
Org - Dynamic Access Control - Role deletion issues
1. Invite an user with a dynamic role, then delete the role. But the user can still accept the invitation and is assigned the deleted role.
2. As i mentioned here, https://discord.com/channels/1288403910284935179/1417211182338674789
...
In Organization dynamic access control, deleting an Orgrole (auth.api.deleteOrgRole) leaves the members associated with it dangling. Providing a fallback role or preventing deletion if the role is associated with any member or some kinda handling for this case.
In Organization dynamic access control, deleting an Orgrole (auth.api.deleteOrgRole) leaves the members associated with it dangling. Providing a fallback role or preventing deletion if the role is associated with any member or some kinda handling for this case.
Org Dynamic Access Control - updateOrgRole error
Issue: user with Owner role cant updateOrgRole
For an org say Org1, I changed the role of an existing user2 from Member->Owner.
User2 (owner) can create new OrgRole with all the permissions, but cant update,...
User2 (owner) can create new OrgRole with all the permissions, but cant update,...
Solution:
seems fixed in v1.3.10-beta.5 - i am on latest stable release - v1.3.9
inferAdditionalFields not working
Attaching images showing that the auth type provided to the plugin contains all additional fields but it is never being inferred by the client.
useSession causes hundreds/thousands of duplicate requests under slow network + async RSC
No, this is not some bad React code that is causing infinite re-renders or something.
If you set nework throttle to 3G and render a client componnet in an async react server component in Next.js. And call useSession in the top layout. You can see thousands of requests to /api/auth/get-session (probably during hydration process).
It even causes random hydration mismatch warnings if you display UI based on isPending of useSession under the same conditions.
I've made a very thorough GitHub issue that explains this with a repo that let's you test what I'm saying....
NestJS app hangs on startup after upgrading Better Auth from 1.3.9+
I’m running into an issue when upgrading Better Auth in a NestJS API.
Current working version: 1.3.8
Issue starts happening from: 1.3.9 (including 1.3.10-beta.1)...