Better Auth

BA

Better Auth

Join the community to ask questions about Better Auth and get answers from other members.

Join

bug-reports

help

1.3.7 twoFactor plugin - bad user type

Hi, I just upgraded to 1.3.7 and this started showing, im expecting the the user object to hold all the user propertiers but it only contains twoFactorEnabled
No description

NestJS Better Auth routes

Anyone else having Problems Calling the Better Auth routes in NestJS since yesterday. I get 404 Not Found. But i know the ressource exists and is correctly mapped in the Initialization
Solution:
https://github.com/ThallesP/nestjs-better-auth/issues/20 Issue here. Fix Pull Request has been created...

Without login i can able to call/use sendOtp api for phone verification

I forgot to restrict /profile page in my application while doing development. i can abel to see phone number edit box. i just entered my phone number and clicked send otp button. button trigged sendOtp method from client side one and the api returned success message, ...
No description

Unclear method for default boolean values in additional fields

When setting the default value for a required additional field both of the following will fail and try to insert as null (tested drizzle adapter pg provider): ``` additionalFields: { onboardingComplete: { type: "boolean",...

Error while better-auth is attempting to renew? accessToken with Twitch

I understand that after the accessToken expires, better-auth automatically attempts to refresh the token in the background. For me at least, it fails to get a valid access token. Not sure how to track down what is happening but this image shows the error message(s) I get. I can initiate a sign in just fine and get another accesstoken but i'd rather have it renew the accesstoken like it should in the background. I'm using Nuxt 4.0.3/nitro 2.12.4, better-auth 1.3.6....
No description

getSession does not work when baseURL is set

This baseURL in the context is now needed because of a breaking change that I updated into https://github.com/better-auth/better-auth/blob/a066293b35221aafd5b1ce5c814805bc9d816aa0/packages/better-auth/src/plugins/magic-link/index.ts#L192 Do mind that im doing a server-only approach for better-auth...

ExactoptionalPropertyTypes bug wasn’t fixed as stated in 1.3.5 release notes

Hey, I upgraded to 1.3.5 and got the same error mentioned in this GH issue. Could someone from the team please take a look? https://github.com/better-auth/better-auth/issues/3570...

BETTER AUTH 1.3.5 CRASHES ON NEXTJS

ok, so I have updated to 1.3.5 and now getting these errors related to "fs". have attached the logs.

Vue BetterAuth Client - twoFactor.verifyOtp missing redirect/callback URL param

The client created using import { createAuthClient } from "better-auth/vue" and with the plugin twoFactorClient() is missing a callback URL/redirect when calling twoFactor.verifyOtp(). It is references through the documentation here: https://www.better-auth.com/docs/plugins/2fa#verifying-otp...

Updated username normalization removed the ability to unnormalized displayUsernames specifically

in commit Commit 41fb4d1, a usernameNormlization funcation was implemented. Specifically in username/schema.ts the normalizer was hardcoded into the displayUsername so I no longer can have unnormalized display usernames in my application.

authClient.subscription.list does a POST request which results in a 404

https://github.com/better-auth/better-auth/blob/0a596beb3a1d39d97e17b085c581ffd119404a58/packages/stripe/src/index.ts#L888C14-L888C17 I am using sveltekit with better auth 1.3.4 and if i look at the code it seems like it should be a GET request. If i rewrite the request to GET it also works....

YOU_CAN_ONLY_SEND_A_VERIFICATION_EMAIL_TO_AN_UNVERIFIED_EMAIL

I have a custom signup logic , when a user try to login i am sending a verification email from front end using this code
await authClient.sendVerificationEmail({
email: "user@email.com",
callbackURL: "/" // The redirect URL after verification
})
await authClient.sendVerificationEmail({
email: "user@email.com",
callbackURL: "/" // The redirect URL after verification
})
...

Not all sessions are revoked when deleting a user

So when I have the same user logged-in in 2 different browser and delete them in one browser, the other browser still has a valid session.

[Stripe Plugin] Restoring Subscription throws a 400 error

When cancelling a subscription and trying to do authClient.subscription.restore, I get the following error: ``` [Better Auth]: Error restoring subscription 41 | * Specifically for errors returned from Stripe's REST API. 42 | */ 43 | export class StripeError extends Error {...

adminRoles Not Working

I am using the admin plugin with better-auth@1.3.4. I have the following configuration: admin({ adminRoles: ['SUPER_ADMIN'] }). However, when peforming admin actions, e.g. auth.api.listUsers() a user who has an active session with role: 'SUPER_ADMIN' will get the error message [Error [APIError]: You are not allowed to list users]. However, if I change the users role to admin they can then call listUsers(). It seems like the adminRoles configuration is being ignored.

haveIBeenPwned plugin throws on sign in

I don't think this is intended behavior? It should only work on sign up / password reset / password update? This is the error message: The password you entered has been compromised. Please choose a different password. Seems to only happen when the password is shorter than the minimum set in the config, otherwise it throws the expected invalid email or password error...

Undocumented method refetch of session

The refetch method of session (and possibly other atoms) isn't documented in the official docs and isn't recognized by TypeScript. Example: ```typescript...

customSession with cookieCache enabled not returning Set-Cookie header for session_token

This causes the session_token cookie to get expired on client side, despite it getting refreshed properly on db side. Only happens when customSession and cookieCache are both being used. Current: Set-Cookie header is returned for the session_data, but NOT for session_token...

Issue with Account Login Failure When Using Prisma, Expo, and genericOAuth

Hello, I'm currently observing a strange and interesting behavior that I’d like to report. Although I'm using Nest.js in my project, I’ve confirmed that the same issue also occurs when using Express. The steps to reproduce the bug are fairly simple:...
Next