Kysely deleteMany always returns 1
Hello!
I came across this when trying to build out a way to require my approval before a user can sign up. I created a minimal plugin that tells better-auth about my extra table, and I'd like to check and delete the appropriate row in the user.create.before databaseHook:
```ts...
Solution:
Opened a PR for the row count bug: https://github.com/better-auth/better-auth/pull/6572
authClient.signIn.email onSuccess behaviour
Hello,
I'm using better-auth with react+ vite and Hono. All the your documentation shows using authClient.signIn.email's onSuccess for redirect examples. but when I redirect to a page that checks for session it can fail and redirect back to login. AFAIK it takes a moment for the browser to save the cookie and this is causing the redirect.
on my App page I use this ( which is actually just ripped off from a Better-T-Stack's React Router/Hono/better-auth example)...
authClient.magicLink.verify always returns success
Hello,
seems like
authClient.magicLink.verify always returns onSuccess even if the token is invalid....Admins can no longer request getFullOrganization without being member of the organization
Hey,
we got an issue where admins can no longer call getFullOrganization by organizationId without being a member of that organization. This was working previously and it's breaking our app here. Admins should be able to call all endpoints for all organizations.
Is there a workaround to get this running again ?...
Auth0 Pre configured oauth provider doesnt support providerId
https://www.better-auth.com/docs/plugins/generic-oauth#example-using-pre-configured-providers
Specifically looking at
genericOAuth plugin using the provider auth0.
Im not sure why but the auth0 provider doesnt allow for providerId to be anything but auth0 yet you could have multiple domains you wish to use that all use auth0 under the hood. Is there any history as to why multiple auth0 providers may not be possible or reasonable?...Anonymous plugin + Convex instantly clears session
Hi folks - just posting here in hopes of getting some additional visibility on the issue. It seems like the anonymous plugin is able to create a session, but then the subsequent get-session call clears the cookie. There is an open PR to fix the issue, it just needs to be reviewed / merged 🙂
Bug report: https://github.com/better-auth/better-auth/issues/5824
Open PR: https://github.com/better-auth/better-auth/pull/5825
...
[1.4.4] deleteUser Callback URL - 500 Internal Server Error
The url (which includes the token and callbackURL) generated by
sendDeleteAccountVerification returns a 500 server error. For example the link https://example.com/api/auth/delete-user/callback?token=fdz09xm7p64xgb71t3galcifl0dgn8lh&callbackURL=/goodbye does not redirect the user back to the /goodbye page that I've created in my app.
Note: The account does get successfully deleted after following the link but results in a 500 internal server error.
Here is my auth config:...username field isn't required by default (schemas, client method)
despite the docs saying username is required in the authclient signup method when using the username plugin, it's not actually required by types, nor is it required (not null) in the generated schemas using drizzle.
Better-Auth sign-in broken when experimental.joins = true
When email/password sign-in is used and
experimental.joins: true is enabled in the Better-Auth config, the login always fails with "Invalid email or password", even though the entered credentials are correct.
Root cause
The client (or the auth handler) is incorrectly calling the password hash function instead of the password verify function:
auth.api.signInEmail → uses emailAndPassword.password.hash...Orphan orgs
Hey there
I noticed in the db that there are some orgs without any members. This was on local, so I may have done something weird. But should this be the case? I can only imagine it happened when I delete my user and the org was left over. But usually I get the error saying you can't leave as the only member...
Using incorrect date data type in mysql
Current schema definitions are using
timestamp. According to MySQL (https://dev.mysql.com/doc/refman/9.4/en/datetime.html#:~:text=MySQL%20retrieves%20and%20displays%20DATETIME,%3A14%3A07'%20UTC.), this type cannot store dates past 2038-01-19. Any attempt to insert a date in the future this will result in an error or a zero-date, effectively breaking the app logic.
Alter existing tables to change date columns from timestamp to datetime will fix this issue
I have a created a PR to fix this issue: https://github.com/better-auth/better-auth/pull/6366...[1.4.3] SCIM - Content-Type "application/scim+json" is not allowed
Hi, It appears that when using SCIM, Better Auth does not support the application/scim+json content type.
This causes issues when integrating with Azure Active Directory SCIM provisioning, as Azure sends SCIM requests using this content type.
The application/scim+json media type is not specific to Azure; it is also referenced in the SCIM 2.0 specification.
To reproduce:...
[1.4.3] Stateless Session Management – Error 'ACCOUNT_NOT_FOUND'
1. What's the Issue?
I'm using TanStack React Start with a middleware that calls getAccessToken on every request.
Because the dev server (Vite) triggers hot reload after each code change, the in-memory data about the authenticated user is lost.
After the reload, better-auth no longer recognizes the user session and getAccessToken throws an ACCOUNT_NOT_FOUND error....
Stripe subscriptions issue
After account deletion with
authClient.deleteAccount(); and creating account with the same email (google auth), my previously active subscriptions are not returned with:
```ts
const subscriptions = await auth.api.listActiveSubscriptions({
headers: await headers(),
});...Sign Out Button Keeps Loading, No Action Taken
When using the SessionsCard component from @daveyplate/better-auth-ui, clicking Sign Out keeps loading indefinitely. No errors appear in the console or in the Network tab.
Code Example:
import { SessionsCard } from "@daveyplate/better-auth-ui";
...
Email verification link and password reset link not being expired after new link
after we send an email verification link to the respective email, it will be valid for a defined time. but if we resend email verification lin before expiring old link, now only new link should be valid right but still old link also work until expiry,same rule applies for password forgot/reset
additionalFields not returned in signIn
Hello, the issue is the additionnalField of user is not return in signIn with email
```ts
export const auth = betterAuth({
database: drizzleAdapter(db, {...
v1.4.1 - drizzle adapter doesn't support drizzle-orm@beta (rqb v2)
docs: https://rqbv2.drizzle-orm-fe.pages.dev/docs/relations-v1-v2#how-to-migrate-queries-from-v1-to-v2
better-auth is using the
where: (t, { eq } => eq(t.id, 1)) syntax, whereas the rqb beta uses where: { id: 1 } syntax.
in the beta versions of drizzle, the "old" query syntax still exists on _query, which would allow drizzle beta versions to work with joins: https://rqbv2.drizzle-orm-fe.pages.dev/docs/relations-v1-v2#partial-upgrade-or-how-to-stay-on-rqb-v1-even-after-an-upgrade
...v1.4 + Postgres: id: "user_id" mapping ignored in Email OTP
1. What's the issue:
The
emailOTP plugin ignores the global user.fields.id mapping (e.g., id: "user_id") when using the Postgres adapter in v1.4.1 (and 1.4.0-beta.20). It attempts to query the id column directly, causing a crash if the database uses a custom primary key name.
Unlike other plugins (e.g., twoFactor), the emailOTP plugin does not expose a schema configuration option, so it is impossible to manually correct the mapping as a workaround (as suggested in issue 4066 ).
1.1 What I've Tried:...[1.4.1] ctx.internalAdapter.updatePassword doesn't work since i upgrade to last version
I don't undestand why ctx.internalAdapter.updatePassword doesn't work now.
Here is my code:
```ts
"use server";
...