Better Auth

BA

Better Auth

Join the community to ask questions about Better Auth and get answers from other members.

Join

bug-reports

help

Duki
Duki
View on Discord
8/8/2025

Not all sessions are revoked when deleting a user

So when I have the same user logged-in in 2 different browser and delete them in one browser, the other browser still has a valid session.
Pukima
Pukima
View on Discord
8/8/2025

[Stripe Plugin] Restoring Subscription throws a 400 error

When cancelling a subscription and trying to do authClient.subscription.restore, I get the following error: ``` [Better Auth]: Error restoring subscription 41 | * Specifically for errors returned from Stripe's REST API. 42 | */ 43 | export class StripeError extends Error {...
aemon7327
aemon7327
View on Discord
8/7/2025

adminRoles Not Working

I am using the admin plugin with better-auth@1.3.4. I have the following configuration: admin({ adminRoles: ['SUPER_ADMIN'] }). However, when peforming admin actions, e.g. auth.api.listUsers() a user who has an active session with role: 'SUPER_ADMIN' will get the error message [Error [APIError]: You are not allowed to list users]. However, if I change the users role to admin they can then call listUsers(). It seems like the adminRoles configuration is being ignored.
DN_Dev
DN_Dev
View on Discord
8/2/2025

haveIBeenPwned plugin throws on sign in

I don't think this is intended behavior? It should only work on sign up / password reset / password update? This is the error message: The password you entered has been compromised. Please choose a different password. Seems to only happen when the password is shorter than the minimum set in the config, otherwise it throws the expected invalid email or password error...
Etienne_MR
Etienne_MR
View on Discord
8/1/2025

Undocumented method refetch of session

The refetch method of session (and possibly other atoms) isn't documented in the official docs and isn't recognized by TypeScript. Example: ```typescript...
DewaKambing
DewaKambing
View on Discord
7/31/2025

customSession with cookieCache enabled not returning Set-Cookie header for session_token

This causes the session_token cookie to get expired on client side, despite it getting refreshed properly on db side. Only happens when customSession and cookieCache are both being used. Current: Set-Cookie header is returned for the session_data, but NOT for session_token...
뽀삐2
뽀삐2
View on Discord
7/31/2025

Issue with Account Login Failure When Using Prisma, Expo, and genericOAuth

Hello, I'm currently observing a strange and interesting behavior that I’d like to report. Although I'm using Nest.js in my project, I’ve confirmed that the same issue also occurs when using Express. The steps to reproduce the bug are fairly simple:...
Rookie
Rookie
View on Discord
7/28/2025

Organization leaving

on organization leave by members, isn't there any beforeleave like custom hook Null workspace entry - when user joins organization but isn't in any workspace yet Workspace-specific entry - when user becomes a member of a specific workspace When leaving an organization, only one of these entries is being removed, so you have to leave twice to completely remove the user from the organization. ...
Vince Fulco
Vince Fulco
View on Discord
7/27/2025

Trying standard next.js api route for auth (from docs) and getting #405 error [Bug?]

Is anyone else seeing this in development? Prior versions were working for me on email/password and github social provider. Next.js 15.3, Better 1.3.4, ubuntu 24.04, node 21.x...
Myko Nordy
Myko Nordy
View on Discord
7/27/2025

Logs are polluted with the "No IP address found for rate limiting" message

Hello there! Thanks for the great library, it is really easy and straightforward to use it 🙂 After bumping to the latest better-auth version (1.3.4), I noticed that my logs became polluted with the No IP address found for rate limiting message that comes from this place in the better-auth lib. This change was introduced 2 weeks ago by this commit alongside the docs updates on how to configure rate limiting for Cloudflare....
Antoni
Antoni
View on Discord
7/26/2025

[Organization]: Setting Active organization with slug fails.

When I try to set my active organization via slug, I getting a 403 'User is not a member of the organization', when I do it with the id it works fine.
ACmaster
ACmaster
View on Discord
7/25/2025

Calling authClient.signIn.social() causes unnecessary session refetch before redirect

I'm displaying a "Sign In" button in the Navbar based on whether useSession() returns a session and isPending === false. (My project is in Next.js v15.4.2 and better-auth v1.3.3 When I call authClient.signIn.social(), it immediately sends a request to the /session endpoint and flips isPending to true and then back to false even before the redirect to the provider happens. And then once again when we are redirected back to our own app. The key here is that this whole process happens before the redirect to the provider even happens. ...
No description
Duki
Duki
View on Discord
7/25/2025

Using trustDevice in `verifyTotp` does not working as expected

As the title says, the trustDevice functionality doesn't work at all. I can see the trust_device cookie in the browser, but when I relog I again see twoFactorRedirect defined in the await auth.api.signInEmail response.
Ralf
Ralf
View on Discord
7/25/2025

passkey flow cancelled, no feedback.

from what I can see when I cancel I passkey flow I get nothing in the onerror. nothing in the try catch etc
haramman
haramman
View on Discord
7/24/2025

Module '"better-auth/plugins"' has no exported member 'siwe'.

I'm using v1.3.3, it seems to be part of the lib, but maybe not exported?
F4K
F4K
View on Discord
7/24/2025

OIDC Provider UserInfo Endpoint Broken with JWT Plugin

When useJWTPlugin: true is enabled in the OIDC provider, the /oauth2/userinfo endpoint becomes unusable because it tries to validate JWT access tokens against the database. 1. When useJWTPlugin: true, the token endpoint still generates database-stored access tokens (not JWTs). 2. The userinfo endpoint tries to look up these tokens in the database...
Max
Max
View on Discord
7/24/2025

TS error with emailOTP plugin after upgrading to 1.3.3. Init method type incompatibility

Hey. Does anyone have any idea how to fix this? https://github.com/better-auth/better-auth/issues/3570...
Duki
Duki
View on Discord
7/24/2025

npx @better-auth/cli generate logs weird stuff on the console when run and fails

I just upgrade to 1.3.3 and for good measure I wanted to execute the cli comman generate and noticed that is logging some code in the terminal (added a screenshot, because it's too much text) and throws a prisma error at me. The error makes no sense to me. It says the URL must start with "file:", but the url actually does start with file: and the error logs are even showing the line where file: is set 🤨 Has anyone else encountered this issue? `` PrismaClientInitializationError: error: Error validating datasource db: the URL must start with the protocol file:`....
Solution:
AH! Found the issue! I had to add dotenvx run -f .env -- in front of the generate command. 🤦‍♂️
No description
KZ
KZ
View on Discord
7/23/2025

subpath imports of zod/v4 in 1.3.x breaks prod build when conflicting packages using v4 do not

Is there a reason we are keeping the explicit subpath imports in better-auth now that we have bumped up to 4.0.5?
뽀삐2
뽀삐2
View on Discord
7/23/2025

Issue with Account Overwriting When Using EXPO

After creating three projects on my computer, I logged in using Naver OAuth on two mobile devices. Each of these two projects is an individual EXPO app. One of them also has a backend server built with Express. Here’s the issue:...
PreviousNext