Please help provide example for Session's additionalFields
i keep trying to add additionalFields to session, but it never appears. I updated to the 1.4 beta and tried again and it still doesn't work. i am using secondaryStorage and as i check redis to see if session contains my new field, it doesn't. this is how i configured it:
```
session: {
additionalFields: {
verified: {...
Common Auth Domain for Multiple Hosts failing on Social Login with "Error Code: state_mismatch"
I am building an application which will host multiple subdomains. This application allows communities to register their site and login via the central authentication system:
So, for instance:
Central Site: domain.com...
Missing or null origin on React Native
Hi guys, I'm starting implement better auth in my app react native but I'm getting this error "{"code": "MISSING_OR_NULL_ORIGIN", "message": "Missing or null Origin", "status": 403, "statusText": ""}".
When I implemented it on web it was easy to add the domain to trustedOrigins configs, but how can I do this for clients like React Native/Expo?...
solid auth instance doesn't include organization methods
i've set up the organization plugin with my solid.js auth client, but the only organization methods i get are the hooks (which i can't use in the tanstack loaders)
the only method i have is
auth.organization.checkRolePermission. based on the docs, it's my understanding i should be able to have all the hooks exposed as async methods? perhaps there's something i'm doing wrong, here's my client
```...Stateless client-side only authentication with no server
My application is entirely client-side only. There is no server with which to add Better Auth to. The application is served via an Nginx file server and authentication is handled by the Microsoft social provider.
Now that we have stateless session management in v1.4 beta and social providers exist, I would think it would now be possible to use Better Auth entirely client-side with no server-side calls. Is this possible?
From what I can tell,
authClient.getSession always calls /api/auth/get-session, but I do not have a backend for this end-point to exist at, so it fails. All the session data I care about should have been provided via the social provider interaction....
onInvitationAccepted hook not triggering when invitation is accepted
I'm using the Better Auth organization plugin (v1.3.34) and trying to execute custom logic when a learner accepts an invitation. I've configured the onInvitationAccepted hook in my organization plugin setup:
organization({
async sendInvitationEmail(data) {
// ... email sending logic...
Add activeOrganizationId to ApiKey Mock Session
Hi! Is there a way to edit the mock session created by the ApiKey plugin enabled session? I’ve tried the customSession plugin and that hasn’t worked.
Is there a way to customize the mock session that gets created ?...
Stripe Plugin error
Hey guys, after updating my prices (so changing price ids) I have this error when I call subscription upgrade:
With billing_mode.type=flexible set on a preview invoice, the following parameters are not supported: ignore_trial_end_behavior.
Any idea? Thks!...React SPA redirects on signIn and signUp
In a React SPA when I call authClient.signIn.email({email, password} my whole page does a hard reload on success. Is this intended behavior? I couldn't find the source code where this happens.
```
<Button
onClick={() => {
authClient.signUp.email({...
auth.api.signInAnonymous({}) doesn't contain additionalFields properties for user object on resolve
using nextjs current version and current version of better-auth.
Using the anonymous login plugin.
I've defined
```...
Next.js 16 issues
I consistently get this error right after logging in with Google (see screenshot). However, when I click “Return to application,” I’m redirected to the homepage and the user appears to be signed in successfully.
This started after upgrade to next.js 16. Before that, it worked perfectly....
OAuth Proxy State Mismatch Issue with Localhost → Production Flow
@Better Auth
We're using
better-auth with the oAuthProxy plugin to enable OAuth login from localhost through our production deployment, since our OAuth provider (AWS Cognito) only has the production URL whitelisted.
Expected Flow...Cookie isn't being saved on custom auth routes
I'm using express with better auth. I know that better auth can create the endpoints by itself through the
toNodeHandler. But I don't want to use that. I just want to create all the auth routes manually like this:
```typescript
app.post("/api/auth/signin", async (req, res) => {
try {
const { email, password } = req.body;...Solution:
Here, you’re passing
returnHeader: true, which ensures that the signInEmail function returns the response headers within the data. From there, you can extract the cookies using let cookies = session.headers.getSetCookie(), which provides the cookies that need to be set. Finally, you manually set these cookies using your controller’s response object like this: res.setHeader('Set-Cookie', cookies).MongoDB E11000 Duplicate "id" Key Error
I've been encountering this issue since I'm using Discord's OAUTH2 with BetterAuth while using MongoDB as an adapter.
The exact error is as shown:
```
ERROR [Better Auth]: MongoServerError: E11000 duplicate key error collection: credmaid.webusers index: id_1 dup key: { id: null }...
Solution:
it could be that there are already fields in that webusers table with the
id field & it's unique constraint, so even after you updated the mongoose schema it doesn't reflect mongoHow can I securely protect my Next.js /admin page login system?
I’m building an /admin page where admins can manage orders and products for an e-commerce site.
Right now, I’ve set up a simple API route at that checks the username and password from environment variables, and sets a cookie for access:
```
import { NextRequest, NextResponse } from "next/server";...
/api/admin/login
/api/admin/login
How to run createInvitation manually without checking for permission?
I want to call the
createInvitation method manually in my backend, but it is failing because the activeOrganizationId is not correct - but I am aware of this. Is there a way to call this manually?authClient.updateUser permissions
Hi, has anyone had to tackle adding additionalFields to the user entity but restricting update access to them? I'm thinking that by default better-auth will just allow an authenticated user to alter their fields at will
Checking if a teamId belongs to an orgId in Better Auth Organization
Is there a way to check if a teamId belongs to an orgId, and vice versa, when using Better Auth Organization?
`export default async function Page({
params,
}: {...
Anonymous accounts + roles
I currently have a backend that uses Firebase Auth to create a custom auth token for anonymous users when they visit my site. This is to be stored in their cookies and then used in future. This way users don't have to login to use my site. I have 2 types of users, normal main site users and "guest" users who are only using 1 subsect of my site and so have restricted access to not allow main site actions.
Currently I do this by creating 1 custom token with a "guest" additional property and one without (normal user).
I'm planning on implementing this now in Better Auth by adding the anonymous sign up plugin(https://www.better-auth.com/docs/plugins/anonymous). Then anonymously signing the user in when they visit the main or the "guest" site and giving the guest user a special guest role. Given I haven't ever managed roles, I'm getting conflicting voices on whether it would be best to use Organizations (https://www.better-auth.com/docs/plugins/organization) or extended core schema (https://www.better-auth.com/docs/concepts/database#extending-core-schema) to add roles to my backend....