Is it possible to let the user set up multiple devices for 2FA using TOTP?
I see that the DB schema has a 1 to many relation to the user, meaning one user can have multiple twoFactors.
Does it mean that a user can have multiple TOTPs set up?
If so, how can I add an other TOTP and how can they be differentiated from one an other?...
Enabling OTP-Email 2FA Automatically on User Signup
Hello Community,
I'm currently struggling with the 2FA plugin. I would like to enable OTP-Email 2FA automatically when users sign up. However, using
auth.api.enable2FA does not allow specifying a user.id. Even when using impersonation through the admin API, I have found it impossible to properly enable 2FA from the server side during user creation.
Does anyone have an idea or a workaround for ensuring that the 2FA data is generated and enabled automatically upon user creation?...Sign in request gets hanged
I tried from the /api/auth/reference scaler page, curl and also postman, but the server doesn't return anything and the request gets hanged.
```
curl http://localhost:3000/api/auth/sign-in/email \
--request POST ...
Update Password Error
Hi. My flow is to validate the password before updating it. This functionality works fine so I then invoke the update code from the docs
await ctx.internalAdapter.updatePassword(session.user.id, hash)
but then receive this error - Error: The data types text and nvarchar are incompatible in the equal to operator. Any suggestions?...Error when trying to remove optional field from organization
Hey there, when I try to remove the logo from an organization like below I get an "No values to set" error.
```
await auth.api.updateOrganization({
body: {...
SUBSCRIPTION_IS_NOT_ACTIVE when trying to restore a subscription cancelled during the trial period
When you try to restore a subscription (on a org) that is in the trial period, even if the trial period hasn't ended i get the error code: SUBSCRIPTION_IS_NOT_ACTIVE
Custom Password Validation
Not sure if I'm just missing this in the docs, but is there anyway to set server side restrictions on what is accepted as a valid password? eg. must have 1 number, must have 1 uppercase. This can be done on the frontend form but it would nice to also have the option to verify this on the backend. Thanks!
API Key plugin is always returning a KEY_NOT_FOUND error
I've got some basic Hono middleware to check API keys:
```ts
app.use("*", async (c, next) => {
const { error, key } = await auth.api.verifyApiKey({
body: {...
Solution:
Here's the fix, for those interested:
```diff
apiKey({
customKeyGenerator: async () => {
return crypto.randomUUID();...
invalid base url
im deploying my app to vercel and im getting this error, is this not the correct base url?
Solution:
nvm i had the wrong google credentials and that was somehow affecting it?
updateAccountOnSignIn
How updateAccountOnSignIn works, I have a genericOauth configuration, where user has extra role property, which can be change in future. I want to take that role and update the user whenever he sign in.
Intercept a email password sign-in at server?
I want to customize the behavior when an unverified user attempts to sign in.
Currently, the built-in requireEmailVerification automatically sends a verification email, but I'd prefer to just return a 403 status and let my frontend handle requesting verification emails explicitly.
Are there any hooks, middleware options, or configuration settings that would allow this customization?...
v1.2.6 and v.1.2.7 throws errors when logging in
Upgrading better-auth to v1.2.6 (using D1Dialect / Cloudflare D1 via kysely-d1) against a
verification table where expires_at is a TIMESTAMP/text column throws:
```
Oops!
Field expires_at not found in model verification...MongoDB Duplicate Key Session Error
Hey there, I have been facing this problem for almost a MONTH now and still couldn't find a solution to this.
When I log in to my BetterAuth account, remove the session key from cookie, refresh the page and then log in again, I get an error from MongoDB. That's because there is already a session created for this user. So I have to manually remove session from db to log in again.
But I don't understand how I could fix this error as it makes impossible to have more sessions for one account....
Setting cookies with custom plugin auth
Hi, I'm having a few issues with setting this up the way that I want it to but I may be approaching it from the wrong way. I am using another application that I want users to be able to single click sign on into but it is not an Idp or oauth provider. Instead it providers a token in the URL that I can decrypt.
The current imagined workflow is as follows:
1. User clicks button
2. Gets sent to
/api/auth/test/sso...BetterAuth GitHub OAuth Creates Only Verification Records, No User/Account/Session
```bash
✓ Compiled /auth/signin in 9.6s (9870 modules)
GET /auth/signin 200 in 9866ms
○ Compiling /api/auth/[...all] ...
✓ Compiled /api/auth/[...all] in 2.5s (5762 modules)...
is BETTER_AUTH_SECRET safe to expose on the client?
title, i guess it is if we're using the react hooks?
How to handle phoneNumber.sendOtp errors ? Only 500 is returned
Hey, I wanted to know if it's possible to handle errors that happen in the sendOtp option of the phoneNumber plugin. Currently, throwed errors are sent as 500 without proper error message.
If the user provides a malformed input, I may want to be able to return a specific error for that, not just 500.
Does someone had this problem before, or can someone help me?...
Use auth.api as request only?
I'm using auth.api across multiple apps. They don't necessarily share the same DB, but I keep getting a "this relation does not exist" error when trying to use it.
Using just fetch works without a problem. Any suggestions...
Cant get listUsers in the admin plugin to work
const usersQuery = useQuery({
queryKey: ["users"],
queryFn: async () => {
return await authClient.admin.listUsers({
query: { limit: 10 },...