Checking if a teamId belongs to an orgId in Better Auth Organization
Is there a way to check if a teamId belongs to an orgId, and vice versa, when using Better Auth Organization?
`export default async function Page({
params,
}: {...
Anonymous accounts + roles
I currently have a backend that uses Firebase Auth to create a custom auth token for anonymous users when they visit my site. This is to be stored in their cookies and then used in future. This way users don't have to login to use my site. I have 2 types of users, normal main site users and "guest" users who are only using 1 subsect of my site and so have restricted access to not allow main site actions.
Currently I do this by creating 1 custom token with a "guest" additional property and one without (normal user).
I'm planning on implementing this now in Better Auth by adding the anonymous sign up plugin(https://www.better-auth.com/docs/plugins/anonymous). Then anonymously signing the user in when they visit the main or the "guest" site and giving the guest user a special guest role. Given I haven't ever managed roles, I'm getting conflicting voices on whether it would be best to use Organizations (https://www.better-auth.com/docs/plugins/organization) or extended core schema (https://www.better-auth.com/docs/concepts/database#extending-core-schema) to add roles to my backend....
Assigning Roles Per Platform in Better Auth SSO (Web vs Mobile)
Hello. We manage SSO with Better Auth. As a business requirement, we want to assign the “x” role to the user when they register with Google on the web frontend, and assign the “y” role when they register with Google on our React Native mobile app. How can we manage this? I looked into Better Auth hooks for research. I couldn't find much information. I thought I might need to send something like an intent to Google (or another SSO provider) and then capture it with a hook. What do you recommend?
username plugin: password.verify not being called?
```js
import { betterAuth } from 'better-auth'
import { genericOAuth, username } from 'better-auth/plugins'
import { nextCookies } from "better-auth/next-js";
...
Solution:
The issue was with providerId in next-auth being credentials and not credential
The session keeps disappearing or not mounting from the secure storage expo
Is anyone having issues with Better Auth and Expo? The session keeps disappearing or not mounting from the secure storage when the Expo app reloads, and it always redirects me back to the auth screen.
Singular or Plural Table Names
Setting up Better-Auth and confused about table naming.
I want to use users, accounts, sessions (like everything else in my stack) but BA seems to expect singular by default.
I see there's usePlural: true for Drizzle adapter and also modelName config, but some GitHub issues (3774) suggest they're buggy?
What are you actually running in production? Singular and just dealing with it? Or is plural working fine for you?...
Custom IdP with BetterAuth
Hi guys,
We are exploring using BetterAuth for our new app and we have a few constraints that I am not sure how to address with BetterAuth based on my research.
We would like to use BetterAuth as authorization server and to implement OAuth based log in using OIDC plugin, but to have custom identity provider. Also, we would like to keep BetterAuth sessions and JWT functionality. Use case is the following:...
cannot set additional field in sign up body
```ts
const { user: createdUser } = await auth.api.signUpEmail({
body: {
email: userData.email,
password: userData.password,...
Solution:
Oh seems like it is fixed in v1.3.31.
I was stuck in v1.3.26 because
typeof auth.$Infer.Session; <- this had stopped working. This is also fixed in the new version, so I can upgrade now...
What the difference?
What's the difference between these? You can use both anywhere, but which one and why should I prefer? If I'd have a seperate Rest API, then I wouldn't be able to use the first one at all, so would I lose out on anything?
```js
const response = await auth.api.getSession({
headers: await headers(),...
Solution:
auth.api is for server-side usage. it calls the Better Auth API endpoints.
authClient.getSession is for client-side usage.
if you’re using a separate API, you’d typically lose access to the direct server-side method since it isn’t exposed over HTTP in the same way. auth.api provides a bit more performance efficiency on the server by avoiding extra HTTP overhead, while the client method is optimized for browser or external API calls....Custom OAuth2 Provider with Expo and Universal Links
I’ve implemented a custom OAuth2 OpenID provider (Vipps Login) using Better Auth and Expo. The flow isn’t pure browser-based, during login, the user is redirected from my app to the Vipps app for confirmation and then back to the Better Auth callback (/auth/oauth2/callback/vipps).
The flow works fine when I let Vipps redirect back to Safari:
1. App →
2. Vipps redirects to
1. App →
Browser.openAuthSessionAsync() → Vipps page → user opens Vipps app → approves login2. Vipps redirects to
https://api.mydomain.com/auth/oauth2/callback/vipps?state=xxx&code=xxx ...Unexpected auth success
I have Better Auth setup, but I was resetting my DB so I deleted all entries from the user, session, account and verification tables. However, to my surprise, the previously logged-in user could continue making successful requests - even after the 5 min token cache expiry. Does this mean I don't have Better Auth setup correctly?
The endpoint for sure requires auth - it's just accepting a cookie from a user that is supposed to no longer exist...
Hi, I'm Jordan79@ from Ivory Coast.
Setting up two-factor authentication with Better Auth would be great. I've tried, but I've been stuck for over a month on implementing Better Auth's two-factor authentication. I need help if possible...
I'm currently stuck on this part and would appreciate some help. I'm using Next.js as my technology, PrismaORM and Neon for my database, and Nodemailer for sending emails.
Translated with DeepL.com (free version)...
custom fields error
Hi everyone,
I'm using ESlint.
I removed the "name" field from the original schema.prisma and replaced it with "firstName" and "lastName."
I regenerated both the DB and the client with but it still gives me the incorrect firstName and lastName properties.
Do you know how to fix this? Thanks a lot....
BetterAuth mounted but routes returning 404 in NestJS
Hello,
I’m integrating @thallesp/nestjs-better-auth into a NestJS project and it seems to initialize fine and the console shows:
```
[2025-10-26 17:14:22.786 +0100] INFO (26116): AuthModule initialized BetterAuth on '/auth/*' {"context":"AuthModule"}...
Solution:
updating the packages related to @nestjs to the latest version solves the issue
Subscription trial not working when user already has an other subscription
I have 2 plans, a "basic" one and a "pro" one. Only the pro one has a 14 days trial. Now when the user initially subscribes to the "basic" plan and then wants to upgrade to the "pro" plan, they are not granted the trial. It redirects them directly to the checkout page, where they have to pay the difference. But is there a way to give them the 14 days trial?
Shouldn't the anti trial abusement feature be per subscription plan? Because the pro plan has some features which the user might want to try first and then decide whether they wanna stay or cancel the trial to go back to their previous plan. Or is this too complex? Do I have to implement this on my own with the stripe sdk? 🤔...
Prisma user id is Int but referenced as string
When I generate the schema with Prisma the user id in user modal is from type Int. But the references of the id is defined as string.
I get the error:
Error parsing attribute "@relation": The type of the field userId in the model Session is not matching the type of the referenced field id in model User.Prisma
...resend change email verification
hello there,
how can i resend change email verification when old verification link expire or any other reason...
Using the sso plugin, how do you access the profile data (eg. Okta custom entitlements, groups etc)?
I've configured an Okta SAML integration, but can't seem to figure out how to access the IdP data. Is there an sso equivalent to
mapProfileToUser from socialProviders?Express API postman testing - every request return null
I'm testing my API from postman and every request to logout or get-session response null. My signup and login endpoint are working correctly.
My setup is the next:
This is my auth controller:
...