Want help to use rate limiting for a custom Route : /api/form
I’m building a simple form with no login or signup. I want to add rate limiting to one specific API route, but I’m stuck. I read the docs, but it’s not working. Can someone help me set up rate limiting for that route?
client_credentials flow for m2m auth?
Howdy! I'm enjoying using this library a lot! I'm hoping to use it to throw a POC together.
I see in the OIDC provider docs that
Client Credentials is supported. But, when I make the following req to my auth api:
```bash...ios 26 expo google auth
currently have a weird bug where when i bring up the sheet for auth, the sheet is blurred.
expoClient type error in monorepo when used outside of expo app
I have a turborepo with package folder named
auth which has better-auth setup to import into my expo and next.js apps.
```js
// mobile-auth-client.ts
import { createAuthClient } from "better-auth/react";...
YOU_CAN_ONLY_SEND_A_VERIFICATION_EMAIL_TO_AN_UNVERIFIED_EMAIL
I have a custom signup logic , when a user try to login i am sending a verification email from front end using this code
```ts
await authClient.sendVerificationEmail({
email: "user@email.com",
callbackURL: "/" // The redirect URL after verification...
Why getSession (and customSession) don't include additionalFields?
@Better Auth
I dived deep into additionalFields, customSession and related concepts. This isn't about using infers for types, that works well for both server and client side.
It seems like even though adding additionalFields, even with returned: true (which is documented as: If the value should be returned on a response body.) it isn't returned to the client when the client calls getSession...
...
Registering Passkey returns empty res
When registering a new passkey, the data & erorr are undefined.
better auth organization plugin vs ABAC
i just came across BA's org plugin, so i just skimmed it for now cause it's pretty dense
i usually just use CASL for ABAC, so i was wondering if that's something the plugin replaces/is better at, or if there are some things it has yet to do like CASL does
thanks...
Disable OTP signup does not return error
I disabled otp signup for my app and I expected to receive an error while user who is not registered try to sign in using OTP. but currently it diables the user creation that is true, but how I will show an error in the login page that this email is not registered
How do we update custom session data without a full page reload?
In my Better Auth Next.js apps, I rely heavily on the custom session plugin to load user-specific data, keeping server and client in sync. However, I'm struggling with how to update this session data without a full page reload, as I want to avoid resetting client state unnecessarily. authClient.useSession() doesn’t seem to support live updates to custom session data. Right now, I copy that data into a custom context and manage updates there, but that forces me to use my own context for auth acro...
Typescript not seeing role as a valid attribute
I'm trying to check if a user is admin in order to access admin only pages.
To do this I have this code, it works fine.
```js
const session = await auth.api.getSession({...
Nestjs Prisma
Hey. Im using nestjs with prisma adapter, but im getting a server error when i try signing up with oauth github. SERVER_ERROR: TypeError: Cannot read properties of undefined (reading 'verfication'). i added to screenshots, one is my better auth config and the other is prisma client init.
SERVER_ERROR: error: relation "ssoProvider" does not exist [ExpressJS and NextJS]
Hello,
I'm currently struggling to get the SSO working because of "bad" integration with postgreSQL i assume?
Every postgresql table needs to have a schema. My API is connected to a specific schema, but even publishing this table in all schemas it does not work.
...
API Key Plugin: Fields marked as 'Optional' seem to be required
Hi, we're attempting to use
auth.api.createApiKey with the API Key plugin. We didn't add some of the optional fields (the ones marked optional in the docs: https://www.better-auth.com/docs/plugins/api-key#schema). We've been getting the following error:
[Error [BetterAuthError]: The field "start" does not exist in the "apikey" schema. Please update your drizzle schema or re-generate using "npx @better-auth/cli generate".] {
cause: undefined
}...ERR_NAME_NOT_RESOLVED
I am running an app in a docker container with a backend in express and frontend in next. I am getting the following error when trying to sign in: My auth config seems to be correct, with the trusted origins on both the client and backend auth setup pointing to eachothers container respectively, and when my user session was kept from a previous sign in i was pushed to the correct page but trying to sign out i got the following error: What can cause this issue? Some server logs i see are: ```
admin-portal-backend | GET /api/auth/get-session 200 9.419 ms - -
admin-portal-backend | OPTIONS /api/auth/sign-in/email 204 0.314 ms - 0
...
POST http://admin-portal-backend:3001/api/auth/sign-in/email net::ERR_NAME_NOT_RESOLVED
POST http://admin-portal-backend:3001/api/auth/sign-in/email net::ERR_NAME_NOT_RESOLVED
http://admin-portal-backend:3001/api/auth/sign-out net::ERR_NAME_NOT_RESOLVED
http://admin-portal-backend:3001/api/auth/sign-out net::ERR_NAME_NOT_RESOLVED
I'm trying to disable setActiveOrganization except in very specific workflows.
Org Admins can impersonate users, and then setActiveOrganization lets them bleed into other programs. I have a VERY hacky workaround that might or might not work, but I would much rather only let the user set an organization at the moment of login, from a server perspective.
I added this https://github.com/better-auth/better-auth/issues/3852 but second-guessed myself that maybe there's another way to do it.
I'm using a custom
imitate() plugin and not the admin plugin because I wanted further restrictions on the imitate process....how to check if i'm impersonating an user
basically i want to make an impersonate feature where admins can see the user's dashboard (basically impersonation)
but idk how to check if I as admin am currently impersonating someone....
how to set cookies on localhost
so i have a distrubuted setup with a universal server that is used by my nextjs frontend and hono + trpc backend, my nextjs app also sends cookies to the api, however with the current setup i have to run the auth and api server locally even if im planning to do changes only to the frontend, i tried implementing bearer plugin and it works well when i have to send cookies to a diff domain however on the initial authentication the cookie is sent via Set-Cookie header and is thus not automatically s...
Expo with React Server Functions
Hi everyone, I'm struggling to see a way of making BA work with React Server Functions.
The BetterAuth API methods require a Request header, but in Expo React Server Functions there doesn't appear to be any way to access the header.
Am I missing something?...
Admin plugin: admin_session cookie is not removed after ending impersonated session?
Hi! I am using the Admin plugin to implement user impersonation. I noticed that the
admin_session cookie is not removed even after stopping the impersonated session. Is this intentional? Naively, I would expect this to be cleared after ending the impersonated session.