Basic Authentication with Caddy
I serve my app with Caddy and I have a set Basic Authentication in my Caddyfile :
```
example.com {
basic_auth {
# Username "Bob", password "hiccup"...
Solution:
To get around, I changed replaced my env variable from
BETTER_AUTH_URL=https://example.com to BETTER_AUTH_URL=http://localhost:3000
And I added trustedOrigins: ['https://example.com'] in my betterAuth config (auth.ts)
Is this good practice?...Is there an expiration of the email verification token?
I need to determine whether the email verification token expires. If it does, I plan to create a dedicated "Account Confirmation" page that indicates when the token has expired and displays a "Resend activation link" button. Additionally, I want to know the duration (in hours) for which the token is valid and how to capture an error if the token has expired.
Solution:
if the token is invalid, it just returns 401 instead
Admin Role
Hello, how can i manually set a user role ( Like example admin - In the database ) ?
Solution:
Yeah it is in the dtb
How to return error from sendVerificationEmail ?
Hi,
How do I throw an error in this callback in betterAuth config ? I technically can throw an error but it's not handled properly on the client . Just want to setup a ratelimit which would work in emailVerification for calls from the server not only direct calls from the client....
Passkey Failed to verify authentication
Hi,
I am facing an issue where my password manager prompts me to use passkey when page use Conditional UI.
Error: Unexpected authentication response challenge "AB", expected "AA"
...inferring types on the client, based on plugins added on the server
I have a monorepo, with the
admin plugin added to the server initialization of betterAuth. I was expecting the additional user properties, like role would be accessible from session.user.
Here's my server code:
```ts
export const auth = betterAuth({...forgot password with Email OTP
Hi everyone! I'm working on a forgot password feature using Next.js, Prisma, and PostgreSQL.
When I submit the email on the forgot password page, and the email doesn't exist in the database, it doesn't show an error like "User email doesn't exist." It just silently fails.
Here's the code snippet I'm using:...
how to protect route based on role
@bekacru I used to protect routes using getSessionCookie, but now I want to protect them based on user roles. I tried using getSession() but it seems not provided. How can I check a user's role to protect specific routes or actions? it's enough if i know how to get session
Solution:
You can't use getSession in middleware.
Take a look at our middleware docs: https://www.better-auth.com/docs/integrations/next#middleware
You can directly fetch your auth API for session data.
...
converting bigint
When getting the session, I am encountering a problem that the json that contains the user and the session cannot convert because both are bigint. Is there a solution for this?
```ts
SERVER_ERROR: 187 | headers.set("Content-Type", "application/x-www-form-urlencoded");
188 | } else if (data instanceof ReadableStream) {...
Solution:
I just added this to the main backend file and it works
```ts
declare global {
interface BigInt {
toJSON(): string...
SIWE Auth plugin
hey!
I'm trying to get a siwe-plugin working, but i'm pretty sure I'm doing something wrong here.
Once my plugin is initialized, I still can't access it via
signIn.siwe...better auth as authentication service
It’s possible to use better auth as an authentication service for a Golang Rest api?
I want to use organizations and roles with permission...
what's the signature format for session cookies?
When examining a working session cookie created by Better Auth (__Secure-better-auth.session_token), I see it has a format like token.signature. What algorithm/process is used to create this signature? Is there a way to generate a valid cookie manually or is this only possible through Better Auth's internal APIs?
Magic Link Expiry
Hi there.
When it comes to the expiry of a magic link we noticed that it is set 2h behind. Now we have our DB hosted in the UK (MongoDB) and work in. South Africa.
Are the expiry dates of these tokens based on the DB time or server time? Essentially when working locally we have a our server obviously booted on a SA timezone. So just trying to understand where this behavior comes in?...
how to integrate non-oauth providers?
I'm implementing Telegram login which doesn't follow OAuth flow. After verifying the user's Telegram credentials and creating/finding the user in my database, what's the correct way to create a proper Better Auth session? I want to avoid false negatives when checking sessions in my middleware.
How to use stripe resume subscription
I need to use like this:
// Handle subscription resumption
const handleResumeSubscription = async (subscriptionId: string) => {
if (!subscriptionId) return
try {...
Unable to get access to authClient.stripe.subscription
```JS
import { emailOTPClient } from "better-auth/client/plugins";
import { createAuthClient } from "better-auth/react";
import { stripeClient } from "@better-auth/stripe/client"
...
hono | trpc | api key auth with betterauth issue
is there a hono trpc api key auth with betterauth example somewhere or someone mind sharing their approach for handling the auth part of api keys?
Record<string, any> union in returned data object from authClient hook
```ts
const { data } = authClient.useActiveOrganization();
if(!data) {
return <>No data.</>;...
New to SaaS Application Building
Hey all, I'm curious what people do surrounding authentication/authorization for SaaS apps. I'm new to the arena and wondering what the different solutions are. So if I intend to deploy an application across multiple tenants who have their own IdP (e.g. Azure, AWS, GCP, Logto, etc.) that I want my app to interface with, what Better Auth plugin should I be using? Organization? OIDC? SSO? A hybrid mix?
If I hook up to their IdP, then I need a way to map their IdP defined roles to the app roles that my application will define. How do people typically manage that IdP configuration for the app and IdP role to app role mapping? At deploy time? Runtime check with some administrative UI pages built into the application?
Sorry if these are dumb questions, but curious to get insight as I'm trying to build a scalable SaaS app....