Is there a way to send both Magic Link and OTP together in one email?
During signin/signup I want to send users both Magic link and OTP in one email and user can choose to either login with magic link or enter OTP.
Currently we have two separate plugins to send magic link and email OTP. Are there any known workarounds to combine them?...
Issues with integrating in Hono
I'm following the guide for Hono, I've added cors, even tried setting defaultCookies options with sameSite = "none" etc, and:
- in my frontend, using authClient I get the logged in user, so that works
- but in my backend routes, I'm trying to get the current session using
...
User can't subscribe again after canceling ( Stripe )
I'm using stripe
basically after subscribing, and cancelling, when the user would want to subscribe again, it's not possible
it looks like there's already a record with referenceId in Subscribtions table with canceled status ...
apple sign in issue - state_not_found
hello there, i am facing an issue with apple sign in, im getting ERROR [Better Auth]: State not found undefined
anyone could point me in the direction to whats happening?
this is after logging into apple and pressing continue to return back to the app, it ends up at api/auth/error?error=state_not_found
...
Reach of OIDC access_token
Hi, guys.
Quick question about the OIDC plugin. Right now, when doing the authorization_code flow, the access_token you get only seems to work with the /userinfo endpoint.
Is that the only thing it's meant to access for now? Or is there (or will there be) support for using that same access token to hit other endpoints like the ones related to organizations, default endpoints. How should I handle those kinds of actions with the provided access token?...
Error codes and mapping to fields
```ts
type ErrorTypes = Partial<
Record<
keyof typeof authClient.$ERROR_CODES,
{...
Auth client in Next server actions - always getting 401
Hi!
I'm trying to use the auth client in a next server action, but any api I hit on the server side is always unauthorized. Is there some way to configure the auth client with the user's server-side session?
I know I can do
auth.api.doThing but I'd greatly prefer to use the auth client for the sake of consistency....Where is spMetadata supposed to come from?
Hey we are trying to setup SSO with Entra ID and SAML 2.0 right now. The docs are somewhat unclear on how this should be done exactly. One particularly confusing part is the spMetadata. Where is this supposed to come from, do we have to come up with one ourselves? Shouldn't better-auth provide this automatically?
forbids login on social provider (google) /callback after hook
Hi, I'm trying to check for user active/inactive status and prevent them from logging in.
So far I can throw an error after checking their user data on /callback:id after hook. However, I want it to gracefully redirect user to our signin page and show an error, this can be done by redirecting user to /signin?error=abc
I can't figure out how to perform redirect and also clear the session tokens that are set on the response header's 'set-cookie'...
Better Organization Billing / Stripe Plugin
Is there an example for organization billing, I solved it with custom logic everywhere but was wondering if there is an easier solution as I had the issue that it created a stripe customer id for the user instead of the organization
Cloudflare + React Router v7 and Better Auth
It seems there is no clear answer on how to actually use Better Auth with Cloudflare D1. As a beginner, I have searched high and low for what is seemingly an impossible answer.
1. The problem starts with Better Auth: Better Auth does not support Cloudflare D1 out of the box
2. Third-party packages are required: Both Kysely and Kysely-D1 are needed to do something with Better Auth and unfortunatly the documentation is non-existent as to how Kysley talks to Cloudflare D1 and Better Auth or why these third-party packages are required ...
Api key invalid even though it exists in the database
Hey there, I've just ran into a weird issue where, no matter what I try, my api key is not accepted as a valid key. I've attached an image of what this looks like in the logs, maybe I am doing something wrong but I can't for the life of me figure out what. This is my code at the moment:
All data is local btw, so no worries about leaking anything
```ts...
Disable client
Is it possible to completely disable the client of better auth so I can handle everything on the backend. I understand that I could just skip initiating the client on the clientside, but I guess there are api endpoints that are still made accessible from client side calls still exposed.
401 when calling registerSSOProvider
Hi,
I'm starting an integration with Okta SSO with SAML v2 and I'm getting a 401 UNAUTHORIZED when calling registerSSOProvider.
Are there any example implementations with SAML v2 or Okta in particular?
My config looks like this:
```auth.api.registerSSOProvider({...
api.getSession in pages router
Hi!
How should I fetch the session server-side (
getServerSideProps or API route) when using Next.js' pages router? Both of these seem to work but they give TypeScript errors:
```ts...emailOTP - I want to send OTP for both signup and signin flow in app, but distinguish between flows
If user is on login screen and trying to login with non existant email I want to present an error "User with this email doesn't exist"
disableSignUp: true
But if user is on Signup flow, I want to send them email otp and also create an account for them disableSignUp: false
...Enrich JWT with organisation membership info
Hi,
Is there any recommended way to retrieve organisation and membership info for the user and active organisation, when adding JWT claims in
definePayload? We want to embed eg. the member role in the JWT. I looked at using getFullOrganization , but that doesn't work as we're missing the request headers (or is there a way to access them?).
Best,...Same app on multiple subdomains
Hi, I have the same better auth app serving multiple subdomains: admin.mysite.com and app.mysite.com. I'm running behind an AWS ALB, and want my social redirect urls to be customized so that I can enforce https for redirect urls. So far, I can't find a way to do this. My app is using hono.js on node.
Is this a bug in better auth, that it isn't detecting the X-Forwarded-Proto header for these redirects? I figured I shouldn't have to set anything up for this to work, but I can't get the redirect url to use https....
Help - userHasPermission
I've updated to the latest version and I'm trying to use
auth.api.userHasPermission. However, I'm only getting the error Property 'userHasPermission' does not exist on type 'InferAPI'. Is there any additional configuration I'm missing? Please, enlighten me!
How is account.accountId auto-populated for Twitter (X) OAuth2? Is /2/users/me called internally?
Hi! I’d like to confirm the Twitter (X) OAuth2 behavior.
Observation: Even without calling /2/users/me on my side, account.accountId is automatically saved with the X user ID (e.g., 777337382261497856).
Question: Does the provider internally call /2/users/me via getUserInfo during the callback, and then persist data.id to account.accountId?...
Solution:
Resolution: the library calls /2/users/me internally.
File: packages/better-auth/src/social-providers/twitter.ts
In getUserInfo, it calls:...