Rename/remove default organization role names?
Is it possible to rename the default names, or exclude them if I create a custom access control? For instance, instead of "member" use "employee"?
Issues using NextJS NextRequest headers in server-side auth.api functions
Running NextJS application deployed on AWS Fargate. Over the last few days, our calls to Better-Auth api functions on the server in API endpoints have all started failing. I checked for version changes in both NextJS and better-auth, and there are none. The code was working fine last week, now getting 401 unauthorized or 400 API errors returned by API calls.
I've isolated the issue to the headers object that certain functions use. From better-auth docs, here's organization permissions as an example:
await auth.api.hasPermission({
headers: await headers(),...
Local/Dev authentication on TanStack.com = INVALID_ORIGIN
Using better auth on TanStack.com now... how the heck can I authenticate in development locally? I added http://localhost:3000 to my trustedOrigins, and even created development apps for github/google, but still get INVALID_ORIGIN when attempting to login with social. I have even disabled CSRF protection temprorarily, but still no dice. I'm not sure what else to try.
Discord + Expo plugin not working
Hi I'm trying to use the Better Auth Expo package along with Discord to implement auth in my app but I've been stuck trying to fix this issue for the past few days.
I've configured my auth redirect url to be https://api.botsfordiscord.app/api/auth/callback/discord and have added to the list of redirect uris in the Discord developer dashboard. However, when I go ahead and try logging in, I get "Invalid OAuth2 redirect_uri" eventhough it's a valid uri.
I looked into the uri that better auth is generating and it's this:...
How do I create a client only plugin that adds a property to the client object?
I want to create a plugin that intercepts responses and adds a property to the client object. How do I do it?
Organization: OrganizationClient does not seem to add interfaces to authClient
I am attempting to configure the Organization Plugin using Better Auth 1.3.7. I have the following server/client configuration:
```ts
// server/lib/auth.ts
const { ac, roles } = OrganizationPluginOptions;...
How do I create a plugin that adds a property to the client object?
Consider the
magic-link plugin. When we register it, we get access to client.magicLink.verify(). How do I create my own plugin that does so? I read the source code of this plugin but didn't find anything useful. Thanks.Solution:
magic-link ->
magicLink, and verify is just verify, so together in the authClient it would be authClient.magicLink.verifyHow to use adminRoles?
I tried to use custom adminRoles like this
```ts
import { prismaAdapter } from "better-auth/adapters/prisma"
import { PrismaClient } from "@prisma/client"
import { username, admin } from "better-auth/plugins"...
Convex + better auth 400 code with no errors
Hey, I was just trying to setup better auth with convex, but for some reason I always get a weird 400 error with "Invalid body parameters" for the
/api/auth/sign-in/social route. No matter what provider I use, it's always the same.
All my .env variables are there and working...How to use `auth` method inside hooks
How can I use the methods on
auth, like auth.api.createOrganization inside auth.emailVerification.afterEmailVerification setup?
Typescript shouts about the variable referencing itself...organization.autoCreateOrganizationOnSignUp doesn't seem to do anything
Hi there
I'm trying to create an org for users on signup. I saw this flag in the plugin config, but it doesn't seem to actually do anything. I signup, verify my email, but not org or member is created...
Error Code: unable_to_get_user_info (X Login)
I tried logging in with X using Better Auth and I keep getting this error code. I would like to know how to fix this
Error updating api key
I am facing an error while trying to update the api key, my code:
```TS
import type { IncomingHttpHeaders } from 'node:http'
import { auth } from '../../lib/auth.ts'
import type { UpdateApiKeyBody } from '../../schemas/api-keys/index.ts'...
useSession() and getSession() are supposed to extend expiresAt right?
Calling useSession() on the client or getSession() on the server is supposed to extend the session expiresAt if past updateAge correct? I cannot for the life of me get it to extend. I'm checking returned data and the DB itself.
Sveltekit - 2.28.0
expiresIn: 4 * 60
updateAge: 30
Running local....
Does Better Auth Support Session/Token Rotation?
In Better Auth, if a session cookie is stolen and reused in another browser, does the library provide any built-in mechanism to prevent session hijacking (like session rotation, device/IP binding, or fingerprint validation)? From what I’ve seen, there doesn’t seem to be session/token rotation for email/password authentication — could you confirm if that’s correct and suggest the recommended approach to mitigate this risk?
google login doesn't work on mobile web but works properly for the desktop
trying to login using a mobile doesn't allow me signin to my application after following the official docs setup
activeOrganizationId stays null after setActiveOrganization
Creating org + setting as active works, but session.activeOrganizationId remains null on next request.
Create org:
```ts
const orgData = await auth.api.createOrganization({
body: {...
Solution:
Do you use cookie cache?
@better-auth/cli ZOD version dependency
Hey all,
The @better-auth/cli ZOD peer dependency is currently set to the following.
Should this not have a ^ in front of the v3?
...
Bearer 2FA
I’m using bearer plugin for auth flow because of tauri mobile app. Default login are working fine when I receive a token - just put it inside localstorage and that’s all. Problem is when I need to sign in with TOTP enabled, after sign-in I receive ‘twoFactorEnabled’ and requesting a TOTP code but I cannot verify it because token that we have not linked to any session yet. I see some other cookies that I can’t use because of tauri cookie limitation such as 2fa, don’t remember and other.
@Better Auth can you please provide a doc link where defined flow of not using any cookies but having 2fa, trust device, remember me features working?...
Next-intl + Stripe
Has anyone had an issue where a calling authClient.subscription.upgrade eventually leads to a localized api endpoint? I figure directly after processing in /api/auth/subscription/upgrade there's a call that's redirected to a localization, but I can't seem to figure out how to fix it (ps I've already tweaked my middleware.ts)