Organizations Plugin Help
I'm struggling to adapt the organizations plugin to my use case, which requires dynamic roles and permissions created at runtime by users. Since the plugin seems designed around static, compile-time roles, I'm constantly fighting against its architecture.
I've tried:
Built my own RBAC system to integrate with the plugin
Considered using metadata to bridge the gap between static and dynamic roles...
Why few keys in redis has no TTL?
Hey im noticing many keys are there in redis which has no TTL, so it stays forever, session information will be expiry after 30 days,
Im using secondary database as redis by passing
secondaryStorage: {
get: async (key) => {...
Define different pg schema for auth tables
Is it safe to be creating the auth schema (account, session, user, verification) on the
public schema?
Auth.js creates a separate next_auth schema for these tables which seems like a more secure method?
Supabase has a separate auth schema....Vercel: State Mismatch. Verification not found
I'm trying to discover why I get
State Mismatch. Verification not found when my app is deployed to Vercel, but not when I test it locally.
I can go through the entire OAuth flow in Vercel, but I land on an error page and the logs output this error.
Is there any specific Vercel configuration I should be aware of?...Better-Auth, Polar, and Vercel deployment error
While deploying to Vercel using Better-Auth with Polar, I am getting this warning:
```
2025-08-05T00:55:05.833Z Run npm run preview to preview your production build locally.
2025-08-05T00:55:05.838Z...
Solution:
Adding this to my
vite.config.ts worked:
```js
import { sveltekit } from "@sveltejs/kit/vite";
import tailwindcss from "@tailwindcss/vite";...twitter provider: unable_to_get_user_info
I've been setting up a twitter social provider, and I got it working for several hours, but after trying to add scopes, it no longer works.
I get
Error Code: unable_to_get_user_info so I removed the scopes. but I'm still getting this error. The code is exactly the same as it was earlier today when it was working 🤷🏼♂️
I tried logging into my X account and revoke access to my app, so it could request it from scratch, but still the same problem persists....
is there a way to update the session after creating an organization?
is there a way to update the session after creating an organization? After the user signs up they are redirected to an onboarding screen where they will create the organization. I then want to update the session to save the organization name but I'm not having any luck
Unable to send email verification when using Admin plugin createUser
As in the title, when using the admin plugin's
authClient.admin.createUser method, the user is created with an emailVerified value of false. On face value this sounds fine but then when subsequently trying to send verificationEmail using authClient.sendVerificationEmail I get a 400 Bad Request error with the code "YOU_CAN_ONLY_SEND_A_VERIFICATION_EMAIL_TO_AN_UNVERIFIED_EMAIL"
```tsx
const {data: newUser, error} = await authClient.admin.createUser({
email: values.email,...organization plugin + projects?
Hi and thanks for an awesome library!
I am looking to explore the organization plugin (https://www.better-auth.com/docs/plugins/organization#access-control) but I am a bit confused about the mention of projects. In the schema section, it looks like the plugin handles organizations and, optionally, teams. What are these projects that are mentioned in the docs? Is it simply an example of things to extend to on your own? Or does the plugin actually have any feature that is called projects?
Thanks!...
Is it safe to allow locahost as trusted origin
In basic usage localhost is on of the example values.
I'm wondering is it safe to set that in production environments?...
Soft deletes for org members table or any org related tables
Is there a way to soft-delete entries in the members table? I need to retain the data since other tables depend on it in my current implementation. I saw an earlier thread about intending to support soft-deleting but not sure what the timelines are for that
Confused about cookie domain/trustedOrigins
Looking at the Cookies docs the example for cross subdomain cookies looks like this.
```
import { betterAuth } from "better-auth"
...
email verification token not storing in table
For whatever reason when a new user signs up on my application, the email verification token sent to the user is not being stored in the database. If a user does password reset it stores this token just fine. I am not sure when or if it ever worked properly but I am certain that the table is hooked up correct as there are other better-auth endpoints that work as intended.
I can provide any code needed to fix this....
Solution:
@Sean I just opened pull request https://github.com/better-auth/better-auth/pull/3912 that change that behavior and introduce displayUsernameValidator that is disconnected of usernameValidator
JWT and avoid cookies
Hi All,
I've got multiple projects pointing to different domains (vs hosted) for the backend and I'd like to use JWT For auth. I have enabled both JWT and Bearer plugins. However, it still tries to go through the cookie route when trying to getSession via
```...
displayUsername is normalizing to lowercase.
Im not certain what has happened but recently my better-auth has been normalizing my displayUsername submitted to the better-auth library. On the network request it appears to be sending it to the API endpoint with the correct uppercase and lowercase letters but my database, neon.tech, is showing it in lowercase only. Has this been an issue for anyone else before?
I can provide any code needed to fix this....
Extra Args for Hooks
Is it possible to extend the args for a builtin endpoint to have access to additional information in the hook? e.g. call signUp with an additional key "foo" and use "foo" in the after create user hook?
How to associate OAuth access tokens with application-specific context during OIDC flow?
I'm building a data sync platform where users can create multiple "destinations" (e.g., different Airtable bases, Notion workspaces) to send their data to. I want to use the OIDC plugin so that each OAuth access token is tied to a specific destination.
Current setup:
* Using better-auth's OIDC provider plugin
* Have a destinations table that I want to link to oauthAccessToken via a new destinationId column...
Migration from SQL DB to PostgreSQL DB Password Verification Error
Trying to migrate users/accounts from my SQL DB (pre better-auth implementation) to a PostgreSQL DB (better-auth implementation). However, when hashing the passwords with
error. It seems like the verification of the password algorithm expects the password in a feasible manner. Any guides on how to do that?
From better-auth code I can see:...
Scrypt.NET and trying to login I get a ts│# SERVER_ERROR: Error: hex string expected, got undefined^CTerminate batch job (Y/N)? Terminate batch job (Y/N)?
│ at hexToBytes (../src/utils.ts:164:37)
ts│# SERVER_ERROR: Error: hex string expected, got undefined^CTerminate batch job (Y/N)? Terminate batch job (Y/N)?
│ at hexToBytes (../src/utils.ts:164:37)
Solution:
Implemented the functions like the following
```ts
import { scrypt, randomBytes } from "crypto";
const scryptAsync = (
password: string | Buffer,...
Generating sign in and sign up page
Hey Guys, Ive been working on implementing better auth into my project in my nextjs 15 app router project.
when i create my sign up button using the better auth website, it outputs the code I have attached below. However, when i installed and initialised my project, it installed v4 of tailwind as the latest version. However, I have noticed that the better auth sign up template requires shadcn which isnt compatible with the latest version of tailwind. I had claude try output a version that does not rely on shadcn, but idk if it is good/will break my project. Could someone pls help lol...