Can better-auth client be used from backend?
Hi. Can the better-auth client be used from a backend so that better-auth can replace existing auth functionality with minimal frontend changes, or does the client have to be called from the frontend?
getSession gives null after google login on deployed app
Hey everyone, I'm running into an issue with authentication and could use some help.
Tech stack:
Backend: Hono (Deployed on workers)
Frontend: Next.js (Deployed on vercel)...
Rate Limiting Does Not Work
I'm trying to test rate limiting on dev, but unfortunately it doesn't limit anything.
This is my config:
```
rateLimit: {...
API `verifyEmail` problem
I'm encountering an issue with an email verification process in my TypeScript application. Despite the API response look like successful operation (a set-cookie header), an APIError is being thrown.
better auth v1.2.10
```typescript...
SQL error when exchanging the token (Microsoft Auth + MSSQL + NextJS)
Hello!
I am trying to switch from AuthJS to better-auth but i am stuck with an SQL error.
It happens on the
http://localhost:3000/api/auth/callback/microsoft callback (with the code parameter).
It looks like better-auth is trying to save some data received from Microsoft with an unexpected format...
Duplicate emails issue
Currently, the app I'm building allows users to create users (
user table) or update their existing user to use the same email address that is already used for a different user.
Ideally, I would like to limit this to one user account per email address.
I've been trying to implement this on my database layer as well as in my trpc mutations, but I heard there might be a simpler way to do this purely in my Better Auth auth.ts file....Using extra scopes in OAuth2 Flow
I want to use the webhook.incoming scope, and this will return extra data in the token exchange. I haven't been able to get the data through any means, and this data seems to be ignored. What can I do?
Solution:
You could use
mapProfileToUser and when you get the data then map that data to the user.
https://www.better-auth.com/docs/concepts/oauth#other-provider-configurations...Magic link with OTP fallback?
Hey, I'd like to implement a passwordless flow where the user would receive an email with:
a) a link that would log them in, and
b) if they e.g. want to log in on a different device, they can enter the OTP that would also be in the email on the page they see after entering the email.
I can handle either of these easily with existing plugins (Magic Link and Email OTP), but how should I approach a hybrid solution? I thought about simply changing the
generateToken implementation (e.g. to something that generates a 8-chars long alphanumeric string) in Magic Link's setting and then calling .verify on the frontend page where user can enter the code. But I'm not sure if that's safe considering OTPs .verify requires users email; I don't know why the approach is different there. Does that sound like a legit solution? I'd rather avoid building a custom endpoint....How to change error messages?
Is there any provided way of changing or enhancing error messages by ourselves, like some auth config option or else.
Get accessToken with LinkedIn OAuth
Hey Everyone, I'm trying to use LinkedIn OAuth and I've specified some scopes, now when I login, I'll have a accessToken which I need to use.
Basically I'm building an app where you can draft a linkedin post and post it on behalf of logged in user. but I'm having trouble getting the accessToken for it.
How do I get the token and save it in new field in the users table?...
# SERVER_ERROR: Error: connect ECONNREFUSED 127.0.0.1:5432
Hey, i am getting this error on my app deployed on vercel, i am using next.js and next.js handler from better-auth
listUsers from admin plugin with no session?
Can i run ```const users = await authClient.admin.listUsers({
query: {
filterField: "role",
filterOperator: "eq",
filterValue: "admin",...
Session extension isn't happening with Chrome Extension SW + Fastify Setup
Love the simplicity of the setup. however, I am facing an issue with my current Chrome Extension (service worker) + Fastify & Prisma development.
I am using the Email & Password authentication.
the signin, signup and signout functionality are working perfectly.
...
API Key Validation in Next.js middleware
I would like to protect my Next.js app's API endpoints using the API plugin. In my middleware, I keep getting, that my API keys are invalid when I get them from the request headers and validate them using the
auth.api.validateApiKey function. Most of my configurations for the plugin are left as defaults. Kindly advise me on how I could get past this or what other approach I should consider. Thank you.What if I turn on autoSignIn and requireEmailVerification at the same time?
I mean both of these conditions contradict each other, so will it make some exception here or nothing will be returned.
Social Auth throwing error - How to fix?
I am facing issue during the social auth. after auth it is throwing below error.
Better Auth Error
We encountered an issue while processing your request. Please try again or contact the application owner if the problem persists.
...
socket.io authentication
Hi! I recently discover the amazing work of better-auth, so first line to adress a huge thanks to all devs and constribs. Cheers to you all!
I recently introduced better-auth as the authentication technique for a web app I'm building. To make it short, the app is essentially a real-time chat app, with mainly users and a single automated client. To ensure proper live chat, I introduced socket.io in the server, and currently am looking into authentification. I have found a way to authenticate the automated client through API key, but what would you recommend as a solution to authenticate regular users? I have a custom server.js for socket server initialisation, in which I can make the token verification. I also thought to implement jwt, and have already set up the verification method in the server but I am struggling to implement the socket initialisation on client side with the jwt as part of the init request.
Have any of you faced similar issue before? Thanks! 😊...
How do I access the type of the value returned by getInvitation?
It's common in Better Auth to use
authClient to query information - for example getInvitation
How do I access the type of the value returned by getInvitation? Specifically I am interested in the data
```ts...Solution:
Ah OK - I need to use
$Infer with a type assertion
```ts
type Invitation = typeof authClient.$Infer.Invitation
...Question about how to apporoach data
Hello, I have a question on how I should approach BetterAuth and handling its data.
I am making a website with account features (name, email, address, phone number, etc...) and I don't know to structure my additional fields.
1) Do I put additional fields in User or into a seperate UserProfile?...
Solution:
1. Anything associated with a user can be in the user table, meaning it's fine to put it in the user additionalFields.
2. Depends on your app and how accessible you want it to be, but also keep in mind that getSession/useSession will be more secure as we check for session validation before returning the data, using your own endpoint to return data might be more work
3. There isn't any difference relating to Better auth on whichever you should use, comes down to preference & situation...
Questions about signup/signout in Next
The docs have this example code for email/password signup and signout:
```
// Signup
import { authClient } from "@/lib/auth-client"; //import the auth client...