Cookies amongst multiple tenants, subdomains, and custom domains for a SaaS
Hey folks, I'm working on what is ultimately Squarespace for a niche, where users will get a unique subdomain, and can also add their own custom domain (so we have
mycoolapp.com where i'll be serving the marketing, john.mycoolapp.com, and maryscoolapp.com).
Looking for guidance on how to get it working with BetterAuth; my stack is SvelteKit, with Postgres + Drizzle (using the direct Postgres connector, though), with Directus as the CMS for end users. Currently I'm having an issue where the cookies are being set on the TLD and not working on the subdomains.
I'm aware that there's an organisation plugin, but that doesn't look to have anything specific to sharing cookies between sites....Sign Up with Additional Data
I have a question about the provided sign up capabilities within Better Auth.
I have a use case where I need to collect additional data about the user on sign up for my application (e.g. their address). What’s the expectation on managing that requirement with Better Auth? Do I mutate the provided User table generated by BA? Or do I create a separate database table that joins on the user table via userId? That path also comes with the implication of creating a separate API call to also write to that separate table after doing the sign up API call.
Just curious what best practices are in this kind of situation....
Stripe `priceId` is undefined
Hello everyone! I use the stripe plugin and I have this code:
```ts
const { data: subscriptions } = await useAsyncData(
'subscriptions',
() => client.subscription.list()...
Better auth is not letting my database generate the default id even though I set
advanced.generateId to falseMultiple database queries for getSession()
I'm using better-auth with an existing Kysely instance. It's all working ok, but I've noticed that each time I call auth.api.getSession() it's doing 2 queries, one to get the session and then one to get the user.
Shouldn't it be using a join to get all the info in a single query?...
Wildcard domain
I have an unusual use case for auth: my authentication database is shared between multiple apps running on different subdomains. Accounts created in one app also exist in other apps.
This almost works. However, I’ve stumbled upon a weird problem: sometimes both Google and Email/Password authentication fail.
Google reports an incorrect redirect_uri, while Email/Password reports an invalid origin.
...
Social login for native apps
Hey everyone looking for some guidance for native apps and social signin. My app is built using capacitor. On my signin page I capture the redirect by running the following
```
const { data } = await authClient.signIn.social({
provider,
callbackURL,...
Session Caching with Custom Fields Workaround
I've been using Next Auth and was thinking to switch over, however the line below is making me hesitate. I do not want to hit the db on every request, but I also want to use custom fields such as roles. Is there an alternative or work around for this?
...
Session caching, including secondary storage or cookie cache, does not include custom fields. Each time the session is fetched, your custom session function will be called.
Session caching, including secondary storage or cookie cache, does not include custom fields. Each time the session is fetched, your custom session function will be called.
Seeding doesnt work
It crashes because better-auth throws away the id here: https://github.com/better-auth/better-auth/blob/0127426a5e7df4d011e27f510a6e177561f3b618/packages/better-auth/src/adapters/create-adapter/index.ts#L541
auth.api.getSession doesn't reading Authorization header
Im using expo and nextjs monorepo setup, and expo successfully sending Bearer token in Authorization, and nextjs receives. But when i pass the headers to auth.api.getSession, it can't find session. I'm using 3 plugins: oAuthProxy(), expo(), nextCookies()
Solution:
Have you checked if the headers contain the cookies required?
Modify User
I have ping id (GenericOAuth) integration in my MERN app using better-auth library. I saved the user once login, but what if the user details are modified in the ping console. like: roles, or group.
How to log in from the server
Hello,
I have a login page with a form and I'm trying to signIn the user on the server:
```js
export const actions = {...
OAuth custom headers in token request
Hi!
I'm trying to integrate Vipps authentication using the genericOAuth plugin. Vipps requires specific headers (like Merchant-Serial-Number, Ocp-Apim-Subscription-Key) to be sent with the token exchange request (when getting the access token).
I see the discoveryHeaders option, which is helpful, but I can't find a way to add headers specifically to the token request itself within the genericOAuth configuration....
nextjs + nestjs
i have a nextjs app with better auth setup.
what would be the best way to handle auth verifcation on the side of the nestjs backend ?...
Solution:
Hey, there is https://github.com/better-auth/better-auth/pull/1548 coming, but there is also comment from user juandl , where he explains how he implemented it.
https://www.better-auth.com/docs/plugins/passkey
Adding the plugin and then running npx @better-auth/cli migrate generates nothing.
Solution:
run npx @better-auth/cli generate and update your schema manually.
Migrate: This command creates the required tables directly in the database. (Available only for the built-in Kysely adapter)...
How can I do multiple Database calls 'during' user creation transaction in google OAuth?
Is there a way to write/hook into the User creation code when signing up with google ?
I know that I can use the databaseHooks 'before' and 'after', but I want to do something 'during' the User DB creation that does multiple database inserts on signUp, because I want to use transactions to make sure they either all succeed or all fail, like this:
```javascript
const onSignUp = async() => {...
How to handle this error myself?
I want to make it just include an error message in my form. Can I send it to a callback URL?
Is it okay for getsession req to be made for every protected route or I should cache it?
Hey guys I have some routes which needs to be protected so I use this wrapper
```tsx
export const ProtectedRoute: React.FC<ProtectedRouteProps> = ({ children }) => {
const { data, isPending, error } = authClient.useSession();...
JSON.parse error in Express.js
Hey, @Ping How are you man?
How can find this error comes from and fix it?...
