2FA Totp
Hello, i wanna add 2fa TOTP to credentials login. How can i generate a QR code for user to scan ?
Solution:
That's out of Better-Auth's scope at what we provide. You should find a library that does this
Middleware - Better Auth
Hello everyone!
I'm having an issue where my /dashboard route is not being protected even when the user isn't logged in.
I'm following the documentation: https://www.better-auth.com/docs/integrations/next#middleware...
useSession returns null
Anyone knows why useSession returns null?
1) no cookie prefix or any cookie name customization
2) i can see cookie logs(in middleware)
```...
Solution:
thanks! i realize that when you render something depdening on the session data and it's null at the begining, it just stops there and wont continue
Cloudflare Worker exceeded CPU time limit, while sign-up/email.
I was trying better-auth on cloudfare with hono and D1, and while I have a free plan on cloudflare that allows for up to 10ms CPU time per request, I am receiving Worker exceeded CPU time limit errors. This occurs during sign-up/email; I understand that sign-up involves multiple processes, including hono zod validation, among others.
My concern is, do I need to upgrade my plan to get this working, or can I optimize my code or something? For example, I was thinking about using drizzleAdapter for authentication; could I change it to Kysely, or idk....
Solution:
It's very likely you will need to upgrade.
In certain endpoints, such as sign up email, we will do multiple adapter calls to your DB, 1 call alone is most likely more than 10 ms alone, let alone maybe 3 calls....
Getting FORBIDDEN (403) error when using authClient.admin
Auth config:
```export const auth = betterAuth({
database: prismaAdapter(prisma, { provider: "mysql" }),
user: {...
Organization: Determine what team a user belongs to
As the title implies, are members supposed to have a
teamId associated to the model so that we can determine what team they belong to within an organization? I don't believe I see a teamId associated to the model.
This is important as, when I fetch the full organization information, I want to be able to create team buckets but I cannot do that if I do not know what teamId values a member is associated with....Solution:
The teamId conditional inference is inverted so it was being inferred when teams were not enabled and not inferred when teams were enabled
I have made a pr to fix this https://github.com/better-auth/better-auth/pull/2133...
session schema is missing
i have added the secondaryStorage in auth config, but also enabled this session check to store the session in database but still the better-auth cli is not generating the session schema,
Slow API response time until sign out & sign in again
I'm having a weird issue with slow response times. I'm integrating Better-Auth with my Next.js app and I noticed that if I'm signed in to my dashboard and then stop and start the Next.js dev environment again using
pnpm run dev my api calls are super slow - around 1 ~ 3 seconds. This happens only when I stop the server (without signing out) and start it back again. The app seems to be super slow. What seems to fix it is to sign out and sign in again, then it gets back to nromal and the GET calls drop do 20 - 250ms. Until of course the next time when I stop the dev server and start it back again.
Did anyone else noticed such issue?...Solution:
I don't think there is much else you can do.
Alternatively you can setup secondary storage and use something like Redis from upstash if you want sessions to get to your client faster....
Issue with Session Revocation and Middleware in Next.js
I’m trying to revoke a user session in a Next.js app using middleware, but I’m running into a problem.
After calling revoke-sessions and redirecting the user (which triggers the middleware again), get-session still returns a session—even though it’s supposed to be revoked. This causes an infinite redirect loop (too many redirects).
Is it possible to properly delete or invalidate sessions from within the middleware? Or is there a better way to handle session revocation and redirection flow?...
