Multiple Session Types / Customize Options for Individual Sessions
Is it possible to arbitrarily define values for different options (like
For context, I am working on migrating from a custom JWT auth system to Better Auth for a service that has 3 main parts:
- Next.js Website
- Express API + MongoDB
- Expo TV app
In my original implementation, I had 4 types of sessions using JWT, each signed using a different secret:
- Web
- Guest - Has limited route access and stricter rate limits. Also used to access the route to generate a JWT for signing into TV
- TV Auth - Special token with short expiry time generated through a QR code link on tv app to sign in from a mobile device. Can only be used for one specific auth route
- TV - Has a much longer expiry time compared to web. Only has access to routes that are needed by the tv app
A common flow would go like this:
1. User opens TV app, fetches API for a new Guest session
2. User presses login. Using Guest token, a JWT storing the Guest session id is retrieved from the API.
3. User scans QR code containing link to website with JWT as a param
4. User logs in on website. The API uses the new Web token to generate a TV Auth session token and store it in the Guest session in the database
5. TV app pings the API using its Guest session token until a TV Auth token is found
6. TV app uses the TV Auth token to authenticate with the API and retrieve a long-term TV session token.
I haven’t been able to find much information on supporting multiple types of sessions, or customizing options for multiple different sessions, from within a single Better Auth instance.
expiresAtupdateAgesecretrateLimitFor context, I am working on migrating from a custom JWT auth system to Better Auth for a service that has 3 main parts:
- Next.js Website
- Express API + MongoDB
- Expo TV app
In my original implementation, I had 4 types of sessions using JWT, each signed using a different secret:
- Web
- Guest - Has limited route access and stricter rate limits. Also used to access the route to generate a JWT for signing into TV
- TV Auth - Special token with short expiry time generated through a QR code link on tv app to sign in from a mobile device. Can only be used for one specific auth route
- TV - Has a much longer expiry time compared to web. Only has access to routes that are needed by the tv app
A common flow would go like this:
1. User opens TV app, fetches API for a new Guest session
2. User presses login. Using Guest token, a JWT storing the Guest session id is retrieved from the API.
3. User scans QR code containing link to website with JWT as a param
4. User logs in on website. The API uses the new Web token to generate a TV Auth session token and store it in the Guest session in the database
5. TV app pings the API using its Guest session token until a TV Auth token is found
6. TV app uses the TV Auth token to authenticate with the API and retrieve a long-term TV session token.
I haven’t been able to find much information on supporting multiple types of sessions, or customizing options for multiple different sessions, from within a single Better Auth instance.
