Get session call failing Safari
Hi, I’ve recently setup better auth with nextjs, using the drizzle adapter and nextCookie plugin. I wrote my own plugin for steam authentication (OpenID 2.0), which seems to be working good.
However, one weird bug I’ve seen is that on safari, the get session call made when the user clicks my sites sign in button throws an error with status 0 and status text as an empty string.
Any idea why this is happening? Thanks!
55 Replies
@bekacru said…
this is casue it can't reach the server. Either base url or you haven't properly forwarded localhost portMy baseURL is set properly, and I’m using the nextjs dev server url. But this is happening deployed too. https://rust.directory
Rust Directory
Your go-to resource for staying ahead in rust.
Seems like if I make a manual client action it skips the get-session route and works
Where does the get-session call come from? is it some autoamic thing all client action that are inferred will call and do something with?
Maybe this is why from ai
does
authClient.getSession work
also what error does it show in the consoleError is error code 0 status text empty string
I haven’t tried get session but I think it works
I’m away from computer for a bit, can check when I’m home too
Ok so @bekacru - I got a few questions for you:
The plugin has two endpoints. One is
/sign-in/steam and the other is /steam/callback.
To show the session status in my ui, I have a component using the authClient.useSession() react hook. When the user is signed out, the button click will call authClient.signIn.steam() and then take the response (which contains a steam URL) and redirect to it. When the user is signed in, the button click will call authClient.signOut(). That is everything happening on the client side.
1. For sign in, the first thing that happens is the code in the plugin endpoint for /sign-in/steam. At the moment, it always generates a url using Open ID 2.0 and returns that in a JSON response. It seems like get-session is automatically called after the endpoint is completed. See screenshot for order. What is the purpose of this call, and why do you think it might only be failing on safari?
2. If the ui is not always in sync with session state, and the user tries to sign in again (when they already are), the plugin (at the moment) will still run the endpoint and generate a url for the user to go sign in at. Ideally we just update the ui and get the existing session. Should the change required for this live in the plugin or is the dev using the plugin responsible to handle that in their ui code?
3. Same question as number two, but for sign out ^
4. Since email is required in better-auth, I am just using a placeholder <steam-id>@example.com email when setting up users, but do you have any better/recommended way to handle this?
Thank you!
@Gamers pinging you here since I know you were interested
have you checked CORS?
I havent, but what do you mean by checking it? There are no CORS errors I can see if that is what you mean. Also everything is on same domain (using nextjs for all).
Never mind if that's the case
damn any other ideas?
@bekacru really hate to spam you here - just want to bump one more time if you get a chance to look at message I sent above. Been a few days and I am out of ideas :/
Does safari spit out any logs
Nope, just the error when useSession hook, which is an object with error code 0 and error status as empty string
"Load Error" in nextjs
I feel like this has to do with safari’s tracking prevention
If it’s working with any other browsers
Works fine on my mobile safari
https://discord.com/channels/1288403910284935179/1365363073061486653/1365363940145758248 this is not happening for you?
It happens on both mobile and macbook safari for me every time (private window as well to rule anything weird out, default settings)
Not at all
it just happened to me few seconds ago
what the hell
Can you send a screen recording?
is there a setting you might have turned off to reduce the protections or something maybe?
I am also not sure the call thats failing really matters since the user is actively being redirected when its being made. So it has no impact but I would have to change route name (/sign-in automatically does it) or write custom client action in plugin maybe?
check dm
not sure
what does your safari network ssys
its failing for you in the video you sent me
see the flash of "Something went wrong" while it redirects
well it doesnt fail according to network log
it doesnt seem to be issue with better auth
it is failing in logs for me, let me get log
can't really know much from SS
one possible reason I can think of is that Safari is handling the redirect and the
getSession call differently than other browsers. It having no status and returning 0 likely means that the call was aborted/cancelled
In Chrome/Firefox, the background getSession request might complete before navigation
in safari, it probably doesnt
which then leads to browser aborting the request
let me try somethingHmm yeah didnt think of that actually
try adding short delay before redirecting to Steam auth page
if user is using safari
I think it will solve most of the issues here
Ill try doing a long delay and see if it fixes it first
yup let me know how it goes
btw your implementation is pretty interesting
I've been trying to comeup with my own plugin for Steam too
but I was too lazy to get it working
please ping me if you managed to fix it
it seems to have fixed it
locally so far
I did 10 seconds
100ms is enough
no errors and get session finishes
yes
good
This feels like a duct tape solution right?
uh no
it's only solution
issue is more with safari
not better auth
Why does this call even get made
unless better auth redesign their session system
not sure
I can disable it if I write a manual client action
That just handles the steam url fetch
And get session should be made before to see if they already have a session
Seems backwards and I dont see why it happens after, only makes sense for auth that does not do redirects (email password or something)
I think it's designed to refresh the client's session state after authentication operations
right
probably best to ask bekacru
So in this case, I guess its not needced
it's just internal design I guess
Yeah I have been trying to get a hold of him, but he has been busy it seems
fingers crossed he reads this 🙂
will try this other idea I have and let you know how it goes
alright
@Perfect I have quick question. Is there specific reason you are using Better Auth if you are only using Steam as provider?
would you just recommend rolling my own completely, like session management and all
I could but tbh wanted to try better auth lol
well I used passportjs https://www.passportjs.org/packages/passport-steam/ when I implemented one year ago. but tbh Steam auth itself is dumpster fire anywhere so
I'm still not sure why they don't support oauth in 2025
using openid as only method is just crazy
Yeah I mean same idea, better auth still very helpful
yeah thats what I hear
I guess also good for future extensibility
Definitely
If you have plan to use other providers in future
@bekacru bumping, thanks
How did this go