BA
Better Auth•5mo ago
Joey

Verifications are created multiple times

I'm using google oauth2 in my elysia app, when I complete the oauth2 flow, I saw there is one more verification record not being consumed, so I tried multiple times, I found that oauth2 url is being created two times, sometimes oauth2 url is created one time but the console show the error scenrio 1: verifications being created two times { url: "https://accounts.google.com/o/oauth2/auth?...", redirect: true, } { url: "https://accounts.google.com/o/oauth2/auth?...", redirect: true, } scenrio 2: verifications being created one time but showing error { url: "https://accounts.google.com/o/oauth2/auth?...", redirect: true, } 2025-06-05T02:48:02.719Z ERROR [Better Auth]: Error 4816 | continue; 4817 | } 4818 | if (endpoint.options?.metadata?.SERVER_ONLY) continue; 4819 | const methods = Array.isArray(endpoint.options?.method) ? endpoint.options.method : [endpoint.options?.method]; 4820 | for (const method of methods) { 4821 | addRoute(router, method, endpoint.path, endpoint); ^ error: NOT_FOUND at <anonymous> (/Users/scalebear/projects/elysia-better-auth/node_modules/better-call/dist/index.js:4821:24) at processRequest (/Users/scalebear/projects/elysia-better-auth/node_modules/better-call/dist/index.js:4818:50) at <anonymous> (/Users/scalebear/projects/elysia-better-auth/node_modules/better-call/dist/index.js:4887:8)
1 Reply
Joey
JoeyOP•5mo ago
my code: 
import { Elysia, redirect } from "elysia";
import { auth } from "./auth";

// user middleware (compute user and session and pass to routes)
const betterAuth = new Elysia({ name: "better-auth" })
  .mount(auth.handler)
  .macro({
    auth: {
      async resolve({ status, request: { headers } }) {
        const session = await auth.api.getSession({
          headers,
        });

        if (!session) return status(401);

        return {
          user: session.user,
          session: session.session,
        };
      },
    },
  }
);

const app = new Elysia()
  .use(betterAuth)
  .get("/", () => "Hello World", {
    auth: false,
  })
  .get("/sign-in/google", async ({ request: { headers } }) => {
    const data = await auth.api.signInSocial({
      body: {
        provider: "google",
      },
      headers
    });
    console.log(data);
    if (!data.url) throw new Error("Failed to redirect to Google");
    return redirect(data.url);
  })
  .listen(4000);

console.log(
  `🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`
);
import { Elysia, redirect } from "elysia";
import { auth } from "./auth";

// user middleware (compute user and session and pass to routes)
const betterAuth = new Elysia({ name: "better-auth" })
  .mount(auth.handler)
  .macro({
    auth: {
      async resolve({ status, request: { headers } }) {
        const session = await auth.api.getSession({
          headers,
        });

        if (!session) return status(401);

        return {
          user: session.user,
          session: session.session,
        };
      },
    },
  }
);

const app = new Elysia()
  .use(betterAuth)
  .get("/", () => "Hello World", {
    auth: false,
  })
  .get("/sign-in/google", async ({ request: { headers } }) => {
    const data = await auth.api.signInSocial({
      body: {
        provider: "google",
      },
      headers
    });
    console.log(data);
    if (!data.url) throw new Error("Failed to redirect to Google");
    return redirect(data.url);
  })
  .listen(4000);

console.log(
  `🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`
);
I not sure whether the duplicated verifcations being security issue, if the verification token leaks, the account will get hijacked?

Did you find this page helpful?