BA
Better Auth2mo ago
bozo

How can I make a "error middleware"?

Hi guys. So, I have the back-end config of better-auth and the front-end client. The thing is, I need to format the errors of the better auth to normalize them to the default error pattern that my back-end provides, and for such, I needed some kind of error middleware of the better auth in the back-end. I tried the following in the back-end config: 
export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})
export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})
But still, in the FE, I get the original better auth error. It is like the function call on the FE just ignores that "onError" of the BE. What I expected is that every error would pass there and then get throw again to its final version on the FE
No description
4 Replies
Better Auth
Better Auth2mo ago
Hey there! I'm here to help you with Better Auth. Could you let me know what "help" you need? Here are some common topics our community often asks about: • Installation & Setup – Make sure you export your auth instance correctly and configure your database as required [1].
• CLI Commands – Learn about generating and migrating your schema using our CLI (e.g., npx @better-auth/cli generate) [2].
• Configuration Options – From setting your secret to custom routes, there’s a range of options available [4].
• Plugin Ecosystem – Better Auth supports plugins for features like two-factor authentication, username normalization, and more [8], [15]. Feel free to ask for more details on any particular area, and I’ll be glad to dive in! Sources: 1. Installation | Better Auth 2. CLI | Better Auth 4. Options | Better Auth 8. Basic Usage | Better Auth 15. Username | Better Auth
bozo
bozoOP2mo ago
@Better Auth Hi guys. So, I have the back-end config of better-auth and the front-end client. The thing is, I need to format the errors of the better auth to normalize them to the default error pattern that my back-end provides, and for such, I needed some kind of error middleware of the better auth in the back-end. I tried the following in the back-end config: 
export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})
export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})
But still, in the FE, I get the original better auth error. It is like the function call on the FE just ignores that "onError" of the BE. What I expected is that every error would pass there and then get throw again to its final version on the FE
Better Auth
Better Auth2mo ago
It looks like there are some scenarios where Better Auth’s internal error handling may bypass your custom onAPIError hook. In some cases—especially with errors that occur during internal flows such as OAuth state mismatches—the error is hardcoded to redirect to the default error page, ignoring your overridden behavior [12]. This means that even though you set throw to true and define your onError function, not every error passes through this middleware, which is why you still see the original error on the client side. The recommendation is to double-check a couple of things: 1. Ensure that your onAPIError configuration (with throw set to true) is correctly integrated and that you’re not accidentally intercepting or reformatting errors later in your API stack [11].
2. If certain errors (like OAuth errors) do not pass through your onError hook because they’re handled internally, you might consider adding global error middleware on your server or normalizing the error response on the client side based on the error codes received [14]. In summary, while your configuration is correct for many errors, some error scenarios are designed to bypass these hooks for security and internal consistency reasons. You may need to handle those particular errors separately or add additional middleware at the API level. Sources: 12. Custom error page (errorURL in onAPIError) not used for all errors 11. Options | Better Auth 14. Client | Better Auth
GitHub
better-auth/better-auth
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
GitHub
Custom error page (errorURL in onAPIError) not used for all errors ...
Is this suited for github? Yes, this is suited for github To Reproduce This occurs with several issues, but this is one consistent way of doing it: Set a custom error page in Better Auth options Lo...
Options | Better Auth
Better Auth configuration options reference.
Ping
Ping2mo ago
I would recommend using hooks - https://www.better-auth.com/docs/concepts/hooks
Hooks | Better Auth
Better Auth Hooks let you customize BetterAuth's behavior

Did you find this page helpful?