How can I make a "error middleware"?

Hi guys. So, I have the back-end config of better-auth and the front-end client.
The thing is, I need to format the errors of the better auth to normalize them to the default error pattern that my back-end provides, and for such, I needed some kind of error middleware of the better auth in the back-end.

I tried the following in the back-end config:

export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})

export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})

export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})

export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})

But still, in the FE, I get the original better auth error. It is like the function call on the FE just ignores that "onError" of the BE. What I expected is that every error would pass there and then get throw again to its final version on the FE

Better Auth•8/1/25, 8:14 AM

Hey there! I'm here to help you with Better Auth. Could you let me know what "help" you need? Here are some common topics our community often asks about:

• Installation & Setup – Make sure you export your auth instance correctly and configure your database as required [1].
• CLI Commands – Learn about generating and migrating your schema using our CLI (e.g., npx @better-auth/cli generate) [2].
• Configuration Options – From setting your secret to custom routes, there’s a range of options available [4].
• Plugin Ecosystem – Better Auth supports plugins for features like two-factor authentication, username normalization, and more [8], [15].

Feel free to ask for more details on any particular area, and I’ll be glad to dive in!

Sources:

bozoOP•8/1/25, 8:14 AM

@Better Auth Hi guys. So, I have the back-end config of better-auth and the front-end client.
The thing is, I need to format the errors of the better auth to normalize them to the default error pattern that my back-end provides, and for such, I needed some kind of error middleware of the better auth in the back-end.

I tried the following in the back-end config:

export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})

export const auth = betterAuth({
  onAPIError: {
    throw: true,
    onError(error, ctx) {
      console.error('Auth error:', error)
      // handleBetterAuthError(error)

      throw Exception.new({
        code: Code.UNAUTHORIZED_ERROR,
        overrideMessage: 'No sign in found.',
      })
    },
  },
  database: prismaAdapter(prisma, {
    provider: 'postgresql',
  }),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 128,
  },
  trustedOrigins: [env.APP_URL],
  baseURL: env.BETTER_AUTH_URL,
  socialProviders: {
    google: {
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
      redirectURI: env.GOOGLE_REDIRECT_URL,
      prompt: 'select_account',
    },
  },
})

Bbozo @Better Auth Hi guys. So, I have the back-end config of better-auth and the fron...

Better Auth•8/1/25, 8:14 AM

It looks like there are some scenarios where Better Auth’s internal error handling may bypass your custom onAPIError hook. In some cases—especially with errors that occur during internal flows such as OAuth state mismatches—the error is hardcoded to redirect to the default error page, ignoring your overridden behavior [12]. This means that even though you set throw to true and define your onError function, not every error passes through this middleware, which is why you still see the original error on the client side.

The recommendation is to double-check a couple of things:

Ensure that your onAPIError configuration (with throw set to true) is correctly integrated and that you’re not accidentally intercepting or reformatting errors later in your API stack [11].
If certain errors (like OAuth errors) do not pass through your onError hook because they’re handled internally, you might consider adding global error middleware on your server or normalizing the error response on the client side based on the error codes received [14].

In summary, while your configuration is correct for many errors, some error scenarios are designed to bypass these hooks for security and internal consistency reasons. You may need to handle those particular errors separately or add additional middleware at the API level.

Sources:

GitHub

better-auth/better-auth

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

GitHub

Custom error page (errorURL in onAPIError) not used for all errors ...

Is this suited for github? Yes, this is suited for github To Reproduce This occurs with several issues, but this is one consistent way of doing it: Set a custom error page in Better Auth options Lo...

Options | Better Auth

Better Auth configuration options reference.

Bbozo Hi guys. So, I have the back-end config of better-auth and the front-end client....

Ping•8/1/25, 10:03 AM

I would recommend using hooks - https://www.better-auth.com/docs/concepts/hooks

Hooks | Better Auth

Better Auth Hooks let you customize BetterAuth's behavior

export const auth = betterAuth({ onAPIError: { throw: true, onError(error, ctx) { console.error('Auth error:', error) // handleBetterAuthError(error) throw Exception.new({ code: Code.UNAUTHORIZED_ERROR, overrideMessage: 'No sign in found.', }) }, }, database: prismaAdapter(prisma, { provider: 'postgresql', }), emailAndPassword: { enabled: true, minPasswordLength: 8, maxPasswordLength: 128, }, trustedOrigins: [env.APP_URL], baseURL: env.BETTER_AUTH_URL, socialProviders: { google: { clientId: env.GOOGLE_CLIENT_ID, clientSecret: env.GOOGLE_CLIENT_SECRET, redirectURI: env.GOOGLE_REDIRECT_URL, prompt: 'select_account', }, }, })

How can I make a "error middleware"?

Similar Threads

Similar Threads

Similar Threads