BA
Better Auth3mo ago
highzenburger

JWT and avoid cookies

Hi All, I've got multiple projects pointing to different domains (vs hosted) for the backend and I'd like to use JWT For auth. I have enabled both JWT and Bearer plugins. However, it still tries to go through the cookie route when trying to getSession via 
try {
        const session = await auth.api.getSession({
            headers: fromNodeHeaders(req.headers),
        });

        if (!session || !session.user || !session.session) {
            throw new UnauthorizedError();
        }

        req.user = session.user as User;
        req.session = session.session as Session;

        next();
    } catch (err) {
        return next(err);
    }
try {
        const session = await auth.api.getSession({
            headers: fromNodeHeaders(req.headers),
        });

        if (!session || !session.user || !session.session) {
            throw new UnauthorizedError();
        }

        req.user = session.user as User;
        req.session = session.session as Session;

        next();
    } catch (err) {
        return next(err);
    }
I'd like better-auth to validate the token if possible but it looks like I have to use a 3rd party or create one correct?
2 Replies
khald0r
khald0r2w ago
Hi, going to answer this in case someone else is facing the same issue. Better auth doesn't support jwt for authentication. The plugin is meant for external services, but it still relies on better-auth to get the jwt using the session token. It seems like better auth team are prioritizing this feature: https://github.com/better-auth/better-auth/issues/4978
GitHub
Support for stateless authentication without a database · Issue #4...
Is this suited for github? Yes, this is suited for github Is your feature request related to a problem? Please describe. Currently, according to the documentation (https://www.better-auth.com/docs/...
sebastian
sebastian2w ago
isn't the bearer plugin is what you're looking for? in the documenation it's stated that it can be used as an alternative to cookies https://www.better-auth.com/docs/plugins/bearer
Bearer Token Authentication | Better Auth
Authenticate API requests using Bearer tokens instead of browser cookies

Did you find this page helpful?