BA
Better Auth2mo ago
Kaue

Setup for cross domains and local "cross ips" development?

Hey all! I have migrated my "supabase everything backend" to a hono+better-auth backend and I couldn't be happier! I have tried NextAuth/AuthJS and Lucia before but they all felt unreliable and poorly implemented. Better-auth as young as it is the best js auth solution I've ever used! The only problem I'm having is with cross domain auth... I have 2 situations that are not working: - Local development with cross ip: I run my backend and frontend on my computer and try to open my frontend on my phone through a local ip like "192.168.22.168:8081". - I have deploy previews configured on cloudflare pages, so when I open a PR it creates a preview url like branch-name.my-app.pages.dev (this is a cloudflare subdomain not on my custom domain, so its a cross-domain) On both situations I am able to make the sign in request (CORs is properly configured) but the session is not persisted (I think) so when I hit "/get-session" it returns NULL. Works fine when its the same domain (app.mydomain.com -> api.mydomain.com/auth) or when its localhost:xxxx -> localhost:yyyy Any ideas on why this happens and how I can set this up?
1 Reply
Kaue
KaueOP2mo ago
I tried following: https://www.better-auth.com/docs/concepts/cookies I have set sameDomain, secure and partitioned as instructed. Also tried adding the ip to trustedOrigins, but the session still returns null Here is the relevant part of the config: 
return betterAuth({
    // Explicitly trust our frontend origin so auth requests from the app are allowed
    trustedOrigins: [env.FRONTEND_URL, "http://192.168.15.98:8081", "*"],
    emailVerification: {
      autoSignInAfterVerification: true,
    },
    socialProviders: {
      google: {
        clientId: env.GOOGLE_CLIENT_ID,
        clientSecret: env.GOOGLE_CLIENT_SECRET,
      },
    },
    database: drizzleAdapter(db, {
      provider: "pg",
    }),
    advanced: {
      defaultCookieAttributes: {
        sameSite: "None",
        secure: true,
        partitioned: true,
      },
    },
return betterAuth({
    // Explicitly trust our frontend origin so auth requests from the app are allowed
    trustedOrigins: [env.FRONTEND_URL, "http://192.168.15.98:8081", "*"],
    emailVerification: {
      autoSignInAfterVerification: true,
    },
    socialProviders: {
      google: {
        clientId: env.GOOGLE_CLIENT_ID,
        clientSecret: env.GOOGLE_CLIENT_SECRET,
      },
    },
    database: drizzleAdapter(db, {
      provider: "pg",
    }),
    advanced: {
      defaultCookieAttributes: {
        sameSite: "None",
        secure: true,
        partitioned: true,
      },
    },
Cookies | Better Auth
Learn how cookies are used in Better Auth.

Did you find this page helpful?