BA
Better Auth3w ago
Nelson Sousa

Best practice to deal with a "child profile" / "kid profile"

Hi team, I was reading the account & organization sections, but I may need some guidance in order to fully understand the best concept to follow. Goal: - A user can sign up on app and invite their partner to join the family; - Both of them can create profiles for their kids; - Kids select their own profile on their parents phone, like selecting a Netflix profile. Questions: - Should the "family" concept be an organization? - How should we handle kid profiles? Should we create an own our own kids table connected to the "family" (which could be the organization)? Thank you for your help figuring this out!
14 Replies
jslno
jslno3w ago
I would recommend modeling a family as an organization (one organization per family). Within the organization, create roles like "parent" and "kid". This keeps things simple, avoids unnecessary tables for kids, and allows you to manage family membership, permissions, and limits in one place. For the part where kids need to select their own profile on a parent’s device, you can use the multi session plugin. This lets multiple users be logged in simultaneously on the same device, so each child can switch to their profile without affecting the parent’s session. (You'd need an endpoint to switch to the child's session without requiring credentials) Alternatively, you could create a kids table, like you've already stated, and store the currently active child in the session. This lets each child have their own profile without requiring a full login
Nelson Sousa
Nelson SousaOP3w ago
Got it. Using the organization to control both parents and kids means that a kid must be a user with auth, right? Maybe that's too complex vs having a child table? btw thanks for your feedback, really valuable 🙏
jslno
jslno3w ago
Yeah exactly. Both has it's pros and cons, but I would highly recommend treating a kid as a normal user
Nelson Sousa
Nelson SousaOP3w ago
But how can I create it as a normal user? Without an email or password
jslno
jslno3w ago
you can just pass a placeholder email. You'd need to create your own endpoint for creating a user without a password
Nelson Sousa
Nelson SousaOP3w ago
So the flow would be something like: - Parent actually sign ups; - Parent create a kid profile (internally I'll need to invoke a new endpoint that internally will create a kid's user with a random email; - Whenever the kid chooses their profile to enter the app, I am not sure how can I authenticate it? Or am I missing something here?
jslno
jslno3w ago
The kid would need to sign up using the parents account and then you'd need an endpoint that only changes the session to a parents/organizations kid.
Nelson Sousa
Nelson SousaOP3w ago
You'd need an endpoint to switch to the child's session without requiring credentials
This is what I need to do? 🤔 I am assuming the parent has the sign in done on their own device, the kid will just re-use parent's device Like netflix switching profiles kinda magic right now for me, not sure how that endpoint should do 😅
jslno
jslno3w ago
Instead of checking for credentials you check if the user is the parent of the kid. Then you basically only need to do this (https://github.com/better-auth/better-auth/blob/6aa0c1c10fe52e0ad775b01d20ef5e5b1c345d86/packages/better-auth/src/api/routes/sign-in.ts#L540C3-L560C5): 
const session = await ctx.context.internalAdapter.createSession(
            user.user.id,
            ctx,
            ctx.body.rememberMe === false,
        );

        if (!session) {
            ctx.context.logger.error("Failed to create session");
            throw new APIError("UNAUTHORIZED", {
                message: BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION,
            });
        }

        await setSessionCookie(
            ctx,
            {
                session,
                user: user.user,
            },
            ctx.body.rememberMe === false,
        );
const session = await ctx.context.internalAdapter.createSession(
            user.user.id,
            ctx,
            ctx.body.rememberMe === false,
        );

        if (!session) {
            ctx.context.logger.error("Failed to create session");
            throw new APIError("UNAUTHORIZED", {
                message: BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION,
            });
        }

        await setSessionCookie(
            ctx,
            {
                session,
                user: user.user,
            },
            ctx.body.rememberMe === false,
        );
GitHub
better-auth/packages/better-auth/src/api/routes/sign-in.ts at 6aa0c...
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
jslno
jslno3w ago
you still need to run deleteSessionCookie(ctx); before setSessionCookie https://github.com/better-auth/better-auth/blob/6aa0c1c10fe52e0ad775b01d20ef5e5b1c345d86/packages/better-auth/src/plugins/admin/admin.ts#L1109-L1148
GitHub
better-auth/packages/better-auth/src/plugins/admin/admin.ts at 6aa0...
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
jslno
jslno3w ago
its basically impersonating a user without expiry
Nelson Sousa
Nelson SousaOP3w ago
I see So just to be clear.. Your advice is to use organizations as family (with both parents connected to the same organization) Whenever a parent adds a kid, I'll need to actually create a new user in the DB using a random email and password and insert him into the organization as well To "login" as the kid, use the logic you just shared
jslno
jslno3w ago
Yeah but i would choose an email with a non existent tld and you actually dont need to create a password, just dont create a credentials provider. Yeah you may need to add an extra cookie like in admin.impersonateUser for switching back to the parents session.
Nelson Sousa
Nelson SousaOP3w ago
Hopefully the expo plugin handles all that as the browser API 😅 Thanks for your feedback @jslno , I am yet to understand how all this should work but your help was definitely super helpful!

Did you find this page helpful?