Proxied Google OAuth no longer setting cookies
Hello! I'm using TanStack React Start v1.132.34 and BetterAuth v1.3.26. I'm using Google OAuth with the OAuth proxy plugin to allow sign in on preview deploys hosted on a different domain from the prod site (deploy-preview--xyz.netlify.app vs main.site.com). This flow was working previously in BetterAuth v1.2.10, but after updating it seems to be have broken.
Whenever I call
getSession or useSession, I only get null if the request was proxied (so only the only working domain is the BETTER_AUTH_URL ). I've stepped through the requests in dev tools and found that the 302 response for oauth-proxy-callback does contain the set-cookie header with the expected values (__Secure-better-auth.state and __Secure-better-auth.session_token), but on the preview deploys the next request for get-session doesn't use it (its cookie header is set to only "__Secure-better-auth.state="). On the main site, this fetch does include the __Secure-better-auth.session_token, which returns the session properly.
I've tried updating the cookie attribues to sameSite none and secure: true, which I see reflected in the oauth proxy request, but it doesn't seem to help. Have there been any other changes to cookies, OAuth, or proxying that could have broken this? Thanks!2 Replies
I do see
__Secure-better-auth.state set in the storage on the preview deploy, but it's empty. The main site has __Secure-better-auth.session_token and __Secure-better-auth.session_data set as expected, and __Secure-better-auth.state is also empty (so maybe that's expected)I managed to get this fixed! This post on GitHub got me most of the way there. I'm not sure why, but somehow my login flow always results in
ctx._flag === "router" being true, which triggered the early return. Removing that check restored the previous login behaviorGitHub
Cookie cache not updated from auth.api.getSession (Tanstack-Start) ...
Is this suited for github? Yes, this is suited for github To Reproduce I see session_data cookie set after sign-in, but after it expires, subsequent successful calls of auth.api.getSession in serve...