Better Auth•5h ago

username plugin: password.verify not being called?

import { betterAuth } from 'better-auth'
import { genericOAuth, username } from 'better-auth/plugins'
import { nextCookies } from "better-auth/next-js";

// Database adapter
import { prismaAdapter } from "better-auth/adapters/prisma";
import { PrismaService } from '@/core/services/server/prisma'
import { hashPass, isSamePass, isSamePassword } from '@/core/utils/auth'

export const auth = betterAuth({
  database: prismaAdapter(PrismaService, {
    provider: 'sqlite',
  }),
  user: {
    additionalFields: {
      // ...
    },
  },
  emailAndPassword: {
    enabled: true,
    password: {
      hash: hashPass,
      verify: (data) => {
        console.error("NOT PRINTING")
        return isSamePass(data.password, data.hash)
      },
    },
  },
  socialProviders: {
    google: {
      // ...
    },
  },
  plugins: [
    genericOAuth({
      config: [
        // ....
      ],
    }),
    username(),
    nextCookies(),
  ],
})

export type Session = typeof auth.$Infer.Session

import { betterAuth } from 'better-auth'
import { genericOAuth, username } from 'better-auth/plugins'
import { nextCookies } from "better-auth/next-js";

// Database adapter
import { prismaAdapter } from "better-auth/adapters/prisma";
import { PrismaService } from '@/core/services/server/prisma'
import { hashPass, isSamePass, isSamePassword } from '@/core/utils/auth'

export const auth = betterAuth({
  database: prismaAdapter(PrismaService, {
    provider: 'sqlite',
  }),
  user: {
    additionalFields: {
      // ...
    },
  },
  emailAndPassword: {
    enabled: true,
    password: {
      hash: hashPass,
      verify: (data) => {
        console.error("NOT PRINTING")
        return isSamePass(data.password, data.hash)
      },
    },
  },
  socialProviders: {
    google: {
      // ...
    },
  },
  plugins: [
    genericOAuth({
      config: [
        // ....
      ],
    }),
    username(),
    nextCookies(),
  ],
})

export type Session = typeof auth.$Infer.Session

This is my code. When doing a POST request to http://localhost:3000/api/auth/sign-in/username with: {username:"teste",password:"teste123",rememberMe:true} It returns: {"code":"INVALID_USERNAME_OR_PASSWORD","message":"Invalid username or password"}

signIn.username(
      {...credentials, rememberMe: true },
// ...
);

signIn.username(
      {...credentials, rememberMe: true },
// ...
);

And the hash function is never called. (No print occurs in the logs). 401 is thrown. I am using bcrypt that's why I replaced the verify and hash function.

Solution:

The issue was with providerId in next-auth being credentials and not credential

Jump to solution

8 Replies

Picono435OP•4h ago

Under the hood isSamePass and hashPass do:

emailAndPassword: {
    enabled: true,
    password: {
      hash: async (password) => {
        return await bcrypt.hash(password, 10);
      },
      verify: async ({ hash, password }) => {
        console.log("TESTEEEEEEEEEE")
        return await bcrypt.compare(password, hash);
      }
    },
  },

emailAndPassword: {
    enabled: true,
    password: {
      hash: async (password) => {
        return await bcrypt.hash(password, 10);
      },
      verify: async ({ hash, password }) => {
        console.log("TESTEEEEEEEEEE")
        return await bcrypt.compare(password, hash);
      }
    },
  },

Ping•4h ago

no we do call the verify function. There are many reasons why you can get the INVALID_USERNAME_OR_PASSWORD error. It could be that you don't have a user or an account attached to the req, or if the account isn't credential, amoung other possible reasons

Picono435OP•4h ago

Thank you for the information. When the user is not found it throws that in the log so that could not be the case. Any way I can identify the exact reason?

povicta•4h ago

@Picono435 This might be a simple question, but have you created the schema in the SQLite database?

Picono435OP•4h ago

Yes I was migrating from next-auth v4 When there were schema issues it would throw an error in the logs not doing it now

povicta•3h ago

The first thing that comes to my mind is that if this isn't triggered: console.error(“NOT PRINTING”) means that it couldn't find the user directly before reaching this stage. Could you examine the database using the SQLite Viewer from the Vs Code extensions or using Prisma studio?

Picono435OP•3h ago

It does find the user. Otherwise it would send the 2025-10-27T14:04:21.683Z ERROR [Better Auth]: User not found { username: 'teste' } which it doesnt But double checked with prisma studio and its ther

Solution

Picono435•3h ago

The issue was with providerId in next-auth being credentials and not credential

Gaming

Programming

username plugin: password.verify not being called?

Did you find this page helpful?