Better Auth•2d ago

Expo Android + Better Auth: 403 MISSING_OR_NULL_ORIGIN on sign-up/sign-in

I’m using Better Auth + Drizzle (Postgres) with Expo (Android emulator) for email/password auth against my local server. Setup: * Server:

  export const auth = betterAuth({
    plugins: [expo({ overrideOrigin: true })],
    database: drizzleAdapter(db, { provider: "pg" }),
    trustedOrigins: ["client://"],
    emailAndPassword: { enabled: true },
  });

  export const auth = betterAuth({
    plugins: [expo({ overrideOrigin: true })],
    database: drizzleAdapter(db, { provider: "pg" }),
    trustedOrigins: ["client://"],
    emailAndPassword: { enabled: true },
  });

.env →

  BETTER_AUTH_URL=http://localhost:8787
  CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,client://

  BETTER_AUTH_URL=http://localhost:8787
  CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,client://

* Client:

  export const authClient = createAuthClient({
    baseURL: "http://10.0.2.2:8787",
    plugins: [
      expoClient({ scheme: "client", storagePrefix: "client", storage: SecureStore }),
    ],
  });

  export const authClient = createAuthClient({
    baseURL: "http://10.0.2.2:8787",
    plugins: [
      expoClient({ scheme: "client", storagePrefix: "client", storage: SecureStore }),
    ],
  });

Error: {"code":"MISSING_OR_NULL_ORIGIN","message":"Missing or null Origin","status":403} What I’ve tried: * Added client:// to both trustedOrigins and CORS_ORIGINS. * Using expoClient (should inject custom origin). * Android uses 10.0.2.2. Question: What’s the correct way to configure CORS/origin for Better Auth + React Native (Expo)? Should client:// be in the CORS allow list, or should I bypass CORS in dev? Anything else needed for the server to accept the Expo client’s custom origin?

2 Replies

ManqoOP•2d ago

Allright i have changed the schema to myapp. It seems that the origin is undefined for some reason: Headers: { method: 'POST', path: '/api/auth/sign-in/email', origin: undefined, expoOrigin: 'myapp://'

Anurag•8h ago

Running into the same issue in the last couple of days. I know this used to work before.

Gaming

Programming

Expo Android + Better Auth: 403 MISSING_OR_NULL_ORIGIN on sign-up/sign-in

Did you find this page helpful?