8 replies

Expo Android + Better Auth: 403 MISSING_OR_NULL_ORIGIN on sign-up/sign-in

I’m using Better Auth + Drizzle (Postgres) with Expo (Android emulator) for email/password auth against my local server.

Setup:

* Server:

  export const auth = betterAuth({
    plugins: [expo({ overrideOrigin: true })],
    database: drizzleAdapter(db, { provider: "pg" }),
    trustedOrigins: ["client://"],
    emailAndPassword: { enabled: true },
  });

  export const auth = betterAuth({
    plugins: [expo({ overrideOrigin: true })],
    database: drizzleAdapter(db, { provider: "pg" }),
    trustedOrigins: ["client://"],
    emailAndPassword: { enabled: true },
  });

.env

.env

→

  BETTER_AUTH_URL=http://localhost:8787
  CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,client://

  BETTER_AUTH_URL=http://localhost:8787
  CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,client://

* Client:

  export const authClient = createAuthClient({
    baseURL: "http://10.0.2.2:8787",
    plugins: [
      expoClient({ scheme: "client", storagePrefix: "client", storage: SecureStore }),
    ],
  });

  export const authClient = createAuthClient({
    baseURL: "http://10.0.2.2:8787",
    plugins: [
      expoClient({ scheme: "client", storagePrefix: "client", storage: SecureStore }),
    ],
  });

Error:

{"code":"MISSING_OR_NULL_ORIGIN","message":"Missing or null Origin","status":403}

{"code":"MISSING_OR_NULL_ORIGIN","message":"Missing or null Origin","status":403}

What I’ve tried:

* Added

client://

client://

to both

trustedOrigins

trustedOrigins

and

CORS_ORIGINS

CORS_ORIGINS

.
* Using

expoClient

expoClient

(should inject custom origin).
* Android uses

10.0.2.2

10.0.2.2

.

Question:
What’s the correct way to configure CORS/origin for Better Auth + React Native (Expo)?
Should

client://

client://

be in the CORS allow list, or should I bypass CORS in dev?
Anything else needed for the server to accept the Expo client’s custom origin?

Expo Android + Better Auth: 403 MISSING_OR_NULL_ORIGIN on sign-up/sign-in

I’m using Better Auth + Drizzle (Postgres) with Expo (Android emulator) for email/password auth against my local server.

Setup:

* Server:

  export const auth = betterAuth({
    plugins: [expo({ overrideOrigin: true })],
    database: drizzleAdapter(db, { provider: "pg" }),
    trustedOrigins: ["client://"],
    emailAndPassword: { enabled: true },
  });

  export const auth = betterAuth({
    plugins: [expo({ overrideOrigin: true })],
    database: drizzleAdapter(db, { provider: "pg" }),
    trustedOrigins: ["client://"],
    emailAndPassword: { enabled: true },
  });

.env

.env

→

  BETTER_AUTH_URL=http://localhost:8787
  CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,client://

  BETTER_AUTH_URL=http://localhost:8787
  CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,client://

* Client:

  export const authClient = createAuthClient({
    baseURL: "http://10.0.2.2:8787",
    plugins: [
      expoClient({ scheme: "client", storagePrefix: "client", storage: SecureStore }),
    ],
  });

  export const authClient = createAuthClient({
    baseURL: "http://10.0.2.2:8787",
    plugins: [
      expoClient({ scheme: "client", storagePrefix: "client", storage: SecureStore }),
    ],
  });

Error:

{"code":"MISSING_OR_NULL_ORIGIN","message":"Missing or null Origin","status":403}

{"code":"MISSING_OR_NULL_ORIGIN","message":"Missing or null Origin","status":403}

What I’ve tried:

* Added

client://

client://

to both

trustedOrigins

trustedOrigins

and

CORS_ORIGINS

CORS_ORIGINS

.
* Using

expoClient

expoClient

(should inject custom origin).
* Android uses

10.0.2.2

10.0.2.2

.

Question:
What’s the correct way to configure CORS/origin for Better Auth + React Native (Expo)?
Should

client://

client://

be in the CORS allow list, or should I bypass CORS in dev?
Anything else needed for the server to accept the Expo client’s custom origin?

Expo Android + Better Auth: 403 MISSING_OR_NULL_ORIGIN on sign-up/sign-in

Similar Threads

Expo Android + Better Auth: 403 MISSING_OR_NULL_ORIGIN on sign-up/sign-in

Similar Threads

Similar Threads

Similar Threads