Better Auth•2mo ago

Expo Android + Better Auth: 403 MISSING_OR_NULL_ORIGIN on sign-up/sign-in

I’m using Better Auth + Drizzle (Postgres) with Expo (Android emulator) for email/password auth against my local server. Setup: * Server:

  export const auth = betterAuth({
    plugins: [expo({ overrideOrigin: true })],
    database: drizzleAdapter(db, { provider: "pg" }),
    trustedOrigins: ["client://"],
    emailAndPassword: { enabled: true },
  });

  export const auth = betterAuth({
    plugins: [expo({ overrideOrigin: true })],
    database: drizzleAdapter(db, { provider: "pg" }),
    trustedOrigins: ["client://"],
    emailAndPassword: { enabled: true },
  });

.env →

  BETTER_AUTH_URL=http://localhost:8787
  CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,client://

  BETTER_AUTH_URL=http://localhost:8787
  CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,client://

* Client:

  export const authClient = createAuthClient({
    baseURL: "http://10.0.2.2:8787",
    plugins: [
      expoClient({ scheme: "client", storagePrefix: "client", storage: SecureStore }),
    ],
  });

  export const authClient = createAuthClient({
    baseURL: "http://10.0.2.2:8787",
    plugins: [
      expoClient({ scheme: "client", storagePrefix: "client", storage: SecureStore }),
    ],
  });

Error: {"code":"MISSING_OR_NULL_ORIGIN","message":"Missing or null Origin","status":403} What I’ve tried: * Added client:// to both trustedOrigins and CORS_ORIGINS. * Using expoClient (should inject custom origin). * Android uses 10.0.2.2. Question: What’s the correct way to configure CORS/origin for Better Auth + React Native (Expo)? Should client:// be in the CORS allow list, or should I bypass CORS in dev? Anything else needed for the server to accept the Expo client’s custom origin?

5 Replies

ManqoOP•2mo ago

Allright i have changed the schema to myapp. It seems that the origin is undefined for some reason: Headers: { method: 'POST', path: '/api/auth/sign-in/email', origin: undefined, expoOrigin: 'myapp://'

Anurag•2mo ago

Running into the same issue in the last couple of days. I know this used to work before.

jins•2mo ago

Same issue here too, past 5-6 it doesn't work

ManqoOP•4w ago

Were u able to fix this?

Hexi•4w ago

Yup Check out my post about this: https://discord.com/channels/1288403910284935179/1434148072409268274 Basically add:

app.use(async (c, next) => {
    const ExpoOrigin = c.req.header('expo-origin')
    if (ExpoOrigin) {
        c.req.raw.headers.set('origin', ExpoOrigin)
        await next()
    }
})

app.use(async (c, next) => {
    const ExpoOrigin = c.req.header('expo-origin')
    if (ExpoOrigin) {
        c.req.raw.headers.set('origin', ExpoOrigin)
        await next()
    }
})

Before the better auth configuration/registration

Gaming

Programming

Expo Android + Better Auth: 403 MISSING_OR_NULL_ORIGIN on sign-up/sign-in

Did you find this page helpful?