Can I expose `account_id` to the user?

I'm using better-auth's default id generator, so I assume there's no sensitive data being leaked.

Context: in my app users may have multiple accounts. I plan on having client requests include

account_id

account_id

account_id

account_id which I'll then pass to

getAccessToken

getAccessToken

getAccessToken

getAccessToken to get the correct account accessToken https://www.better-auth.com/docs/concepts/oauth#get-access-token
I will, of course, also pass the

userId

userId

userId

userId obtained from the session.

AlexErrantOP•11/23/25, 5:50 PM

derp. From the docs:
"[accountId is] The ID of the account as provided by the SSO or equal to userId for credential accounts"
https://www.better-auth.com/docs/concepts/database#account

Database | Better Auth

Learn how to use a database with Better Auth.

AlexErrantOP•11/23/25, 5:51 PM

in my case, it's the subsub claim on the google idToken JWT... so yeah the user can know it

Can I expose `account_id` to the user?

Similar Threads

Similar Threads

Similar Threads