sendChangeEmailConfirmation sends multiple verification emails when revisiting the confirmation link

Sandy · 2025-12-06T18:19:45.968Z

I’m not sure whether this is a bug or if my configuration is incorrect, but I’m seeing unexpected behavior when changing a user’s email. When I initiate an email change, Better Auth correctly sends the changeEmailConfirmation link to my current email. However, after I click that link, I receive a verification email at the new email address — which is expected. The issue is that if I click the changeEmailConfirmation link multiple times, Better Auth keeps sending additional verification emails to the new address. In other words, every time I revisit that confirmation URL, a new verification email is sent, even though the email change process should only require one verification. I would expect Better Auth to send the verification email only once, not every time the confirmation link is accessed.

S

SandyOP•12/6/25, 6:19 PM

My code:

S

SandyOP•12/6/25, 6:19 PM

...
export const auth = betterAuth({
  emailAndPassword: {
    enabled: true,
    requireEmailVerification: true,
    sendResetPassword: async ({ user, url }) => {
      void sendPasswordResetEmail(user.name, user.email, url);
    },
  },
  emailVerification: {
    autoSignInAfterVerification: true,
    sendOnSignUp: true,
    sendVerificationEmail: async ({ user, url }) => {
      void sendVerificationEmail(user.name, user.email, url);
    },
  },
  socialProviders: {
    google: {
      clientId: env.BETTER_AUTH_GOOGLE_ID,
      clientSecret: env.BETTER_AUTH_GOOGLE_SECRET,
    },
  },
  session: {
    cookieCache: {
      enabled: true,
      maxAge: 60 * 5, // 5 minutes
    },
  },
  user: {
    additionalFields: {
      balance: { type: "number", defaultValue: 0 },
      role: {
        type: "string",
        defaultValue: "STUDENT",
        validator: { input: z.enum(userRole.enumValues) },
      },
    },
    changeEmail: {
      enabled: true,
      sendChangeEmailConfirmation: async ({ user, url, newEmail }) => {
        void sendChangeEmailEmail(user.name, user.email, newEmail, url);
      },
    },
  },
  plugins: [
    nextCookies(),
    localization({
      defaultLocale: "es-ES",
    }),
  ],
  advanced: {
    cookiePrefix: "recursos",
  },
  database: drizzleAdapter(db, {
    provider: "pg",
  }),
  hooks: {
    after: createAuthMiddleware(async (ctx) => {
      if (ctx.path.startsWith("/sign-up")) {
        const user = ctx.context.newSession?.user ?? {
          name: ctx.body.name,
          email: ctx.body.email,
        };
        if (user) {
          await sendWelcomeEmail(user.name, user.email);
        }
      }
    }),
    before: createAuthMiddleware(async (ctx) => {
      if (ctx.path !== "/sign-up/email") {
        return;
      }
      if (!ctx.body?.email.endsWith("@sanignacio.edu.uy")) {
        throw new APIError("BAD_REQUEST", {
          message: "Email must end with @sanignacio.edu.uy",
        });
      }
    }),
  },
});

...
export const auth = betterAuth({
  emailAndPassword: {
    enabled: true,
    requireEmailVerification: true,
    sendResetPassword: async ({ user, url }) => {
      void sendPasswordResetEmail(user.name, user.email, url);
    },
  },
  emailVerification: {
    autoSignInAfterVerification: true,
    sendOnSignUp: true,
    sendVerificationEmail: async ({ user, url }) => {
      void sendVerificationEmail(user.name, user.email, url);
    },
  },
  socialProviders: {
    google: {
      clientId: env.BETTER_AUTH_GOOGLE_ID,
      clientSecret: env.BETTER_AUTH_GOOGLE_SECRET,
    },
  },
  session: {
    cookieCache: {
      enabled: true,
      maxAge: 60 * 5, // 5 minutes
    },
  },
  user: {
    additionalFields: {
      balance: { type: "number", defaultValue: 0 },
      role: {
        type: "string",
        defaultValue: "STUDENT",
        validator: { input: z.enum(userRole.enumValues) },
      },
    },
    changeEmail: {
      enabled: true,
      sendChangeEmailConfirmation: async ({ user, url, newEmail }) => {
        void sendChangeEmailEmail(user.name, user.email, newEmail, url);
      },
    },
  },
  plugins: [
    nextCookies(),
    localization({
      defaultLocale: "es-ES",
    }),
  ],
  advanced: {
    cookiePrefix: "recursos",
  },
  database: drizzleAdapter(db, {
    provider: "pg",
  }),
  hooks: {
    after: createAuthMiddleware(async (ctx) => {
      if (ctx.path.startsWith("/sign-up")) {
        const user = ctx.context.newSession?.user ?? {
          name: ctx.body.name,
          email: ctx.body.email,
        };
        if (user) {
          await sendWelcomeEmail(user.name, user.email);
        }
      }
    }),
    before: createAuthMiddleware(async (ctx) => {
      if (ctx.path !== "/sign-up/email") {
        return;
      }
      if (!ctx.body?.email.endsWith("@sanignacio.edu.uy")) {
        throw new APIError("BAD_REQUEST", {
          message: "Email must end with @sanignacio.edu.uy",
        });
      }
    }),
  },
});

...
export const auth = betterAuth({
  emailAndPassword: {
    enabled: true,
    requireEmailVerification: true,
    sendResetPassword: async ({ user, url }) => {
      void sendPasswordResetEmail(user.name, user.email, url);
    },
  },
  emailVerification: {
    autoSignInAfterVerification: true,
    sendOnSignUp: true,
    sendVerificationEmail: async ({ user, url }) => {
      void sendVerificationEmail(user.name, user.email, url);
    },
  },
  socialProviders: {
    google: {
      clientId: env.BETTER_AUTH_GOOGLE_ID,
      clientSecret: env.BETTER_AUTH_GOOGLE_SECRET,
    },
  },
  session: {
    cookieCache: {
      enabled: true,
      maxAge: 60 * 5, // 5 minutes
    },
  },
  user: {
    additionalFields: {
      balance: { type: "number", defaultValue: 0 },
      role: {
        type: "string",
        defaultValue: "STUDENT",
        validator: { input: z.enum(userRole.enumValues) },
      },
    },
    changeEmail: {
      enabled: true,
      sendChangeEmailConfirmation: async ({ user, url, newEmail }) => {
        void sendChangeEmailEmail(user.name, user.email, newEmail, url);
      },
    },
  },
  plugins: [
    nextCookies(),
    localization({
      defaultLocale: "es-ES",
    }),
  ],
  advanced: {
    cookiePrefix: "recursos",
  },
  database: drizzleAdapter(db, {
    provider: "pg",
  }),
  hooks: {
    after: createAuthMiddleware(async (ctx) => {
      if (ctx.path.startsWith("/sign-up")) {
        const user = ctx.context.newSession?.user ?? {
          name: ctx.body.name,
          email: ctx.body.email,
        };
        if (user) {
          await sendWelcomeEmail(user.name, user.email);
        }
      }
    }),
    before: createAuthMiddleware(async (ctx) => {
      if (ctx.path !== "/sign-up/email") {
        return;
      }
      if (!ctx.body?.email.endsWith("@sanignacio.edu.uy")) {
        throw new APIError("BAD_REQUEST", {
          message: "Email must end with @sanignacio.edu.uy",
        });
      }
    }),
  },
});

...
export const auth = betterAuth({
  emailAndPassword: {
    enabled: true,
    requireEmailVerification: true,
    sendResetPassword: async ({ user, url }) => {
      void sendPasswordResetEmail(user.name, user.email, url);
    },
  },
  emailVerification: {
    autoSignInAfterVerification: true,
    sendOnSignUp: true,
    sendVerificationEmail: async ({ user, url }) => {
      void sendVerificationEmail(user.name, user.email, url);
    },
  },
  socialProviders: {
    google: {
      clientId: env.BETTER_AUTH_GOOGLE_ID,
      clientSecret: env.BETTER_AUTH_GOOGLE_SECRET,
    },
  },
  session: {
    cookieCache: {
      enabled: true,
      maxAge: 60 * 5, // 5 minutes
    },
  },
  user: {
    additionalFields: {
      balance: { type: "number", defaultValue: 0 },
      role: {
        type: "string",
        defaultValue: "STUDENT",
        validator: { input: z.enum(userRole.enumValues) },
      },
    },
    changeEmail: {
      enabled: true,
      sendChangeEmailConfirmation: async ({ user, url, newEmail }) => {
        void sendChangeEmailEmail(user.name, user.email, newEmail, url);
      },
    },
  },
  plugins: [
    nextCookies(),
    localization({
      defaultLocale: "es-ES",
    }),
  ],
  advanced: {
    cookiePrefix: "recursos",
  },
  database: drizzleAdapter(db, {
    provider: "pg",
  }),
  hooks: {
    after: createAuthMiddleware(async (ctx) => {
      if (ctx.path.startsWith("/sign-up")) {
        const user = ctx.context.newSession?.user ?? {
          name: ctx.body.name,
          email: ctx.body.email,
        };
        if (user) {
          await sendWelcomeEmail(user.name, user.email);
        }
      }
    }),
    before: createAuthMiddleware(async (ctx) => {
      if (ctx.path !== "/sign-up/email") {
        return;
      }
      if (!ctx.body?.email.endsWith("@sanignacio.edu.uy")) {
        throw new APIError("BAD_REQUEST", {
          message: "Email must end with @sanignacio.edu.uy",
        });
      }
    }),
  },
});

sendChangeEmailConfirmation sends multiple verification emails when revisiting the confirmation link

Similar Threads

Similar Threads

Similar Threads