Isthiyaaq
Isthiyaaq
PostsComments
BABetter Auth
Created by Isthiyaaq on 4/24/2025 in #help
Better Auth Not Respecting OIDC Discovery Document Endpoints with IdentityServer4
Problem Description When implementing OAuth 2.0/OpenID Connect with IdentityServer4, Better Auth is not using the endpoints from the discovery document despite proper configuration. Instead, it's trying to use its own API structure (/api/auth/sign-in/oauth2). Current Implementation 1. Server Configuration (server.ts): 
export const auth = betterAuth({
  plugins: [
    genericOAuth({
      config: [{
        providerId: "ids4",
        authorizationUrl: 'https://example.egov.mv/connect/authorize',
        tokenUrl: 'https://example.egov.mv/connect/token',
        userInfoUrl: 'https://example.egov.mv/connect/userinfo',
        clientId: 'your-client-id',
        clientSecret: "",
        pkce: true,
        scopes: ["openid", "profile", "offline_access"],
        redirectURI: 'com.example.app://oauth',
        responseType: 'code',
      }]
    }),
    expo(),
  ],
  trustedOrigins: ["com.example.app://"],
});
export const auth = betterAuth({
  plugins: [
    genericOAuth({
      config: [{
        providerId: "ids4",
        authorizationUrl: 'https://example.egov.mv/connect/authorize',
        tokenUrl: 'https://example.egov.mv/connect/token',
        userInfoUrl: 'https://example.egov.mv/connect/userinfo',
        clientId: 'your-client-id',
        clientSecret: "",
        pkce: true,
        scopes: ["openid", "profile", "offline_access"],
        redirectURI: 'com.example.app://oauth',
        responseType: 'code',
      }]
    }),
    expo(),
  ],
  trustedOrigins: ["com.example.app://"],
});
2. Client Configuration (client.ts): 
export const authClient = createAuthClient({
  baseURL: 'https://example.egov.mv',
  plugins: [
    genericOAuthClient(),
    expoClient({
      scheme: 'com.example.app',
      storagePrefix: "auth_token_storage",
      storage: mmkvStorage,
    }),
  ]
});
export const authClient = createAuthClient({
  baseURL: 'https://example.egov.mv',
  plugins: [
    genericOAuthClient(),
    expoClient({
      scheme: 'com.example.app',
      storagePrefix: "auth_token_storage",
      storage: mmkvStorage,
    }),
  ]
});
3. API Route Handler ([...auth]+api.ts): 
import { auth } from "@/auth/server";
const handler = auth.handler;
export { handler as GET, handler as POST };
import { auth } from "@/auth/server";
const handler = auth.handler;
export { handler as GET, handler as POST };
Expected Behavior - Better Auth should use the configured OIDC endpoints from the server configuration - Authentication flow should follow the standard OAuth 2.0/OpenID Connect protocol with IdentityServer4 Actual Behavior - Better Auth is ignoring the configured endpoints - Attempting to use its own API structure (/api/auth/sign-in/oauth2) - Results in "Request Rejected" errors when trying to authenticate #help
4 replies