"/api/auth/*" rule fails on express ^5.0.0
Express changed their handling of wildcards in 5.0.0. This results in the * to do something else than intended by better auth. Maybe you could add a note in the docs or add the correct way of handling new express versions
Better-auth cannot be set up using pg Pool and postgres
It seems somewhere in the code there's hardcoded user relation when trying to set up:
database: new Pool({
connectionString: process.env.DATABASE_URL,
}),
tables: {...
Getting a 404 on useSession and unable to use Svelte Store
Hi there,
When making a request to: api/auth/use-session I am recieving a 404. This is made to a
Honojs backend.
Then on the Svelte side when I try use the store or value from the useSession method it is saying it is not a store.
...
getSession returning null in dev mode
I am suddenly unable to login to my app when running it in dev mode as getSession returns null. This issue does not occur in production. And it is a new behavior, although I can't pinpoint what is leading to it. Below is my network calls.
//network calls
//headers...
Solution:
This wasn't a bug but rather my use of secure cookies and cross-domain cookies in both development & production environments. I have disabled these in dev mode and now able to sign-in.
[TypeError] Invalid URL
I have this client code:
```
import { createAuthClient } from "better-auth/react";
export const { signIn, signUp, useSession, sendVerificationEmail } = createAuthClient();...
Solution:
Typescript error on plugin schema reference field
When creating plugin for table schema, and adding reference to another table (e.g.
user) I get TS error that instaed of reference it should be references
```
Object literal may only specify known properties, but 'reference' does not exist in type 'FieldAttribute<FieldType>'. Did you mean to write 'references'?ts(2561)
auth-C42JqOR9.d.ts(1893, 17): The expected type comes from property 'userId' which is declared here on type '{ [x: string]: FieldAttribute<FieldType>; }'...Expo Better Auth breaking with any client plugin "better-auth/client/plugins"
I narrowed down the issue to "better-auth/client/plugins", using any client plugin on expo breaks the app and figured out "jose" was the issue
Here's a very basic repo with better auth which has the issue: https://github.com/abhay-ramesh/authTest
❗Someone help me out
...
Organization Plugin: Empty invitation handling
After implementing organization invitation in my project, I discovered that I can send an empty email in the
organization.inviteMember And the function would work correctly.
Example of the bug:
- User sends an invitation to the organization for an empty string email ""
- The function takes it normally without throwing an error and stores it in database with email = ""...Expo: TypeError: Cannot read property 'subtle' of undefined
I updated the Expo client library and want to implement the magic link plugin, but when I try to use this plugin I'm receiving:
How could I fix it?...
TypeError: Cannot read property 'subtle' of undefined
TypeError: Cannot read property 'subtle' of undefined
Documentation is missing userId
The documentation for the Two-Factor database schema is missing the userId in the twoFactor table:
https://www.better-auth.com/docs/plugins/2fa#schema...
1.1.19 breaks expo client
It has something to do with module imports, (can't resolve
hex random createHash) i tried this but did not helped.
```javascript
"better-auth/react": "../../node_modules/better-auth/dist/react.js",
"better-auth/client/plugins": "../../node_modules/better-auth/dist/client/plugins.js",...Manually verifying magic link token throws unexpected invalid_type
In my Expo mobile app, I'm trying to verify the magic link token manually as described here.
But when I try to call the verify method with my token, I receive the following error:
```{"code": "__CODE_INVALID_TYPEEXPECTED_STRINGRECEIVED_UNDEFINEDPATH___TOKEN__MESSAGE_REQUIRED__", "details": [{"code": "invalid_type", "expected": "string", "message": "Required", "path": [Array], "received": "undefined"}], "message": "[
{
"code": "invalid_type",...
bun: Couldn't read your auth config in auth.ts
[Better Auth]: [#better-auth]: Couldn't read your auth config in auth.ts. Make sure to default export your auth instance or to export as a variable named auth.
Session stealing?
Not sure if this is actually a bug. But try opening better auth in two windows (one in normal, one in incognito). Doing a few refreshses etc - And suddenly user 1 will become user 2?
The browsers are totally seperated?
Running newest stable version of better-auth. Tried this also on a public facing one and the same happend....
Unable to generate cookie in "after" hooks for sign-in because un-authorized
I am trying to generate a JWT on sign in (although ideally I would need to update the JWT whenever the session changes), and when I do...
```ts
if (ctx.path === '/sign-in/email') {
if (ctx.request) {...
userinfo_endpoint key in openid-configuration has incorrect capatlisation.
The property has incorrect capitalisation. The key should be in all lowercase as specified in the OIDC spec.
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
Code: ...
Running SvelteKit on Cloudflare workers I am getting this error
[Better Auth]:\u001b[0m INTERNAL_SERVER_ERROR
Error: Cannot perform I/O on behalf of a different request. I/O objects (such as streams, request/response bodies, and others) created in the context of one request handler cannot be accessed from a different request's handler. This is a limitation of Cloudflare Workers which allows us to improve overall performance. (I/O type: Writable)
[Better Auth]:\u001b[0m INTERNAL_SERVER_ERROR
Error: Cannot perform I/O on behalf of a different request. I/O objects (such as streams, request/response bodies, and others) created in the context of one request handler cannot be accessed from a different request's handler. This is a limitation of Cloudflare Workers which allows us to improve overall performance. (I/O type: Writable)
Change email: the second verification email (to the new email) does not redirect
When changing email:
1. First verification email is sent to current email
2. Clicking on the link redirects correctly to the defined callbackUrl, also triggers sending second verification email
3. Second verification email is sent to new email
4. Clicking on the link returns a json instead of redirecting...
openid-configuration - Missing content-type header
It looks like the ’.well-known/openid-configuration’ endpoint is missing its content-type header of value application/json