Anyway to access admin API from server?
I seem to be getting a 401 error on calling my auth API endpoints from my server
await auth.api.listUsers({
query: {
limit: 10,...
API Organisation Types
Hi,
In the documentation, it only mentions using the authClient to interact with organizations, but I have a need to manage them from the backend. So I tried to see if something like auth.api.organization existed, but couldn't find any trace of it.
Could you point me in the right direction?...
global onSuccess question
Hi guys, first of all - thanks for the great library!
I'm just following the documentation, and maybe missing something here:
```export const { signIn, useSession, token} = createAuthClient({...
Solution:
yeah global on sucess has some issues caues there is another one applied by the library by default. Will be fixed soon but use
onResponse instead for the time beingSuper Admin role creation assistance
Hello Team,
I am looking into creating a role based access control system within my app, I would like to have SUPERADMIN, ADMIN, USER level roles and wanted to see how i can add a new role and make use of this system.
auth-client.ts...
User as an organization
I would like to do the sign up, whenever someone sign-up to the app, i create an organization for that user, and the user can invite employees, but i would like to assign the subscription for the organization, not the user.
So basically the flow is, on sign-up, i take the organization data, and some of the user data, and create an organization and add the user to that organization.
Is it possible now with better auth, or only the user can have a subscription? ...
Cookies amongst multiple tenants, subdomains, and custom domains for a SaaS
Hey folks, I'm working on what is ultimately Squarespace for a niche, where users will get a unique subdomain, and can also add their own custom domain (so we have
mycoolapp.com where i'll be serving the marketing, john.mycoolapp.com, and maryscoolapp.com).
Looking for guidance on how to get it working with BetterAuth; my stack is SvelteKit, with Postgres + Drizzle (using the direct Postgres connector, though), with Directus as the CMS for end users. Currently I'm having an issue where the cookies are being set on the TLD and not working on the subdomains.
I'm aware that there's an organisation plugin, but that doesn't look to have anything specific to sharing cookies between sites....How do you let the user choose which Google account to use when using social sign-in?
Currently, when I click "Sign in with Google" it just logs in to the last account I used. Is there a way to have me choose which account to use via a pop-up window?
How do I implement authentication for tenant's clients with better-auth ?
I have an b2b2c app based on vercel's platform starter with an basic auth implementation for tenants..however I am not sure how should I implement auth for tenants clients...any guide or resources would be reaally helpful ..
I am sharing the example repo below ...
https://github.com/ra-kesh/stayin-platform...
Oauth in GoogleAddon
We are using better auth for a web app and a google addon so in web app we can use cookie based oauth login but in addon we can't, so we were trying to use bearer plugin but we are not able to get the 'set-auth-token' on onSuccess handler, i have tried onResponse handler also.
Also i don't know if bearer plugin is good fit for the google addon because it also sets the cookie.
What can we do in this case?...
Solution:
so when you use social logins we can't set cookies cause it returns back to your back with redirect headers. What you should do is issue send the token as a part of redirect url
```ts
export const auth = betterAuth({
hooks: {
after: createAuthMiddleware(async(ctx)=>{...
Update email of existing user entry that was created initially by verifyPhoneNumber API
I have an existing session already and I want that after I verify the email via magicLinkVerify API, the email of that user is updated rather than a new user being created altogether. Is that possible?
I was only able to "merge" users when I first created a user with magicLinkVerify API AND THEN verifyPhoneNumber API to which the same existing user is updated (see second screenshot)...
App infinitely reloading and not sure why.
In my Astro app i am using a simple middleware following the example in the docs and for some reason when i am on my root page it infinitely reloads the page, the issue seems to be happening when calling: ...
const isAuthed = await auth.api.getSession({
headers: context.request.headers,
});
const isAuthed = await auth.api.getSession({
headers: context.request.headers,
});
Solution:
I am was able to figure this out, when we try and auth a request we send it to
/api/auth/* to get the session however the middleware will run on this meaning we will end up in an infinite loop due to it calling itself over and over again, not a problem on certain pages but possibly on others. my reworked middleware.ts
```ts
import { auth } from "@/lib/server/auth";
import { defineMiddleware } from "astro:middleware";
...Client-side user impersonation in Better-Auth with OpenAPI-TS: Why does it fail?
Hi everyone, I need a hand implementing a method for updating a user's data from another user with elevated permissions.
I could get my hands a little dirty creating my own endpoint or service to do this, but I think the tool will have a better way to do it.
I'm currently creating a basic dashboard to get an idea of how to use the tool built with React Router 7 (REMIX.js)....
Validate invalid token on reset password
If i sendResetPassword url and click it - token is validating and if is valid redirect to provided url if not returning query params with error. It's ok.
But what if i enter to to reset password page and I provide bad token manualy? I don't know if my token is valid or not? How can i check it?
I think checking in client.resetPassword({newPassword, token}) is too late....
Better auth does not work on NextJS
Hi guys, im trying to add Better Auth to my empty nextjs project but it does not work. I copied the demo project and it does work there, i copied every auth related file but i still cant get it to work in my project. im trying to check the session on a server component like this but the session is always null. I have not added a database as i dont need one, im logging in using my google account. I keep getting redirected to /sign-in and the console shows this error:
```bash
2025-04-20T19:46:49.619Z WARN [Better Auth]: No database configuration provided. Using memory adapter in development
[Error [APIError]: ] {...
Stripe plugin triggers multiple create customer events in Stripe
I have 2 different buttons to subscription.upgrade in my app. After user is registered customer is created in stripe according to createCustomerOnSignUp: true, in plugin config. But when I navigate to one of my 'Subscribe' buttons and click on it -> subscription.upgrade just creates new user in stripe instead of triggering checkout session:
```sh
2025-04-20 14:38:59 --> customer.created [evt_1RG3hf4FS9Rcg327BHPwlIez]
2025-04-20 14:38:59 <-- [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3hf4FS9Rcg327BHPwlIez]...
Issue with Better-Auth Email Verification
Hey everyone,
I'm having an issue with email verification in better-auth. When a user changes their email:
The email address gets updated correctly in the database
BUT the verification email is not being sent...
Organizations: remove activeOrganization possible?
Hey there, is there a way to remove the activeOrganization so users could decide to be in a active Organization?
For my example i'm using the Organization Plugin to have personal and organization workspaces. But my problem is it sets a activeOrgId when I'm joined into a minimum of one organization so users aren't able to "escape" the organization workspace....
Solution:
you can set it null
Cookies not saved in production
I have a node/express backend and a vite react frontend. They are on different urls:
Backend: http://my-backend.vercel.app/
auth.ts looks like this:...
clearing 2FA cookie on logout
Hi guys, I’m using Better-Auth with TOTP-based 2FA and had a question about the better-auth.two_factor cookie behavior.
I’ve noticed that after a user successfully verifies their TOTP code, the better-auth.two_factor cookie remains present in the browser — even after a full session is created. Similarly, it doesn’t appear to be cleared when the user logs out.
This leads to a UX issue where, after logout, my middleware sees the cookie still present (but no session), and incorrectly redirects users back to /verify-2fa instead of letting them hit /....
See what provider made the session
Is there a way to see what provider triggered the session creation? I need to restrict some stuff based on which provider you used to log on due to business restrictions.
Or do you have any tips for a workaround....