how to have protected social login (whitelisted emails)
My nextjs/prisma/better-auth app lets the app admin whitelist emails for who can register/login. The apps login page has google login via better-auth. Better-auth "Before hooks" can NOT know the email via
ctx.body.email so i cant use before hooks to check for whitelisted emails, and yet if i use after hooks the user is already created in the db. i could just delte the user from the db after getting their email, but ideally better-auth had hook for /sign-in/social after we know the EMAIL, but before the user is written to the DB.12 Replies
@bekacru any idea?
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
Hi @Liltripple_reid yes, i alrady do that on the client side. the question is about the server side, and the more i code this the more i have questions about how to do it in better-auth vs what i would previously do in next-auth, for example in next auth we have callbacks in the authOptions and i would use that to check the siginin to ensure the user was whitelisted. i just dont know how (yet) to do that in better-auth
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
hey @chris you should check out hooks as suggested. You can read the email from
ctx.body.email in before hook when the ctx.path matches /sign-in/social@bekacru trying this now, and i see there is no
ctx.body.email on social sign-in before hook, which makes sense because presumably we would not know the users email until they come back from the social provider, since this app is invite only, I would rather not let better-auth create the user in the DB, only for me to review the whitelisted emails, and then remove any user who is not whitelisted. Ideally there was some better-auth hook, for before a user is created in the db but after we know their email from social login, is there a hook for that or a solution that comes to mind?Database | Better Auth
Learn how to use a database with Better Auth.
I think if belacru's idea is working use a before hook on the db create for user and check that the email is in the whitelist
that way you can also do use the same for update so a user can only update an email that is whitelisted
hi @lonelyplanet @j_slno and @bekacru , no so far I have only been able to use an after hook and delete from the DB any user who is not whitelisted, again because
ctx.body.email is NOT and can not be present on a social login BEFORE hook, would really like some way to hook into better auth cycle AFTER we know the email from social login and BEFORE the user is created. any other ideas?yeah
ctx.body.email was incorrect suggestion. You should use database hooks instead.ah yes! DATABASE HOOKS sound exactly like what i need... sorry @j_slno you linked to the database docs with an anchor to
#before-hook which seems correct, but in discord, using chrome on mac, when I clicked your link to see what you were trying to suggest, i was taken to the TOP of the page at https://www.better-auth.com/docs/concepts/database and not to your anchored link, and I was not paying attention enough to know i should have scrolled way down the page. (safari this anchor works, but for some reason in chrome it does not). in any case i will try database hooks next. thank you @bekacru and @lonelyplanet for your help tooDatabase | Better Auth
Learn how to use a database with Better Auth.
glad it worked