get Open Invites for user ?
Is there a api / way to get all open invites for a user to display to them when they log in ?
24 Replies
There is no current way to get a list of invites according to the documentation AFAIK, But you could use a custom plugin to create that endpoint see: https://www.better-auth.com/docs/concepts/plugins#creating-a-plugin
The way the invites work is you are sending basically a invite id that anyone using your auth can use to join that organization, see here for more detail
The only downside is an invite is sent to an email rather than a user, that means that there is no users.invitations. Your endpoint could be a endpoint that fetches the invites based on email (get-invitations-by-email) but then what if the user doesn't signup with email and instead a phone number.
Plugins | Better Auth
Learn how to use plugins with Better Auth.
Organization | Better Auth
The organization plugin allows you to manage your organization's members and teams.
does a person need to be logged in to accept the invite ?
They would
"Make sure to call the acceptInvitation function after the user is logged in." - https://www.better-auth.com/docs/plugins/organization#accept-invitation
Organization | Better Auth
The organization plugin allows you to manage your organization's members and teams.
I recommend having a read of the documentation
thanks !
i was just trying to see how the flow normaly works.
Its a little annoying for that use case but you could write a plugin to have the query invitations by email endpoint and only allow the email that can be passed is if the current user has verified that email but again only works if an email is your authentication process but wont for phone numbers.
or another option is rather then query the invitations you maybe able to write a resend function that will send the list of invites an email has to their email.
yeah.
I see that but does that mean the ivite id is the only thing normally checked right ? doesn't matter if the user actually has the email that the ivite was sent to.
thats a great idea thanks! i think i just need to find a way to keep the id in the url when i send the user to login first 🙂 thanks this really helped
It looks like there is a check inside of the accept invite endpoint:
if (invitation.email !== session.user.email) {
throw new APIError("FORBIDDEN", {
message:
ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_THE_RECIPIENT_OF_THE_INVITATION,
});
}
ah copy thanks.
I will think trough how i want to do the onbaord flow then.
currently i thought i woudl either display invites when a user logged in ot the option to create an org but seams that might not fit.
thanks again !
Side question similar to topic:
@bekacru how can a user be invited to a organization if they are using a phone number as authentication. Same with how can they accept an invitation using a phone number auth system?
Would you have to use the temp email generated from the phone numbers plugin?
the org plugin only supports email based flows at the moment
Ahh
I see that hte backend api exposes the
getInvitation method as well, but when trying to call it it always returns undefined, although I'm giving it an an argument the ID of a pending invitation, does this method only returns for accepted invitations?why arguments are you passing to it?
This is behaving the same both when I'm logged in and where I'm logged out, ideally I'd need it to work without auth headers since the user won't have them by the time it reaches the page to accept the invitation.
Same thing happens with the client-side method for
getInvitation from within the app with an authed user, but it returns null instead of undefinedwhy not auth.api.organization.getInvitation
There is no organization object exported from the backend api, I'm using better-auth v1.1.17
Could it be the auth user and invite user are not the same
The Email of the user?
It's not documented, but I kinda expect this method to return the whole
data object with data about the inviter, organization, logo and so on, the same it gets to the sendInvitationEmail function
It's not indeed, I don't have a user for the invitation email to begin with, the flow would ideally look like:
- I invite a user by email
- The user goes to the link (unauthed) and accepts and only then creates an account to link, or right before accepting if not possible, it first create a user and then accepts
- The user now has an account and is linked to the organizationHmm, i see
GitHub
better-auth/packages/better-auth/src/plugins/organization/routes/cr...
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
You would have to have a before hook that when an invite link is clicked it will check if they are authed if not redirect them to a signup page with a param like /signup?acceptInvite=inviteid that once signuped redirects the user to that invite.
Hooks | Better Auth
Better Auth Hooks let you customize BetterAuth's behavior
I see, so there is some work to tune it up.
Thanks for the tips, I totally forgot about
hooks 👍