Better Auth•2mo ago

OAuth Proxy Setup

Hi, I have a question about the OAuth proxy setup. Accorinding to the docs (https://www.better-auth.com/docs/plugins/oauth-proxy) I should use something like this inlib/auth.ts:

export const auth = betterAuth({
    database: new Database("./sqlite.db"),
    plugins: [
        genericOAuth({
            config: [
                {
                    providerId: "keycloak",
                    clientId: "dev-web-app",
                    clientSecret: "secret",
                    discoveryUrl: "http://localhost:9080/realms/dev-realm/.well-known/openid-configuration",
                    scopes: ["openid", "profile", "email"],
                    redirectURI: "http://localhost:3000/api/auth/oauth2/callback/keycloak",
                }
            ]
        }),
        oAuthProxy()
    ]
});

export const auth = betterAuth({
    database: new Database("./sqlite.db"),
    plugins: [
        genericOAuth({
            config: [
                {
                    providerId: "keycloak",
                    clientId: "dev-web-app",
                    clientSecret: "secret",
                    discoveryUrl: "http://localhost:9080/realms/dev-realm/.well-known/openid-configuration",
                    scopes: ["openid", "profile", "email"],
                    redirectURI: "http://localhost:3000/api/auth/oauth2/callback/keycloak",
                }
            ]
        }),
        oAuthProxy()
    ]
});

But that does not work for me. It results in an error in the master app because after login it redirect to the redirectURI without modifying it. So the oauth proxy on the master app is never used. After digging through the code a bit, I modified it to this:

export const auth = betterAuth({
    database: new Database("./sqlite.db"),
    plugins: [
        genericOAuth({
            config: [
                {
                    providerId: "keycloak",
                    clientId: "dev-web-app",
                    clientSecret: "secret",
                    discoveryUrl: "http://localhost:9080/realms/dev-realm/.well-known/openid-configuration",
                    scopes: ["openid", "profile", "email"],
                }
            ]
        }),
        oAuthProxy({
            productionURL: "http://localhost:3000"
        })
    ]
});

export const auth = betterAuth({
    database: new Database("./sqlite.db"),
    plugins: [
        genericOAuth({
            config: [
                {
                    providerId: "keycloak",
                    clientId: "dev-web-app",
                    clientSecret: "secret",
                    discoveryUrl: "http://localhost:9080/realms/dev-realm/.well-known/openid-configuration",
                    scopes: ["openid", "profile", "email"],
                }
            ]
        }),
        oAuthProxy({
            productionURL: "http://localhost:3000"
        })
    ]
});

and now it works correctly. Alternatively setting the env var BETTER_AUTH_URL would work, I think. I also tried with the github social provider instead of the genericOAuth plugin, but same behavior. Am I misunderstanding something here? Or is the documentation about the oauth proxy plugin just wrong here? In the latter case, I would be happy to create a PR for it.

OAuth Proxy | Better Auth

OAuth Proxy plugin for Better Auth

2 Replies

elianiva•2mo ago

the documentation is a bit confusing IMO, haven't managed to get it work either

bekacru•4w ago

feel free to Open a PR :))

Gaming

Programming

OAuth Proxy Setup

Did you find this page helpful?