reset-password not working with email link
Hi,
For some reason, my reset password email is not working - I have this code:
in the email link I see
http://localhost:8080/api/auth/reset-password/redacted_token?callbackURL=/reset-password but when i click the button I get a
404 and no redirect to the frontend. I did the same for email verification and that works fine
Interestingly enough I can hit the endpoint directly through the openapi spec. I am using this guide:
https://better-auth-ui.com/components/email-template
Am I missing something?Better Auth UI
Better Auth UI
UI components for the most comprehensive authentication library for TypeScript.
25 Replies
Are you using Elysia ?
yeah
Bump
@daveycodez have you come across this issue with tanstack start?
Hey does the route /auth/reset-password work for you?
This might be a bug in Better Auth UI
@bxr can you try updating better-auth-ui to v1.3.19
it returns invalid reset password link
but from the email it just says 404
the backend maybe having an issue idk
the link
http://localhost:8080/api/auth/reset-password/FmliNO7lmtwHS45DaxMurWMh?callbackURL=/reset-password
not sure if the callback url should be different, verifying sends this link
and this callback is the frontend urlYour callback URL should be like this
http://localhost:8080/api/auth/reset-password/FmliNO7lmtwHS45DaxMurWMh?callbackURL=/auth/reset-password
Assuming you followed the guide and have your auth paths at /auth/sign-in etc
Please update to latest better-auth-ui version
pnpm install @daveyplate/better-auth-ui@latestoh that's my bad, i had my routes in a _auth route so
/_auth doesn't get appended
i'll fix thanksIt's okay to do that
but you have to set basePath on AuthUIProvider
if you change it from /auth
But that explains your 404
If you want domain.com/sign-in that is totally fine, just set basePath to "/" <AuthUIProvider basePath="/" >
still doesn't work. I think the 404 is coming from the backend service
I had "" instead of "/" but still doesn't work
Did you install the latest build
Yeah my web app has 1.3.19
So is your sign-in /auth/sign-in ? or /sign-in ?
/sign-in
so the link in the email's callback url is
callbackurl=/reset-password
if i change it to
it works so, is there a way to adjust that?
I guess I could adjust this url in the backend auth here, doesn't seem the cleanest way though
Ohh you have separate domains
I can make a fix for you where you pass baseURL to AuthUIProvider
Then you can pass localhost:3000 there
and it'll use that for callBackURL
Your bug is that http://localhost:8080/api/auth/reset-password/sDFccxmjade4gpWTG0XnClyw?callbackURL=/reset-password is sending you to :8080 instead of :3000
on the redirect
Yep correct, it's two different services. a separate backend from the frontend - i was surprised because
verify email redirects to my frontend app with no issues
yeah correct
if you see the callback url from verify email:
its callback url is the other domain so not sure why that's different between bothIt's because of how Better Auth UI works
It passes relative URL to callbackURL. I can fix this by allowing you to pass baseURL prop. Do you have a process.env you use for current URL?
Thanks for reporting this btw, totally flew under my radar
I could just append window.location.origin
To the beginning of callbackURL
I don't but I'm actually planning on that since some of my pages are ssr and wondle isn't available
I'll brainstorm a solution and I'll have a fix for you either later tonight or tomorrow
Try basePath
If this works I'll update the docs with notes on this for multi-domain setups
You'll need something like this.
lib/utils.ts
then you can do
Or load it from .env variable
If you're using http://localhost:3000/sign-in without /auth prefix route, then you can just do basePath={baseURL} in that case
which would resolve to be
basePath="http://localhost:3000" in dev for exampleI see, this seemed to work for the email - but now after clicking the "send reset link" button from the forgot-password page, it redirects me here:
my basepath:
Darn okay so it creates another issue due to navigate prepending the base url on TanStack. It was working on Next so I’ll come up with something else
okay thanks! no worries, i can handle this issue on the backend for now - NBD
Hey try callbackURL
So set basePath back to "/"
then in your AuthCard this time, there is a callbackURL prop
Not in the provider, on the auth page that renders AuthCard
Set callbackURL to http://localhost:3000/callback
wait actually one sec
Yea this should do it
oh wait actually hold on let me test it first
There's some confusion because forgetPassword() accepts redirectTo but that gets changed to callbackURL
Whereas something like signIn.magicLink() accepts callbackURL directly
I'm assuming you're having issues with magic link as well?
Yea so callbackURL there won't solve it
I'm just going to add baseURL prop to authuiprovider
I'll release the update in like an hr
@bxr Okay I just released v1.3.21 which supports baseURL prop for AuthUIProvider
For your use case do basePath="/" and baseURL="http://localhost:3000" make sure you also add
http://localhost:3000 to your trustedOriginsawesome, that worked 🙏
idk how to review better-auth besides providing a github star. But the support here is unmatched!
Heh I'm not technically a better-auth maintainer, my packages are third party
But thanks 😄
INSANE
welp kudos man!!