what's the signature format for session cookies?
When examining a working session cookie created by Better Auth (__Secure-better-auth.session_token), I see it has a format like token.signature. What algorithm/process is used to create this signature? Is there a way to generate a valid cookie manually or is this only possible through Better Auth's internal APIs?
5 Replies
it uses HMAC-SHA-256 with base64 encoding which you can a related info from the https://github.com/better-auth/utils
GitHub
GitHub - better-auth/utils: A simple typescript API for common auth...
A simple typescript API for common auth related operations built on top of Web Crypto API. - better-auth/utils
thank you
are you aware of any materials that explain how to generate and set session manually for providers(telegram) that do not implement oauth?
hmmm i dont think u will have a clear path for that since auth instance cant really access the internalAdapter for creating a session and user. so probably it is safe for you to implement a plugin for telegram auth to access internalaAdapter and do crud on user and session table.
when I search for adapters, docs lead me to databases etc. can you please point to any material that show how to build a custom adapter for better-auth? and I will not bother you anymore
ok you already did
thank you
I should have looked for plugins then
yeah you should def look for them and we also would love it to include on the community plugin as well