Multiple Session Types / Customize Options for Individual Sessions
Is it possible to arbitrarily define values for different options (like
expiresAt, updateAge, secret, rateLimit) for how an individual session is generated based on something like a request header?
For context, I am working on migrating from a custom JWT auth system to Better Auth for a service that has 3 main parts:
- Next.js Website
- Express API + MongoDB
- Expo TV app
In my original implementation, I had 4 types of sessions using JWT, each signed using a different secret:
- Web
- Guest - Has limited route access and stricter rate limits. Also used to access the route to generate a JWT for signing into TV
- TV Auth - Special token with short expiry time generated through a QR code link on tv app to sign in from a mobile device. Can only be used for one specific auth route
- TV - Has a much longer expiry time compared to web. Only has access to routes that are needed by the tv app
A common flow would go like this:
1. User opens TV app, fetches API for a new Guest session
2. User presses login. Using Guest token, a JWT storing the Guest session id is retrieved from the API.
3. User scans QR code containing link to website with JWT as a param
4. User logs in on website. The API uses the new Web token to generate a TV Auth session token and store it in the Guest session in the database
5. TV app pings the API using its Guest session token until a TV Auth token is found
6. TV app uses the TV Auth token to authenticate with the API and retrieve a long-term TV session token.
I haven’t been able to find much information on supporting multiple types of sessions, or customizing options for multiple different sessions, from within a single Better Auth instance.0 Replies