andreasb
andreasb
Explore posts from servers
WWaspKKyselyXXataKKindeBABetter Auth
PostsComments
BABetter Auth
Created by andreasb on 4/3/2025 in #help
2FA email login with `auth.api`: Ensure verification is completed?
I'm leaning towards extending the Session table schema with for instance auth_status: 'pending_2fa' | 'authenticated' and perhaps lower the session lifetime. This would allow me to much easier check the user's active session for a completed and verified TOTP/2FA. Am I overthinking this, or does this approach make sense?
3 replies
BABetter Auth
Created by andreasb on 4/3/2025 in #help
2FA email login with `auth.api`: Ensure verification is completed?
I guess a different approach might be to instead of showing an email and password field on the login page, I only display the email field and check upon submit (SvelteKit form action) if the associated user has 2FA enabled, if so display 2FA TOTP field alongside password field. This way the user won't even be signed in if there's no valid TOTP during login.
3 replies
BABetter Auth
Created by andreasb on 1/16/2025 in #help
Support for MSSQL (SQL Server) via Kysely
Wrote a note here after a quick debug/investigation. I wrote the comment above afterwards, so I did test .outputAll('inserted') locally https://github.com/better-auth/better-auth/pull/1255#issuecomment-2607248675
9 replies
BABetter Auth
Created by andreasb on 1/16/2025 in #help
Support for MSSQL (SQL Server) via Kysely
@bekacru Thanks for your work thus far on this issue! I've made an attempt at improving withReturning after I've encountered some issues with logging in. Adding an explicit check for mssql in withReturning seems to do the trick, something like: 
if (config?.type === "mssql") {
    res = await builder.outputAll('inserted').executeTakeFirst();
} else if (config?.type !== "mysql") {
    res = await builder.returningAll().executeTakeFirst();
} else {
....
if (config?.type === "mssql") {
    res = await builder.outputAll('inserted').executeTakeFirst();
} else if (config?.type !== "mysql") {
    res = await builder.returningAll().executeTakeFirst();
} else {
....
9 replies
BABetter Auth
Created by andreasb on 1/16/2025 in #help
Support for MSSQL (SQL Server) via Kysely
No description
9 replies
BABetter Auth
Created by andreasb on 1/16/2025 in #help
Support for MSSQL (SQL Server) via Kysely
Do tell if there's anything I can help out with in this regard. Much appreciated!
9 replies
BABetter Auth
Created by andreasb on 1/16/2025 in #help
Support for MSSQL (SQL Server) via Kysely
@bekacru Not wanting to be "that guy" tagging the maintainer, but wondering if either (1) there's possibility to financially support the development of mssql support, (2) if mssql actually should work and I'm doing something wrong, or (3) if mssql is not supported and the reference to it should be removed from the docs to avoid confusion (search "mssql" here: https://www.better-auth.com/docs/concepts/database)
9 replies
BABetter Auth
Created by andreasb on 1/16/2025 in #help
Support for MSSQL (SQL Server) via Kysely
Message became too long, just wanted to append a thank you for working on Better-Auth and improving the state of open source auth management!
9 replies
XXata
Created by andreasb on 8/12/2024 in #help
Immutability & tamper-proofing?
Not sure if this is an interesting note @kostas , but XTDB (an immutable SQL database) is building out their v2.x to have Postgres compatibility (alpha/beta docs): https://pr-3496.d2zcybuz6k9g4m.amplifyapp.com/drivers/postgres/getting-started.html They're also looking for design partners, in case Xata would like to branch into database-as-a-value thinking (see bottom of their frontpage): https://xtdb.com/
8 replies
XXata
Created by andreasb on 8/12/2024 in #help
Immutability & tamper-proofing?
Looking forward to hearing more about this when the timing is right, @kostas – thank you!
8 replies
XXata
Created by andreasb on 8/12/2024 in #help
Immutability & tamper-proofing?
Another reason why this might be worth your while is the sunsetting of Amazon's QLDB (quantum ledger db) offering, leaving a lot of customers without a proper alternative. AWS' recommendation is Postgres with triggers, but that won't be enough for many cases (such as ours).
8 replies
XXata
Created by andreasb on 8/12/2024 in #help
Immutability & tamper-proofing?
Thanks for the comprehensive answer, @kostas! For our specific use case, having "just" auditing would maybe suffice, but as long as the audit log tables are mutable (or the triggers disabling updates can easily be turned off), we're back to square one. Having some replication like CDC is basically the same, as long as the target db is mutable the audit/replication cannot be trusted either. The main issue I see with using the audit log is that the database value is no longer the source of truth, but rather the contents of the audit log, so the verification/"reconciliation" of values and log entries can quickly become either a lot of manual work or require quite some engineering. Our use case is that of a financial application where monetary values and certain amounts/counts are important to easily check if have been (maliciously) mutated/tampered with when they shouldn't have been. Would be the same with a previous health-related application I was contracted on, audit logs are fine but not if they cannot be trusted.
8 replies