Christian (N0_L0gic)
Christian (N0_L0gic)
BABetter Auth
Created by Christian (N0_L0gic) on 3/15/2025 in #help
Error codes are not strings?
No description
7 replies
BABetter Auth
Created by Christian (N0_L0gic) on 3/9/2025 in #help
How to handle "Client"-Error thrown internally from better-call
So, I made the request GET /auth/get-session but (accidentally) included a body with the request. This in turn threw TypeError: Request with GET/HEAD method cannot have body in the backend (I found out that this gets thrown internally from better-call and specifically when creating a native "Request" object with the incorrect parameters; in this case GET with request body). Now, I have a contract that my api resonses must conform to from an open api specification, so I would like to catch this error and format it accordingly. However, how do I know that a certain TypeError is a client-error or an internal server-error? I need to distinguish between these to provide useful error messages for the client and also not expose internals of the server.
8 replies
BABetter Auth
Created by Christian (N0_L0gic) on 3/2/2025 in #help
How to specify auth method in OpenAPI specification
How do I specify my securitySchema in my OpenAPI specification when using better-auth? Specifically if I'm using the standard session-based auth and/or JWT tokens? I assume that I should use something here: https://swagger.io/docs/specification/v3_0/authentication/cookie-authentication/, but I don't know what to specify in the cookie name.
4 replies
BABetter Auth
Created by Christian (N0_L0gic) on 3/2/2025 in #help
Best practises regarding api key authentication
Hello! I'm working on an api for an app for which I'm using better-auth for authentication. This question isn't really a better-auth specific question, but I figured I'd ask here as it's the right context. In my api I want to enable authentication through the use of API keys (in addition to the normal session authentication) so that clients easier can authenticate from code. However, I'm a bit stumped on whether to use Bearer tokens (https://swagger.io/docs/specification/v3_0/authentication/bearer-authentication/) or API keys (https://swagger.io/docs/specification/v3_0/authentication/api-keys/). What really is the difference? I've also heard a lot about JWT tokens; can they be used with API keys or are they locked in to Bearer tokens? I don't really understand the difference as both are sent in a header.
3 replies