Jim-Y
Jim-Y
PostsComments
BABetter Auth
Created by Jim-Y on 3/25/2025 in #help
2-step login flow and organization question
Hi! I am trying to implement a 2-step login flow where the user first inputs the email address, then depending on the email domain and if the user is already provisioned follow-up with the second step. My questions: - is there a built-in solution to fetch (user/organization) just by an email without an existing session? - it seems the sso plugin can handle linking an sso provider to an organization, so that once i know who the user is, and in which organization he/she is a member of, I can show sso provider buttons on the sign-in screen. Except, it is not disclosed in the docs -seemingly- how one would link a provider to an organization? Thanks in advance.
4 replies
BABetter Auth
Created by Jim-Y on 3/7/2025 in #help
OIDC Provider questions
Hi everyone! Trying to do a POC on the oidc provider feature. I have a next.js application cosplaying the auth server. Relevant code excerpts: 
export const auth = betterAuth({
  emailAndPassword: {enabled: true},
  database: new Pool({connectionString: process.env.DATABASE_URL}),
  plugins: [nextCookies(), jwt(), oidcProvider({
    loginPage: '/auth/sign-in',
    consentPage: '/oidc/consent',
    defaultScope: 'openid email',
    allowDynamicClientRegistration: true
  })]
});
export const auth = betterAuth({
  emailAndPassword: {enabled: true},
  database: new Pool({connectionString: process.env.DATABASE_URL}),
  plugins: [nextCookies(), jwt(), oidcProvider({
    loginPage: '/auth/sign-in',
    consentPage: '/oidc/consent',
    defaultScope: 'openid email',
    allowDynamicClientRegistration: true
  })]
});
I also have an API route /api/oidc/callback. Previously I registered an OIDC client with 
await oauth2.register({
  name: clientName,
  redirectURLs: ['http://localhost:3000/api/oidc/callback']
});
await oauth2.register({
  name: clientName,
  redirectURLs: ['http://localhost:3000/api/oidc/callback']
});
So I start the oidc flow by pasting the following url to the browser 
http://localhost:3000/api/auth/oauth2/authorize?response_type=code&client_id=<redacted>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Foidc%2Fcallback
http://localhost:3000/api/auth/oauth2/authorize?response_type=code&client_id=<redacted>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Foidc%2Fcallback
I get redirected, correctly, to the sign-in page 
http://localhost:3000/auth/sign-in?response_type=code&client_id=<redacted>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Foidc%2Fcallback
http://localhost:3000/auth/sign-in?response_type=code&client_id=<redacted>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Foidc%2Fcallback
But on the login page after authClient.signIn.email() I don't get redirected but I get HTTP200 with the user payload. -Continue in a following comment-
14 replies