bc 🐧🪺
Explore posts from serversBABetter Auth
•Created by bc 🐧🪺 on 4/20/2025 in #help
Legal terms compliance
TIL about better auth kit in the first place as well, amazing package you have there
6 replies
BABetter Auth
•Created by bc 🐧🪺 on 4/20/2025 in #help
Legal terms compliance
Man, thank you so much for the thorough response and free ("non-")legal advice hahaha. Means a lot. Thanks for sharing your plugin, which btw id be happy to collaborate on and have further convos about this if helpful -- definitely something i want to square up patterns on for my company. Super pumped you have this plugin rolling!!!
6 replies
BABetter Auth
•Created by bc 🐧🪺 on 4/15/2025 in #help
[OIDC] `offline_access` invalid scope
URL params on consent page:
client_id=...&scope=openid+profile+email+offline_access Maybe an issue here? Other params supposed to carry through to consent page? Noticed in the BA docs/JSDoc that code param should be part of consent page params if im understanding correctly17 replies
BABetter Auth
•Created by bc 🐧🪺 on 4/15/2025 in #help
[OIDC] `offline_access` invalid scope
{"error_description":"Consent not required","error":"invalid_request"}17 replies
BABetter Auth
•Created by bc 🐧🪺 on 4/15/2025 in #help
[OIDC] `offline_access` invalid scope
Would it be worth running RP on custom hostname? Could modify
/etc/hosts
Currently, i have BA (IDP) on https://localhost:8000 and RP on https://localhost:300017 replies
BABetter Auth
•Created by bc 🐧🪺 on 4/15/2025 in #help
[OIDC] `offline_access` invalid scope
Same domain 🙂 ty for your help btw ik youre extremely busy, if you have a donate link or anything happy to support (saw you have github sponsors at least)
Used https://github.com/better-auth/better-auth/tree/main/demo/nextjs as a baseline, still have the consent page on
/oauth/authorize17 replies
BABetter Auth
•Created by bc 🐧🪺 on 4/15/2025 in #help
[OIDC] `offline_access` invalid scope
Correct. BA OIDC plugin as IDP/OIDC OP, the OIDC RP is running on Auth.js/Next Auth
BA as IDP works great for authentication so far! ID tokens, access tokens working fantastic. Just was unable to get refresh tokens coming back yet
17 replies
BABetter Auth
•Created by bc 🐧🪺 on 4/15/2025 in #help
[OIDC] `offline_access` invalid scope
Setting the
prompt=consent query param (from client) and explicitly going through consent flow results in {"error_description":"Consent not required","error":"invalid_request"}, 401 unauthorized, response when /api/auth/oauth2/consent is POSTed during the consent flow:
Skipping consent flow results in refresh_token: undefined (as expected based on your info above), this also results in refresh_token: undefined. Am I missing a BA config option? I have the consentPage option set in the BA OIDC provider plugin settings. Got this working on same client with keycloak and ory hydra so guessing i am missing something minor!17 replies
BABetter Auth
•Created by bc 🐧🪺 on 3/27/2025 in #help
Next Auth `iss` claim missing
I got it! Fixed by adding this to
oidcProvider config:
5 replies
BABetter Auth
•Created by bc 🐧🪺 on 3/27/2025 in #help
Next Auth `iss` claim missing
Here are the claims that come back to the client (notice these are most of the standard scope claims, just missing
iss):
5 replies
BABetter Auth
•Created by Hasan on 3/12/2025 in #help
Keycloak SSO Integration
This makes sense especially with natural initial development turbulence + many other use cases to cover beyond this one as a general auth lib. Thank you so much for this information, I will keep an eye out for developments, we are still planning on using BA as an OIDC OP right now (replacing keycloak).
7 replies
BABetter Auth
•Created by Hasan on 3/12/2025 in #help
Keycloak SSO Integration
Are there any plans to make Better Auth work for stateless use cases (e.g. OIDC RP), i.e. become a complete next-auth replacement? BA replaces next-auth in stateful fashion already. It would be so cool if BA could be the 1 auth library for all modern use cases! Especially since databases are not always practical on clients, it's a bit heavy and redundant to have a database on each OIDC RP for example
If this is simply not a goal for BA, understood, we will keep using next-auth or similar. We've experienced some pains with next-auth ourselves, much as @Hasan laid out above
7 replies
BABetter Auth
•Created by Hasan on 3/12/2025 in #help
Keycloak SSO Integration
Hey @Hasan , we have the same situation. Asked about it here: https://discord.com/channels/1288403910284935179/1339334939237421167/1339334939237421167
7 replies
BABetter Auth
•Created by bc 🐧🪺 on 12/31/2024 in #help
OIDC Provider Plans
Got it, that's really cool. I understand you have a ton of things to think about right now for better auth. Thanks @bekacru , awesome project btw
7 replies
BABetter Auth
•Created by bc 🐧🪺 on 12/31/2024 in #help
OIDC Provider Plans
Curious if this could fully replace providers like Keycloak, ORY Hydra and such in a tech stack
7 replies
BABetter Auth
•Created by bc 🐧🪺 on 12/31/2024 in #help
OIDC Provider Plans
To clarify, I was asking about official compliance, are there plans for better auth to become a compliant OIDC provider with the conformance suite and official certification from the OIDC foundation? I understand there is a ways to go for that to be in the cards (e.g. JWKS support) but just curious if it's on the roadmap
7 replies