pltoledo
pltoledo
PostsComments
BABetter Auth
Created by pltoledo on 2/20/2025 in #help
Bearer headers not returning even with CORS configured
First of all, thank you for the amazing lib! I'm trying to setup a react SPA using Vite and run the authentication using the bearer plugin but can't seem to make the authentication work. My backend is a Hono server hosted elsewhere, which I've configured as follows: 
// auth.ts
betterAuth({
    plugins: [openAPI({ path: "/docs" }), bearer()],
    database: drizzleAdapter(database, {
      provider: "pg",
      schema: { user, session, verification, account },
    }),
    trustedOrigins: ["*"],
    baseURL: `${process.env.SERVER_URL}`,
    basePath: `${process.env.API_BASE_PATH}/auth`,
    emailAndPassword: {
      enabled: true,
    },
    socialProviders: {
      google: {
        clientId: process.env.GOOGLE_CLIENT_ID!,
        clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
      },
    },
  });
};
// auth.ts
betterAuth({
    plugins: [openAPI({ path: "/docs" }), bearer()],
    database: drizzleAdapter(database, {
      provider: "pg",
      schema: { user, session, verification, account },
    }),
    trustedOrigins: ["*"],
    baseURL: `${process.env.SERVER_URL}`,
    basePath: `${process.env.API_BASE_PATH}/auth`,
    emailAndPassword: {
      enabled: true,
    },
    socialProviders: {
      google: {
        clientId: process.env.GOOGLE_CLIENT_ID!,
        clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
      },
    },
  });
};
// api/index.ts
baseApp = new Hono()
  .use("*", async (c, next) => {
    const trustedOrigins = ["http://localhost:5173"];
    if (typeof process.env.APP_URL === "string") {
      trustedOrigins.push(process.env.APP_URL);
    }
    const corsMiddleware = cors({
      origin: trustedOrigins,
      allowHeaders: ["Content-Type", "Authorization", "Set-Auth-Token"],
      exposeHeaders: ["Content-Length"],
      maxAge: 600,
      credentials: true,
    });
    return corsMiddleware(c, next);
  })
// rest of the code
// api/index.ts
baseApp = new Hono()
  .use("*", async (c, next) => {
    const trustedOrigins = ["http://localhost:5173"];
    if (typeof process.env.APP_URL === "string") {
      trustedOrigins.push(process.env.APP_URL);
    }
    const corsMiddleware = cors({
      origin: trustedOrigins,
      allowHeaders: ["Content-Type", "Authorization", "Set-Auth-Token"],
      exposeHeaders: ["Content-Length"],
      maxAge: 600,
      credentials: true,
    });
    return corsMiddleware(c, next);
  })
// rest of the code
The server, hosted in render as of now, is correctly returning the Set-Auth-Token header. The problem is that, when called using the better auth client from inside the SPA, the token headers are not returned. And I know this is manageable using the actual response payload, but I was hoping to also use social login options using the bearer flow, and as I understand the token in there is returned in the headers. Anyway, any help would be much appreciated!
1 replies