Docs

OAuth Proxy

A proxy plugin, that allows you to proxy OAuth requests. Useful for development and preview deployments where the redirect URL can't be known in advance to add to the OAuth provider.

Installation

Add the plugin to your auth config

auth.ts
import { betterAuth } from "better-auth"
import { oAuthProxy } from "better-auth/plugins"
 
export const auth = betterAuth({
    plugins: [ 
        oAuthProxy(), 
    ] 
})

Add redirect URL to your OAuth provider

For the proxy server to work properly, you’ll need to pass the redirect URL of your main production app registered with the OAuth provider in your social provider config. This needs to be done for each social provider you want to proxy requests for.

export const auth = betterAuth({
   plugins: [
       oAuthProxy(),
   ], 
   socialProviders: {
        github: {
            clientId: "your-client-id",
            clientSecret: "your-client-secret",
            redirectURL: "https://my-main-app.com/api/auth/github/callback". 
        }
   }
})

How it works

The plugin adds an endpoint to your server that proxies OAuth requests. When you initiate a social sign-in, it sets the redirect URL to this proxy endpoint. After the OAuth provider redirects back to your server, the plugin then forwards the user to the original callback URL.

await authClient.signIn.social({
    provider: "github",
    redirectURL: "/dashboard" // the plugin will override this to something like "http://localhost:3000/api/auth/oauth-proxy?callbackURL=/dashboard"
})

When the OAuth provider returns the user to your server, the plugin automatically redirects them to the intended callback URL.

To share cookies between the proxy server and your main server it uses url query parameters to pass the cookies encrypted in the URL. This is secure as the cookies are encrypted and can only be decrypted by the server.

Options

currentURL: The application's current URL is automatically determined by the plugin. It first it check for the request URL if invoked by a client, then it checks the base URL from popular hosting providers, and finally falls back to the baseURL in your auth config. If the URL isn’t inferred correctly, you can specify it manually here.

Multi Session

Learn how to use multi-session plugin in Better Auth.

Open API

Open API reference for Better Auth.

Edit on GitHub

On this page