Skip to content

Use Response from third-parties without dropping set-cookie header #15138

Description

@benmccann

Describe the problem

We'd like to add better-auth to the CLI: sveltejs/cli#658

Right now you do something along the lines of:

import { betterAuth } from 'better-auth';
import { drizzleAdapter } from 'better-auth/adapters/drizzle';
import { db } from '../db';
import * as schema from '../db/schema/auth';
import { sveltekitCookies } from 'better-auth/svelte-kit';
import { getRequestEvent } from '$app/server';

export const auth = betterAuth({
    database: drizzleAdapter(db, {
        provider: 'pg',
        schema
    }),
    emailAndPassword: {
        enabled: true,
        minPasswordLength: 5
    },
    plugins: [sveltekitCookies(getRequestEvent)]
});

It would be a bit nicer if sveltekitCookies were not required. It's really just a workaround for the fact that we don't let them provide a set-cookie header: https://github.com/better-auth/better-auth/blob/7dfdfd9a9a6306f18dd56eda7a7b023b031be415/packages/better-auth/src/integrations/svelte-kit.ts. It only saves one line of config and a corresponding import, but it'd be nicer nonetheless

Another use case is that you can't set a cookie and redirect from handle which makes it hard to write common auth handlers where you want to do something like set a flash cookie on a redirect: #8316 (comment)

Describe the proposed solution

Use the set-cookie header contained in a user-provided Response

Alternatives considered

Status quo of sveltekitCookies plugin

Or manual workaround:

	const set_cookie = response.headers.get('set-cookie');
	if (set_cookie) {
		const { name, value, ...options } = parseString(set_cookie);
		cookies.set(name, value, options as never);
	}

Importance

nice to have

Additional Information

The other issue that made better-auth a little cumbersome to use has been fixed on their side: better-auth/better-auth#6219. With the next release this remaining bit of ugliness is now on us

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs-decisionNot sure if we want to do this yet, also design work needed

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions