github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 23:52:05 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

Additional field not included in response #1335

New Issue
Closed
opened 2026-03-13 08:33:44 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-03-13 08:33:44 -05:00
Owner
Copy Link

Originally created by @maxkabechani on GitHub (Jun 10, 2025).

Bug Description

When using Better Auth with additional user fields, the role field is not being included in the user object returned by the signin endpoint, despite being properly configured in the auth configuration.

Expected Behavior

The api endpoint should return the user object with all additional fields (including role) that are defined in the user configuration.

Actual Behavior
The signin endpoint returns the user object without the role field, even though it exists in the database and is configured as an additional field.

Configuration

import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import Redis from "ioredis";
import * as dotenv from "dotenv";
import db from "../database/db";

dotenv.config();

const redis = new Redis(process.env.REDIS_URL || "redis://localhost:6379");

export const auth = betterAuth({
  database: drizzleAdapter(db, {
    provider: "pg",
  }),
  emailAndPassword: {
    enabled: true,
  },
  user: {
    additionalFields: {
      role: {
        type: "string",
        required: true,
        defaultValue: "customer",
        input: true,
      },
    },
  },
  session: {
    additionalFields: {
      role: {
        type: "string",
        required: true,
        input: true,
      },
    },
  },
  databaseHooks: {
    session: {
      create: {
        before: async (session) => {
          // Query the user's role from the database using Drizzle
          const user = await db.query.user.findFirst({
            where: (users, { eq }) => eq(users.id, session.userId),
            columns: {
              role: true,
            },
          });

          return {
            data: {
              ...session,
              role: user?.role || "customer",
            },
          };
        },
      },
    },
  },
  secondaryStorage: {
    get: async (key) => {
      const value = await redis.get(key);
      return value ?? null;
    },
    set: async (key, value, ttl) => {
      if (ttl) {
        await redis.set(key, value, "EX", ttl);
      } else {
        await redis.set(key, value);
      }
    },
    delete: async (key) => {
      await redis.del(key);
    },
  },
  advanced: {
    cookies: {
      session_token: {
        name: "sessionId",
      },
    },
  },
});

Environment

Better Auth version: 1.2.9
Database: PostgreSQL with Drizzle ORM
Node.js version: v22.14.0
Package manager: pnpm

Steps to Reproduce

Configure Better Auth with additional user fields as shown above
Ensure the role field exists in the database and has values
Call the signin endpoint
Observe that the returned user object does not include the role field

Additional Context
The role field exists in the database and contains valid data
The session is being created successfully with the role field (as per the database hook)
The issue specifically affects the user object in the signin response, not the session

Originally created by @maxkabechani on GitHub (Jun 10, 2025). ### Bug Description When using Better Auth with additional user fields, the role field is not being included in the user object returned by the signin endpoint, despite being properly configured in the auth configuration. ### Expected Behavior The api endpoint should return the user object with all additional fields (including role) that are defined in the user configuration. **Actual Behavior** The signin endpoint returns the user object without the role field, even though it exists in the database and is configured as an additional field. ### Configuration ``` import { betterAuth } from "better-auth"; import { drizzleAdapter } from "better-auth/adapters/drizzle"; import Redis from "ioredis"; import * as dotenv from "dotenv"; import db from "../database/db"; dotenv.config(); const redis = new Redis(process.env.REDIS_URL || "redis://localhost:6379"); export const auth = betterAuth({ database: drizzleAdapter(db, { provider: "pg", }), emailAndPassword: { enabled: true, }, user: { additionalFields: { role: { type: "string", required: true, defaultValue: "customer", input: true, }, }, }, session: { additionalFields: { role: { type: "string", required: true, input: true, }, }, }, databaseHooks: { session: { create: { before: async (session) => { // Query the user's role from the database using Drizzle const user = await db.query.user.findFirst({ where: (users, { eq }) => eq(users.id, session.userId), columns: { role: true, }, }); return { data: { ...session, role: user?.role || "customer", }, }; }, }, }, }, secondaryStorage: { get: async (key) => { const value = await redis.get(key); return value ?? null; }, set: async (key, value, ttl) => { if (ttl) { await redis.set(key, value, "EX", ttl); } else { await redis.set(key, value); } }, delete: async (key) => { await redis.del(key); }, }, advanced: { cookies: { session_token: { name: "sessionId", }, }, }, }); ``` ### Environment Better Auth version: 1.2.9 Database: PostgreSQL with Drizzle ORM Node.js version: v22.14.0 Package manager: pnpm ### Steps to Reproduce Configure Better Auth with additional user fields as shown above Ensure the role field exists in the database and has values Call the signin endpoint Observe that the returned user object does not include the role field **Additional Context** The role field exists in the database and contains valid data The session is being created successfully with the role field (as per the database hook) The issue specifically affects the user object in the signin response, not the session
GiteaMirror commented 2026-03-13 08:33:45 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Jun 11, 2025):

The signin endpoint in Better Auth only returns a fixed set of user fields by default, so additional fields like role are not included in the response even if they're present in your config and database. This is due to the endpoint's response being hardcoded to whitelist only standard fields, not dynamically reflecting your schema extensions see source.

To get additional fields you need to call getSession instead. Which returns all user and session object.

Written by @dosu, edited by Bekacru

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Join Discord Share on X

@dosubot[bot] commented on GitHub (Jun 11, 2025): <!-- Answer --> The signin endpoint in Better Auth only returns a fixed set of user fields by default, so additional fields like `role` are not included in the response even if they're present in your config and database. This is due to the endpoint's response being hardcoded to whitelist only standard fields, not dynamically reflecting your schema extensions [see source](https://github.com/better-auth/better-auth/blob/a47b9523e4c14ac18521cff8b087f1140273f528/packages/better-auth/src/api/routes/sign-in.ts). To get additional fields you need to call `getSession` instead. Which returns all `user` and `session` object. _Written by @dosu, edited by Bekacru_ <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/42acafa8-4c19-4c54-98fc-25fd47512330?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/42acafa8-4c19-4c54-98fc-25fd47512330?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/42acafa8-4c19-4c54-98fc-25fd47512330?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/42acafa8-4c19-4c54-98fc-25fd47512330?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/42acafa8-4c19-4c54-98fc-25fd47512330?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/42acafa8-4c19-4c54-98fc-25fd47512330?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/42acafa8-4c19-4c54-98fc-25fd47512330?feedback_type=other)</sup>&nbsp;&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/2968)
GiteaMirror commented 2026-03-13 08:33:45 -05:00
Author
Owner
Copy Link

@frectonz commented on GitHub (Aug 13, 2025):

You can use the custom session plugin to modify what getSession and useSession return.

https://www.better-auth.com/docs/concepts/session-management#customizing-session-response

@frectonz commented on GitHub (Aug 13, 2025): You can use the custom session plugin to modify what `getSession` and `useSession` return. https://www.better-auth.com/docs/concepts/session-management#customizing-session-response
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#1335
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?