[GH-ISSUE #7440] additionalFields with string[] type returns stringified array instead of array #19444

New Issue

GiteaMirror · 2026-04-15T18:32:19-05:00

GiteaMirror commented

2026-04-15 18:32:19 -05:00

Originally created by @sabaturgay on GitHub (Jan 17, 2026).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/7440

Is this suited for github?

Yes, this is suited for github

To Reproduce

Install better-auth@1.4.12.

Configure additionalFields on the user with a string[] type:

additionalFields: {
	notificationTokens: {
		type: 'string[]',
		required: true,
		input: true,
	},
}

Create or update a user while providing an array value for notificationTokens:
```
notificationTokens: ['token1', 'token2']
```

Current vs. Expected behavior

After upgrading from v1.4.4 → v1.4.12, additionalFields defined with type: 'string[]' no longer return an array.
Instead, the value is returned as a stringified JSON array (e.g. '["a","b"]'), even when a Zod validator is provided.

This behavior differs from previous versions and breaks existing code relying on array semantics.

Affected configuration

additionalFields: {
	notificationTokens: {
		type: 'string[]',
		required: true,
		// validator: {
		// 	input: z.array(z.string()).max(3),
		// },
		input: true,
	},
}

What version of Better Auth are you using?

1.4.12

System info

{
  "node": {
    "version": "v22.14.0",
    "env": "development"
  },
  "packageManager": {
    "name": "bun",
    "version": "1.3.2"
  },
  "frameworks": [
    {
      "name": "react",
      "version": "19.1.0"
    },
    {
      "name": "hono",
      "version": "4.11.4"
    }
  ],
  "databases": [
    {
      "name": "drizzle",
      "version": "0.45.1"
    }
  ],
  "betterAuth": {
    "version": "1.4.4",
    "config": null
  }
}

Which area(s) are affected? (Select all that apply)

Backend

Auth config (if applicable)

import { betterAuth } from "better-auth"
export const auth = betterAuth({
  emailAndPassword: {  
    enabled: true
  },
});

Additional context

No response

Originally created by @sabaturgay on GitHub (Jan 17, 2026). Original GitHub issue: https://github.com/better-auth/better-auth/issues/7440 ### Is this suited for github? - [x] Yes, this is suited for github ### To Reproduce 1. Install `better-auth@1.4.12`. 2. Configure `additionalFields` on the user with a `string[]` type: ```ts additionalFields: { notificationTokens: { type: 'string[]', required: true, input: true, }, } ``` 3. Create or update a user while providing an array value for `notificationTokens`: ```ts notificationTokens: ['token1', 'token2'] ``` ### Current vs. Expected behavior After upgrading from **v1.4.4 → v1.4.12**, `additionalFields` defined with `type: 'string[]'` no longer return an array. Instead, the value is returned as a **stringified JSON array** (e.g. `'["a","b"]'`), even when a Zod validator is provided. This behavior differs from previous versions and breaks existing code relying on array semantics. ### Affected configuration ```ts additionalFields: { notificationTokens: { type: 'string[]', required: true, // validator: { // input: z.array(z.string()).max(3), // }, input: true, }, } ``` ### What version of Better Auth are you using? 1.4.12 ### System info ```bash { "node": { "version": "v22.14.0", "env": "development" }, "packageManager": { "name": "bun", "version": "1.3.2" }, "frameworks": [ { "name": "react", "version": "19.1.0" }, { "name": "hono", "version": "4.11.4" } ], "databases": [ { "name": "drizzle", "version": "0.45.1" } ], "betterAuth": { "version": "1.4.4", "config": null } } ``` ### Which area(s) are affected? (Select all that apply) Backend ### Auth config (if applicable) ```typescript import { betterAuth } from "better-auth" export const auth = betterAuth({ emailAndPassword: { enabled: true }, }); ``` ### Additional context _No response_

GiteaMirror added the needs: info core bug labels 2026-04-15 18:32:20 -05:00

GiteaMirror commented

2026-04-15 18:32:21 -05:00

@better-auth-agent[bot] commented on GitHub (Jan 17, 2026):

It seems you're experiencing an issue where the additionalFields defined with type string[] is returning a stringified JSON array instead of an actual array when using better-auth@1.4.12. This behavior is indeed different from previous versions and can break existing code that relies on array semantics.

This appears to be a known issue. There has been some discussion in the community regarding similar scenarios where string[] fields were not correctly inferred, leading to inconsistent behavior in handling additional fields. Specifically, there was a bug reported about the string[] type fields that were wrongly cast, prompting the need for updates in the type inference logic [9].

Next Steps:

Be sure to check for any patches or updates to the better-auth library that might address this issue in future releases.
For the interim, you may want to consider implementing a workaround by manually parsing the stringified array until a fix is officially published.
If you continue to experience issues or need more assistance, please tag @bekacru or @ping__, as they can provide you with specialized support.

What would you like to explore next regarding Better Auth or this specific issue?

If you need more help, tag @better-auth-agent in a comment so I can respond.

Diagram • Discord • GitHub

@better-auth-agent[bot] commented on GitHub (Jan 17, 2026): It seems you're experiencing an issue where the `additionalFields` defined with type `string[]` is returning a stringified JSON array instead of an actual array when using `better-auth@1.4.12`. This behavior is indeed different from previous versions and can break existing code that relies on array semantics. This appears to be a known issue. There has been some discussion in the community regarding similar scenarios where `string[]` fields were not correctly inferred, leading to inconsistent behavior in handling additional fields. Specifically, there was a bug reported about the `string[]` type fields that were wrongly cast, prompting the need for updates in the type inference logic [[9]](https://github.com/better-auth/better-auth/pull/5795). ### Next Steps: 1. Be sure to check for any patches or updates to the `better-auth` library that might address this issue in future releases. 2. For the interim, you may want to consider implementing a workaround by manually parsing the stringified array until a fix is officially published. 3. If you continue to experience issues or need more assistance, please tag @bekacru or @ping__, as they can provide you with specialized support. What would you like to explore next regarding Better Auth or this specific issue? _If you need more help, tag @better-auth-agent in a comment so I can respond._  [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) • [Discord](https://discord.gg/better-auth) • [GitHub](https://github.com/better-auth/better-auth) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/better-auth) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/better-auth/better-auth)

GiteaMirror commented

2026-04-15 18:32:23 -05:00

@dosubot[bot] commented on GitHub (Jan 17, 2026):

Hi @sabaturgay! I'm Dosu and I’m helping the better-auth team.

This is a known regression in better-auth 1.4.x: string[] fields in additionalFields are now stored as jsonb columns in Postgres instead of native text[] arrays. This causes them to be returned as stringified JSON arrays, breaking code that expects real arrays and causing issues with ORMs like Drizzle that expect native array types. This was not the case in 1.4.4, so your upgrade exposed this breaking change (details & workaround).

Workarounds:

Easiest: Change your Drizzle schema for the affected field(s) to use .jsonb() so it matches the actual column type.
To restore the old behavior (native arrays): Edit packages/better-auth/src/db/get-migration.ts, find the typeMap object in the getType function, and change the mapping for "string[]" under postgres from "jsonb" to "text[]". Then regenerate your migrations and migrate any existing data from jsonb to text[] if needed.

If you need step-by-step instructions for the manual fix or have a more complex setup, let me know!

To reply, just mention @dosu.

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}

@dosubot[bot] commented on GitHub (Jan 17, 2026):  Hi @sabaturgay! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the better-auth team.  This is a known regression in better-auth 1.4.x: `string[]` fields in `additionalFields` are now stored as `jsonb` columns in Postgres instead of native `text[]` arrays. This causes them to be returned as stringified JSON arrays, breaking code that expects real arrays and causing issues with ORMs like Drizzle that expect native array types. This was not the case in 1.4.4, so your upgrade exposed this breaking change ([details & workaround](https://github.com/better-auth/better-auth/issues/6779)). **Workarounds:** - Easiest: Change your Drizzle schema for the affected field(s) to use `.jsonb()` so it matches the actual column type. - To restore the old behavior (native arrays): Edit `packages/better-auth/src/db/get-migration.ts`, find the `typeMap` object in the `getType` function, and change the mapping for `"string[]"` under `postgres` from `"jsonb"` to `"text[]"`. Then regenerate your migrations and migrate any existing data from `jsonb` to `text[]` if needed. If you need step-by-step instructions for the manual fix or have a more complex setup, let me know!  *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/2e5b790e-4498-4849-95bb-aac31fec8d7b?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/2e5b790e-4498-4849-95bb-aac31fec8d7b?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/2e5b790e-4498-4849-95bb-aac31fec8d7b?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/2e5b790e-4498-4849-95bb-aac31fec8d7b?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/2e5b790e-4498-4849-95bb-aac31fec8d7b?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/2e5b790e-4498-4849-95bb-aac31fec8d7b?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/2e5b790e-4498-4849-95bb-aac31fec8d7b?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github) [![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=This%20is%20a%20known%20regression%20in%20better-auth%201.4.x%3A%20%60string%5B%5D%60%20fields%20in%20%60additionalFields%60%20are%20now%20stored%20as%20%60jsonb%60%20columns%20in%20Postgres%20instead%20of%20native%20%60text%5B%5D%60%20arrays.%20This%20causes%20them%20to%20be%20returned%20as%20stringified%20JSON%20arrays%2C%20breaking%20code%20that%20expects%20real%20arrays%20and%20causing%20issues%20with%20ORMs%20like%20Drizzle%20that%20expect%20native%20array%20types.%20This%20was%20not%20the%20case%20in%201.4.4%2C%20so%20your%20upgrade%20exposed%20this%20breaking%20change%C2%A0%28%5Bdetails%20%26%20workaround%5D%28https%3A//github.com/better-auth/better-auth/issues/6779%29%29.%0A%0A%2A%2AWorkarounds%3A%2A%2A%0A-%20Easiest%3A%20Change%20your%20Drizzle%20schema%20for%20the%20affected%20field%28s%29%20to%20use%20%60.jsonb%28%29%60%20so%20it%20matches%20the%20actual%20column%20type.%0A-%20To%20restore%20the%20old%20behavior%20%28native%20arrays%29%3A%20Edit%20%60packages/better-auth/src/db/get-migration.ts%60%2C%20find%20the%20%60typeMap%60%20object%20in%20the%20%60getType%60%20function%2C%20and%20change%20the%20mapping%20for%20%60%22string%5B%5D%22%60%20under%20%60postgres%60%20from%20%60%22jsonb%22%60%20to%20%60%22text%5B%5D%22%60.%20Then%20regenerate%20your%20migrations%20and%20migrate%20any%20existing%20data%20from%20%60jsonb%60%20to%20%60text%5B%5D%60%20if%20needed.%0A%0AIf%20you%20need%20step-by-step%20instructions%20for%20the%20manual%20fix%20or%20have%20a%20more%20complex%20setup%2C%20let%20me%20know%21) [![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot) [![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/7440)

GiteaMirror commented

2026-04-15 18:32:24 -05:00

@ping-maxwell commented on GitHub (Jan 18, 2026):

What endpoint is returning the stringified array? Testing on my end after creating a user with a field name test set to ["hello", "world"] it does correctly return the values when I later call get-session:

@ping-maxwell commented on GitHub (Jan 18, 2026): What endpoint is returning the stringified array? Testing on my end after creating a user with a field name `test` set to `["hello", "world"]` it does correctly return the values when I later call `get-session`: <img width="444" height="52" alt="Image" src="https://github.com/user-attachments/assets/258e8ff3-1951-4b1e-8f4a-334944742936" />

GiteaMirror commented

2026-04-15 18:32:25 -05:00

@sabaturgay commented on GitHub (Jan 18, 2026):

@ping-maxwell First I though the issue is on my side because I was calling drizzle directly instead of better-auth internal adapter and closed the issue. But just checked again and found the root cause.

The mode: 'json' column expects an array, but after better-auth@1.4.4 the value given to drizzle is string and drizzle stringify the string again and store it. Drizzle cannot catch the error because it does not check runtime values,. When querying the database directly via Drizzle, the value is returned as string (because 2 times stringify) but when using the better-auth internalAdapter, the value is correctly transformed back into an array which I think because of the extra transformer, which is why everything works as expected there.

So drizzle actually needs to return it as an array. I think the added transformer stringifies the value extra.

@sabaturgay commented on GitHub (Jan 18, 2026): @ping-maxwell First I though the issue is on my side because I was calling drizzle directly instead of better-auth internal adapter and closed the issue. But just checked again and found the root cause. The `mode: 'json'` column expects an array, but after `better-auth@1.4.4` the value given to drizzle is string and drizzle stringify the string again and store it. Drizzle cannot catch the error because it does not check runtime values,. When querying the database **directly via Drizzle**, the value is returned as string (because 2 times stringify) but when using the **better-auth `internalAdapter`**, the value is correctly transformed back into an array which I think because of the extra transformer, which is why everything works as expected there. So drizzle actually needs to return it as an array. I think the added transformer stringifies the value extra.

GiteaMirror commented

2026-04-15 18:32:27 -05:00

@ping-maxwell commented on GitHub (Jan 18, 2026):

Hey @sabaturgay is there anything else I could be of help for? I noticed you re-opened this issue

@ping-maxwell commented on GitHub (Jan 18, 2026): Hey @sabaturgay is there anything else I could be of help for? I noticed you re-opened this issue

GiteaMirror commented

2026-04-15 18:32:30 -05:00

@sabaturgay commented on GitHub (Jan 18, 2026):

@ping-maxwell First I though the issue is on my side because I was calling drizzle directly instead of better-auth internal adapter and closed the issue. But just checked again and found the root cause.

The mode: 'json' column expects an array, but after better-auth@1.4.4 the value given to drizzle is string and drizzle stringify the string again and store it. Drizzle cannot catch the error because it does not check runtime values,. When querying the database directly via Drizzle, the value is returned as string (because 2 times stringify) but when using the better-auth internalAdapter, the value is correctly transformed back into an array which I think because of the extra transformer, which is why everything works as expected there.

So drizzle actually needs to return it as an array. I think the added transformer stringifies the value extra.

I have already updated my previous comment, it will give additional context. Thanks in advance.

@sabaturgay commented on GitHub (Jan 18, 2026): > @ping-maxwell First I though the issue is on my side because I was calling drizzle directly instead of better-auth internal adapter and closed the issue. But just checked again and found the root cause. > > The `mode: 'json'` column expects an array, but after `better-auth@1.4.4` the value given to drizzle is string and drizzle stringify the string again and store it. Drizzle cannot catch the error because it does not check runtime values,. When querying the database **directly via Drizzle**, the value is returned as string (because 2 times stringify) but when using the **better-auth `internalAdapter`**, the value is correctly transformed back into an array which I think because of the extra transformer, which is why everything works as expected there. > > So drizzle actually needs to return it as an array. I think the added transformer stringifies the value extra. > I have already updated my previous comment, it will give additional context. Thanks in advance.

GiteaMirror commented

2026-04-15 18:32:31 -05:00

@sabaturgay commented on GitHub (Jan 22, 2026):

@ping-maxwell Just checked the changes between v1.4.4 and v1.4.6. I suspect the issue was introduced in the Drizzle adapter. I’m using the SQLite provider (D1 database).
Relevant diff:
https://github.com/better-auth/better-auth/compare/v1.4.4...v1.4.6
File:
packages/better-auth/src/adapters/drizzle-adapter/drizzle-adapter.ts
This may be causing additional JSON stringification for string[] types, leading to the observed issue:

supportsJSON: config.provider === "pg" // even though mysql also supports it, mysql requires to pass stringified json anyway.
					? true
					: false,
supportsArrays: config.provider === "pg" ? true : false,

@sabaturgay commented on GitHub (Jan 22, 2026): @ping-maxwell Just checked the changes between v1.4.4 and v1.4.6. I suspect the issue was introduced in the Drizzle adapter. I’m using the SQLite provider (D1 database). Relevant diff: https://github.com/better-auth/better-auth/compare/v1.4.4...v1.4.6 File: packages/better-auth/src/adapters/drizzle-adapter/drizzle-adapter.ts This may be causing additional JSON stringification for string[] types, leading to [the observed issue:](https://github.com/better-auth/better-auth/issues/7440#issuecomment-3765562868) ```ts supportsJSON: config.provider === "pg" // even though mysql also supports it, mysql requires to pass stringified json anyway. ? true : false, supportsArrays: config.provider === "pg" ? true : false, ```

GiteaMirror commented

2026-04-15 18:32:32 -05:00

@sabaturgay commented on GitHub (Jan 31, 2026):

Hey @ping-maxwell Just wanted to check if there's any update on this? It's currently a blocker for me to upgrade. Thanks!

@sabaturgay commented on GitHub (Jan 31, 2026): Hey @ping-maxwell Just wanted to check if there's any update on this? It's currently a blocker for me to upgrade. Thanks!

GiteaMirror commented

2026-04-15 18:32:34 -05:00

@Tomas2D commented on GitHub (Mar 12, 2026):

any update?

@Tomas2D commented on GitHub (Mar 12, 2026): any update?

Sign in to join this conversation.

Branches Tags

dependabot/npm_and_yarn/demo/electron/demo-minor-patch-227a091249

dependabot/github_actions/github-actions-98f3470200

2026-05-13/ci/stabilize-docker-startup

dependabot/npm_and_yarn/samlify-2.13.0

changeset-release/main

main

2026-05-22/chore/adopt-agents-md

2026-05-22/refactor/string-case-utils

2026-05-14/fix/passkey-verify-error-and-claim

changeset-release/next

client-assertions-main

2026-05-15/ci/fix-sqlite-abi-mismatch

2026-05-15/fix/organization-team-add-cascade

2026-05-15/fix/parse-set-cookie-value-validation

2026-05-13/feat/captcha-wildcard-endpoints

fix/i18n-before-hook-translation

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

2026-05-08/feat/register-before-send

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-24/fix/update-user-info-on-link

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#19444

[GH-ISSUE #7440] additionalFields with string[] type returns stringified array instead of array #19444

Is this suited for github?

To Reproduce

Current vs. Expected behavior

Affected configuration

What version of Better Auth are you using?

System info

Which area(s) are affected? (Select all that apply)

Auth config (if applicable)

Additional context

Next Steps:

[GH-ISSUE #7440] `additionalFields` with `string[]` type returns stringified array instead of array #19444