[GH-ISSUE #9089] Stripe checkout URL for upgradeSubscription broken when user manages subscriptions for multiple organizations #19900

New Issue

GiteaMirror · 2026-04-15T19:15:47-05:00

GiteaMirror commented

2026-04-15 19:15:47 -05:00

Originally created by @mortenson on GitHub (Apr 10, 2026).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/9089

Originally assigned to: @bytaesu on GitHub.

Is this suited for github?

Yes, this is suited for github

Reproduction

Install the stripe plugin
Configure it minimally to support organization customers and subscriptions:

stripe({
  // Prevent user customers from being created
  createCustomerOnSignUp: false, 
  organization: {
    enabled: true,
  },
  subscription: {
    enabled: true,
      plans: [...] // Replace with valid plan configuration
  }),
  stripeWebhookSecret: WEBHOOK_SECRET,
  stripeClient: stripeClient,
})

Create an organization (Org A) and sign up with a subscription for it.
Create another organization (Org B) and sign up with a subscription for it.
Call upgradeSubscription for Org B and visit the URL, see a message that says the user already has a subscription (I'm guessing for Org A) and the checkout flow is generally broken:

Call upgradeSubscription for Org A and visit the URL, see that the checkout flow is normal.
Call createBillingPortal for Org A and visit the URL. See that the content on the page is normal and associated with Org A.
Call createBillingPortal for Org B and see that the content on the page is associated with Org A.

Current vs. Expected behavior

Current: upgradeSubscription seems slightly wonky when using multiple organizations. I'm guessing the Stripe checkout session is not being created properly for some reason.

Expected: Users can call upgradeSubscription with references to any organization they have access to and have the URL work properly.

What version of Better Auth are you using?

1.5.4

System info

{
  "system": {
    "platform": "linux",
    "arch": "x64",
    "version": "#1 SMP PREEMPT_DYNAMIC Thu Jun  5 18:30:46 UTC 2025",
    "release": "6.6.87.2-microsoft-standard-WSL2",
    "cpuCount": 12,
    "cpuModel": "AMD Ryzen 5 3600 6-Core Processor",
    "totalMemory": "7.76 GB",
    "freeMemory": "3.57 GB"
  },
  "node": {
    "version": "v24.3.0",
    "env": "development"
  },
  "packageManager": {
    "name": "npm",
    "version": "11.4.2"
  },
  "frameworks": [
    {
      "name": "express",
      "version": "^5.1.0"
    }
  ],
  "databases": [
    {
      "name": "pg",
      "version": "^8.16.3"
    },
    {
      "name": "drizzle",
      "version": "^0.44.7"
    }
  ],
  "betterAuth": {
    "version": "Unknown",
    "config": null,
    "error": "Converting circular structure to JSON\n    --> starting at object with constructor 'Stripe'\n    |     property 'account' -> object with constructor 'Constructor'\n    --- property '_stripe' closes the circle"
  }
}

Which area(s) are affected? (Select all that apply)

Backend

Auth config (if applicable)

Additional context

No response

Originally created by @mortenson on GitHub (Apr 10, 2026). Original GitHub issue: https://github.com/better-auth/better-auth/issues/9089 Originally assigned to: @bytaesu on GitHub. ### Is this suited for github? - [x] Yes, this is suited for github ### Reproduction 1. Install the stripe plugin 2. Configure it minimally to support organization customers and subscriptions: ```ts stripe({ // Prevent user customers from being created createCustomerOnSignUp: false, organization: { enabled: true, }, subscription: { enabled: true, plans: [...] // Replace with valid plan configuration }), stripeWebhookSecret: WEBHOOK_SECRET, stripeClient: stripeClient, }) ``` 3. Create an organization (Org A) and sign up with a subscription for it. 4. Create another organization (Org B) and sign up with a subscription for it. 5. Call `upgradeSubscription` for Org B and visit the URL, see a message that says the user already has a subscription (I'm guessing for Org A) and the checkout flow is generally broken: <img width="509" height="367" alt="Image" src="https://github.com/user-attachments/assets/53530438-3292-447a-bf08-2478387a3d41" /> 6. Call `upgradeSubscription` for Org A and visit the URL, see that the checkout flow is normal. 7. Call `createBillingPortal` for Org A and visit the URL. See that the content on the page is normal and associated with Org A. 8. Call `createBillingPortal` for Org B and see that the content on the page is associated with Org A. ### Current vs. Expected behavior Current: `upgradeSubscription` seems slightly wonky when using multiple organizations. I'm guessing the Stripe checkout session is not being created properly for some reason. Expected: Users can call `upgradeSubscription` with references to any organization they have access to and have the URL work properly. ### What version of Better Auth are you using? 1.5.4 ### System info ```bash { "system": { "platform": "linux", "arch": "x64", "version": "#1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025", "release": "6.6.87.2-microsoft-standard-WSL2", "cpuCount": 12, "cpuModel": "AMD Ryzen 5 3600 6-Core Processor", "totalMemory": "7.76 GB", "freeMemory": "3.57 GB" }, "node": { "version": "v24.3.0", "env": "development" }, "packageManager": { "name": "npm", "version": "11.4.2" }, "frameworks": [ { "name": "express", "version": "^5.1.0" } ], "databases": [ { "name": "pg", "version": "^8.16.3" }, { "name": "drizzle", "version": "^0.44.7" } ], "betterAuth": { "version": "Unknown", "config": null, "error": "Converting circular structure to JSON\n --> starting at object with constructor 'Stripe'\n | property 'account' -> object with constructor 'Constructor'\n --- property '_stripe' closes the circle" } } ``` ### Which area(s) are affected? (Select all that apply) Backend ### Auth config (if applicable) ```typescript ``` ### Additional context _No response_

GiteaMirror added the needs: info payments labels 2026-04-15 19:15:47 -05:00

GiteaMirror closed this issue

2026-04-15 19:15:48 -05:00

GiteaMirror commented

2026-04-15 19:15:49 -05:00

@bytaesu commented on GitHub (Apr 10, 2026):

Note

https://better-auth.com/docs/plugins/stripe#creating-organization-subscriptions

Could you confirm that customerType is being passed as org? This is needed because there may be use cases where both org and user subscriptions coexist.

@bytaesu commented on GitHub (Apr 10, 2026): > [!NOTE] > https://better-auth.com/docs/plugins/stripe#creating-organization-subscriptions Could you confirm that customerType is being passed as org? This is needed because there may be use cases where both org and user subscriptions coexist.

GiteaMirror commented

2026-04-15 19:15:50 -05:00

@mortenson commented on GitHub (Apr 10, 2026):

@bytaesu Yes, confirmed. I was in some time pressure so I ended up removing the stripe plugin and using https://docs.stripe.com/customer-management/portal-deep-links manually myself, which worked for users who were owners of multiple organizations.

@mortenson commented on GitHub (Apr 10, 2026): @bytaesu Yes, confirmed. I was in some time pressure so I ended up removing the stripe plugin and using https://docs.stripe.com/customer-management/portal-deep-links manually myself, which worked for users who were owners of multiple organizations.

GiteaMirror commented

2026-04-15 19:15:51 -05:00

@bytaesu commented on GitHub (Apr 10, 2026):

@mortenson

In our Stripe plugin, organization customers are created without an email per-fill. (org itself doesn't have email)

Your screenshot shows myorg+foo@example.com pre-filled, which indicates that a user-type customer was used for this Checkout session.

Could you check the customerType field in the Stripe customer metadata from your Dashboard?

@bytaesu commented on GitHub (Apr 10, 2026): @mortenson In our Stripe plugin, organization customers are created without an email per-fill. (org itself doesn't have email) Your screenshot shows `myorg+foo@example.com` pre-filled, which indicates that a user-type customer was used for this Checkout session. Could you check the `customerType` field in the Stripe customer metadata from your Dashboard?

GiteaMirror commented

2026-04-15 19:15:51 -05:00

@mortenson commented on GitHub (Apr 10, 2026):

@bytaesu Confirmed, it's an organization customer type. I was creating the customer like this in a hook:

      const resp = await stripeClient.config.stripe.customers.create({
        email: email,
        name: organization.name,
        metadata: {
          customerType: "organization",
          organizationId: organization.id,
        },
      });

@mortenson commented on GitHub (Apr 10, 2026): @bytaesu Confirmed, it's an organization customer type. I was creating the customer like this in a hook: ```ts const resp = await stripeClient.config.stripe.customers.create({ email: email, name: organization.name, metadata: { customerType: "organization", organizationId: organization.id, }, }); ``` <img width="326" height="193" alt="Image" src="https://github.com/user-attachments/assets/3ce26c8a-9bd3-4661-aef7-45dc79a10334" />

GiteaMirror commented

2026-04-15 19:15:52 -05:00

@bytaesu commented on GitHub (Apr 10, 2026):

You can use getCustomerCreateParams
https://better-auth.com/docs/plugins/stripe#customer-management

If you create the customer manually, it bypasses our plugin logic, which makes it difficult for me to check.

@bytaesu commented on GitHub (Apr 10, 2026): You can use `getCustomerCreateParams` https://better-auth.com/docs/plugins/stripe#customer-management If you create the customer manually, it bypasses our plugin logic, which makes it difficult for me to check.

GiteaMirror commented

2026-04-15 19:15:53 -05:00

@bytaesu commented on GitHub (Apr 10, 2026):

@mortenson Is there a reason you're creating the org customer manually? We already handle that part internally.

@bytaesu commented on GitHub (Apr 10, 2026): @mortenson Is there a reason you're creating the org customer manually? We already handle that part internally.

GiteaMirror commented

2026-04-15 19:15:53 -05:00

@mortenson commented on GitHub (Apr 10, 2026):

@bytaesu IIRC better auth doesn't have a way to create organization customers automatically (on creation) like with users

@mortenson commented on GitHub (Apr 10, 2026): @bytaesu IIRC better auth doesn't have a way to create organization customers automatically (on creation) like with users

GiteaMirror commented

2026-04-15 19:15:54 -05:00

@bytaesu commented on GitHub (Apr 10, 2026):

@bytaesu IIRC better auth doesn't have a way to create organization customers automatically (on creation) like with users

@bytaesu commented on GitHub (Apr 10, 2026): > [@bytaesu](https://github.com/bytaesu) IIRC better auth doesn't have a way to create organization customers automatically (on creation) like with users <img width="912" height="329" alt="Image" src="https://github.com/user-attachments/assets/f3a214a5-24eb-4715-8423-7bee89b11909" />

GiteaMirror commented

2026-04-15 19:15:55 -05:00

@bytaesu commented on GitHub (Apr 10, 2026):

I'm closing this issue. If you have further questions, feel free to let me know 😁

@bytaesu commented on GitHub (Apr 10, 2026): I'm closing this issue. If you have further questions, feel free to let me know 😁

Sign in to join this conversation.

Branches Tags

dependabot/npm_and_yarn/demo/electron/demo-minor-patch-227a091249

dependabot/github_actions/github-actions-98f3470200

2026-05-13/ci/stabilize-docker-startup

dependabot/npm_and_yarn/samlify-2.13.0

changeset-release/main

main

2026-05-22/chore/adopt-agents-md

2026-05-22/refactor/string-case-utils

2026-05-14/fix/passkey-verify-error-and-claim

changeset-release/next

client-assertions-main

2026-05-15/ci/fix-sqlite-abi-mismatch

2026-05-15/fix/organization-team-add-cascade

2026-05-15/fix/parse-set-cookie-value-validation

2026-05-13/feat/captcha-wildcard-endpoints

fix/i18n-before-hook-translation

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

2026-05-08/feat/register-before-send

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-24/fix/update-user-info-on-link

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#19900