github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-22 06:16:18 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

Redirect Issue with CallbackURL in Username Plugin #2389

New Issue
Closed
opened 2026-03-13 09:49:07 -05:00 by GiteaMirror · 6 comments
GiteaMirror commented 2026-03-13 09:49:07 -05:00
Owner
Copy Link

Originally created by @OwenChia on GitHub (Nov 25, 2025).

Is this suited for github?

  • Yes, this is suited for github

To Reproduce

This library is incredibly well-designed and has significantly enhanced the authentication process in my applications.
Thanks for your excellent work.

While Better-Auth offers many useful features, I have encountered some unexpected behavior.
When using the username plugin from Better-Auth in a Next.js application, the callbackURL parameter fails to function correctly.
After examining the codebase, it appears that the logic for processing the callbackURL is missing, leading to unexpected behavior where the user is not redirected to the desired URL upon successful login.

Steps to Reproduce

  1. Add username() and usernameClient() to the plugin list in your configuration.
  2. Attempt to log in using valid username and password credentials.
  3. After a successful login, observe that no redirection occurs to the specified callbackURL.

In this code, it only return two field: token and user, no redirect and url,
https://github.com/better-auth/better-auth/blob/canary/packages/better-auth/src/plugins/username/index.ts#L395-L408

return ctx.json({
		token: session.token,
		user: {
			id: user.id,
			email: user.email,
			emailVerified: user.emailVerified,
			username: user.username,
			displayUsername: user.displayUsername,
			name: user.name,
			image: user.image,
			createdAt: user.createdAt,
			updatedAt: user.updatedAt,
		},
	});

I think it should be like this:

return ctx.json({
		redirect: !!ctx.body.callbackURL,
		url: ctx.body.callbackURL,
		token: session.token,
		user: {
			id: user.id,
			email: user.email,
			emailVerified: user.emailVerified,
			username: user.username,
			displayUsername: user.displayUsername,
			name: user.name,
			image: user.image,
			createdAt: user.createdAt,
			updatedAt: user.updatedAt,
		},
	});

Also, the test case for callbackURL is not included.

Current vs. Expected behavior

  • Current Behavior
    The application does not redirect users to the specified callbackURL after a successful login with the username plugin. As a result, users remain on the same page.

  • Expected Behavior
    After a successful login, users should be redirected to the callbackURL specified in the request body. Additionally, there should be test cases included to verify the functionality of the callbackURL.

What version of Better Auth are you using?

1.4.1

System info

{
  "system": {
    "platform": "linux",
    "arch": "x64",
    "version": "#1 SMP PREEMPT_DYNAMIC Tue Aug 19 20:41:53 HKT 2025",
    "release": "6.12.54-gentoo-dist-hardened",
    "cpuCount": 6,
    "cpuModel": "AMD Ryzen 5 4500U with Radeon Graphics",
    "totalMemory": "62.45 GB",
    "freeMemory": "6.92 GB"
  },
  "node": {
    "version": "v22.13.1",
    "env": "development"
  },
  "packageManager": {
    "name": "pnpm",
    "version": "10.7.1"
  },
  "frameworks": [
    {
      "name": "next",
      "version": "16.0.3"
    },
    {
      "name": "react",
      "version": "19.2.0"
    }
  ],
  "databases": [
    {
      "name": "better-sqlite3",
      "version": "^12.4.5"
    }
  ],
  "betterAuth": {
    "version": "^1.3.34",
    "config": {
      "database": {
        "name": "./database.sqlite",
        "open": true,
        "inTransaction": false,
        "readonly": false,
        "memory": false
      },
      "emailAndPassword": {
        "enabled": true
      },
      "plugins": [
        {
          "name": "username",
          "config": {
            "id": "username",
            "endpoints": {},
            "schema": {
              "user": {
                "fields": {
                  "username": {
                    "type": "string",
                    "required": false,
                    "sortable": true,
                    "unique": true,
                    "returned": true,
                    "transform": {}
                  },
                  "displayUsername": {
                    "type": "string",
                    "required": false,
                    "transform": {}
                  }
                }
              }
            },
            "hooks": {
              "before": [
                {},
                {}
              ]
            },
            "$ERROR_CODES": {
              "INVALID_USERNAME_OR_PASSWORD": "[REDACTED]",
              "EMAIL_NOT_VERIFIED": "Email not verified",
              "UNEXPECTED_ERROR": "Unexpected error",
              "USERNAME_IS_ALREADY_TAKEN": "Username is already taken. Please try another.",
              "USERNAME_TOO_SHORT": "Username is too short",
              "USERNAME_TOO_LONG": "Username is too long",
              "INVALID_USERNAME": "Username is invalid",
              "INVALID_DISPLAY_USERNAME": "Display username is invalid"
            }
          }
        },
        {
          "name": "admin",
          "config": {
            "id": "admin",
            "hooks": {
              "after": [
                {}
              ]
            },
            "endpoints": {},
            "$ERROR_CODES": {
              "FAILED_TO_CREATE_USER": "Failed to create user",
              "USER_ALREADY_EXISTS": "User already exists.",
              "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL": "User already exists. Use another email.",
              "YOU_CANNOT_BAN_YOURSELF": "You cannot ban yourself",
              "YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE": "You are not allowed to change users role",
              "YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS": "You are not allowed to create users",
              "YOU_ARE_NOT_ALLOWED_TO_LIST_USERS": "You are not allowed to list users",
              "YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS": "You are not allowed to list users sessions",
              "YOU_ARE_NOT_ALLOWED_TO_BAN_USERS": "You are not allowed to ban users",
              "YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS": "You are not allowed to impersonate users",
              "YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS": "You are not allowed to revoke users sessions",
              "YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS": "You are not allowed to delete users",
              "YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD": "[REDACTED]",
              "BANNED_USER": "You have been banned from this application",
              "YOU_ARE_NOT_ALLOWED_TO_GET_USER": "You are not allowed to get user",
              "NO_DATA_TO_UPDATE": "No data to update",
              "YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS": "You are not allowed to update users",
              "YOU_CANNOT_REMOVE_YOURSELF": "You cannot remove yourself",
              "YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE": "You are not allowed to set a non-existent role value"
            },
            "schema": {
              "user": {
                "fields": {
                  "role": {
                    "type": "string",
                    "required": false,
                    "input": false
                  },
                  "banned": {
                    "type": "boolean",
                    "defaultValue": false,
                    "required": false,
                    "input": false
                  },
                  "banReason": {
                    "type": "string",
                    "required": false,
                    "input": false
                  },
                  "banExpires": {
                    "type": "date",
                    "required": false,
                    "input": false
                  }
                }
              },
              "session": {
                "fields": {
                  "impersonatedBy": {
                    "type": "string",
                    "required": false
                  }
                }
              }
            }
          }
        },
        {
          "name": "next-cookies",
          "config": {
            "id": "next-cookies",
            "hooks": {
              "after": [
                {}
              ]
            }
          }
        }
      ]
    }
  }
}

Which area(s) are affected? (Select all that apply)

Package

Auth config (if applicable)

import { betterAuth } from "better-auth"
export const auth = betterAuth({
  emailAndPassword: {  
    enabled: true
  },
});

Additional context

No response

Originally created by @OwenChia on GitHub (Nov 25, 2025). ### Is this suited for github? - [x] Yes, this is suited for github ### To Reproduce This library is incredibly well-designed and has significantly enhanced the authentication process in my applications. Thanks for your excellent work. While Better-Auth offers many useful features, I have encountered some unexpected behavior. When using the username plugin from Better-Auth in a Next.js application, the callbackURL parameter fails to function correctly. After examining the codebase, it appears that the logic for processing the callbackURL is missing, leading to unexpected behavior where the user is not redirected to the desired URL upon successful login. Steps to Reproduce 1. Add username() and usernameClient() to the plugin list in your configuration. 2. Attempt to log in using valid username and password credentials. 3. After a successful login, observe that no redirection occurs to the specified callbackURL. In this code, it only return two field: `token` and `user`, no `redirect` and `url`, https://github.com/better-auth/better-auth/blob/canary/packages/better-auth/src/plugins/username/index.ts#L395-L408 ```javascript return ctx.json({ token: session.token, user: { id: user.id, email: user.email, emailVerified: user.emailVerified, username: user.username, displayUsername: user.displayUsername, name: user.name, image: user.image, createdAt: user.createdAt, updatedAt: user.updatedAt, }, }); ``` I think it should be like this: ```javascript return ctx.json({ redirect: !!ctx.body.callbackURL, url: ctx.body.callbackURL, token: session.token, user: { id: user.id, email: user.email, emailVerified: user.emailVerified, username: user.username, displayUsername: user.displayUsername, name: user.name, image: user.image, createdAt: user.createdAt, updatedAt: user.updatedAt, }, }); ``` Also, the test case for `callbackURL` is not included. ### Current vs. Expected behavior + Current Behavior The application does not redirect users to the specified callbackURL after a successful login with the username plugin. As a result, users remain on the same page. + Expected Behavior After a successful login, users should be redirected to the callbackURL specified in the request body. Additionally, there should be test cases included to verify the functionality of the callbackURL. ### What version of Better Auth are you using? 1.4.1 ### System info ```bash { "system": { "platform": "linux", "arch": "x64", "version": "#1 SMP PREEMPT_DYNAMIC Tue Aug 19 20:41:53 HKT 2025", "release": "6.12.54-gentoo-dist-hardened", "cpuCount": 6, "cpuModel": "AMD Ryzen 5 4500U with Radeon Graphics", "totalMemory": "62.45 GB", "freeMemory": "6.92 GB" }, "node": { "version": "v22.13.1", "env": "development" }, "packageManager": { "name": "pnpm", "version": "10.7.1" }, "frameworks": [ { "name": "next", "version": "16.0.3" }, { "name": "react", "version": "19.2.0" } ], "databases": [ { "name": "better-sqlite3", "version": "^12.4.5" } ], "betterAuth": { "version": "^1.3.34", "config": { "database": { "name": "./database.sqlite", "open": true, "inTransaction": false, "readonly": false, "memory": false }, "emailAndPassword": { "enabled": true }, "plugins": [ { "name": "username", "config": { "id": "username", "endpoints": {}, "schema": { "user": { "fields": { "username": { "type": "string", "required": false, "sortable": true, "unique": true, "returned": true, "transform": {} }, "displayUsername": { "type": "string", "required": false, "transform": {} } } } }, "hooks": { "before": [ {}, {} ] }, "$ERROR_CODES": { "INVALID_USERNAME_OR_PASSWORD": "[REDACTED]", "EMAIL_NOT_VERIFIED": "Email not verified", "UNEXPECTED_ERROR": "Unexpected error", "USERNAME_IS_ALREADY_TAKEN": "Username is already taken. Please try another.", "USERNAME_TOO_SHORT": "Username is too short", "USERNAME_TOO_LONG": "Username is too long", "INVALID_USERNAME": "Username is invalid", "INVALID_DISPLAY_USERNAME": "Display username is invalid" } } }, { "name": "admin", "config": { "id": "admin", "hooks": { "after": [ {} ] }, "endpoints": {}, "$ERROR_CODES": { "FAILED_TO_CREATE_USER": "Failed to create user", "USER_ALREADY_EXISTS": "User already exists.", "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL": "User already exists. Use another email.", "YOU_CANNOT_BAN_YOURSELF": "You cannot ban yourself", "YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE": "You are not allowed to change users role", "YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS": "You are not allowed to create users", "YOU_ARE_NOT_ALLOWED_TO_LIST_USERS": "You are not allowed to list users", "YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS": "You are not allowed to list users sessions", "YOU_ARE_NOT_ALLOWED_TO_BAN_USERS": "You are not allowed to ban users", "YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS": "You are not allowed to impersonate users", "YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS": "You are not allowed to revoke users sessions", "YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS": "You are not allowed to delete users", "YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD": "[REDACTED]", "BANNED_USER": "You have been banned from this application", "YOU_ARE_NOT_ALLOWED_TO_GET_USER": "You are not allowed to get user", "NO_DATA_TO_UPDATE": "No data to update", "YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS": "You are not allowed to update users", "YOU_CANNOT_REMOVE_YOURSELF": "You cannot remove yourself", "YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE": "You are not allowed to set a non-existent role value" }, "schema": { "user": { "fields": { "role": { "type": "string", "required": false, "input": false }, "banned": { "type": "boolean", "defaultValue": false, "required": false, "input": false }, "banReason": { "type": "string", "required": false, "input": false }, "banExpires": { "type": "date", "required": false, "input": false } } }, "session": { "fields": { "impersonatedBy": { "type": "string", "required": false } } } } } }, { "name": "next-cookies", "config": { "id": "next-cookies", "hooks": { "after": [ {} ] } } } ] } } } ``` ### Which area(s) are affected? (Select all that apply) Package ### Auth config (if applicable) ```typescript import { betterAuth } from "better-auth" export const auth = betterAuth({ emailAndPassword: { enabled: true }, }); ``` ### Additional context _No response_
GiteaMirror added the bug label 2026-03-13 09:49:07 -05:00
GiteaMirror commented 2026-03-13 09:49:09 -05:00
Author
Owner
Copy Link

@better-auth-agent[bot] commented on GitHub (Nov 25, 2025):

Thanks for reporting this issue and for your detailed feedback. Our team is aware that the current implementation of the username plugin returns only the token and user fields after a successful login without handling the callbackURL parameter, which leads to the described redirection issue. This behavior is related to the way the callbackURL is processed in the plugin, and we’re currently evaluating the best approach to include redirection data (such as "redirect" and "url") in the response. In the meantime, as a workaround, you might consider manually handling the callbackURL on the client side after receiving the login response. If you have a moment, please let us know if a manual redirect based on the response token would work for your use case, or if you prefer a built-in solution. Tag @better-auth-agent if you would like an answer from the Agent.

DiagramDiscordGitHub

Diagram Join Star

@better-auth-agent[bot] commented on GitHub (Nov 25, 2025): Thanks for reporting this issue and for your detailed feedback. Our team is aware that the current implementation of the username plugin returns only the token and user fields after a successful login without handling the callbackURL parameter, which leads to the described redirection issue. This behavior is related to the way the callbackURL is processed in the plugin, and we’re currently evaluating the best approach to include redirection data (such as "redirect" and "url") in the response. In the meantime, as a workaround, you might consider manually handling the callbackURL on the client side after receiving the login response. If you have a moment, please let us know if a manual redirect based on the response token would work for your use case, or if you prefer a built-in solution. Tag @better-auth-agent if you would like an answer from the Agent. <!-- bot:webhook reply v1 --> [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) • [Discord](https://discord.gg/better-auth) • [GitHub](https://github.com/better-auth/better-auth) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/better-auth) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/better-auth/better-auth)
GiteaMirror commented 2026-03-13 09:49:10 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Nov 25, 2025):

Hi @OwenChia! I'm Dosu and I’m helping the better-auth team.

You're correct—the username plugin currently does not process or return callbackURL in its login response, so users are not redirected after login even if callbackURL is provided. This is different from other plugins like email/password and social providers, which do include redirect and url fields in their responses to enable client-side redirection after authentication (source). The username plugin only uses callbackURL for email verification flows, not for post-login redirects (source).

To align with the rest of the framework and support callbackURL-based redirection, you should update the username plugin's login response to include:

return ctx.json({
  redirect: !!ctx.body.callbackURL,
  url: ctx.body.callbackURL,
  token: session.token,
  user: { ... }
});

There are currently no test cases for callbackURL or redirect behavior in the username plugin's test suite (source), so adding tests to verify this functionality is recommended.

This change will allow your Next.js frontend to handle redirects after login in the same way as other authentication flows.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other

Chat with Dosu Open in Cursor Join Discord Share on X

@dosubot[bot] commented on GitHub (Nov 25, 2025): <!-- Greeting --> Hi @OwenChia! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the better-auth team. <!-- Answer --> You're correct—the username plugin currently does not process or return callbackURL in its login response, so users are not redirected after login even if callbackURL is provided. This is different from other plugins like email/password and social providers, which do include `redirect` and `url` fields in their responses to enable client-side redirection after authentication ([source](https://github.com/better-auth/better-auth/blob/cb5c2fc2604090247f8bb9a33eae03a5fdc1ab14/packages/better-auth/src/api/routes/sign-in.ts#L11-L529)). The username plugin only uses callbackURL for email verification flows, not for post-login redirects ([source](https://github.com/better-auth/better-auth/blob/cb5c2fc2604090247f8bb9a33eae03a5fdc1ab14/packages/better-auth/src/plugins/username/index.ts#L184-L409)). To align with the rest of the framework and support callbackURL-based redirection, you should update the username plugin's login response to include: ```js return ctx.json({ redirect: !!ctx.body.callbackURL, url: ctx.body.callbackURL, token: session.token, user: { ... } }); ``` There are currently no test cases for callbackURL or redirect behavior in the username plugin's test suite ([source](https://github.com/better-auth/better-auth/blob/cb5c2fc2604090247f8bb9a33eae03a5fdc1ab14/packages/better-auth/src/plugins/username/username.test.ts#L6-L297)), so adding tests to verify this functionality is recommended. This change will allow your Next.js frontend to handle redirects after login in the same way as other authentication flows. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/18132898-785b-44d1-b0bd-716527d676a4?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/18132898-785b-44d1-b0bd-716527d676a4?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/18132898-785b-44d1-b0bd-716527d676a4?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/18132898-785b-44d1-b0bd-716527d676a4?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/18132898-785b-44d1-b0bd-716527d676a4?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/18132898-785b-44d1-b0bd-716527d676a4?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/18132898-785b-44d1-b0bd-716527d676a4?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github)&nbsp;[![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=You%27re%20correct%E2%80%94the%20username%20plugin%20currently%20does%20not%20process%20or%20return%20callbackURL%20in%20its%20login%20response%2C%20so%20users%20are%20not%20redirected%20after%20login%20even%20if%20callbackURL%20is%20provided.%20This%20is%20different%20from%20other%20plugins%20like%20email/password%20and%20social%20providers%2C%20which%20do%20include%20%60redirect%60%20and%20%60url%60%20fields%20in%20their%20responses%20to%20enable%20client-side%20redirection%20after%20authentication%20%28%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/blob/cb5c2fc2604090247f8bb9a33eae03a5fdc1ab14/packages/better-auth/src/api/routes/sign-in.ts%23L11-L529%29%29.%20The%20username%20plugin%20only%20uses%20callbackURL%20for%20email%20verification%20flows%2C%20not%20for%20post-login%20redirects%20%28%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/blob/cb5c2fc2604090247f8bb9a33eae03a5fdc1ab14/packages/better-auth/src/plugins/username/index.ts%23L184-L409%29%29.%0A%0ATo%20align%20with%20the%20rest%20of%20the%20framework%20and%20support%20callbackURL-based%20redirection%2C%20you%20should%20update%20the%20username%20plugin%27s%20login%20response%20to%20include%3A%0A%0A%60%60%60js%0Areturn%20ctx.json%28%7B%0A%20%20redirect%3A%20%21%21ctx.body.callbackURL%2C%0A%20%20url%3A%20ctx.body.callbackURL%2C%0A%20%20token%3A%20session.token%2C%0A%20%20user%3A%20%7B%20...%20%7D%0A%7D%29%3B%0A%60%60%60%0A%0AThere%20are%20currently%20no%20test%20cases%20for%20callbackURL%20or%20redirect%20behavior%20in%20the%20username%20plugin%27s%20test%20suite%20%28%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/blob/cb5c2fc2604090247f8bb9a33eae03a5fdc1ab14/packages/better-auth/src/plugins/username/username.test.ts%23L6-L297%29%29%2C%20so%20adding%20tests%20to%20verify%20this%20functionality%20is%20recommended.%0A%0AThis%20change%20will%20allow%20your%20Next.js%20frontend%20to%20handle%20redirects%20after%20login%20in%20the%20same%20way%20as%20other%20authentication%20flows.)&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/6297)
GiteaMirror commented 2026-03-13 09:49:11 -05:00
Author
Owner
Copy Link

@GautamBytes commented on GitHub (Nov 26, 2025):

Will be working on it!

@GautamBytes commented on GitHub (Nov 26, 2025): Will be working on it!
GiteaMirror commented 2026-03-13 09:49:12 -05:00
Author
Owner
Copy Link

@Ridhim-RR commented on GitHub (Nov 26, 2025):

@OwenChia
I have implemented handling for the callback URL in the Username plugin like this:
If a callback URL is provided, that URL will be returned in the response.Otherwise, a fallback value of "/" (the home page) will be returned.With this change, the callback boolean field is no longer necessary.The response will always include the url field. Let me know what are your thoughts on this.

@Ridhim-RR commented on GitHub (Nov 26, 2025): @OwenChia I have implemented handling for the callback URL in the Username plugin like this: If a callback URL is provided, that URL will be returned in the response.Otherwise, a fallback value of "/" (the home page) will be returned.With this change, the callback boolean field is no longer necessary.The response will always include the url field. Let me know what are your thoughts on this.
GiteaMirror commented 2026-03-13 09:49:12 -05:00
Author
Owner
Copy Link

@OwenChia commented on GitHub (Nov 27, 2025):

Sounds good to me. Does other plugins and the default sign-in method will also remove callback boolean field?

On November 26, 2025 11:18:09 AM UTC, Ridhim Singh Raizada @.***> wrote:

Ridhim-RR left a comment (better-auth/better-auth#6297)

@OwenChia
I have implemented handling for the callback URL in the Username plugin like this:
If a callback URL is provided, that URL will be returned in the response.Otherwise, a fallback value of "/" (the home page) will be returned.With this change, the callback boolean field is no longer necessary.The response will always include the url field. Let me know what are your thoughts on this.

@OwenChia commented on GitHub (Nov 27, 2025): Sounds good to me. Does other plugins and the default sign-in method will also remove callback boolean field? On November 26, 2025 11:18:09 AM UTC, Ridhim Singh Raizada ***@***.***> wrote: >Ridhim-RR left a comment (better-auth/better-auth#6297) > >@OwenChia > I have implemented handling for the callback URL in the Username plugin like this: >If a callback URL is provided, that URL will be returned in the response.Otherwise, a fallback value of "/" (the home page) will be returned.With this change, the callback boolean field is no longer necessary.The response will always include the url field. Let me know what are your thoughts on this. >
GiteaMirror commented 2026-03-13 09:49:13 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Feb 26, 2026):

Hi, @OwenChia. I'm Dosu, and I'm helping the better-auth team manage their backlog and am marking this issue as stale.

Issue Summary:

  • You reported that the Better-Auth username plugin in Next.js did not handle the callbackURL parameter properly, causing no redirection after login.
  • The maintainers acknowledged the issue, noting the username plugin lacked redirect and url fields in its response compared to other plugins.
  • A fix was implemented to always return a url field with the callback URL or a default "/", removing the need for a callback boolean.
  • You agreed with the fix and asked if other plugins would also remove the callback boolean field.

Next Steps:

  • Please let me know if this issue is still relevant with the latest version of better-auth by commenting here to keep the discussion open.
  • Otherwise, this issue will be automatically closed in 7 days.

Thank you for your understanding and contribution!

@dosubot[bot] commented on GitHub (Feb 26, 2026): Hi, @OwenChia. I'm [Dosu](https://dosu.dev), and I'm helping the better-auth team manage their backlog and am marking this issue as stale. **Issue Summary:** - You reported that the Better-Auth username plugin in Next.js did not handle the callbackURL parameter properly, causing no redirection after login. - The maintainers acknowledged the issue, noting the username plugin lacked redirect and url fields in its response compared to other plugins. - A fix was implemented to always return a url field with the callback URL or a default "/", removing the need for a callback boolean. - You agreed with the fix and asked if other plugins would also remove the callback boolean field. **Next Steps:** - Please let me know if this issue is still relevant with the latest version of better-auth by commenting here to keep the discussion open. - Otherwise, this issue will be automatically closed in 7 days. Thank you for your understanding and contribution!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#2389
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?