Property "returned" does not work as expected on additionaFields #2735

New Issue

GiteaMirror · 2026-03-13T10:16:18-05:00

GiteaMirror commented

2026-03-13 10:16:18 -05:00

Originally created by @mmorper0 on GitHub (Jan 20, 2026).

Originally assigned to: @Paola3stefania on GitHub.

Is this suited for github?

Yes, this is suited for github

To Reproduce

Add the organization plugin to your backend instance
Add an additional field with the property returned to false and input to true
Make a request to the backend, the field will never be saved

Current vs. Expected behavior

The documentation says this property is for the field to not be returned, but in fact it also makes that, at least through API, you cannot input it. Supposedly, the input property is the one who manages that.

What version of Better Auth are you using?

1.4.11

System info

{
  "system": {
    "platform": "linux",
    "arch": "x64",
    "version": "#37~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov 20 10:25:38 UTC 2",
    "release": "6.14.0-37-generic",
    "cpuCount": 14,
    "cpuModel": "Intel(R) Core(TM) Ultra 7 155U",
    "totalMemory": "30.86 GB",
    "freeMemory": "14.09 GB"
  },
  "node": {
    "version": "v22.0.0",
    "env": "development"
  },
  "packageManager": {
    "name": "npm",
    "version": "10.5.1"
  },
  "frameworks": [
    {
      "name": "express",
      "version": "^5.1.0"
    }
  ],
  "databases": [
    {
      "name": "pg",
      "version": "^8.16.3"
    },
    {
      "name": "drizzle",
      "version": "^0.44.7"
    }
  ],
  "betterAuth": {
    "version": "^1.4.11",
    "config": {
      "emailAndPassword": {
        "enabled": true,
        "disableSignUp": true
      },
      "plugins": [
        {
          "name": "open-api",
          "config": {
            "id": "open-api",
            "endpoints": {}
          }
        },
        {
          "name": "admin",
          "config": {
            "id": "admin",
            "hooks": {
              "after": [
                {}
              ]
            },
            "endpoints": {},
            "$ERROR_CODES": {
              "FAILED_TO_CREATE_USER": "Failed to create user",
              "USER_ALREADY_EXISTS": "User already exists.",
              "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL": "User already exists. Use another email.",
              "YOU_CANNOT_BAN_YOURSELF": "You cannot ban yourself",
              "YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE": "You are not allowed to change users role",
              "YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS": "You are not allowed to create users",
              "YOU_ARE_NOT_ALLOWED_TO_LIST_USERS": "You are not allowed to list users",
              "YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS": "You are not allowed to list users sessions",
              "YOU_ARE_NOT_ALLOWED_TO_BAN_USERS": "You are not allowed to ban users",
              "YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS": "You are not allowed to impersonate users",
              "YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS": "You are not allowed to revoke users sessions",
              "YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS": "You are not allowed to delete users",
              "YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD": "[REDACTED]",
              "BANNED_USER": "You have been banned from this application",
              "YOU_ARE_NOT_ALLOWED_TO_GET_USER": "You are not allowed to get user",
              "NO_DATA_TO_UPDATE": "No data to update",
              "YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS": "You are not allowed to update users",
              "YOU_CANNOT_REMOVE_YOURSELF": "You cannot remove yourself",
              "YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE": "You are not allowed to set a non-existent role value",
              "YOU_CANNOT_IMPERSONATE_ADMINS": "You cannot impersonate admins",
              "INVALID_ROLE_TYPE": "Invalid role type"
            },
            "schema": {
              "user": {
                "fields": {
                  "role": {
                    "type": "string",
                    "required": false,
                    "input": false
                  },
                  "banned": {
                    "type": "boolean",
                    "defaultValue": false,
                    "required": false,
                    "input": false
                  },
                  "banReason": {
                    "type": "string",
                    "required": false,
                    "input": false
                  },
                  "banExpires": {
                    "type": "date",
                    "required": false,
                    "input": false
                  }
                }
              },
              "session": {
                "fields": {
                  "impersonatedBy": {
                    "type": "string",
                    "required": false
                  }
                }
              }
            },
            "options": {
              "ac": {
                "statements": {
                  "user": [
                    "create",
                    "list",
                    "set-role",
                    "ban",
                    "impersonate",
                    "delete",
                    "set-password",
                    "get",
                    "update"
                  ],
                  "session": [
                    "list",
                    "revoke",
                    "delete"
                  ]
                }
              },
              "roles": {
                "user": {
                  "statements": {
                    "user": [
                      "create"
                    ]
                  }
                },
                "partner": {
                  "statements": {
                    "user": [
                      "create",
                      "list",
                      "delete",
                      "ban"
                    ],
                    "session": [
                      "list",
                      "revoke",
                      "delete"
                    ]
                  }
                },
                "admin": {
                  "statements": {
                    "user": [
                      "create",
                      "list",
                      "set-role",
                      "ban",
                      "impersonate",
                      "delete",
                      "set-password",
                      "get",
                      "update"
                    ],
                    "session": [
                      "list",
                      "revoke",
                      "delete"
                    ]
                  }
                }
              }
            }
          }
        },
        {
          "name": "organization",
          "config": {
            "id": "organization",
            "endpoints": {},
            "schema": {
              "organization": {
                "fields": {
                  "name": {
                    "type": "string",
                    "required": true,
                    "sortable": true
                  },
                  "slug": {
                    "type": "string",
                    "required": true,
                    "unique": true,
                    "sortable": true,
                    "index": true
                  },
                  "logo": {
                    "type": "string",
                    "required": false
                  },
                  "createdAt": {
                    "type": "date",
                    "required": true
                  },
                  "metadata": {
                    "type": "string",
                    "required": false
                  },
                  "parentOrganizationId": {
                    "type": "string",
                    "required": false,
                    "references": {
                      "field": "id",
                      "model": "organization",
                      "onDelete": "restrict"
                    }
                  },
                  "externalApiKey": {
                    "type": "string",
                    "required": false,
                    "transform": {},
                    "returned": false,
                    "input": true
                  },
                  "externalId": {
                    "type": "string",
                    "required": false,
                    "unique": true
                  }
                }
              },
              "member": {
                "fields": {
                  "organizationId": {
                    "type": "string",
                    "required": true,
                    "references": {
                      "model": "organization",
                      "field": "id"
                    },
                    "index": true
                  },
                  "userId": {
                    "type": "string",
                    "required": true,
                    "references": {
                      "model": "user",
                      "field": "id"
                    },
                    "index": true
                  },
                  "role": {
                    "type": "string",
                    "required": true,
                    "sortable": true,
                    "defaultValue": "member"
                  },
                  "createdAt": {
                    "type": "date",
                    "required": true
                  }
                }
              },
              "invitation": {
                "fields": {
                  "organizationId": {
                    "type": "string",
                    "required": true,
                    "references": {
                      "model": "organization",
                      "field": "id"
                    },
                    "index": true
                  },
                  "email": {
                    "type": "string",
                    "required": true,
                    "sortable": true,
                    "index": true
                  },
                  "role": {
                    "type": "string",
                    "required": false,
                    "sortable": true
                  },
                  "status": {
                    "type": "string",
                    "required": true,
                    "sortable": true,
                    "defaultValue": "pending"
                  },
                  "expiresAt": {
                    "type": "date",
                    "required": true
                  },
                  "createdAt": {
                    "type": "date",
                    "required": true
                  },
                  "inviterId": {
                    "type": "string",
                    "references": {
                      "model": "user",
                      "field": "id"
                    },
                    "required": true
                  }
                }
              },
              "session": {
                "fields": {
                  "activeOrganizationId": {
                    "type": "string",
                    "required": false
                  }
                }
              }
            },
            "$Infer": {
              "Organization": {},
              "Invitation": {},
              "Member": {},
              "Team": {},
              "TeamMember": {},
              "ActiveOrganization": {}
            },
            "$ERROR_CODES": {
              "YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_ORGANIZATION": "You are not allowed to create a new organization",
              "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS": "You have reached the maximum number of organizations",
              "ORGANIZATION_ALREADY_EXISTS": "Organization already exists",
              "ORGANIZATION_SLUG_ALREADY_TAKEN": "Organization slug already taken",
              "ORGANIZATION_NOT_FOUND": "Organization not found",
              "USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION": "User is not a member of the organization",
              "YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_ORGANIZATION": "You are not allowed to update this organization",
              "YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_ORGANIZATION": "You are not allowed to delete this organization",
              "NO_ACTIVE_ORGANIZATION": "No active organization",
              "USER_IS_ALREADY_A_MEMBER_OF_THIS_ORGANIZATION": "User is already a member of this organization",
              "MEMBER_NOT_FOUND": "Member not found",
              "ROLE_NOT_FOUND": "Role not found",
              "YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM": "You are not allowed to create a new team",
              "TEAM_ALREADY_EXISTS": "Team already exists",
              "TEAM_NOT_FOUND": "Team not found",
              "YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER": "You cannot leave the organization as the only owner",
              "YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER": "You cannot leave the organization without an owner",
              "YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_MEMBER": "You are not allowed to delete this member",
              "YOU_ARE_NOT_ALLOWED_TO_INVITE_USERS_TO_THIS_ORGANIZATION": "You are not allowed to invite users to this organization",
              "USER_IS_ALREADY_INVITED_TO_THIS_ORGANIZATION": "User is already invited to this organization",
              "INVITATION_NOT_FOUND": "Invitation not found",
              "YOU_ARE_NOT_THE_RECIPIENT_OF_THE_INVITATION": "You are not the recipient of the invitation",
              "EMAIL_VERIFICATION_REQUIRED_BEFORE_ACCEPTING_OR_REJECTING_INVITATION": "Email verification required before accepting or rejecting invitation",
              "YOU_ARE_NOT_ALLOWED_TO_CANCEL_THIS_INVITATION": "You are not allowed to cancel this invitation",
              "INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION": "Inviter is no longer a member of the organization",
              "YOU_ARE_NOT_ALLOWED_TO_INVITE_USER_WITH_THIS_ROLE": "You are not allowed to invite a user with this role",
              "FAILED_TO_RETRIEVE_INVITATION": "Failed to retrieve invitation",
              "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS": "You have reached the maximum number of teams",
              "UNABLE_TO_REMOVE_LAST_TEAM": "Unable to remove last team",
              "YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER": "You are not allowed to update this member",
              "ORGANIZATION_MEMBERSHIP_LIMIT_REACHED": "Organization membership limit reached",
              "YOU_ARE_NOT_ALLOWED_TO_CREATE_TEAMS_IN_THIS_ORGANIZATION": "You are not allowed to create teams in this organization",
              "YOU_ARE_NOT_ALLOWED_TO_DELETE_TEAMS_IN_THIS_ORGANIZATION": "You are not allowed to delete teams in this organization",
              "YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_TEAM": "You are not allowed to update this team",
              "YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_TEAM": "You are not allowed to delete this team",
              "INVITATION_LIMIT_REACHED": "Invitation limit reached",
              "TEAM_MEMBER_LIMIT_REACHED": "Team member limit reached",
              "USER_IS_NOT_A_MEMBER_OF_THE_TEAM": "User is not a member of the team",
              "YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM": "You are not allowed to list the members of this team",
              "YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM": "You do not have an active team",
              "YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER": "You are not allowed to create a new member",
              "YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER": "You are not allowed to remove a team member",
              "YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION": "You are not allowed to access this organization as an owner",
              "YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION": "You are not a member of this organization",
              "MISSING_AC_INSTANCE": "Dynamic Access Control requires a pre-defined ac instance on the server auth plugin. Read server logs for more information",
              "YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE": "You must be in an organization to create a role",
              "YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE": "You are not allowed to create a role",
              "YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE": "You are not allowed to update a role",
              "YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE": "You are not allowed to delete a role",
              "YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE": "You are not allowed to read a role",
              "YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE": "You are not allowed to list a role",
              "YOU_ARE_NOT_ALLOWED_TO_GET_A_ROLE": "You are not allowed to get a role",
              "TOO_MANY_ROLES": "This organization has too many roles",
              "INVALID_RESOURCE": "The provided permission includes an invalid resource",
              "ROLE_NAME_IS_ALREADY_TAKEN": "That role name is already taken",
              "CANNOT_DELETE_A_PRE_DEFINED_ROLE": "Cannot delete a pre-defined role"
            },
            "options": {
              "ac": {
                "statements": {
                  "organization": [
                    "update",
                    "delete"
                  ],
                  "member": [
                    "create",
                    "update",
                    "delete"
                  ],
                  "invitation": [
                    "create",
                    "cancel"
                  ],
                  "team": [
                    "create",
                    "update",
                    "delete"
                  ],
                  "ac": [
                    "create",
                    "read",
                    "update",
                    "delete"
                  ]
                }
              },
              "roles": {
                "member": {
                  "statements": {
                    "invitation": [
                      "create",
                      "cancel"
                    ]
                  }
                },
                "admin": {
                  "statements": {
                    "organization": [
                      "update"
                    ],
                    "invitation": [
                      "create",
                      "cancel"
                    ],
                    "member": [
                      "create",
                      "update",
                      "delete"
                    ],
                    "team": [
                      "create",
                      "update",
                      "delete"
                    ],
                    "ac": [
                      "create",
                      "read",
                      "update",
                      "delete"
                    ]
                  }
                },
                "owner": {
                  "statements": {
                    "organization": [
                      "update",
                      "delete"
                    ],
                    "member": [
                      "create",
                      "update",
                      "delete"
                    ],
                    "invitation": [
                      "create",
                      "cancel"
                    ],
                    "team": [
                      "create",
                      "update",
                      "delete"
                    ],
                    "ac": [
                      "create",
                      "read",
                      "update",
                      "delete"
                    ]
                  }
                }
              },
              "disableOrganizationDeletion": true,
              "cancelPendingInvitationsOnReInvite": true,
              "organizationHooks": {},
              "schema": {
                "organization": {
                  "additionalFields": {
                    "parentOrganizationId": {
                      "type": "string",
                      "required": false,
                      "references": {
                        "field": "id",
                        "model": "organization",
                        "onDelete": "restrict"
                      }
                    },
                    "externalApiKey": {
                      "type": "string",
                      "required": false,
                      "transform": {},
                      "returned": false,
                      "input": true
                    },
                    "externalId": {
                      "type": "string",
                      "required": false,
                      "unique": true
                    }
                  }
                }
              }
            }
          }
        },
        {
          "name": "magic-link",
          "config": {
            "id": "magic-link",
            "endpoints": {},
            "rateLimit": [
              {
                "window": 60,
                "max": 5
              }
            ],
            "options": {}
          }
        },
        {
          "name": "custom-onboarding-plugin",
          "config": {
            "id": "custom-onboarding-plugin",
            "endpoints": {}
          }
        },
        {
          "name": "custom-session",
          "config": {
            "id": "custom-session",
            "hooks": {
              "after": [
                {}
              ]
            },
            "endpoints": {},
            "$Infer": {
              "Session": {}
            }
          }
        }
      ],
      "rateLimit": {
        "enabled": false
      },
      "databaseHooks": {
        "session": {
          "create": {}
        }
      }
    }
  }
}

Which area(s) are affected? (Select all that apply)

Backend

Auth config (if applicable)

Additional context

No response

Originally created by @mmorper0 on GitHub (Jan 20, 2026). Originally assigned to: @Paola3stefania on GitHub. ### Is this suited for github? - [x] Yes, this is suited for github ### To Reproduce 1. Add the organization plugin to your backend instance 2. Add an additional field with the property returned to false and input to true 3. Make a request to the backend, the field will never be saved ### Current vs. Expected behavior The documentation says this property is for the field to not be returned, but in fact it also makes that, at least through API, you cannot input it. Supposedly, the input property is the one who manages that. ### What version of Better Auth are you using? 1.4.11 ### System info ```bash { "system": { "platform": "linux", "arch": "x64", "version": "#37~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov 20 10:25:38 UTC 2", "release": "6.14.0-37-generic", "cpuCount": 14, "cpuModel": "Intel(R) Core(TM) Ultra 7 155U", "totalMemory": "30.86 GB", "freeMemory": "14.09 GB" }, "node": { "version": "v22.0.0", "env": "development" }, "packageManager": { "name": "npm", "version": "10.5.1" }, "frameworks": [ { "name": "express", "version": "^5.1.0" } ], "databases": [ { "name": "pg", "version": "^8.16.3" }, { "name": "drizzle", "version": "^0.44.7" } ], "betterAuth": { "version": "^1.4.11", "config": { "emailAndPassword": { "enabled": true, "disableSignUp": true }, "plugins": [ { "name": "open-api", "config": { "id": "open-api", "endpoints": {} } }, { "name": "admin", "config": { "id": "admin", "hooks": { "after": [ {} ] }, "endpoints": {}, "$ERROR_CODES": { "FAILED_TO_CREATE_USER": "Failed to create user", "USER_ALREADY_EXISTS": "User already exists.", "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL": "User already exists. Use another email.", "YOU_CANNOT_BAN_YOURSELF": "You cannot ban yourself", "YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE": "You are not allowed to change users role", "YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS": "You are not allowed to create users", "YOU_ARE_NOT_ALLOWED_TO_LIST_USERS": "You are not allowed to list users", "YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS": "You are not allowed to list users sessions", "YOU_ARE_NOT_ALLOWED_TO_BAN_USERS": "You are not allowed to ban users", "YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS": "You are not allowed to impersonate users", "YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS": "You are not allowed to revoke users sessions", "YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS": "You are not allowed to delete users", "YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD": "[REDACTED]", "BANNED_USER": "You have been banned from this application", "YOU_ARE_NOT_ALLOWED_TO_GET_USER": "You are not allowed to get user", "NO_DATA_TO_UPDATE": "No data to update", "YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS": "You are not allowed to update users", "YOU_CANNOT_REMOVE_YOURSELF": "You cannot remove yourself", "YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE": "You are not allowed to set a non-existent role value", "YOU_CANNOT_IMPERSONATE_ADMINS": "You cannot impersonate admins", "INVALID_ROLE_TYPE": "Invalid role type" }, "schema": { "user": { "fields": { "role": { "type": "string", "required": false, "input": false }, "banned": { "type": "boolean", "defaultValue": false, "required": false, "input": false }, "banReason": { "type": "string", "required": false, "input": false }, "banExpires": { "type": "date", "required": false, "input": false } } }, "session": { "fields": { "impersonatedBy": { "type": "string", "required": false } } } }, "options": { "ac": { "statements": { "user": [ "create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update" ], "session": [ "list", "revoke", "delete" ] } }, "roles": { "user": { "statements": { "user": [ "create" ] } }, "partner": { "statements": { "user": [ "create", "list", "delete", "ban" ], "session": [ "list", "revoke", "delete" ] } }, "admin": { "statements": { "user": [ "create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update" ], "session": [ "list", "revoke", "delete" ] } } } } } }, { "name": "organization", "config": { "id": "organization", "endpoints": {}, "schema": { "organization": { "fields": { "name": { "type": "string", "required": true, "sortable": true }, "slug": { "type": "string", "required": true, "unique": true, "sortable": true, "index": true }, "logo": { "type": "string", "required": false }, "createdAt": { "type": "date", "required": true }, "metadata": { "type": "string", "required": false }, "parentOrganizationId": { "type": "string", "required": false, "references": { "field": "id", "model": "organization", "onDelete": "restrict" } }, "externalApiKey": { "type": "string", "required": false, "transform": {}, "returned": false, "input": true }, "externalId": { "type": "string", "required": false, "unique": true } } }, "member": { "fields": { "organizationId": { "type": "string", "required": true, "references": { "model": "organization", "field": "id" }, "index": true }, "userId": { "type": "string", "required": true, "references": { "model": "user", "field": "id" }, "index": true }, "role": { "type": "string", "required": true, "sortable": true, "defaultValue": "member" }, "createdAt": { "type": "date", "required": true } } }, "invitation": { "fields": { "organizationId": { "type": "string", "required": true, "references": { "model": "organization", "field": "id" }, "index": true }, "email": { "type": "string", "required": true, "sortable": true, "index": true }, "role": { "type": "string", "required": false, "sortable": true }, "status": { "type": "string", "required": true, "sortable": true, "defaultValue": "pending" }, "expiresAt": { "type": "date", "required": true }, "createdAt": { "type": "date", "required": true }, "inviterId": { "type": "string", "references": { "model": "user", "field": "id" }, "required": true } } }, "session": { "fields": { "activeOrganizationId": { "type": "string", "required": false } } } }, "$Infer": { "Organization": {}, "Invitation": {}, "Member": {}, "Team": {}, "TeamMember": {}, "ActiveOrganization": {} }, "$ERROR_CODES": { "YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_ORGANIZATION": "You are not allowed to create a new organization", "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS": "You have reached the maximum number of organizations", "ORGANIZATION_ALREADY_EXISTS": "Organization already exists", "ORGANIZATION_SLUG_ALREADY_TAKEN": "Organization slug already taken", "ORGANIZATION_NOT_FOUND": "Organization not found", "USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION": "User is not a member of the organization", "YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_ORGANIZATION": "You are not allowed to update this organization", "YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_ORGANIZATION": "You are not allowed to delete this organization", "NO_ACTIVE_ORGANIZATION": "No active organization", "USER_IS_ALREADY_A_MEMBER_OF_THIS_ORGANIZATION": "User is already a member of this organization", "MEMBER_NOT_FOUND": "Member not found", "ROLE_NOT_FOUND": "Role not found", "YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM": "You are not allowed to create a new team", "TEAM_ALREADY_EXISTS": "Team already exists", "TEAM_NOT_FOUND": "Team not found", "YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER": "You cannot leave the organization as the only owner", "YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER": "You cannot leave the organization without an owner", "YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_MEMBER": "You are not allowed to delete this member", "YOU_ARE_NOT_ALLOWED_TO_INVITE_USERS_TO_THIS_ORGANIZATION": "You are not allowed to invite users to this organization", "USER_IS_ALREADY_INVITED_TO_THIS_ORGANIZATION": "User is already invited to this organization", "INVITATION_NOT_FOUND": "Invitation not found", "YOU_ARE_NOT_THE_RECIPIENT_OF_THE_INVITATION": "You are not the recipient of the invitation", "EMAIL_VERIFICATION_REQUIRED_BEFORE_ACCEPTING_OR_REJECTING_INVITATION": "Email verification required before accepting or rejecting invitation", "YOU_ARE_NOT_ALLOWED_TO_CANCEL_THIS_INVITATION": "You are not allowed to cancel this invitation", "INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION": "Inviter is no longer a member of the organization", "YOU_ARE_NOT_ALLOWED_TO_INVITE_USER_WITH_THIS_ROLE": "You are not allowed to invite a user with this role", "FAILED_TO_RETRIEVE_INVITATION": "Failed to retrieve invitation", "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS": "You have reached the maximum number of teams", "UNABLE_TO_REMOVE_LAST_TEAM": "Unable to remove last team", "YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER": "You are not allowed to update this member", "ORGANIZATION_MEMBERSHIP_LIMIT_REACHED": "Organization membership limit reached", "YOU_ARE_NOT_ALLOWED_TO_CREATE_TEAMS_IN_THIS_ORGANIZATION": "You are not allowed to create teams in this organization", "YOU_ARE_NOT_ALLOWED_TO_DELETE_TEAMS_IN_THIS_ORGANIZATION": "You are not allowed to delete teams in this organization", "YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_TEAM": "You are not allowed to update this team", "YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_TEAM": "You are not allowed to delete this team", "INVITATION_LIMIT_REACHED": "Invitation limit reached", "TEAM_MEMBER_LIMIT_REACHED": "Team member limit reached", "USER_IS_NOT_A_MEMBER_OF_THE_TEAM": "User is not a member of the team", "YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM": "You are not allowed to list the members of this team", "YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM": "You do not have an active team", "YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER": "You are not allowed to create a new member", "YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER": "You are not allowed to remove a team member", "YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION": "You are not allowed to access this organization as an owner", "YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION": "You are not a member of this organization", "MISSING_AC_INSTANCE": "Dynamic Access Control requires a pre-defined ac instance on the server auth plugin. Read server logs for more information", "YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE": "You must be in an organization to create a role", "YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE": "You are not allowed to create a role", "YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE": "You are not allowed to update a role", "YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE": "You are not allowed to delete a role", "YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE": "You are not allowed to read a role", "YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE": "You are not allowed to list a role", "YOU_ARE_NOT_ALLOWED_TO_GET_A_ROLE": "You are not allowed to get a role", "TOO_MANY_ROLES": "This organization has too many roles", "INVALID_RESOURCE": "The provided permission includes an invalid resource", "ROLE_NAME_IS_ALREADY_TAKEN": "That role name is already taken", "CANNOT_DELETE_A_PRE_DEFINED_ROLE": "Cannot delete a pre-defined role" }, "options": { "ac": { "statements": { "organization": [ "update", "delete" ], "member": [ "create", "update", "delete" ], "invitation": [ "create", "cancel" ], "team": [ "create", "update", "delete" ], "ac": [ "create", "read", "update", "delete" ] } }, "roles": { "member": { "statements": { "invitation": [ "create", "cancel" ] } }, "admin": { "statements": { "organization": [ "update" ], "invitation": [ "create", "cancel" ], "member": [ "create", "update", "delete" ], "team": [ "create", "update", "delete" ], "ac": [ "create", "read", "update", "delete" ] } }, "owner": { "statements": { "organization": [ "update", "delete" ], "member": [ "create", "update", "delete" ], "invitation": [ "create", "cancel" ], "team": [ "create", "update", "delete" ], "ac": [ "create", "read", "update", "delete" ] } } }, "disableOrganizationDeletion": true, "cancelPendingInvitationsOnReInvite": true, "organizationHooks": {}, "schema": { "organization": { "additionalFields": { "parentOrganizationId": { "type": "string", "required": false, "references": { "field": "id", "model": "organization", "onDelete": "restrict" } }, "externalApiKey": { "type": "string", "required": false, "transform": {}, "returned": false, "input": true }, "externalId": { "type": "string", "required": false, "unique": true } } } } } } }, { "name": "magic-link", "config": { "id": "magic-link", "endpoints": {}, "rateLimit": [ { "window": 60, "max": 5 } ], "options": {} } }, { "name": "custom-onboarding-plugin", "config": { "id": "custom-onboarding-plugin", "endpoints": {} } }, { "name": "custom-session", "config": { "id": "custom-session", "hooks": { "after": [ {} ] }, "endpoints": {}, "$Infer": { "Session": {} } } } ], "rateLimit": { "enabled": false }, "databaseHooks": { "session": { "create": {} } } } } } ``` ### Which area(s) are affected? (Select all that apply) Backend ### Auth config (if applicable) ```typescript ``` ### Additional context _No response_

GiteaMirror added the bug label 2026-03-13 10:16:18 -05:00

GiteaMirror closed this issue

2026-03-13 10:16:19 -05:00

GiteaMirror commented

2026-03-13 10:16:19 -05:00

@better-auth-agent[bot] commented on GitHub (Jan 20, 2026):

It appears that you are experiencing an issue with the "returned" property in additional fields not behaving as expected in Better Auth. This is a known issue where the additional field marked as not to be returned is still being included in the session data stored in the cached cookie.

In your case, the steps you've followed involve setting the "returned" property to false but still seeing that field included in the response. This aligns with several reported problems:

Inconsistent behavior in sign-in/signup endpoints: A bug was reported that indicates the session cache includes all additional fields even if marked with returned: false. This problem has been acknowledged and documented [6].
Specific issues with cache during user sign-in: Another issue highlights that fields set to returned: false are still present in the cached cookie data after sign-in, which suggests a bug in how cookies are handled [12].

To resolve this, you might consider ensuring you're using the latest version of Better Auth, as there may have been patches or improvements since version 1.4.11 that could address these glitches. However, if the issue persists, it would be best to tag the Better Auth team members, Beka and Max, (@bekacru and @ping__) for more direct assistance.

Are there any specific details or further issues with your current setup that you would like to explore?

If you need more help, tag @better-auth-agent in a comment so I can respond.

Diagram • Discord • GitHub

@better-auth-agent[bot] commented on GitHub (Jan 20, 2026): It appears that you are experiencing an issue with the "returned" property in additional fields not behaving as expected in Better Auth. This is a known issue where the additional field marked as not to be returned is still being included in the session data stored in the cached cookie. In your case, the steps you've followed involve setting the "returned" property to false but still seeing that field included in the response. This aligns with several reported problems: 1. **Inconsistent behavior in sign-in/signup endpoints:** A bug was reported that indicates the session cache includes all additional fields even if marked with `returned: false`. This problem has been acknowledged and documented [[6]](https://github.com/better-auth/better-auth/issues/5293). 2. **Specific issues with cache during user sign-in:** Another issue highlights that fields set to `returned: false` are still present in the cached cookie data after sign-in, which suggests a bug in how cookies are handled [[12]](https://github.com/better-auth/better-auth/issues/2191). To resolve this, you might consider ensuring you're using the latest version of Better Auth, as there may have been patches or improvements since version 1.4.11 that could address these glitches. However, if the issue persists, it would be best to tag the Better Auth team members, Beka and Max, (@bekacru and @ping__) for more direct assistance. Are there any specific details or further issues with your current setup that you would like to explore? _If you need more help, tag @better-auth-agent in a comment so I can respond._  [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) • [Discord](https://discord.gg/better-auth) • [GitHub](https://github.com/better-auth/better-auth) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/better-auth) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/better-auth/better-auth)

GiteaMirror commented

2026-03-13 10:16:20 -05:00

@dosubot[bot] commented on GitHub (Jan 20, 2026):

Hi @mmorper0! I'm Dosu and I’m helping the better-auth team.

The intended behavior is that input: true allows a field to be set via API, and returned: false only hides it from API responses—it should not prevent saving the field in the database. If your additional field isn’t being saved when using returned: false and input: true, this is likely due to a misconfiguration or a mismatch between your Better Auth config and your database schema, not the returned property itself.

Here’s what to check:

Make sure the field exists in your database schema and the column name matches (especially if you use the fieldName property with the drizzle adapter) source.
Double-check your adapter config to ensure it maps the field correctly between Better Auth and your DB source.
The organization plugin’s adapter spreads all fields from the input into the DB save call, regardless of returned or input, so there’s no runtime logic that blocks saving based on returned source.
If you want to control which fields are returned in API responses, use the customSession plugin for explicit control source.

If you’ve checked the above and the field still isn’t saved, please share your schema, adapter config, and DB schema for more targeted debugging.

To reply, just mention @dosu.

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}

@dosubot[bot] commented on GitHub (Jan 20, 2026):  Hi @mmorper0! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the better-auth team.  The intended behavior is that input: true allows a field to be set via API, and returned: false only hides it from API responses—it should not prevent saving the field in the database. If your additional field isn’t being saved when using returned: false and input: true, this is likely due to a misconfiguration or a mismatch between your Better Auth config and your database schema, not the returned property itself. Here’s what to check: - Make sure the field exists in your database schema and the column name matches (especially if you use the fieldName property with the drizzle adapter) [source](https://github.com/better-auth/better-auth/issues/4870). - Double-check your adapter config to ensure it maps the field correctly between Better Auth and your DB [source](https://github.com/better-auth/better-auth/issues/4870). - The organization plugin’s adapter spreads all fields from the input into the DB save call, regardless of returned or input, so there’s no runtime logic that blocks saving based on returned [source](https://github.com/better-auth/better-auth/blob/308f8ae14e3547c8f2ebf220a6e0cf96f0e42b87/packages/better-auth/src/plugins/organization/adapter.ts#L46-L383). - If you want to control which fields are returned in API responses, use the customSession plugin for explicit control [source](https://github.com/better-auth/better-auth/issues/6264). If you’ve checked the above and the field still isn’t saved, please share your schema, adapter config, and DB schema for more targeted debugging.  *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/6b06798c-fe85-4b46-8294-55e770e4dab2?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/6b06798c-fe85-4b46-8294-55e770e4dab2?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/6b06798c-fe85-4b46-8294-55e770e4dab2?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/6b06798c-fe85-4b46-8294-55e770e4dab2?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/6b06798c-fe85-4b46-8294-55e770e4dab2?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/6b06798c-fe85-4b46-8294-55e770e4dab2?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/6b06798c-fe85-4b46-8294-55e770e4dab2?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github) [![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=The%20intended%20behavior%20is%20that%20input%3A%20true%20allows%20a%20field%20to%20be%20set%20via%20API%2C%20and%20returned%3A%20false%20only%20hides%20it%20from%20API%20responses%E2%80%94it%20should%20not%20prevent%20saving%20the%20field%20in%20the%20database.%20If%20your%20additional%20field%20isn%E2%80%99t%20being%20saved%20when%20using%20returned%3A%20false%20and%20input%3A%20true%2C%20this%20is%20likely%20due%20to%20a%20misconfiguration%20or%20a%20mismatch%20between%20your%20Better%20Auth%20config%20and%20your%20database%20schema%2C%20not%20the%20returned%20property%20itself.%0A%0AHere%E2%80%99s%20what%20to%20check%3A%0A%0A-%20Make%20sure%20the%20field%20exists%20in%20your%20database%20schema%20and%20the%20column%20name%20matches%20%28especially%20if%20you%20use%20the%20fieldName%20property%20with%20the%20drizzle%20adapter%29%20%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/issues/4870%29.%0A-%20Double-check%20your%20adapter%20config%20to%20ensure%20it%20maps%20the%20field%20correctly%20between%20Better%20Auth%20and%20your%20DB%20%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/issues/4870%29.%0A-%20The%20organization%20plugin%E2%80%99s%20adapter%20spreads%20all%20fields%20from%20the%20input%20into%20the%20DB%20save%20call%2C%20regardless%20of%20returned%20or%20input%2C%20so%20there%E2%80%99s%20no%20runtime%20logic%20that%20blocks%20saving%20based%20on%20returned%20%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/blob/308f8ae14e3547c8f2ebf220a6e0cf96f0e42b87/packages/better-auth/src/plugins/organization/adapter.ts%23L46-L383%29.%0A-%20If%20you%20want%20to%20control%20which%20fields%20are%20returned%20in%20API%20responses%2C%20use%20the%20customSession%20plugin%20for%20explicit%20control%20%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/issues/6264%29.%0A%0AIf%20you%E2%80%99ve%20checked%20the%20above%20and%20the%20field%20still%20isn%E2%80%99t%20saved%2C%20please%20share%20your%20schema%2C%20adapter%20config%2C%20and%20DB%20schema%20for%20more%20targeted%20debugging.) [![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot) [![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/7489)

GiteaMirror commented

2026-03-13 10:16:20 -05:00

@mmorper0 commented on GitHub (Jan 20, 2026):

@dosu I highly doubt is an adapter issue because the field is not available in beforeCreateOrganization hook from better-auth

@mmorper0 commented on GitHub (Jan 20, 2026): @dosu I highly doubt is an adapter issue because the field is not available in beforeCreateOrganization hook from better-auth

GiteaMirror commented

2026-03-13 10:16:21 -05:00

@dosubot[bot] commented on GitHub (Jan 20, 2026):

You're right—this is not an adapter issue. The reason your field isn't available in beforeCreateOrganization is that, in the current better-auth implementation, any field with returned: false is stripped out during schema validation before hooks run—even if input: true is set. This means the field never makes it into the hook or gets saved, which is not how the docs describe the intended separation of input and returned. If you need the field available in hooks and for saving, you have to set returned: true for now. This is a limitation (or bug) in the schema processing logic and not adapter-related.
Reference: code analysis

To reply, just mention @dosu.

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}

@dosubot[bot] commented on GitHub (Jan 20, 2026):  You're right—this is not an adapter issue. The reason your field isn't available in beforeCreateOrganization is that, in the current better-auth implementation, any field with returned: false is stripped out during schema validation before hooks run—even if input: true is set. This means the field never makes it into the hook or gets saved, which is not how the docs describe the intended separation of input and returned. If you need the field available in hooks and for saving, you have to set returned: true for now. This is a limitation (or bug) in the schema processing logic and not adapter-related. [Reference: code analysis](https://github.com/better-auth/better-auth/blob/4625dcf784b4ac25d471cfd5a4e5839c2daa26ed/packages/better-auth/src/db/to-zod.ts#L18-L48)  *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/45d39f38-b508-49f2-9f38-30c054b4c42d?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/45d39f38-b508-49f2-9f38-30c054b4c42d?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/45d39f38-b508-49f2-9f38-30c054b4c42d?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/45d39f38-b508-49f2-9f38-30c054b4c42d?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/45d39f38-b508-49f2-9f38-30c054b4c42d?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/45d39f38-b508-49f2-9f38-30c054b4c42d?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/45d39f38-b508-49f2-9f38-30c054b4c42d?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github) [![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=You%27re%20right%E2%80%94this%20is%20not%20an%20adapter%20issue.%20The%20reason%20your%20field%20isn%27t%20available%20in%20beforeCreateOrganization%20is%20that%2C%20in%20the%20current%20better-auth%20implementation%2C%20any%20field%20with%20returned%3A%20false%20is%20stripped%20out%20during%20schema%20validation%20before%20hooks%20run%E2%80%94even%20if%20input%3A%20true%20is%20set.%20This%20means%20the%20field%20never%20makes%20it%20into%20the%20hook%20or%20gets%20saved%2C%20which%20is%20not%20how%20the%20docs%20describe%20the%20intended%20separation%20of%20input%20and%20returned.%20If%20you%20need%20the%20field%20available%20in%20hooks%20and%20for%20saving%2C%20you%20have%20to%20set%20returned%3A%20true%20for%20now.%20This%20is%20a%20limitation%20%28or%20bug%29%20in%20the%20schema%20processing%20logic%20and%20not%20adapter-related.%20%20%0A%5BReference%3A%20code%20analysis%5D%28https%3A//github.com/better-auth/better-auth/blob/4625dcf784b4ac25d471cfd5a4e5839c2daa26ed/packages/better-auth/src/db/to-zod.ts%23L18-L48%29) [![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot) [![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/7489)

GiteaMirror commented

2026-03-13 10:16:21 -05:00

@mmorper0 commented on GitHub (Jan 21, 2026):

Hello, first of all, thanks for having a look so fast.

I have updated my package and now I can confirm that the field is properly saved. That said, now it is also return when doing a GET, which I think it's the main purpose of the property

@mmorper0 commented on GitHub (Jan 21, 2026): Hello, first of all, thanks for having a look so fast. I have updated my package and now I can confirm that the field is properly saved. That said, now it is also return when doing a GET, which I think it's the main purpose of the property <img width="783" height="566" alt="Image" src="https://github.com/user-attachments/assets/347102cc-f29c-4621-b10e-f20c192339aa" /> <img width="824" height="458" alt="Image" src="https://github.com/user-attachments/assets/b54e592b-2a61-477c-9489-046d56b9737e" />

GiteaMirror commented

2026-03-13 10:16:21 -05:00

@Paola3stefania commented on GitHub (Jan 21, 2026):

@mmorper0 thank you for cycling back.
Now that the issue is partially solved we are working on the rest. I let you know

@Paola3stefania commented on GitHub (Jan 21, 2026): @mmorper0 thank you for cycling back. Now that the issue is partially solved we are working on the rest. I let you know

GiteaMirror commented

2026-03-13 10:16:22 -05:00

@mmorper0 commented on GitHub (Jan 22, 2026):

@Paola3stefania many thanks for continuing the work on this, I'll hold off until I hear from you.
I guess my Draft PR should just be discarded now, right? I want to make it clear that I made it at routes level instead of at adapter level to only avoid the fields to be returned on client requests. That said, I can be wrong because it's the first time I dive into this code.

@mmorper0 commented on GitHub (Jan 22, 2026): @Paola3stefania many thanks for continuing the work on this, I'll hold off until I hear from you. I guess my Draft PR should just be discarded now, right? I want to make it clear that I made it at routes level instead of at adapter level to only avoid the fields to be returned on client requests. That said, I can be wrong because it's the first time I dive into this code.

GiteaMirror commented

2026-03-13 10:16:23 -05:00

@Paola3stefania commented on GitHub (Jan 22, 2026):

@mmorper0 your approach is also valid! The adapter-level one is to centralize the filtering - this way every route that calls adapter.findOrganizationById() automatically gets filtered output without needing to remember to filter in each route handler.

The adapter still uses the type (InferOrganization<O, false>) internally for database functions, and only applies filterOutputFields at the return where data goes to clients.

Your idea about "only filtering for client requests" is exactly what this does BUT just at a different layer.
Thank you for your draft PR 🙏. Would you mind closing it? Thanks gain

@Paola3stefania commented on GitHub (Jan 22, 2026): @mmorper0 your approach is also valid! The adapter-level one is to centralize the filtering - this way every route that calls adapter.findOrganizationById() automatically gets filtered output without needing to remember to filter in each route handler. The adapter still uses the type (InferOrganization<O, false>) internally for database functions, and only applies filterOutputFields at the return where data goes to clients. Your idea about "only filtering for client requests" is exactly what this does BUT just at a different layer. Thank you for your draft PR 🙏. Would you mind closing it? Thanks gain

GiteaMirror commented

2026-03-13 10:16:24 -05:00

@mmorper0 commented on GitHub (Jan 23, 2026):

@Paola3stefania I missed that, I can see your approach is more solid.
Many thanks for having a look in such a short time and to explain your changes, appreciate it.
My PR is closed :)

@mmorper0 commented on GitHub (Jan 23, 2026): @Paola3stefania I missed that, I can see your approach is more solid. Many thanks for having a look in such a short time and to explain your changes, appreciate it. My PR is closed :)

GiteaMirror referenced this issue

2026-03-13 11:47:54 -05:00

[PR #2735] [MERGED] specify docs around wildcard domains #4459

GiteaMirror referenced this issue

2026-04-13 08:32:51 -05:00

[PR #2735] [MERGED] specify docs around wildcard domains #12706

GiteaMirror referenced this issue

2026-04-15 20:19:02 -05:00

[PR #2735] [MERGED] specify docs around wildcard domains #21360

GiteaMirror referenced this issue

2026-04-17 21:15:09 -05:00

[PR #2735] [MERGED] specify docs around wildcard domains #30060

Sign in to join this conversation.

Branches Tags

changeset-release/main

main

feat/oauth-contribution-protocol

feat/oauth-grant-architecture

harden/server-only-endpoints

temp/server-only-test

2026-05-31/fix/cli-config-virtual-modules

feat/oauth-idtoken-verification

2026-05-31/refactor/kysely-joins-json-helpers

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

fix/oauth-callback-path-declarative

dependabot/github_actions/github-actions-a9bd771bcf

2026-05-31/fix/sqlite-dialect-affected-rows

dependabot/npm_and_yarn/demo/electron/demo-minor-patch-68b3791723

fix/next-cookie-separator

2026-05-29/fix/last-login-method-cookie-prefix

feat/oauth-provider-custom-subject

ping-maxwell/c-ping-maxwell/fix-error-link-apostrophe-f89a

client-assertions-main

2026-05-15/ci/fix-sqlite-abi-mismatch

2026-05-15/fix/organization-team-add-cascade

2026-05-15/fix/parse-set-cookie-value-validation

2026-05-13/feat/captcha-wildcard-endpoints

fix/i18n-before-hook-translation

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

2026-05-08/feat/register-before-send

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#2735