Access the users authentication method and providers #2786

Open
opened 2026-03-13 10:20:15 -05:00 by GiteaMirror · 1 comment
Owner

Originally created by @marsupilamimon on GitHub (Jan 29, 2026).

Is this suited for github?

  • Yes, this is suited for github

In order to support standard multi-tenant requirements like organisation-level authentication policies (we only allow passwordless, our users must use our SSO, our users must have MFA, etc), I would need to know, from the session context that I receive on the server, how has the current user been authenticated. This will allow me to send them to a page to reauthenticate with the desired method, ask them to set up MFA before accessing the organisation, etc. Currently I couldn't figure out any, even a hacky one, way to do this reliably.

At least this is my understanding of the situation, if I'm mistaken then I'm very happy to be so! But this feature would be very important. Thanks!

Describe the solution you'd like

The session object should contain the current provider for both the primary and, if applicable, MFA.

Describe alternatives you've considered

I couldn't figure out any way to do it with better-auth :/

Additional context

No response

Originally created by @marsupilamimon on GitHub (Jan 29, 2026). ### Is this suited for github? - [ ] Yes, this is suited for github ### Is your feature request related to a problem? Please describe. In order to support standard multi-tenant requirements like organisation-level authentication policies (we only allow passwordless, our users must use our SSO, our users must have MFA, etc), I would need to know, from the session context that I receive on the server, how has the current user been authenticated. This will allow me to send them to a page to reauthenticate with the desired method, ask them to set up MFA before accessing the organisation, etc. Currently I couldn't figure out _any_, even a hacky one, way to do this reliably. At least this is my understanding of the situation, if I'm mistaken then I'm very happy to be so! But this feature would be very important. Thanks! ### Describe the solution you'd like The session object should contain the current provider for both the primary and, if applicable, MFA. ### Describe alternatives you've considered I couldn't figure out any way to do it with better-auth :/ ### Additional context _No response_
GiteaMirror added the enhancement label 2026-03-13 10:20:15 -05:00
Author
Owner

@better-auth-agent[bot] commented on GitHub (Jan 29, 2026):

To enhance multi-tenant authentication policies, it’s essential to access the session context for the user's authentication details. Currently, Better Auth does provide a way to obtain some user information through the UserInfo endpoint after a successful authentication via OAuth providers. You can achieve this by using the access token to fetch user details, which includes data returned by the provider like their ID, email, and name [2][8].

As per your request, you'd want to ensure that the session object contains details about the primary provider and any MFA if applicable. There's an open issue concerning similar functionality, so it might be helpful to check if there are updates or discussions by the Better Auth team [2].

For implementing this, consider using the user info endpoint as follows:

const response = await fetch('https://your-domain.com/api/auth/oauth2/userinfo', {
    headers: { 'Authorization': 'Bearer ACCESS_TOKEN' }
});
const userInfo = await response.json(); 

This will provide the necessary information about the user's authentication method, which you can then utilize to prompt them for reauthentication or MFA setup [2][8].

If you need more specific guidance or further functionalities, feel free to tag @bekacru or @ping__ for more in-depth assistance from the Better Auth team.

What authentication method are you currently using, and how do you plan to implement MFA in your application?

If you need more help, tag @better-auth-agent in a comment so I can respond.

DiagramDiscordGitHub

Diagram Join Star

@better-auth-agent[bot] commented on GitHub (Jan 29, 2026): To enhance multi-tenant authentication policies, it’s essential to access the session context for the user's authentication details. Currently, Better Auth does provide a way to obtain some user information through the UserInfo endpoint after a successful authentication via OAuth providers. You can achieve this by using the access token to fetch user details, which includes data returned by the provider like their ID, email, and name [[2]](https://www.better-auth.com/docs/concepts/oauth)[[8]](https://www.better-auth.com/docs/plugins/oidc-provider). As per your request, you'd want to ensure that the session object contains details about the primary provider and any MFA if applicable. There's an open issue concerning similar functionality, so it might be helpful to check if there are updates or discussions by the Better Auth team [[2]](https://www.better-auth.com/docs/concepts/oauth). For implementing this, consider using the user info endpoint as follows: ```javascript const response = await fetch('https://your-domain.com/api/auth/oauth2/userinfo', { headers: { 'Authorization': 'Bearer ACCESS_TOKEN' } }); const userInfo = await response.json(); ``` This will provide the necessary information about the user's authentication method, which you can then utilize to prompt them for reauthentication or MFA setup [[2]](https://www.better-auth.com/docs/concepts/oauth)[[8]](https://www.better-auth.com/docs/plugins/oidc-provider). If you need more specific guidance or further functionalities, feel free to tag @bekacru or @ping__ for more in-depth assistance from the Better Auth team. What authentication method are you currently using, and how do you plan to implement MFA in your application? _If you need more help, tag @better-auth-agent in a comment so I can respond._ <!-- bot:webhook reply v1 --> [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) • [Discord](https://discord.gg/better-auth) • [GitHub](https://github.com/better-auth/better-auth) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/better-auth) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/better-auth/better-auth)
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#2786