github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 07:18:56 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

[GH-ISSUE #8365] Magic link plugin broken with Prisma adapter #28392

New Issue
Closed
opened 2026-04-17 19:50:42 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-04-17 19:50:42 -05:00
Owner
Copy Link

Originally created by @alexpuertasr on GitHub (Mar 4, 2026).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/8365

Bug: updateVerificationByIdentifier fails with PrismaClientValidationError when clicking magic link email

Description

When using the Prisma adapter with the magic link plugin, clicking the magic link in the email triggers updateVerificationByIdentifier internally, which calls prisma.verification.update({ where: { identifier } }). However, Prisma's update() requires the where clause to reference a unique field, and the identifier field in the CLI-generated Verification schema has no @unique or @@unique constraint. This causes a PrismaClientValidationError at runtime, preventing magic link authentication from completing.

This appears to be related to #5929, which describes the same underlying issue in the Prisma adapter for other models.

Steps to Reproduce

  1. Scaffold a project using npx @better-auth/cli generate to get the recommended Prisma schema
  2. Configure Better Auth with the Prisma adapter and enable the magic link plugin
  3. Trigger a magic link sign-in (enter email, receive email)
  4. Click the magic link in the email
  5. Observe the error in logs

Error

ERROR [Better Auth]: PrismaClientValidationError
Invalid `prisma.verification.update()` invocation:

{
  where: {
    identifier: "<value>",
    ? id?: String,
    ...
  },
  data: { ... }
}

Argument `where` of type VerificationWhereUniqueInput needs at least one of `id` arguments.

Root Cause

The CLI-generated Verification model has no unique constraint on identifier:

model Verification {
  id         String    @id
  identifier String
  value      String
  expiresAt  DateTime
  createdAt  DateTime?
  updatedAt  DateTime?
  @@map("verification")
}

But the Prisma adapter calls .update({ where: { identifier } }), which Prisma only allows on fields marked @unique or covered by a @@unique constraint.

Expected Behavior

Either:

  • The CLI-generated schema should include @@unique([identifier]) (or @unique) on the Verification model, or
  • The adapter should look up the record by id first and then update by id

Environment

  • Better Auth version: 1.5.3
  • @prisma/client version: 6.3.1
  • @better-auth/prisma-adapter version: 1.5.3
  • Database: PostgreSQL
  • Framework: Next.js 16

Current vs. Expected behavior

Current: Clicking the magic link returns a 500 error. The Prisma adapter calls .update({ where: { identifier } }) on the Verification model, but identifier is not a unique field in the CLI-generated schema, so Prisma rejects the query.

Expected: The magic link flow completes successfully and the user is authenticated. Either the CLI-generated schema should include @unique on identifier in the Verification model, or the adapter should fetch the record by identifier first and then update by id.

What version of Better Auth are you using?

1.5.3

System info

{
  "system": {
    "platform": "darwin",
    "arch": "arm64",
    "version": "Darwin Kernel Version 25.2.0: Tue Nov 18 21:07:05 PST 2025; root:xnu-12377.61.12~1/RELEASE_ARM64_T6020",
    "release": "25.2.0",
    "cpuCount": 10,
    "cpuModel": "Apple M2 Pro",
    "totalMemory": "32.00 GB",
    "freeMemory": "0.21 GB"
  },
  "node": {
    "version": "v22.13.1",
    "env": "development"
  },
  "packageManager": {
    "name": "pnpm",
    "version": "10.30.3"
  },
  "frameworks": null,
  "databases": null,
  "betterAuth": {
    "version": "Unknown",
    "config": null
  }
}

Which area(s) are affected? (Select all that apply)

Backend

Auth config (if applicable)

import { render } from "@react-email/components";
import { betterAuth } from "better-auth"
import { prismaAdapter } from "better-auth/adapters/prisma";
import { nextCookies } from "better-auth/next-js";
import { magicLink } from "better-auth/plugins";
import { createTransport } from "nodemailer";
import { createElement } from "react";

export const auth = betterAuth({
  baseURL: process.env.BETTER_AUTH_URL,
  database: prismaAdapter(db, { provider: "postgresql" }),
  plugins: [
    magicLink({
      disableSignUp: true,
      sendMagicLink: async ({ email, url }) => {
        const user = await db.user.findUnique({ where: { email } });
        const language = user?.language ?? env.DEFAULT_LANGUAGE;

        const emailHtml = await render(
          createElement(MagicLink, { language, url }),
        );

        const transport = createTransport(env.EMAIL_SERVER);
        const result = await transport.sendMail({
          to: email,
          from: env.EMAIL_FROM,
          subject:
            language === "ES"
              ? "Inicia sesión"
              : "Sign in",
          html: emailHtml,
        });

        const failed = result.rejected.concat(result.pending).filter(Boolean);
        if (failed.length) {
          throw new Error(`Email(s) (${failed.join(", ")}) could not be sent`);
        }
      },
    }),
    nextCookies(),
  ],
});

Additional context

No response

Originally created by @alexpuertasr on GitHub (Mar 4, 2026). Original GitHub issue: https://github.com/better-auth/better-auth/issues/8365 ## Bug: `updateVerificationByIdentifier` fails with `PrismaClientValidationError` when clicking magic link email ### Description When using the Prisma adapter with the **magic link plugin**, clicking the magic link in the email triggers `updateVerificationByIdentifier` internally, which calls `prisma.verification.update({ where: { identifier } })`. However, Prisma's `update()` requires the `where` clause to reference a unique field, and the `identifier` field in the CLI-generated `Verification` schema has no `@unique` or `@@unique` constraint. This causes a `PrismaClientValidationError` at runtime, preventing magic link authentication from completing. This appears to be related to #5929, which describes the same underlying issue in the Prisma adapter for other models. ### Steps to Reproduce 1. Scaffold a project using `npx @better-auth/cli generate` to get the recommended Prisma schema 2. Configure Better Auth with the Prisma adapter and enable the magic link plugin 3. Trigger a magic link sign-in (enter email, receive email) 4. Click the magic link in the email 5. Observe the error in logs ### Error ``` ERROR [Better Auth]: PrismaClientValidationError Invalid `prisma.verification.update()` invocation: { where: { identifier: "<value>", ? id?: String, ... }, data: { ... } } Argument `where` of type VerificationWhereUniqueInput needs at least one of `id` arguments. ``` ### Root Cause The CLI-generated `Verification` model has no unique constraint on `identifier`: ```prisma model Verification { id String @id identifier String value String expiresAt DateTime createdAt DateTime? updatedAt DateTime? @@map("verification") } ``` But the Prisma adapter calls `.update({ where: { identifier } })`, which Prisma only allows on fields marked `@unique` or covered by a `@@unique` constraint. ### Expected Behavior Either: - The CLI-generated schema should include `@@unique([identifier])` (or `@unique`) on the `Verification` model, **or** - The adapter should look up the record by `id` first and then update by `id` ### Environment - Better Auth version: 1.5.3 - `@prisma/client` version: 6.3.1 - `@better-auth/prisma-adapter` version: 1.5.3 - Database: PostgreSQL - Framework: Next.js 16 ### Current vs. Expected behavior **Current:** Clicking the magic link returns a 500 error. The Prisma adapter calls `.update({ where: { identifier } })` on the `Verification` model, but `identifier` is not a unique field in the CLI-generated schema, so Prisma rejects the query. **Expected:** The magic link flow completes successfully and the user is authenticated. Either the CLI-generated schema should include `@unique` on `identifier` in the `Verification` model, or the adapter should fetch the record by `identifier` first and then update by `id`. ### What version of Better Auth are you using? 1.5.3 ### System info ```bash { "system": { "platform": "darwin", "arch": "arm64", "version": "Darwin Kernel Version 25.2.0: Tue Nov 18 21:07:05 PST 2025; root:xnu-12377.61.12~1/RELEASE_ARM64_T6020", "release": "25.2.0", "cpuCount": 10, "cpuModel": "Apple M2 Pro", "totalMemory": "32.00 GB", "freeMemory": "0.21 GB" }, "node": { "version": "v22.13.1", "env": "development" }, "packageManager": { "name": "pnpm", "version": "10.30.3" }, "frameworks": null, "databases": null, "betterAuth": { "version": "Unknown", "config": null } } ``` ### Which area(s) are affected? (Select all that apply) Backend ### Auth config (if applicable) ```typescript import { render } from "@react-email/components"; import { betterAuth } from "better-auth" import { prismaAdapter } from "better-auth/adapters/prisma"; import { nextCookies } from "better-auth/next-js"; import { magicLink } from "better-auth/plugins"; import { createTransport } from "nodemailer"; import { createElement } from "react"; export const auth = betterAuth({ baseURL: process.env.BETTER_AUTH_URL, database: prismaAdapter(db, { provider: "postgresql" }), plugins: [ magicLink({ disableSignUp: true, sendMagicLink: async ({ email, url }) => { const user = await db.user.findUnique({ where: { email } }); const language = user?.language ?? env.DEFAULT_LANGUAGE; const emailHtml = await render( createElement(MagicLink, { language, url }), ); const transport = createTransport(env.EMAIL_SERVER); const result = await transport.sendMail({ to: email, from: env.EMAIL_FROM, subject: language === "ES" ? "Inicia sesión" : "Sign in", html: emailHtml, }); const failed = result.rejected.concat(result.pending).filter(Boolean); if (failed.length) { throw new Error(`Email(s) (${failed.join(", ")}) could not be sent`); } }, }), nextCookies(), ], }); ``` ### Additional context _No response_
GiteaMirror added the lockedbug labels 2026-04-17 19:50:42 -05:00
GiteaMirror commented 2026-04-17 19:50:47 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Mar 4, 2026):

Hi @alexpuertasr! I'm Dosu and I’m helping the better-auth team.

This is a confirmed bug that was fixed in PR #7096 (merged January 2, 2026). The issue affects Better Auth v1.4.0 through v1.5.1.

Root cause: The Prisma adapter calls .update({ where: { identifier } }), but Prisma requires the where clause to reference a unique field. The identifier field in the Verification model is intentionally not unique (only indexed) to support multiple verification records per identifier.

Solution: Upgrade to the latest version (any release after January 2, 2026):

npm install better-auth@latest

If you need to stay on an older version temporarily, downgrading to v1.3.34 has been confirmed to work as a workaround.

Note: Do NOT add @unique to the identifier field as a workaround—this will break callbacks like sendVerificationOTP.

Related issues: #5929, #6354, #8313

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other

Chat with Dosu Open in Cursor Join Discord Share on X

<!-- gh-comment-id:3996125109 --> @dosubot[bot] commented on GitHub (Mar 4, 2026): <!-- Greeting --> Hi @alexpuertasr! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the better-auth team. <!-- Answer --> This is a **confirmed bug** that was fixed in [PR #7096](https://github.com/better-auth/better-auth/pull/7096) (merged January 2, 2026). The issue affects Better Auth **v1.4.0 through v1.5.1**. **Root cause**: The Prisma adapter calls `.update({ where: { identifier } })`, but Prisma requires the `where` clause to reference a unique field. The `identifier` field in the Verification model is [intentionally not unique](https://github.com/better-auth/better-auth/blob/54c84939ff6498d90a7c1147b4ade0061ed6c08d/packages/core/src/db/get-tables.ts#L58-L94) (only indexed) to support multiple verification records per identifier. **Solution**: Upgrade to the latest version (any release after January 2, 2026): ```bash npm install better-auth@latest ``` If you need to stay on an older version temporarily, **downgrading to v1.3.34** [has been confirmed to work](https://github.com/better-auth/better-auth/issues/6354) as a workaround. **Note**: Do NOT add `@unique` to the `identifier` field as a workaround—this will [break callbacks like `sendVerificationOTP`](https://github.com/better-auth/better-auth/issues/6354). Related issues: [#5929](https://github.com/better-auth/better-auth/issues/5929), [#6354](https://github.com/better-auth/better-auth/issues/6354), [#8313](https://github.com/better-auth/better-auth/issues/8313) <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/589849ad-441a-40d2-8456-87320cb127fb?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/589849ad-441a-40d2-8456-87320cb127fb?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/589849ad-441a-40d2-8456-87320cb127fb?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/589849ad-441a-40d2-8456-87320cb127fb?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/589849ad-441a-40d2-8456-87320cb127fb?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/589849ad-441a-40d2-8456-87320cb127fb?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/589849ad-441a-40d2-8456-87320cb127fb?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github)&nbsp;[![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=This%20is%20a%20%2A%2Aconfirmed%20bug%2A%2A%20that%20was%20fixed%20in%20%5BPR%20%237096%5D%28https%3A//github.com/better-auth/better-auth/pull/7096%29%20%28merged%20January%202%2C%202026%29.%20The%20issue%20affects%20Better%20Auth%20%2A%2Av1.4.0%20through%20v1.5.1%2A%2A.%0A%0A%2A%2ARoot%20cause%2A%2A%3A%20The%20Prisma%20adapter%20calls%20%60.update%28%7B%20where%3A%20%7B%20identifier%20%7D%20%7D%29%60%2C%20but%20Prisma%20requires%20the%20%60where%60%20clause%20to%20reference%20a%20unique%20field.%20The%20%60identifier%60%20field%20in%20the%20Verification%20model%20is%20%5Bintentionally%20not%20unique%5D%28https%3A//github.com/better-auth/better-auth/blob/54c84939ff6498d90a7c1147b4ade0061ed6c08d/packages/core/src/db/get-tables.ts%23L58-L94%29%20%28only%20indexed%29%20to%20support%20multiple%20verification%20records%20per%20identifier.%0A%0A%2A%2ASolution%2A%2A%3A%20Upgrade%20to%20the%20latest%20version%20%28any%20release%20after%20January%202%2C%202026%29%3A%0A%60%60%60bash%0Anpm%20install%20better-auth%40latest%0A%60%60%60%0A%0AIf%20you%20need%20to%20stay%20on%20an%20older%20version%20temporarily%2C%20%2A%2Adowngrading%20to%20v1.3.34%2A%2A%20%5Bhas%20been%20confirmed%20to%20work%5D%28https%3A//github.com/better-auth/better-auth/issues/6354%29%20as%20a%20workaround.%0A%0A%2A%2ANote%2A%2A%3A%20Do%20NOT%20add%20%60%40unique%60%20to%20the%20%60identifier%60%20field%20as%20a%20workaround%E2%80%94this%20will%20%5Bbreak%20callbacks%20like%20%60sendVerificationOTP%60%5D%28https%3A//github.com/better-auth/better-auth/issues/6354%29.%0A%0ARelated%20issues%3A%20%5B%235929%5D%28https%3A//github.com/better-auth/better-auth/issues/5929%29%2C%20%5B%236354%5D%28https%3A//github.com/better-auth/better-auth/issues/6354%29%2C%20%5B%238313%5D%28https%3A//github.com/better-auth/better-auth/issues/8313%29)&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/8365)
GiteaMirror commented 2026-04-17 19:50:50 -05:00
Author
Owner
Copy Link

@alexpuertasr commented on GitHub (Mar 4, 2026):

@dosu Thanks for the response, but I believe this is a different issue from what PR #7096 fixed.

That PR addressed the case where a unique field was nested inside an AND array — Prisma couldn't detect it because it wasn't at the root level of the where clause. That fix is specifically for cases where the unique field exists but is wrapped incorrectly.

My issue is different: updateVerificationByIdentifier calls prisma.verification.update({ where: { identifier } }) where identifier is simply not a unique field at all in the CLI-generated schema — there is no @unique or @@unique constraint on it. This is not an AND-wrapping problem, so PR #7096 does not cover this case.

I am on v1.5.3 (latest) and the bug is still present. This appears to be a separate unfixed issue specific to the magic link plugin's use of updateVerificationByIdentifier.

<!-- gh-comment-id:3996211850 --> @alexpuertasr commented on GitHub (Mar 4, 2026): @dosu Thanks for the response, but I believe this is a different issue from what PR #7096 fixed. That PR addressed the case where a unique field was nested inside an `AND` array — Prisma couldn't detect it because it wasn't at the root level of the `where` clause. That fix is specifically for cases where the unique field exists but is wrapped incorrectly. My issue is different: `updateVerificationByIdentifier` calls `prisma.verification.update({ where: { identifier } })` where `identifier` is simply **not a unique field at all** in the CLI-generated schema — there is no `@unique` or `@@unique` constraint on it. This is not an `AND`-wrapping problem, so PR #7096 does not cover this case. I am on v1.5.3 (latest) and the bug is still present. This appears to be a separate unfixed issue specific to the magic link plugin's use of `updateVerificationByIdentifier`.
GiteaMirror commented 2026-04-17 19:50:51 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Mar 4, 2026):

You're correct, and I apologize for the confusion. After looking more closely at the code:

updateVerificationByIdentifier calls adapter.update() with just { identifier } in the where clause—and since identifier is not a unique field, Prisma rejects it. PR #7096 only helped when a unique field was present but nested incorrectly in an AND array; it doesn't address the case where no unique field is provided at all.

Interestingly, the Prisma adapter already has fallback logic for delete operations that uses deleteMany() when no id field is present—but this same fallback is missing for update operations.

The proper fix would be adding similar logic to the update code path to fall back to updateMany() when no unique field exists in the where clause.

Workarounds for now:

  • Downgrade to v1.3.34 (confirmed working)
  • Adding @unique to identifier stops the error but isn't semantically correct since Better Auth allows multiple verification records per identifier

This appears to be a genuine unfixed bug. Thank you for the detailed analysis!

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other

Chat with Dosu Open in Cursor Join Discord Share on X

<!-- gh-comment-id:3996229046 --> @dosubot[bot] commented on GitHub (Mar 4, 2026): <!-- Answer --> You're correct, and I apologize for the confusion. After looking more closely at the code: [`updateVerificationByIdentifier`](https://github.com/better-auth/better-auth/blob/8e1ddc3f81c11c2fff67e799edc2d742742f0603/packages/better-auth/src/db/internal-adapter.ts#L1164-L1213) calls `adapter.update()` with just `{ identifier }` in the where clause—and since `identifier` is not a unique field, Prisma rejects it. PR #7096 only helped when a unique field was present but nested incorrectly in an AND array; it doesn't address the case where **no unique field is provided at all**. Interestingly, [the Prisma adapter already has fallback logic for delete operations](https://github.com/better-auth/better-auth/blob/8e1ddc3f81c11c2fff67e799edc2d742742f0603/packages/prisma-adapter/src/prisma-adapter.ts#L500-L512) that uses `deleteMany()` when no `id` field is present—but this same fallback is **missing** for update operations. The proper fix would be adding similar logic to the update code path to fall back to `updateMany()` when no unique field exists in the where clause. **Workarounds for now:** - Downgrade to v1.3.34 ([confirmed working](https://github.com/better-auth/better-auth/issues/6354#issuecomment-3985155376)) - Adding `@unique` to `identifier` stops the error but isn't semantically correct since Better Auth allows multiple verification records per identifier This appears to be a genuine unfixed bug. Thank you for the detailed analysis! <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/1750fd7e-f7e2-469c-9212-63f76c4183bf?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/1750fd7e-f7e2-469c-9212-63f76c4183bf?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/1750fd7e-f7e2-469c-9212-63f76c4183bf?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/1750fd7e-f7e2-469c-9212-63f76c4183bf?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/1750fd7e-f7e2-469c-9212-63f76c4183bf?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/1750fd7e-f7e2-469c-9212-63f76c4183bf?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/1750fd7e-f7e2-469c-9212-63f76c4183bf?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github)&nbsp;[![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=You%27re%20correct%2C%20and%20I%20apologize%20for%20the%20confusion.%20After%20looking%20more%20closely%20at%20the%20code%3A%0A%0A%5B%60updateVerificationByIdentifier%60%5D%28https%3A//github.com/better-auth/better-auth/blob/8e1ddc3f81c11c2fff67e799edc2d742742f0603/packages/better-auth/src/db/internal-adapter.ts%23L1164-L1213%29%20calls%20%60adapter.update%28%29%60%20with%20just%20%60%7B%20identifier%20%7D%60%20in%20the%20where%20clause%E2%80%94and%20since%20%60identifier%60%20is%20not%20a%20unique%20field%2C%20Prisma%20rejects%20it.%20PR%20%237096%20only%20helped%20when%20a%20unique%20field%20was%20present%20but%20nested%20incorrectly%20in%20an%20AND%20array%3B%20it%20doesn%27t%20address%20the%20case%20where%20%2A%2Ano%20unique%20field%20is%20provided%20at%20all%2A%2A.%0A%0AInterestingly%2C%20%5Bthe%20Prisma%20adapter%20already%20has%20fallback%20logic%20for%20delete%20operations%5D%28https%3A//github.com/better-auth/better-auth/blob/8e1ddc3f81c11c2fff67e799edc2d742742f0603/packages/prisma-adapter/src/prisma-adapter.ts%23L500-L512%29%20that%20uses%20%60deleteMany%28%29%60%20when%20no%20%60id%60%20field%20is%20present%E2%80%94but%20this%20same%20fallback%20is%20%2A%2Amissing%2A%2A%20for%20update%20operations.%0A%0AThe%20proper%20fix%20would%20be%20adding%20similar%20logic%20to%20the%20update%20code%20path%20to%20fall%20back%20to%20%60updateMany%28%29%60%20when%20no%20unique%20field%20exists%20in%20the%20where%20clause.%0A%0A%2A%2AWorkarounds%20for%20now%3A%2A%2A%0A-%20Downgrade%20to%20v1.3.34%20%28%5Bconfirmed%20working%5D%28https%3A//github.com/better-auth/better-auth/issues/6354%23issuecomment-3985155376%29%29%0A-%20Adding%20%60%40unique%60%20to%20%60identifier%60%20stops%20the%20error%20but%20isn%27t%20semantically%20correct%20since%20Better%20Auth%20allows%20multiple%20verification%20records%20per%20identifier%0A%0AThis%20appears%20to%20be%20a%20genuine%20unfixed%20bug.%20Thank%20you%20for%20the%20detailed%20analysis%21)&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/8365)
GiteaMirror commented 2026-04-17 19:50:52 -05:00
Author
Owner
Copy Link

@Gouttfi commented on GitHub (Mar 6, 2026):

Hi, I confirm I am concerned too with latest version 1.5.4.
Impossible to validate magic link sent by mail.

EDIT : I think this PR #8314 fixed a similar bug but related to the delete behavior with the Prisma adapter. Maybe it’s enough to apply the same logic to update behavior ?

<!-- gh-comment-id:4013209642 --> @Gouttfi commented on GitHub (Mar 6, 2026): Hi, I confirm I am concerned too with latest version 1.5.4. Impossible to validate magic link sent by mail. EDIT : I think this PR [#8314](https://github.com/better-auth/better-auth/pull/8314) fixed a similar bug but related to the delete behavior with the Prisma adapter. Maybe it’s enough to apply the same logic to update behavior ?
GiteaMirror commented 2026-04-17 19:50:53 -05:00
Author
Owner
Copy Link

@grtsnx commented on GitHub (Mar 9, 2026):

Any update on this as the error is still persistent

{ "statusCode": 500, "statusType": "INTERNAL_SERVER_ERROR", "message": "\nInvalid prisma.verification.update()invocation:\n\n{\n where: {\n identifier: \"xMVkfRgxGiIgYLPWBjLVRooxgldjyUZA\",\n? id?: String,\n? AND?: VerificationWhereInput | VerificationWhereInput[],\n? OR?: VerificationWhereInput[],\n? NOT?: VerificationWhereInput | VerificationWhereInput[],\n? value?: StringFilter | String,\n? expiresAt?: DateTimeFilter | DateTime,\n? createdAt?: DateTimeFilter | DateTime,\n? updatedAt?: DateTimeFilter | DateTime\n },\n data: {\n value: \"{\\\"email\\\":\\\"smokedbrioche1366@poof.ng\\\",\\\"attempt\\\":1}\",\n updatedAt: new Date(\"2026-03-09T01:34:53.106Z\")\n }\n}\n\nArgumentwhereof type VerificationWhereUniqueInput needs at least one ofid arguments. Available options are marked with ?.", "data": { "path": "/v1/auth/magic/link/verify?token=xMVkfRgxGiIgYLPWBjLVRooxgldjyUZA", "timestamp": "2026-03-09T01:34:53.139Z" } }

<!-- gh-comment-id:4020567376 --> @grtsnx commented on GitHub (Mar 9, 2026): Any update on this as the error is still persistent `{ "statusCode": 500, "statusType": "INTERNAL_SERVER_ERROR", "message": "\nInvalid `prisma.verification.update()` invocation:\n\n{\n where: {\n identifier: \"xMVkfRgxGiIgYLPWBjLVRooxgldjyUZA\",\n? id?: String,\n? AND?: VerificationWhereInput | VerificationWhereInput[],\n? OR?: VerificationWhereInput[],\n? NOT?: VerificationWhereInput | VerificationWhereInput[],\n? value?: StringFilter | String,\n? expiresAt?: DateTimeFilter | DateTime,\n? createdAt?: DateTimeFilter | DateTime,\n? updatedAt?: DateTimeFilter | DateTime\n },\n data: {\n value: \"{\\\"email\\\":\\\"smokedbrioche1366@poof.ng\\\",\\\"attempt\\\":1}\",\n updatedAt: new Date(\"2026-03-09T01:34:53.106Z\")\n }\n}\n\nArgument `where` of type VerificationWhereUniqueInput needs at least one of `id` arguments. Available options are marked with ?.", "data": { "path": "/v1/auth/magic/link/verify?token=xMVkfRgxGiIgYLPWBjLVRooxgldjyUZA", "timestamp": "2026-03-09T01:34:53.139Z" } }`
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label bug locked
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#28392
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?