[Update User] can't update user, /api/auth/update-user return 401 (Unauthorized) #934

New Issue

GiteaMirror · 2026-03-13T08:10:29-05:00

GiteaMirror commented

2026-03-13 08:10:29 -05:00

Originally created by @vanirvan on GitHub (Mar 28, 2025).

Is this suited for github?

Yes, this is suited for github

To Reproduce

context: This is a Nextjs Application with server action
here's my repository: https://github.com/vanirvan/tanyain

install Nextjs, drizzle, and follow better-auth installation using drizzle as ORM
use my auth config provided in the "auth config" section bellow
change authClient in the lib/auth-client to this:

export const authClient = createAuthClient({
  baseURL: process.env.BETTER_AUTH_BASE_URL!,
  plugins: [
    inferAdditionalFields<typeof auth>(), // add this plugin so better-auth can read additional fields from the auth object
  ],
});

create a client component to send data to server action, here's the component but using shadcn-ui:

"use client";

import React, {
  startTransition,
  useActionState,
  useEffect,
  useState,
} from "react";
import { toast } from "sonner";

import { Button } from "@/components/ui/button";
import { Card, CardContent, CardFooter } from "@/components/ui/card";
import { Input } from "@/components/ui/input";
import { Label } from "@/components/ui/label";

import { updateNameAction } from "@/lib/actions/update-name-action";
import { authClient } from "@/lib/auth-client";

export function NameField() {
  const { data } = authClient.useSession();

  const [form, setForm] = useState<string>("");
  const [formDisabled, setFormDisabled] = useState<boolean>(false);
  const [formError, setFormError] = useState<string[]>([]);
  const [state, formAction] = useActionState(updateNameAction, {
    success: false,
    message: null,
  });
  const [showToast, setShowToast] = useState(false);

  useEffect(() => {
    if (data) {
      setForm(data.user.name);
    }
  }, [data]);

  const handleSubmit = (e: React.FormEvent<HTMLFormElement>) => {
    e.preventDefault();
    setFormDisabled(true);
    setFormError([]);
    startTransition(() => {
      formAction(form);
    });
  };

  useEffect(() => {
    if (!state.success && state.message) {
      setFormError(state.message);
    } else if (state.success && !state.message) {
      toast.success("Name updated successfully.");
    }

    setFormDisabled(false);
  }, [state]);

  useEffect(() => {
    if (showToast) {
      setTimeout(() => {
        setShowToast(false);
      }, 3000); // 3 seconds
    }
  }, [showToast]);

  return (
    <>
      <Card id="name">
        <CardContent>
          <form
            onSubmit={handleSubmit}
            id="name-form"
            className="flex flex-col gap-6"
          >
            <Label htmlFor="name-field" asChild>
              <div className="flex flex-col items-start">
                <h1 className="text-xl font-bold">Name</h1>
                <h2 className="text-foreground/75 text-sm">Your full name</h2>
              </div>
            </Label>
            <div className="flex flex-col gap-3">
              <Input
                id="name-field"
                placeholder="Your Name"
                value={form ?? ""}
                disabled={formDisabled}
                maxLength={64}
                onChange={(e) => setForm(e.target.value)}
              />
              {formError.length > 0 && (
                <div className="flex flex-col gap-1">
                  {formError.map((error, index) => (
                    <p key={index} className="text-xs text-red-500">
                      {error}
                    </p>
                  ))}
                </div>
              )}
            </div>
          </form>
        </CardContent>
        <CardFooter className="flex justify-between border-t">
          <p className="text-foreground/50 text-sm">
            Please use 64 characters or less.
          </p>
          <Button form="name-form" disabled={formDisabled}>
            Save
          </Button>
        </CardFooter>
      </Card>
    </>
  );
}

create the server action in lib/action/update-name-action.ts:

"use server";

import { revalidatePath } from "next/cache";
import { z } from "zod";
import { authClient } from "@/lib/auth-client";

const nameSchema = z
  .string()
  .max(64, { message: "Must be less than 64 characters." });

type UpdateNameResult = {
  success: boolean;
  message: string[] | null;
};

export async function updateNameAction(
  prevState: UpdateNameResult,
  name: string,
): Promise<UpdateNameResult> {
  const validatedFields = await nameSchema.safeParse(name);
  if (!validatedFields.success) {
    return {
      success: false,
      message: validatedFields.error.flatten().formErrors,
    };
  }

  try {
    const updateUserName = await authClient.updateUser({ name: validatedFields.data });
    console.log(updateUserName);
    console.log(updateUserName.error);

    revalidatePath("/settings");
    return { success: true, message: null };
  } catch (e) {
    console.error("Error updating name:", e);
    return { success: false, message: ["Failed to update name."] };
  }
}

create signIn button component:

"use client";

export function SignInButton(){
  const handleSignIn = () => {
    authClient.signIn.social({
      provider: "google"
    })
  }

  return (
    <button onClick={() => authClient.signIn.social()}>Sign In</button>
  )
}

put client component and signin button component to app/page.tsx
sign in first, then try to change your Name

Current vs. Expected behavior

in the log, it looks like this:

POST /api/auth/update-user 401 in 156ms
{ data: null, error: { status: 401, statusText: 'UNAUTHORIZED' } }

i want to know why it's unauthorized

What version of Better Auth are you using?

^1.2.4

Provide environment information

- OS: Windows 10
- Browser: Chrome

Which area(s) are affected? (Select all that apply)

Client

Auth config (if applicable)

import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";

import { db } from "@/lib/db/db";
import * as drizzleSchema from "@/lib/db/schema";

export const auth = betterAuth({
  database: drizzleAdapter(db, {
    provider: "pg",
    schema: { ...drizzleSchema },
  }),
  user: {
    additionalFields: {
      username: {
        type: "string",
        unique: true,
      },
    },
  },
  emailAndPassword: {
    enabled: false,
  },
  socialProviders: {
    github: {
      clientId: process.env.BETTER_AUTH_GITHUB_CLIENT_ID as string,
      clientSecret: process.env.BETTER_AUTH_GITHUB_CLIENT_SECRET as string,
    },
    google: {
      clientId: process.env.BETTER_AUTH_GOOGLE_CLIENT_ID as string,
      clientSecret: process.env.BETTER_AUTH_GOOGLE_CLIENT_SECRET as string,
    },
  },
});

Additional context

i only test it locally, learn how to use better-auth with new project

Originally created by @vanirvan on GitHub (Mar 28, 2025). ### Is this suited for github? - [x] Yes, this is suited for github ### To Reproduce context: This is a Nextjs Application with server action here's my repository: https://github.com/vanirvan/tanyain 1. install Nextjs, drizzle, and follow better-auth installation using drizzle as ORM 2. use my auth config provided in the "auth config" section bellow 3. change `authClient` in the `lib/auth-client` to this: ``` export const authClient = createAuthClient({ baseURL: process.env.BETTER_AUTH_BASE_URL!, plugins: [ inferAdditionalFields<typeof auth>(), // add this plugin so better-auth can read additional fields from the auth object ], }); ``` 4. create a client component to send data to server action, here's the component but using shadcn-ui: ``` "use client"; import React, { startTransition, useActionState, useEffect, useState, } from "react"; import { toast } from "sonner"; import { Button } from "@/components/ui/button"; import { Card, CardContent, CardFooter } from "@/components/ui/card"; import { Input } from "@/components/ui/input"; import { Label } from "@/components/ui/label"; import { updateNameAction } from "@/lib/actions/update-name-action"; import { authClient } from "@/lib/auth-client"; export function NameField() { const { data } = authClient.useSession(); const [form, setForm] = useState<string>(""); const [formDisabled, setFormDisabled] = useState<boolean>(false); const [formError, setFormError] = useState<string[]>([]); const [state, formAction] = useActionState(updateNameAction, { success: false, message: null, }); const [showToast, setShowToast] = useState(false); useEffect(() => { if (data) { setForm(data.user.name); } }, [data]); const handleSubmit = (e: React.FormEvent<HTMLFormElement>) => { e.preventDefault(); setFormDisabled(true); setFormError([]); startTransition(() => { formAction(form); }); }; useEffect(() => { if (!state.success && state.message) { setFormError(state.message); } else if (state.success && !state.message) { toast.success("Name updated successfully."); } setFormDisabled(false); }, [state]); useEffect(() => { if (showToast) { setTimeout(() => { setShowToast(false); }, 3000); // 3 seconds } }, [showToast]); return ( <> <Card id="name"> <CardContent> <form onSubmit={handleSubmit} id="name-form" className="flex flex-col gap-6" > <Label htmlFor="name-field" asChild> <div className="flex flex-col items-start"> <h1 className="text-xl font-bold">Name</h1> <h2 className="text-foreground/75 text-sm">Your full name</h2> </div> </Label> <div className="flex flex-col gap-3"> <Input id="name-field" placeholder="Your Name" value={form ?? ""} disabled={formDisabled} maxLength={64} onChange={(e) => setForm(e.target.value)} /> {formError.length > 0 && ( <div className="flex flex-col gap-1"> {formError.map((error, index) => ( <p key={index} className="text-xs text-red-500"> {error} </p> ))} </div> )} </div> </form> </CardContent> <CardFooter className="flex justify-between border-t"> <p className="text-foreground/50 text-sm"> Please use 64 characters or less. </p> <Button form="name-form" disabled={formDisabled}> Save </Button> </CardFooter> </Card> </> ); } ``` 5. create the server action in `lib/action/update-name-action.ts`: ``` "use server"; import { revalidatePath } from "next/cache"; import { z } from "zod"; import { authClient } from "@/lib/auth-client"; const nameSchema = z .string() .max(64, { message: "Must be less than 64 characters." }); type UpdateNameResult = { success: boolean; message: string[] | null; }; export async function updateNameAction( prevState: UpdateNameResult, name: string, ): Promise<UpdateNameResult> { const validatedFields = await nameSchema.safeParse(name); if (!validatedFields.success) { return { success: false, message: validatedFields.error.flatten().formErrors, }; } try { const updateUserName = await authClient.updateUser({ name: validatedFields.data }); console.log(updateUserName); console.log(updateUserName.error); revalidatePath("/settings"); return { success: true, message: null }; } catch (e) { console.error("Error updating name:", e); return { success: false, message: ["Failed to update name."] }; } } ``` 6. create signIn button component: ``` "use client"; export function SignInButton(){ const handleSignIn = () => { authClient.signIn.social({ provider: "google" }) } return ( <button onClick={() => authClient.signIn.social()}>Sign In</button> ) } ``` 7. put client component and signin button component to `app/page.tsx` 8. sign in first, then try to change your Name ### Current vs. Expected behavior in the log, it looks like this: ``` POST /api/auth/update-user 401 in 156ms { data: null, error: { status: 401, statusText: 'UNAUTHORIZED' } } ``` i want to know why it's unauthorized ### What version of Better Auth are you using? ^1.2.4 ### Provide environment information ```bash - OS: Windows 10 - Browser: Chrome ``` ### Which area(s) are affected? (Select all that apply) Client ### Auth config (if applicable) ```typescript import { betterAuth } from "better-auth"; import { drizzleAdapter } from "better-auth/adapters/drizzle"; import { db } from "@/lib/db/db"; import * as drizzleSchema from "@/lib/db/schema"; export const auth = betterAuth({ database: drizzleAdapter(db, { provider: "pg", schema: { ...drizzleSchema }, }), user: { additionalFields: { username: { type: "string", unique: true, }, }, }, emailAndPassword: { enabled: false, }, socialProviders: { github: { clientId: process.env.BETTER_AUTH_GITHUB_CLIENT_ID as string, clientSecret: process.env.BETTER_AUTH_GITHUB_CLIENT_SECRET as string, }, google: { clientId: process.env.BETTER_AUTH_GOOGLE_CLIENT_ID as string, clientSecret: process.env.BETTER_AUTH_GOOGLE_CLIENT_SECRET as string, }, }, }); ``` ### Additional context i only test it locally, learn how to use better-auth with new project

GiteaMirror added the bug label 2026-03-13 08:10:29 -05:00

GiteaMirror closed this issue

2026-03-13 08:10:30 -05:00

GiteaMirror commented

2026-03-13 08:10:30 -05:00

@Bekacru commented on GitHub (Mar 28, 2025):

authClient is meant to be used on the client. So call it from a client not from the server.

@Bekacru commented on GitHub (Mar 28, 2025): authClient is meant to be used on the client. So call it from a client not from the server.

GiteaMirror commented

2026-03-13 08:10:31 -05:00

@vanirvan commented on GitHub (Mar 28, 2025):

makes sense, my bad.

@vanirvan commented on GitHub (Mar 28, 2025): makes sense, my bad.

GiteaMirror referenced this issue

2026-04-13 03:35:48 -05:00

[GH-ISSUE #934] better auth social providers type #8507

GiteaMirror referenced this issue

2026-04-15 15:06:02 -05:00

[GH-ISSUE #934] better auth social providers type #17138

GiteaMirror referenced this issue

2026-04-17 16:05:59 -05:00

[GH-ISSUE #934] better auth social providers type #25830

Sign in to join this conversation.

Branches Tags

2026-05-22/chore/adopt-agents-md

2026-05-22/refactor/string-case-utils

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/turbo-2.9.14

changeset-release/main

main

2026-05-14/fix/passkey-verify-error-and-claim

dependabot/npm_and_yarn/samlify-2.13.0

dependabot/npm_and_yarn/ws-8.20.1

changeset-release/next

dependabot/npm_and_yarn/demo/electron/demo-minor-patch-519ef7475f

dependabot/github_actions/github-actions-98f3470200

client-assertions-main

2026-05-15/ci/fix-sqlite-abi-mismatch

2026-05-15/fix/organization-team-add-cascade

2026-05-15/fix/parse-set-cookie-value-validation

2026-05-13/feat/captcha-wildcard-endpoints

2026-05-13/ci/stabilize-docker-startup

fix/i18n-before-hook-translation

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

2026-05-08/feat/register-before-send

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-24/fix/update-user-info-on-link

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#934