Express Integration
This guide will show you how to integrate Better Auth with express.js.
Before you start, make sure you have a Better Auth instance configured. If you haven't done that yet, check out the installation.
Note that CommonJS (cjs) isn't supported. Use ECMAScript Modules (ESM) by setting "type": "module" in your package.json or configuring your tsconfig.json to use ES modules.
Mount the handler
To enable Better Auth to handle requests, we need to mount the handler to an API route. Create a catch-all route to manage all requests to /api/auth/* in case of ExpressJS v4 or /api/auth/*splat in case of ExpressJS v5 (or any other path specified in your Better Auth options).
Don’t use express.json() before the Better Auth handler. Use it only for other routes, or the client API will get stuck on "pending".
import express from "express";
import { toNodeHandler } from "better-auth/node";
import { auth } from "./auth";
const app = express();
const port = 3005;
app.all("/api/auth/*", toNodeHandler(auth)); // For ExpressJS v4
// app.all("/api/auth/*splat", toNodeHandler(auth)); For ExpressJS v5
// Mount express json middleware after Better Auth handler
// or only apply it to routes that don't interact with Better Auth
app.use(express.json());
app.listen(port, () => {
console.log(`Example app listening on port ${port}`);
});After completing the setup, start your server. Better Auth will be ready to use. You can send a GET request to the /ok endpoint (/api/auth/ok) to verify that the server is running.
Cors Configuration
To add CORS (Cross-Origin Resource Sharing) support to your Express server when integrating Better Auth, you can use the cors middleware. Below is an updated example showing how to configure CORS for your server:
import express from "express";
import cors from "cors"; // Import the CORS middleware
import { toNodeHandler, fromNodeHeaders } from "better-auth/node";
import { auth } from "./auth";
const app = express();
const port = 3005;
// Configure CORS middleware
app.use(
cors({
origin: "http://your-frontend-domain.com", // Replace with your frontend's origin
methods: ["GET", "POST", "PUT", "DELETE"], // Specify allowed HTTP methods
credentials: true, // Allow credentials (cookies, authorization headers, etc.)
})
);Getting the User Session
To retrieve the user's session, you can use the getSession method provided by the auth object. This method requires the request headers to be passed in a specific format. To simplify this process, Better Auth provides a fromNodeHeaders helper function that converts Node.js request headers to the format expected by Better Auth (a Headers object).
Here's an example of how to use getSession in an Express route:
import { fromNodeHeaders } from "better-auth/node";
import { auth } from "./auth"; // Your Better Auth instance
app.get("/api/me", async (req, res) => {
const session = await auth.api.getSession({
headers: fromNodeHeaders(req.headers),
});
return res.json(session);
});