BearStudio · omar-bear · Jul 2, 2025 · Jul 2, 2025 · Aug 13, 2025 · coderabbitai
diff --git a/.env.example b/.env.example
@@ -23,6 +23,7 @@ DATABASE_URL="postgres://${DOCKER_DATABASE_USERNAME}:${DOCKER_DATABASE_PASSWORD}
 BETTER_AUTH_SECRET="REPLACE ME" # You can use `npx @better-auth/cli@latest secret` to a generated secret
 SESSION_EXPIRATION_IN_SECONDS=2592000 # 30 days
 SESSION_UPDATE_AGE_IN_SECONDS=86400 # 1 day (every 1 day the session expiration is updated)
+AUTH_TRUSTED_ORIGIN="start-ui-native://*" # Mobile app scheme for trustedOrigins config
 
 # GITHUB
 GITHUB_CLIENT_ID="REPLACE ME"

diff --git a/app/env/server.ts b/app/env/server.ts
@@ -12,6 +12,7 @@ export const envServer = createEnv({
     BETTER_AUTH_SECRET: z.string(),
     SESSION_EXPIRATION_IN_SECONDS: z.coerce.number().int().default(2592000), // 30 days by default
     SESSION_UPDATE_AGE_IN_SECONDS: z.coerce.number().int().default(86400), // 1 day by default
+    AUTH_TRUSTED_ORIGIN: z.string(),
 
     GITHUB_CLIENT_ID: zOptionalWithReplaceMe(),
     GITHUB_CLIENT_SECRET: zOptionalWithReplaceMe(),

diff --git a/app/server/auth.tsx b/app/server/auth.tsx
@@ -1,3 +1,4 @@
+import { expo } from '@better-auth/expo';
 import { betterAuth } from 'better-auth';
 import { prismaAdapter } from 'better-auth/adapters/prisma';
 import { admin, emailOTP, openAPI } from 'better-auth/plugins';
@@ -24,6 +25,7 @@ export const auth = betterAuth({
     expiresIn: envServer.SESSION_EXPIRATION_IN_SECONDS,
     updateAge: envServer.SESSION_UPDATE_AGE_IN_SECONDS,
   },
+  trustedOrigins: [envServer.AUTH_TRUSTED_ORIGIN],
   database: prismaAdapter(db, {
     provider: 'postgresql',
   }),
@@ -46,7 +48,9 @@ export const auth = betterAuth({
       disableImplicitSignUp: !AUTH_SIGNUP_ENABLED,
     },
   },
+
   plugins: [
+    expo(),
     openAPI({
       disableDefaultReference: true, // Use custom exposition in /routes/api/openapi folder
     }),

diff --git a/package.json b/package.json
@@ -44,6 +44,7 @@
     "@base-ui-components/react": "1.0.0-beta.1",
     "@bearstudio/ui-state": "1.0.2",
     "@fontsource-variable/inter": "5.2.6",
+    "@better-auth/expo": "1.2.10",
     "@headlessui/react": "2.2.2",
     "@hookform/resolvers": "5.0.1",
     "@orpc/client": "1.5.2",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml