USOS OAuth 1.0a authentication plugin for Better Auth.
USOS (University Study-Oriented System) is a comprehensive academic system used by universities across Poland and other countries. It manages student records, course registration, grades, schedules, and more.
This plugin works with any USOS instance. Some notable universities include:
- Poland: Wrocław University of Science and Technology (PWR), University of Warsaw (UW), Warsaw University of Technology (PW), AGH University of Science and Technology, Jagiellonian University, and many more
- Other countries with USOS deployments
Each university has its own USOS instance with a unique base URL (e.g., https://apps.usos.pwr.edu.pl).
- Full OAuth 1.0a flow implementation for USOS
- Automatic user creation and updates
- Configurable scopes and email domain
- TypeScript support with full type definitions
- Works with any USOS instance
- Both server-side and client-side plugins
npm install better-auth-usosThis plugin requires the following packages:
npm install better-auth crypto-js oauth-1.0a zodTo use this plugin, you need to register your application with your university's USOS system:
- Go to your university's USOS Apps page (e.g.,
https://apps.usos.pwr.edu.pl) - Navigate to "For developers" or "API" section
- Register a new application
- Set the callback URL to:
https://yourdomain.com/api/auth/usos/callback - Note your Consumer Key and Consumer Secret
Add these to your .env file:
USOS_BASE_URL=https://apps.usos.pwr.edu.pl
USOS_CONSUMER_KEY=your_consumer_key
USOS_CONSUMER_SECRET=your_consumer_secret
USOS_EMAIL_DOMAIN=student.pwr.edu.plThe plugin allows you to map USOS profile data to your custom user fields using the userFields option:
import { betterAuth } from "better-auth";
import { usosAuth } from "better-auth-usos";
export const auth = betterAuth({
database: {
// your database config
},
user: {
additionalFields: {
studentNumber: {
type: "number",
required: false,
},
usosId: {
type: "string",
required: false,
},
firstName: {
type: "string",
required: false,
},
lastName: {
type: "string",
required: false,
},
},
},
plugins: [
usosAuth({
usosBaseUrl: process.env.USOS_BASE_URL!,
consumerKey: process.env.USOS_CONSUMER_KEY!,
consumerSecret: process.env.USOS_CONSUMER_SECRET!,
emailDomain: process.env.USOS_EMAIL_DOMAIN!,
scopes: "studies|offline_access",
userFields: (usosProfile) => ({
studentNumber: usosProfile.student_number
? Number.parseInt(usosProfile.student_number)
: null,
usosId: usosProfile.id,
firstName: usosProfile.first_name,
lastName: usosProfile.last_name,
}),
onSuccess: async (user) => {
console.log(user.firstName, user.lastName);
return "/dashboard";
},
}),
],
});The userFields function receives the USOS profile and returns an object with your custom fields. These fields will be:
- Added when creating a new user
- Updated when an existing user logs in
- Available in the
onSuccesscallback with full TypeScript support
After configuration, run Better Auth migrations to create the database schema:
npx better-auth migrateAdd the client plugin to your Better Auth client:
import { createAuthClient } from "better-auth/client";
import { usosAuthClient } from "better-auth-usos/client";
export const authClient = createAuthClient({
plugins: [usosAuthClient()],
});import { authClient } from "./auth-client";
// React example
function LoginButton() {
const handleLogin = async () => {
await authClient.signIn.usos();
};
return <button onClick={handleLogin}>Login with USOS</button>;
}
// With options
function LoginWithOptions() {
const handleLogin = async () => {
await authClient.signIn.usos({
callbackURL: "/dashboard", // Custom redirect after login
newTab: false, // Open in new tab (optional)
});
};
return <button onClick={handleLogin}>Login with USOS</button>;
}function LoginButton() {
const handleLogin = () => {
window.location.href = "/api/auth/usos/login";
};
return <button onClick={handleLogin}>Login with USOS</button>;
}| Option | Type | Required | Default | Description |
|---|---|---|---|---|
usosBaseUrl |
string |
Yes | - | Base URL of your USOS instance |
consumerKey |
string |
Yes | - | OAuth consumer key from USOS |
consumerSecret |
string |
Yes | - | OAuth consumer secret from USOS |
emailDomain |
string |
Yes | - | Email domain for users without USOS email (e.g., student.pwr.edu.pl) |
scopes |
string |
No | "studies|offline_access" |
OAuth scopes to request |
userFields |
(usosProfile: UsosUserProfile) => T |
No | - | Function to map USOS profile to custom user fields |
onSuccess |
(user: UsosAuthUser & T) => Promise<string> | string |
No | "/" |
Redirect path after successful auth |
Common USOS scopes include:
studies- Access to student data (courses, grades, etc.)offline_access- Long-lived access tokensemail- Access to user's emailpersonal- Access to personal informationphoto- Access to user's photo
Combine multiple scopes with |: "studies|offline_access|email"
Check your USOS instance documentation for available scopes.
The plugin automatically stores these standard Better Auth fields:
email- If available from USOS, otherwise generated as{student_number}@{emailDomain}name- First name and last name combinedimage- Profile photo 50x50 (if available)emailVerified- Alwaystruefor USOS users
When a user doesn't have an email in USOS (common for students), the plugin generates one using their student number and the configured emailDomain. For example, if emailDomain is student.pwr.edu.pl and student number is 123456, the email will be 123456@student.pwr.edu.pl.
Use the userFields option to map any USOS profile data to your custom database fields. The function receives the full USOS profile:
interface UsosUserProfile {
id: string;
first_name: string;
last_name: string;
student_number: string | null;
email: string | null;
photo_urls?: {
"50x50"?: string;
"100x100"?: string;
};
}Example mapping common fields:
userFields: (usosProfile) => ({
studentNumber: usosProfile.student_number
? Number.parseInt(usosProfile.student_number)
: null,
usosId: usosProfile.id,
firstName: usosProfile.first_name,
lastName: usosProfile.last_name,
});These custom fields are automatically created/updated for every user login.
The plugin creates these endpoints:
GET /api/auth/usos/login- Initiates OAuth flowGET /api/auth/usos/callback- Handles OAuth callback
Full TypeScript support is included. Import types as needed:
import type {
UsosAuthPluginOptions,
UsosAuthUser,
UsosUserProfile,
} from "better-auth-usos";// auth.ts (server)
import { betterAuth } from "better-auth";
import { usosAuth } from "better-auth-usos";
export const auth = betterAuth({
database: {
provider: "pg",
url: process.env.DATABASE_URL!,
},
user: {
additionalFields: {
studentNumber: {
type: "number",
required: false,
},
usosId: {
type: "string",
required: false,
},
firstName: {
type: "string",
required: false,
},
lastName: {
type: "string",
required: false,
},
},
},
plugins: [
usosAuth({
usosBaseUrl: process.env.USOS_BASE_URL!,
consumerKey: process.env.USOS_CONSUMER_KEY!,
consumerSecret: process.env.USOS_CONSUMER_SECRET!,
emailDomain: process.env.USOS_EMAIL_DOMAIN!,
userFields: (usosProfile) => ({
studentNumber: usosProfile.student_number
? Number.parseInt(usosProfile.student_number)
: null,
usosId: usosProfile.id,
firstName: usosProfile.first_name,
lastName: usosProfile.last_name,
}),
onSuccess: async (user) => {
console.log(`Welcome ${user.firstName} ${user.lastName}!`);
return "/dashboard";
},
}),
],
});
// auth-client.ts (client)
import { createAuthClient } from "better-auth/client";
import { usosAuthClient } from "better-auth-usos/client";
export const authClient = createAuthClient({
baseURL: "http://localhost:3000",
plugins: [usosAuthClient()],
});
// login-page.tsx
import { authClient } from "./auth-client";
function LoginPage() {
const handleLogin = async () => {
await authClient.signIn.usos();
};
return (
<div>
<h1>Login</h1>
<button onClick={handleLogin}>Login with USOS</button>
</div>
);
}The client plugin provides a convenient signIn.usos() method:
await authClient.signIn.usos(options);| Option | Type | Default | Description |
|---|---|---|---|
callbackURL |
string |
- | Custom redirect URL after successful login |
newTab |
boolean |
false |
Open login in a new tab |
// Basic usage
await authClient.signIn.usos();
// With custom callback
await authClient.signIn.usos({
callbackURL: "/dashboard",
});
// Open in new tab
await authClient.signIn.usos({
newTab: true,
});- Verify your consumer key and secret are correct
- Check that your callback URL is registered in USOS
- Ensure the USOS base URL is correct
- Check that cookies are enabled
- Verify your site is using HTTPS in production
- Check cookie settings (sameSite, secure)
- This usually indicates a CSRF attack or cookie issues
- Ensure cookies are properly configured
- Check that the user completes the OAuth flow within 10 minutes
MIT
Contributions are welcome! Please open an issue or pull request on GitHub.
- GitHub Issues: Report bugs or request features
- Better Auth Docs: https://www.better-auth.com
Created for the Polish university community using USOS systems.