[Feedback]: Early usage testing

[wellington-vell]

First off, thank you for developing this library. I had been looking for something like better-auth for the go ecosystem for a while and really appreciate the work that has gone into it.

This feedback is based on comparing authula's directly against better-auth.

Missing Fields

Session Object

• impersonated by: There is currently no way to track when a session is being impersonated by another user.

User Object

• banned
• banReason
• banExpires

Adding these fields to the User object would eliminate the need for an extra backend query and manually creating a map of banned users on the frontend. We currently have to fetch users and banned states separately, then merge them into a Map<string, AdminUserState> just to know who is banned. If banned, banReason, and banExpires lived on the user model directly, this would be unnecessary.

Type Mismatch: metadata Field

The metadata field on models like User, SignUpRequest, CreateUserRequest, and UpdateUserRequest is typed as json.RawMessage in Go. This causes issues with OpenAPI/Swagger generation tools (like swaggo) that interpret json.RawMessage (which is []byte under the hood) as an array of integers rather than an arbitrary JSON object.

• Generated OpenAPI Spec: metadata is documented as "type": "array", "items": {"type": "integer"} instead of a free-form object.
• TypeScript Client Generation: Tools like @hey-api/openapi-ts produce Array<number> for metadata, which conflicts with the authula TypeScript SDK's expected type of Record<string, unknown>.

Frontend SDK

Unlike better-auth, whose SDK exposes a similar interface that works in a similar way than TanStack Query, the authula SDK had to be wrapped manually to gain access to lifecycle hooks like onSuccess, onError, and query states. This extra layer adds boilerplate.

---

The sdk is not really a problem for me since i can bypass it with my current setup with orpc + hey api integration for generating the sdk for the frontend. But i am sure that would be a better user experience

If i said something wrong, or want feedback on other stuff let me now 🙂

[m-t-a97]

Hi @wellington-vell , this is great feedback. Thanks.

Clarifications

• This project isn't BetterAuth so things are done differently and there is no plan to copy any other project/libraries. I'm open to suggestions but since it's built in Go, we want to follow Go's best practices and paradigms as much as possible so we can utilise the benefits of the Go language as much as possible.
• Since it's also built in Go, there are naturally some things you cannot do such as dynamically creating fields etc on an object like you can in JavaScript. Go is a statically compiled language after all so there are limitations with what you can do compared to JavaScript which is a purely dynamic language. TypeScript just adds types but again it's fully dynamic even with the type system. The reason why better-auth is able to do what it does is because of some concepts known as "Module Augmentation" and "Declaration Merging". Feel free to look into these concepts for a better understanding but Golang does not support anything like this due to it's statically compiled nature, it's literally impossible to install a plugin in Authula (via library mode) and have the User type be updated dynamically.

Now to discuss some points regarding your feedback:

Missing Fields

Session Object:

• If you want to obtain the "impersonated by" user ID, you can get that from the Impersonation and AdminSessionState types. The fields you're looking for specifically are ActorUserID on Impersonation and ImpersonatorUserID on AdminSessionState. I hope that clarifies this.

User Object:

• The fields regarding the banned status/state is purposely not added to the User model to keep things minimal. Authula is very flexible and based around all the functionality coming in the form of plugins. Also as I mentioned above, since Go isn't a dynamic language, you can not dynamically add fields and properties to a type like you can in JS/TS. For instance, if you enable the Admin plugin, you can't add fields to the User struct during compile time. You can only embed a struct within a struct in Go but that becomes an entirely new type now. Therefore, it's just not possible to have plugins dynamically extend types in Go like you can in JS/TS. I hope that makes sense.

Type Mismatch: metadata Field

This is a good point and thanks for bringing this up and also thoroughly looking into this. We can change the type instead to map[string]any so it becomes a mapped object instead of a []byte. I'll look into this soon.

Frontend SDK

Our SDK was actually kept quite simple on purpose because most devs nowadays use Tanstack Query anyways and you can just call the SDK method within a tanstack query call since it just returns promises and handle it there. But I'm open to suggestions and as you said if it makes using the SDK easier, we could revisit this and possibly implement something similar in the form of callbacks such as onSuccess, onError etc.

Closing remarks

Thank you very much for this feedback, much appreciated. If you have more feedback, let me know. However, I think Discord is a better place to provide feedback so if you can join our Discord and communicate there, it would be better for us. Thanks!

[m-t-a97]

@wellington-vell actually I've just enabled Discussions on this repo. Feel free to create a new "feedback" discussion and we can move the chat over there.

[m-t-a97]

Closing this issue now.

[m-t-a97]

I've created the discussion here: #82