Prisma adapter: verification.delete() uses non-unique `identifier` in WhereUniqueInput

[aniravi24]

Bug Report

Description

The Prisma adapter calls prisma.verification.delete({ where: { identifier } }) during the email OTP sign-in flow, but identifier is not a unique field on the verification table. Prisma's delete() requires a WhereUniqueInput, so it rejects the call.

This is a different code path from the fix in #7096 (which addressed compound AND conditions in update()). Here the issue is that delete() is used with a plain non-unique field.

Environment

• better-auth version: 1.5.1
• Prisma version: 7.4.2
• Database: PostgreSQL
• Node runtime: Bun

Steps to Reproduce

1. Configure better-auth with Prisma adapter and email OTP plugin
2. Trigger an OTP sign-in flow (/api/auth/sign-in/email-otp)
3. The adapter attempts to clean up old verification records by identifier

Error

PrismaClientValidationError:
Invalid `prisma.verification.delete()` invocation:

{
  where: {
    identifier: "sign-in-otp-user@example.com",
?   id?: String,
?   AND?: VerificationWhereInput | VerificationWhereInput[],
?   OR?: VerificationWhereInput[],
?   NOT?: VerificationWhereInput | VerificationWhereInput[],
?   value?: StringFilter | String,
?   expiresAt?: DateTimeFilter | DateTime,
?   createdAt?: DateTimeFilter | DateTime,
?   updatedAt?: DateTimeNullableFilter | DateTime | Null
  }
}

Argument `where` of type VerificationWhereUniqueInput needs at least one of `id` arguments.

Expected Behavior

The adapter should use deleteMany({ where: { identifier } }) instead of delete({ where: { identifier } }), since identifier is not a unique field in better-auth's own schema definition (it only has a regular index, not a unique constraint).

Related

• Prisma adapter uses db[model].update with non‑unique where (AND …) → PrismaClientValidationError #5929 / fix(prisma-adapter): lift eq AND conditions to root so update detects unique where field #7096 — similar issue with update() and compound AND conditions (fixed, but delete() path was not covered)

[dosubot]

Thanks for the detailed report! This is indeed a valid bug. The issue stems from the Prisma adapter calling delete() with a non-unique identifier field in the deleteVerificationByIdentifier function, which then hits the Prisma adapter's delete function that uses db[model].delete().

This is a known pattern of issues with the Prisma adapter. Related fixes include:

• PR #7096 - Fixed similar update() issues with compound AND conditions
• PR #6425 - Fixed delete() by extracting id to root level
• PR #6226 - Changed deleteOrganization to use deleteMany()

Temporary workaround: You can add a @unique constraint to the identifier field in your Verification schema, though this may not be ideal if you expect multiple verifications per identifier.

Your suggested fix of using deleteMany({ where: { identifier } }) is the correct approach for this case.

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}