diff --git a/.changeset/breezy-rice-grin.md b/.changeset/breezy-rice-grin.md new file mode 100644 index 0000000000..c119680363 --- /dev/null +++ b/.changeset/breezy-rice-grin.md @@ -0,0 +1,5 @@ +--- +"better-auth": patch +--- + +fix: cast dates from session to Date when using date methods diff --git a/packages/better-auth/src/api/routes/update-user.ts b/packages/better-auth/src/api/routes/update-user.ts index c6cbab0d02..ed34adb47c 100644 --- a/packages/better-auth/src/api/routes/update-user.ts +++ b/packages/better-auth/src/api/routes/update-user.ts @@ -519,7 +519,7 @@ export const deleteUser = createAuthEndpoint( } if (!ctx.body.password && ctx.context.sessionConfig.freshAge !== 0) { - const currentAge = session.session.createdAt.getTime(); + const currentAge = new Date(session.session.createdAt).getTime(); const freshAge = ctx.context.sessionConfig.freshAge * 1000; const now = Date.now(); if (now - currentAge > freshAge * 1000) { diff --git a/packages/better-auth/src/plugins/mcp/authorize.ts b/packages/better-auth/src/plugins/mcp/authorize.ts index 446c72921a..66f39815ef 100644 --- a/packages/better-auth/src/plugins/mcp/authorize.ts +++ b/packages/better-auth/src/plugins/mcp/authorize.ts @@ -183,7 +183,7 @@ export async function authorizeMCPOAuth( redirectURI: query.redirect_uri, scope: requestScope, userId: session.user.id, - authTime: session.session.createdAt.getTime(), + authTime: new Date(session.session.createdAt).getTime(), /** * If the prompt is set to `consent`, then we need * to require the user to consent to the scopes. diff --git a/packages/better-auth/src/plugins/mcp/index.ts b/packages/better-auth/src/plugins/mcp/index.ts index f8c03cc194..a903c94e73 100644 --- a/packages/better-auth/src/plugins/mcp/index.ts +++ b/packages/better-auth/src/plugins/mcp/index.ts @@ -577,7 +577,9 @@ export const mcp = (options: MCPOptions) => { sub: user.id, aud: client_id.toString(), iat: Date.now(), - auth_time: ctx.context.session?.session.createdAt.getTime(), + auth_time: ctx.context.session + ? new Date(ctx.context.session.session.createdAt).getTime() + : undefined, nonce: value.nonce, acr: "urn:mace:incommon:iap:silver", // default to silver - ⚠︎ this should be configurable and should be validated against the client's metadata ...userClaims, diff --git a/packages/better-auth/src/plugins/oidc-provider/authorize.ts b/packages/better-auth/src/plugins/oidc-provider/authorize.ts index cf22a88f70..3691f94f82 100644 --- a/packages/better-auth/src/plugins/oidc-provider/authorize.ts +++ b/packages/better-auth/src/plugins/oidc-provider/authorize.ts @@ -193,7 +193,7 @@ export async function authorize( redirectURI: query.redirect_uri, scope: requestScope, userId: session.user.id, - authTime: session.session.createdAt.getTime(), + authTime: new Date(session.session.createdAt).getTime(), /** * If the prompt is set to `consent`, then we need * to require the user to consent to the scopes. diff --git a/packages/better-auth/src/plugins/oidc-provider/index.ts b/packages/better-auth/src/plugins/oidc-provider/index.ts index 9f2e0743b4..0997b46af0 100644 --- a/packages/better-auth/src/plugins/oidc-provider/index.ts +++ b/packages/better-auth/src/plugins/oidc-provider/index.ts @@ -761,7 +761,9 @@ export const oidcProvider = (options: OIDCOptions) => { sub: user.id, aud: client_id.toString(), iat: Date.now(), - auth_time: ctx.context.session?.session.createdAt.getTime(), + auth_time: ctx.context.session + ? new Date(ctx.context.session.session.createdAt).getTime() + : undefined, nonce: value.nonce, acr: "urn:mace:incommon:iap:silver", // default to silver - ⚠︎ this should be configurable and should be validated against the client's metadata ...userClaims,