feat: bearer token encrypted value support

docs/content/docs/plugins/bearer.mdx

@@ -35,6 +35,7 @@ const token = data.session.id;
 localStorage.setItem("bearer_token", token);
 ```
 
+
 ### 2. Configure the Auth Client
 
 Set up your auth client to include the Bearer token in all requests:

packages/better-auth/src/api/routes/sign-in.ts

@@ -128,7 +128,10 @@ export const signInEmail = createAuthEndpoint(
 				message: "Invalid email",
 			});
 		}
-		const user = await ctx.context.internalAdapter.findUserByEmail(email);
+		const user = await ctx.context.internalAdapter.findUserByEmail(email, {
+			includeAccounts: true,
+		});
+
 		if (!user) {
 			await ctx.context.password.hash(password);
 			ctx.context.logger.error("User not found", { email });

packages/better-auth/src/api/routes/sign-up.ts

@@ -11,6 +11,7 @@ import type {
 } from "../../types";
 import type { toZod } from "../../types/to-zod";
 import { parseAdditionalUserInput } from "../../db/schema";
+import { getDate } from "../../utils/date";
 
 export const signUpEmail = <O extends BetterAuthOptions>() =>
 	createAuthEndpoint(
@@ -93,13 +94,14 @@ export const signUpEmail = <O extends BetterAuthOptions>() =>
 			 * Link the account to the user
 			 */
 			const hash = await ctx.context.password.hash(password);
-			await ctx.context.internalAdapter.linkAccount({
-				id: generateRandomString(32, alphabet("a-z", "0-9", "A-Z")),
+			const account = await ctx.context.internalAdapter.linkAccount({
 				userId: createdUser.id,
 				providerId: "credential",
 				accountId: createdUser.id,
 				password: hash,
+				expiresAt: getDate(60 * 60 * 24 * 30, "sec"),
 			});
+
 			const session = await ctx.context.internalAdapter.createSession(
 				createdUser.id,
 				ctx.request,

packages/better-auth/src/db/internal-adapter.ts

@@ -294,6 +294,7 @@ export const createInternalAdapter = (
 		linkAccount: async (account: Omit<Account, "id"> & Partial<Account>) => {
 			const _account = await createWithHooks(
 				{
+					id: generateId(),
 					...account,
 				},
 				"account",

packages/better-auth/src/plugins/bearer/bearer.test.ts

@@ -8,10 +8,10 @@ describe("bearer", async () => {
 	});
 
 	let token: string;
+	let encryptedToken: string | undefined;
 	it("should get session", async () => {
-		const { res } = await signInWithTestUser();
+		const { res, headers } = await signInWithTestUser();
 		token = res.data?.session.id || "";
-
 		const session = await client.session({
 			fetchOptions: {
 				headers: {
@@ -19,6 +19,9 @@ describe("bearer", async () => {
 				},
 			},
 		});
+		encryptedToken = headers
+			.get("cookie")
+			?.split("better-auth.session_token=")[1];
 		expect(session.data?.session.id).toBe(res.data?.session.id);
 	});
 
@@ -43,4 +46,15 @@ describe("bearer", async () => {
 		});
 		expect(session?.session.id).toBe(token);
 	});
+
+	it("should work with encrypted token", async () => {
+		const session = await client.session({
+			fetchOptions: {
+				headers: {
+					cookie: `better-auth.session_token=${encryptedToken}`,
+				},
+			},
+		});
+		expect(session.data?.session).toBeDefined();
+	});
 });

packages/better-auth/src/plugins/bearer/index.ts

@@ -24,11 +24,13 @@ export const bearer = () => {
 							return;
 						}
 
-						const signedToken = await serializeSigned(
-							"",
-							token,
-							c.context.secret,
-						);
+						let signedToken = "";
+
+						if (token.includes(".")) {
+							signedToken = token.split(".")[1];
+						} else {
+							signedToken = await serializeSigned("", token, c.context.secret);
+						}
 						if (c.request) {
 							c.request.headers.set(
 								"cookie",