From 49c6bb2e1f4ba2f431b15bcec0b813ff429cabc3 Mon Sep 17 00:00:00 2001 From: Alex Yang Date: Tue, 9 Dec 2025 08:52:45 +0900 Subject: [PATCH] fix: storeStateStrategy default to database if provided (#6619) --- packages/better-auth/src/context/create-context.ts | 4 +++- packages/better-auth/src/oauth2/state.ts | 6 ++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/better-auth/src/context/create-context.ts b/packages/better-auth/src/context/create-context.ts index 58865b1f6e..eb602de589 100644 --- a/packages/better-auth/src/context/create-context.ts +++ b/packages/better-auth/src/context/create-context.ts @@ -170,7 +170,9 @@ export async function createAuthContext( socialProviders: providers, options, oauthConfig: { - storeStateStrategy: options.account?.storeStateStrategy || "database", + storeStateStrategy: + options.account?.storeStateStrategy || + (options.database ? "database" : "cookie"), skipStateCookieCheck: !!options.account?.skipStateCookieCheck, }, tables, diff --git a/packages/better-auth/src/oauth2/state.ts b/packages/better-auth/src/oauth2/state.ts index e54324120f..973ae151de 100644 --- a/packages/better-auth/src/oauth2/state.ts +++ b/packages/better-auth/src/oauth2/state.ts @@ -27,8 +27,7 @@ export async function generateState( const codeVerifier = generateRandomString(128); const state = generateRandomString(32); - const storeStateStrategy = - c.context.oauthConfig?.storeStateStrategy || "cookie"; + const storeStateStrategy = c.context.oauthConfig.storeStateStrategy; const stateData = { ...(additionalData ? additionalData : {}), @@ -99,8 +98,7 @@ export async function generateState( export async function parseState(c: GenericEndpointContext) { const state = c.query.state || c.body.state; - const storeStateStrategy = - c.context.oauthConfig.storeStateStrategy || "cookie"; + const storeStateStrategy = c.context.oauthConfig.storeStateStrategy; const stateDataSchema = z.looseObject({ callbackURL: z.string(),