fix: remove senstive fields on list accounts from being exposed to the client

2026-05-27 17:36:42 -05:00 · 2024-11-07 16:08:07 +03:00
parent 2ba2bec1f1
commit f09e2879d6
1 changed files with 8 additions and 1 deletions
--- a/packages/better-auth/src/api/routes/account.ts
+++ b/packages/better-auth/src/api/routes/account.ts
@@ -16,7 +16,14 @@ export const listUserAccounts = createAuthEndpoint(
 		const accounts = await c.context.internalAdapter.findAccounts(
 			session.user.id,
 		);
-		return c.json(accounts);
+		return c.json(
+			accounts.map((a) => {
+				return {
+					id: a.id,
+					provider: a.providerId,
+				};
+			}),
+		);
 	},
 );