github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 07:18:56 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity
6,692 Commits 102 Branches 1,251 Tags
@better-auth/electron@1.6.6
Commit Graph

109 Commits

Author SHA1 Message Date
better-release[bot]
0290077760 chore: release v1.6.6 (#9222) 2026-04-21 17:42:18 +01:00
Gustavo Valverde
e64ff720fb fix: unify host classification and close SSRF gaps across packages (#9226) 2026-04-17 23:25:25 +00:00
better-release[bot]
c8a91f4167 chore: release v1.6.5 (#9209) 2026-04-16 11:05:30 +01:00
Daniel Müller
5b900a2b43 Merge commit from fork 
* Add tests reproducing GHSA-xr8f-h2gw-9xh6

* Fix GHSA-xr8f-h2gw-9xh6

* Move clientPrivilege assertion to shared helper

* chore: add oauth-provider changeset for GHSA-xr8f-h2gw-9xh6

---------

Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-16 10:52:33 +01:00
better-release[bot]
9ec849ff71 chore: release v1.6.4 (#9175) 2026-04-15 13:00:42 +01:00
better-release[bot]
6f17bb3ebd chore: release v1.6.3 (#9081) 2026-04-14 12:04:31 +01:00
Gustavo Valverde
5142e9cec5 fix(auth): harden dynamic baseURL resolution (#9131) 2026-04-14 08:01:13 +00:00
Gustavo Valverde
e2e25a4954 fix(oauth-provider): graceful DCR override for unauthenticated confidential clients (#9123) 2026-04-11 15:25:06 +00:00
Gustavo Valverde
314e06f0fd feat(oauth-provider): add customTokenResponseFields and harden authorization code validation (#9118) 2026-04-11 09:54:48 +00:00
better-release[bot]
700d298e1e chore: version packages (#9052) 2026-04-09 15:19:07 +01:00
Gustavo Valverde
4c829bf289 fix(oauth-provider): preserve multi-valued query params through prompt redirects (#9060) 2026-04-09 13:13:39 +00:00
Dylan Vanmali
c6922dce8e refactor(oauth-provider): reject skip_consent at schema level in DCR (#8998) 2026-04-09 11:56:29 +00:00
better-release[bot]
85bb710edc chore: version packages (#9018) 
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2026-04-08 19:22:59 +00:00
better-release[bot]
d666a03372 chore: exit pre-release mode for v1.6.0 2026-04-06 14:41:56 +00:00
Gustavo Valverde
29d197e688 chore: sync main to next (#8976) 
chore: sync main to next
 2026-04-06 15:31:29 +01:00
Gustavo Valverde
e5091ee1e6 fix(oauth-provider): scope loss on PAR, loopback redirect matching, DCR skip_consent (#8632) 2026-04-06 14:14:39 +00:00
better-auth-releases[bot]
73beda26f9 chore: version packages (beta) (#8945) 
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2026-04-04 15:52:24 +00:00
Gustavo Valverde
1eec2e8090 chore: use caret ranges for internal peerDependencies (#8937) 2026-04-03 19:05:37 +00:00
Gustavo Valverde
77ead28455 chore: reset package versions to 1.5.6 (#8930) 2026-04-03 10:57:28 +00:00
Gustavo Valverde
e089ce127d chore(knip): fix CI blind spots and remove dead code (#8888) 2026-04-02 19:28:30 +00:00
Gautam Manchandani
c83a6c22ea fix(oauth-provider): enforce DB-backed sessions with secondary storage (#8894) 
Signed-off-by: Gautam Manchandani <manchandanigautam@gmail.com>
 2026-04-02 10:20:48 +00:00
Gustavo Valverde
e80cc38b0d fix: turbo caching, enforce lockfile integrity, expand pre-commit hooks (#8892) 2026-04-02 07:35:24 +00:00
Gustavo Valverde
04e91d1643 perf(build): reduce published package sizes (#8884) 2026-04-01 15:55:03 +00:00
Jonathan Samines
cd01a42e60 feat: expose plugin version (#8750) 2026-03-31 16:08:21 +00:00
Gustavo Valverde
8afe2a7cea fix(oauth-provider): return JSON redirects from post-login OAuth continuation (#8815) 2026-03-28 19:05:29 +00:00
Gustavo Valverde
5dc004a177 fix(oauth-provider): let customIdTokenClaims override acr and auth_time (#8633) 2026-03-28 09:36:47 +00:00
Alex Yang
221103bce7 fix(oauth-provider): handle dynamic baseURL config in init (#8649) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-03-27 20:33:35 +00:00
Taesu
183be977f0 Revert "fix(oauth-provider): only require storeSessionInDatabase when secondaryStorage is configured" 
This reverts commit cd835f6a58.
 2026-03-27 05:49:35 +09:00
Gustavo Valverde
cd835f6a58 fix(oauth-provider): only require storeSessionInDatabase when secondaryStorage is configured 
The init guard checked for `session` options broadly, which caused a
false error when users set any session config (e.g., `expiresIn`) without
secondaryStorage. Without secondaryStorage, sessions always persist to
the database, making the constraint irrelevant.
 2026-03-26 16:13:55 +00:00
Gustavo Valverde
2d56c6af68 fix(oauth-provider): normalize auth_time timestamps (#8761) 2026-03-24 15:22:35 -07:00
Bereket Engida
841410031a chore: release v1.5.7-beta.1 2026-03-22 21:09:52 -07:00
Bereket Engida
c527d4e4cc chore: release v1.5.1-beta.4 2026-03-22 21:04:04 -07:00
Gustavo Valverde
c41fa044d4 fix(oauth-provider): fix dist declaration type errors (#8701) 2026-03-20 00:28:29 +00:00
Dylan Vanmali
20e4561c9b feat(oauth-provider): public client prelogin endpoint (#8214) 2026-03-18 17:27:19 +00:00
Dylan Vanmali
40e7676155 fix(oauth-provider): improve allowed paths for oauth_query for client plugin (#8320) 2026-03-18 16:55:12 +00:00
Dylan Vanmali
542169b04a fix(oauth-provider): support prompt=none (#8554) 2026-03-11 18:02:37 +00:00
Gautam Manchandani
f46a65a25b fix(oauth-provider): avoid fetch redirect CORS after login (#8519) 2026-03-09 22:50:27 +00:00
Joél Solano
bfbb853a9d chore: replace deprecated build configs (#8498) 2026-03-09 18:09:28 +00:00
Taesu
3939115b07 test(oauth-provider): add regression for pre-parsed form-urlencoded token body (#8019) 2026-03-06 02:13:55 +00:00
Gustavo Valverde
ab7ec8a70b feat(oauth-provider): pairwise subject identifiers (OIDC Core §8) (#8292) 
Co-authored-by: Alex Yang <himself65@outlook.com>
 2026-03-03 09:41:28 -08:00
Gustavo Valverde
c59833549b fix(oauth-provider): customIdTokenClaims should override standard claims (#7865) 2026-03-03 04:56:50 +00:00
Alex Yang
ab6b14cb19 chore: release v1.5.1-beta.3 2026-03-03 12:14:56 +09:00
Alex Yang
3ee808a48c chore: release v1.5.1-beta.2 2026-03-03 06:49:28 +09:00
Sicarius
9cc07e0159 fix(oauth-provider): allow localhost subdomains in isLocalhost function (#8286) 
Co-authored-by: Alex Yang <himself65@outlook.com>
 2026-03-02 19:12:09 +00:00
Alex Yang
425c6abf6e chore: release v1.5.1-beta.1 2026-03-02 02:05:39 +09:00
Alex Yang
d341824a96 fix(db): support verification operations with secondary storage (#8247) 2026-03-01 12:40:02 +00:00
John Zila
07b839088a feat: support non-destructive key rotation for BETTER_AUTH_SECRET (#7738) 2026-02-28 15:36:52 -08:00
Alex Yang
2bd462cf22 fix(ci): increase test timeout for sso, api-key, oauth-provider and add CI job timeout (#8210) 2026-02-28 06:04:59 +00:00
Grant G
c41d11e9f6 fix(oauth-provider)!: Keep auth_time across id_token refresh (#8134) 2026-02-27 16:28:50 -08:00
Alex Yang
2fd1ef38e7 chore: release v1.5.0-beta.20 2026-02-28 02:20:43 +09:00