github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 07:18:56 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity
6,675 Commits 102 Branches 1,251 Tags
@better-auth/expo@1.6.5
Commit Graph

4248 Commits

Author SHA1 Message Date
better-release[bot]
c8a91f4167 chore: release v1.6.5 (#9209) 2026-04-16 11:05:30 +01:00
Daniel Müller
5b900a2b43 Merge commit from fork 
* Add tests reproducing GHSA-xr8f-h2gw-9xh6

* Fix GHSA-xr8f-h2gw-9xh6

* Move clientPrivilege assertion to shared helper

* chore: add oauth-provider changeset for GHSA-xr8f-h2gw-9xh6

---------

Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-16 10:52:33 +01:00
Gautam Manchandani
938dd80e2d docs(test-utils): clarify production usage (#9119) 
Signed-off-by: Gautam Manchandani <manchandanigautam@gmail.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-16 01:20:34 +00:00
Ray
05386271ca fix(client): trigger $sessionSignal for session-rotating endpoints (#9087) 2026-04-15 15:27:48 +00:00
better-release[bot]
9ec849ff71 chore: release v1.6.4 (#9175) 2026-04-15 13:00:42 +01:00
Gustavo Valverde
39d6af2a39 chore(adapters): require patched drizzle-orm and kysely peer versions (#9165) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-15 11:37:50 +00:00
Gustavo Valverde
ba03fb59f4 chore(deps): bump electron and next devDependencies to patched versions (#9166) 2026-04-15 11:24:20 +00:00
Gustavo Valverde
9aed910499 fix(two-factor): revert enforcement broadening from #9122 (#9205) 2026-04-15 10:59:53 +00:00
Gautam Manchandani
acbd6ef69f fix: honor forceAllowId UUIDs on postgres adapters (#9068) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-14 13:05:11 +00:00
better-release[bot]
6f17bb3ebd chore: release v1.6.3 (#9081) 2026-04-14 12:04:31 +01:00
Maxwell
9a6d4759cd fix(client): prevent isMounted race condition causing many rps (#9078) 
Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-14 09:36:59 +00:00
Gustavo Valverde
390a03190c fix(stripe): prevent prototype pollution via user-supplied metadata (#9164) 2026-04-14 08:05:31 +00:00
Gustavo Valverde
5142e9cec5 fix(auth): harden dynamic baseURL resolution (#9131) 2026-04-14 08:01:13 +00:00
Gustavo Valverde
92256a2d0d chore: minor review followups on recent main commits (#9163) 2026-04-14 07:22:10 +00:00
Taesu
513dabb132 fix: resolve dynamic baseURL for direct auth.api calls (#9113) 2026-04-14 06:16:53 +00:00
dependabot[bot]
504ea253ac chore(deps-dev): bump @sveltejs/kit from 2.53.3 to 2.57.1 (#9109) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-12 08:24:12 +00:00
Gustavo Valverde
e2e25a4954 fix(oauth-provider): graceful DCR override for unauthenticated confidential clients (#9123) 2026-04-11 15:25:06 +00:00
Byte-Biscuit
f8758975ae fix(two-factor): updated backup codes respect storeBackupCodes option (#7231) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-11 13:19:46 +00:00
Gustavo Valverde
484ce6a262 fix(two-factor): enforce 2FA on all sign-in paths (#9122) 2026-04-11 12:33:58 +00:00
Gustavo Valverde
314e06f0fd feat(oauth-provider): add customTokenResponseFields and harden authorization code validation (#9118) 2026-04-11 09:54:48 +00:00
Taesu
4673c6d83c fix(cli): handle extends and mid-path wildcards in tsconfig paths (#9032) 2026-04-10 16:26:53 +00:00
Gustavo Valverde
52c47517a2 fix(sso): unify SAML response processing and fix bugs (#9097) 2026-04-10 15:00:26 +00:00
Taesu
c5066fe5d6 fix(stripe): omit quantity for metered prices in checkout and upgrades (#8926) 
Co-authored-by: better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
 2026-04-10 12:55:44 +00:00
SAI YASWANTH
684154d3d1 chore: replace z.union with z.xor for permission schemas in admin plugin (#8982) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
 2026-04-10 12:47:23 +00:00
Taesu
5f84335815 feat(stripe): support Stripe SDK v21 and v22 (#9084) 
Co-authored-by: leonardo2204 <1509421+leonardo2204@users.noreply.github.com>
Co-authored-by: better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
 2026-04-10 06:19:34 +00:00
Oluwatobi Mustapha
f6428d02fc fix(open-api): correct get-session nullable schema for OAS 3.1 (#8389) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: ping-maxwell <maxwell.multinite@gmail.com>
 2026-04-09 20:44:35 +00:00
Ray
6ce30cf138 fix: incorrect operationId in password reset callback endpoint (#9072) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-09 20:13:06 +00:00
better-release[bot]
700d298e1e chore: version packages (#9052) 2026-04-09 15:19:07 +01:00
Gustavo Valverde
4c829bf289 fix(oauth-provider): preserve multi-valued query params through prompt redirects (#9060) 2026-04-09 13:13:39 +00:00
Gustavo Valverde
b20fa424c3 fix(next-js): replace cookie probe with header-based RSC detection in nextCookies (#9059) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-09 12:41:10 +00:00
Gustavo Valverde
608d8c3082 fix(sso): include RelayState in signed SAML AuthnRequests (#9058) 2026-04-09 12:05:02 +00:00
Dylan Vanmali
c6922dce8e refactor(oauth-provider): reject skip_consent at schema level in DCR (#8998) 2026-04-09 11:56:29 +00:00
Rayan Salhab
5e5d3f62fc fix(sso): normalize SAMLResponse whitespace at request boundary (#8968) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 11:04:10 +00:00
Jaydeep pipaliya
2cbcb9baac fix(oauth2): prevent cross-provider account collision in link-social callback (#8983) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 10:17:42 +00:00
Maxwell
9deb7936ab fix: cookie store strategy should verify oauth state (#8949) 
Co-authored-by: Bereket Engida <86073083+Bekacru@users.noreply.github.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 09:26:36 +00:00
armful
84098432ad feat(two-factor): include enabled 2fa methods in sign-in redirect response (#8772) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 09:25:49 +00:00
armful
e78a7b120d fix(two-factor): prevent unverified TOTP enrollment from gating sign-in (#8711) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 08:48:10 +00:00
better-release[bot]
85bb710edc chore: version packages (#9018) 
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2026-04-08 19:22:59 +00:00
Taesu
7495830659 fix(api): restore getSession accessibility in generic Auth<O> context (#9017) 2026-04-08 17:34:12 +00:00
dependabot[bot]
8ad1995077 chore(deps): bump drizzle-orm from 0.45.1 to 0.45.2 (#9033) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 07:40:52 +00:00
Jonathan Samines
2e537df5f7 fix: endpoint instrumentation to always use route template (#9023) 2026-04-08 08:41:31 +10:00
Maxwell
f61ad1cab7 fix: use INVALID_PASSWORD for all checkPassword failures (#8902) 2026-04-07 18:17:10 +00:00
Gustavo Valverde
d9b16d2551 chore: sync main to next 
chore: sync main to next
 2026-04-06 16:47:42 +01:00
Taesu
141781d6fc fix: generate session id when using secondary storage without database (#8927) 2026-04-06 14:43:47 +00:00
better-release[bot]
d666a03372 chore: exit pre-release mode for v1.6.0 2026-04-06 14:41:56 +00:00
Gustavo Valverde
29d197e688 chore: sync main to next (#8976) 
chore: sync main to next
 2026-04-06 15:31:29 +01:00
Gustavo Valverde
e5091ee1e6 fix(oauth-provider): scope loss on PAR, loopback redirect matching, DCR skip_consent (#8632) 2026-04-06 14:14:39 +00:00
Gustavo Valverde
bd9bd58f87 fix(security): enforce authorization on SCIM management endpoints and normalize passkey ownership (#8843) 2026-04-06 13:47:24 +00:00
Gustavo Valverde
ee8b40d502 fix(deps): patch Dependabot security issues (#8838) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-06 13:16:45 +00:00
Taesu
560230f751 fix(types): prevent any from collapsing base type and client inference (#8981) 2026-04-06 12:18:58 +00:00