github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 15:42:09 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity
6,627 Commits 99 Branches 1,251 Tags
@better-auth/oauth-provider@1.6.2
Commit Graph

4221 Commits

Author SHA1 Message Date
better-release[bot]
700d298e1e chore: version packages (#9052) 2026-04-09 15:19:07 +01:00
Gustavo Valverde
4c829bf289 fix(oauth-provider): preserve multi-valued query params through prompt redirects (#9060) 2026-04-09 13:13:39 +00:00
Gustavo Valverde
b20fa424c3 fix(next-js): replace cookie probe with header-based RSC detection in nextCookies (#9059) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-09 12:41:10 +00:00
Gustavo Valverde
608d8c3082 fix(sso): include RelayState in signed SAML AuthnRequests (#9058) 2026-04-09 12:05:02 +00:00
Dylan Vanmali
c6922dce8e refactor(oauth-provider): reject skip_consent at schema level in DCR (#8998) 2026-04-09 11:56:29 +00:00
Rayan Salhab
5e5d3f62fc fix(sso): normalize SAMLResponse whitespace at request boundary (#8968) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 11:04:10 +00:00
Jaydeep pipaliya
2cbcb9baac fix(oauth2): prevent cross-provider account collision in link-social callback (#8983) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 10:17:42 +00:00
Maxwell
9deb7936ab fix: cookie store strategy should verify oauth state (#8949) 
Co-authored-by: Bereket Engida <86073083+Bekacru@users.noreply.github.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 09:26:36 +00:00
armful
84098432ad feat(two-factor): include enabled 2fa methods in sign-in redirect response (#8772) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 09:25:49 +00:00
armful
e78a7b120d fix(two-factor): prevent unverified TOTP enrollment from gating sign-in (#8711) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 08:48:10 +00:00
better-release[bot]
85bb710edc chore: version packages (#9018) 
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2026-04-08 19:22:59 +00:00
Taesu
7495830659 fix(api): restore getSession accessibility in generic Auth<O> context (#9017) 2026-04-08 17:34:12 +00:00
dependabot[bot]
8ad1995077 chore(deps): bump drizzle-orm from 0.45.1 to 0.45.2 (#9033) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 07:40:52 +00:00
Jonathan Samines
2e537df5f7 fix: endpoint instrumentation to always use route template (#9023) 2026-04-08 08:41:31 +10:00
Maxwell
f61ad1cab7 fix: use INVALID_PASSWORD for all checkPassword failures (#8902) 2026-04-07 18:17:10 +00:00
Gustavo Valverde
d9b16d2551 chore: sync main to next 
chore: sync main to next
 2026-04-06 16:47:42 +01:00
Taesu
141781d6fc fix: generate session id when using secondary storage without database (#8927) 2026-04-06 14:43:47 +00:00
better-release[bot]
d666a03372 chore: exit pre-release mode for v1.6.0 2026-04-06 14:41:56 +00:00
Gustavo Valverde
29d197e688 chore: sync main to next (#8976) 
chore: sync main to next
 2026-04-06 15:31:29 +01:00
Gustavo Valverde
e5091ee1e6 fix(oauth-provider): scope loss on PAR, loopback redirect matching, DCR skip_consent (#8632) 2026-04-06 14:14:39 +00:00
Gustavo Valverde
bd9bd58f87 fix(security): enforce authorization on SCIM management endpoints and normalize passkey ownership (#8843) 2026-04-06 13:47:24 +00:00
Gustavo Valverde
ee8b40d502 fix(deps): patch Dependabot security issues (#8838) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-06 13:16:45 +00:00
Taesu
560230f751 fix(types): prevent any from collapsing base type and client inference (#8981) 2026-04-06 12:18:58 +00:00
Gustavo Valverde
dd537cbdeb chore(oidc-provider): deprecate plugin in favor of @better-auth/oauth-provider (#8985) 2026-04-06 12:13:35 +00:00
Taesu
469eee6d84 fix(oauth): prevent double-hashing of state when storeIdentifier is hashed (#8980) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-06 11:14:55 +00:00
Taesu
475d512376 chore: revert better-call v2 migration, downgrade to v1.3.5 (#8973) 2026-04-05 23:18:54 +00:00
better-auth-releases[bot]
73beda26f9 chore: version packages (beta) (#8945) 
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2026-04-04 15:52:24 +00:00
Gustavo Valverde
1eec2e8090 chore: use caret ranges for internal peerDependencies (#8937) 2026-04-03 19:05:37 +00:00
Yanick J.S.
5970053e6a docs: improve descriptions for appName, trustedOrigins, useSecureCookies (#8935) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 18:31:00 +00:00
Gustavo Valverde
77ead28455 chore: reset package versions to 1.5.6 (#8930) 2026-04-03 10:57:28 +00:00
Gustavo Valverde
e089ce127d chore(knip): fix CI blind spots and remove dead code (#8888) 2026-04-02 19:28:30 +00:00
Taesu
4742f349dc fix(oauth-proxy): read callback params from body for form_post (#8895) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-02 10:24:31 +00:00
Gautam Manchandani
c83a6c22ea fix(oauth-provider): enforce DB-backed sessions with secondary storage (#8894) 
Signed-off-by: Gautam Manchandani <manchandanigautam@gmail.com>
 2026-04-02 10:20:48 +00:00
dependabot[bot]
6a3044e50e chore(deps-dev): bump happy-dom from 20.7.0 to 20.8.9 (#8830) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
 2026-04-02 08:13:55 +00:00
Gustavo Valverde
e80cc38b0d fix: turbo caching, enforce lockfile integrity, expand pre-commit hooks (#8892) 2026-04-02 07:35:24 +00:00
Gustavo Valverde
04e91d1643 perf(build): reduce published package sizes (#8884) 2026-04-01 15:55:03 +00:00
Kyle Gray
31d5e88b88 fix(instrumentation): don't mark redirect APIErrors as span errors (#8850) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-01 22:49:49 +10:00
Taesu
d638b7b571 perf(core): use non-blocking scrypt from @better-auth/utils (#8685) 2026-04-01 02:31:01 +00:00
Jonathan Samines
cd01a42e60 feat: expose plugin version (#8750) 2026-03-31 16:08:21 +00:00
Gautam Manchandani
cbd554d2aa fix: rethrow phone sendOTP failures (#8842) 
Signed-off-by: Gautam Manchandani <manchandanigautam@gmail.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-03-31 15:00:54 +00:00
Ruban S
75133eb478 chore: remove duplicate export for linkedin (#8859) 2026-03-31 12:54:46 +00:00
Taesu
ce8141a21c fix(api): align fresh age with session creation time (#8762) 2026-03-31 10:00:13 +00:00
Gustavo Valverde
3860c09d9f fix(two-factor): allow passwordless 2FA management (#7243) 2026-03-30 07:43:18 +00:00
Gustavo Valverde
7c2ce8a371 feat(passkey): add pre-auth registration and extensions (#7154) 2026-03-30 06:43:10 +00:00
Taesu
23bad5139f feat(sso): enable InResponseTo validation by default for SAML flows (#8736) 2026-03-30 06:20:27 +00:00
Martin Rädlinger
e16b184b0b fix(sso): provisionUser inconsistency and option to run on every login (#8818) 2026-03-30 06:18:11 +00:00
Taesu
db26161113 fix: compare account cookie by provider accountId instead of internal id (#8786) 2026-03-30 05:25:05 +00:00
Maxwell
6f30fd65a4 fix(email-otp): trigger sessionSignal on req-email-change (#8816) 2026-03-30 05:17:26 +00:00
David Frankel
e9f49bd7c8 chore: fix type inference for future TS compatibility (#8820) 2026-03-30 05:00:05 +00:00
Taesu
03d2df6603 fix(stripe): return correct priceId for annual subscriptions in list (#8810) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-03-29 06:10:40 +10:00