Commit Graph

4400 Commits

Author SHA1 Message Date
Taesu
8d71f42421 test(types): regression for plugin types through factory and indirection (#9466) 2026-05-06 14:16:21 +00:00
Taesu
93fd0524e9 test(generic-oauth): cover first-time signin with storeAccountCookie + JWE (#9470) 2026-05-06 14:16:05 +00:00
Maxwell
1b259024dc fix(generic-oauth): non-ASCII error_description causes TypeError on redirect (#9065) 2026-05-06 11:25:56 +00:00
Rayan Salhab
b2d655c77c fix: allow dynamic organization invitation roles (#9437)
Co-authored-by: cyphercodes <cyphercodes@users.noreply.github.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-05-06 08:15:02 +00:00
Rayan Salhab
ddae5817c8 fix(passkey): handle autofill ceremony failures (#9429)
Co-authored-by: cyphercodes <7407177+cyphercodes@users.noreply.github.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-05-06 05:23:37 +00:00
Rachel Chen
f7bc1c7349 fix(oauth-provider): index OAuth foreign keys (#9389)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-05-06 05:22:28 +00:00
Rayan Salhab
d427d1dba9 fix(oauth-provider): export declaration helper types (#9406)
Co-authored-by: cyphercodes <7407177+cyphercodes@users.noreply.github.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-05-06 05:20:44 +00:00
Max
80a655d271 fix(admin): revalidate useSession after impersonation (#9402)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-05-06 05:19:54 +00:00
Maksym Ryndia
a597ee01ed fix(organization): cancelPendingInvitationsOnReInvite is unreachable — re-invite returns 400 (#9452) (#9453)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-05-06 03:13:32 +00:00
Dylan Vanmali
6b03a45a14 chore(oauth-provider): correct optional typing for refreshToken sessionId field (#9324)
Co-authored-by: Taesu <bytaesu@gmail.com>
2026-05-03 19:12:23 +00:00
Taesu
906b7b34a7 fix(bearer): write one entry per cookie name when merging session token (#9387) 2026-05-01 02:13:16 +00:00
Taesu
fe64413cef chore: bump vitest (#9413) 2026-05-01 01:40:28 +00:00
Taesu
d17ee3e534 test: add regression tests for public type exports from better-auth/types (#9419) 2026-05-01 01:16:02 +00:00
Rayan Salhab
2220a6d6c2 fix(core): use pure instrumentation entry for workerd (#9395)
Co-authored-by: cyphercodes <7407177+cyphercodes@users.noreply.github.com>
2026-04-29 12:59:31 -07:00
Craig (Michael) Thompson
006e809b92 fix(sso): use findSAMLProvider in spMetadata so defaultSSO works (#9398) 2026-04-29 12:56:44 -07:00
Gustavo Valverde
408a3076bd fix(oauth-provider): honor prompt=login across consent continuation (#9344) 2026-04-27 08:49:55 +00:00
Taesu
3e4fc8ca74 fix(stripe): pass post-update subscription to onSubscriptionDeleted and trial callbacks (#9356) 2026-04-26 10:26:56 +00:00
Taesu
012b4e6331 refactor(stripe): rename subscription webhook variables for clarity (#9355) 2026-04-26 09:56:30 +00:00
Taesu
5d24a7478b fix(stripe): expose stripeSubscription in onSubscriptionUpdate and fix stale snapshot (#9354) 2026-04-26 09:41:11 +00:00
Maxwell
88a7c678f4 fix: openAPI schema for POST /sign-in/social mis-declares required fields (#9268) 2026-04-25 07:18:10 +00:00
Maxwell
1e0f26d4c8 fix(captcha): breaks email-otp flow (#8339) 2026-04-25 00:28:55 +00:00
Gautam Manchandani
c1336c563d fix(organization): scope setActiveTeam to active organization (#9239)
Signed-off-by: Gautam Manchandani <manchandanigautam@gmail.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-04-24 23:48:16 +00:00
skalkii
ca57b001b9 docs(test): cross-reference #8897 on cookie-strategy OAuth state CSRF test (#9334) 2026-04-24 16:25:18 +09:00
Taesu
75524d61b1 test(api-key): add regression test for listApiKeys with integer user.id (#9343) 2026-04-24 06:44:25 +00:00
better-release[bot]
f484269228 chore: release v1.6.9 (#9341) 2026-04-24 06:25:08 +01:00
Shawn Erquhart
815ecf62b6 fix(core): resolve instrumentation via package self-reference in adapter factory (#9340)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-24 05:12:34 +00:00
Taesu
fef7dd6df5 chore: update readme (#9330)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-04-23 19:50:25 +00:00
better-release[bot]
b289ac6c4b chore: release v1.6.8 (#9316) 2026-04-23 11:31:03 +01:00
Gustavo Valverde
9aa8e63de8 fix(oauth): support mapProfileToUser fallback for providers that may omit email (#9331) 2026-04-23 10:15:36 +00:00
Maxwell
a02e07cb89 fix(passkey): resolve exactOptionalPropertyTypes incompatibility (#9270)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-04-23 09:48:05 +00:00
Gustavo Valverde
8e3cc3453c fix(oauth-provider): accept authorization flows without state (#9328) 2026-04-23 07:00:05 +00:00
Baptiste Arnaud
856ab2426c fix(organization): allow passing id through beforeCreateTeam and beforeCreateInvitation (#9253)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:56:50 +00:00
Taesu
b828c54698 chore(deps-dev): bump electron from 38.8.6 to 41.2.2 (#9310) 2026-04-22 12:19:47 +00:00
better-release[bot]
f8076d141a chore: release v1.6.7 (#9289) 2026-04-22 12:36:30 +01:00
Guilherme D'Alessandro
ec20325173 fix(passkey): verify passkey authentication isnt returning the user (#5209)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-04-22 10:10:48 +00:00
Tanish Valesha
4e0e6e1fd3 fix(oauth-provider): userinfo Authorization from ctx.headers for auth.api (#9244)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-04-22 09:20:54 +00:00
Gustavo Valverde
4f373eed8a feat(social-providers): accept array of Client IDs for ID token audience (#9292) 2026-04-22 09:02:56 +00:00
Ray
4a180f0b0c fix(core): serve noop ./instrumentation on browser and edge conditions (#9281) 2026-04-22 08:44:00 +00:00
Gustavo Valverde
e1b1cfc7a2 fix(oauth2): guard against undefined body when parsing state (#9293)
Co-authored-by: Menachem Hornbacher <mhornbacher@kiddom.co>
2026-04-22 08:23:13 +00:00
KinfeMichael Tariku
d053a4583e fix(phone-number): call callbackOnVerification when updatePhoneNumber is enabled (#4894)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-04-22 08:11:42 +00:00
Jarod Stewart
307196a405 fix(api): preserve response headers when APIError is thrown (#9211)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 06:47:16 +00:00
better-release[bot]
0290077760 chore: release v1.6.6 (#9222) 2026-04-21 17:42:18 +01:00
Taesu
9ea7eb1eab fix(cookies): preserve partitioned attribute on set-cookie round-trip (#9235)
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-04-21 16:11:29 +00:00
Jonathan Samines
fe5f36c7e3 chore(sso): fix samlify ESM/CJS loading compat issue (#9262) 2026-04-21 16:06:04 +00:00
Taesu
b5742f9d08 feat(core): add mapConcurrent bounded-concurrency utility (#9227) 2026-04-21 15:31:08 +00:00
Maxwell
4debfb600f fix(custom-session): use coerced boolean for disableRefresh query param validation (#9214) 2026-04-21 10:22:32 +00:00
Maxwell
ab4c10fbc0 fix(organization): infer team additional fields correctly (#9266) 2026-04-21 08:16:39 +00:00
Terijaki
4677601429 fix(expo): read cached session data from SecureStore on app startup (#8953)
Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
2026-04-21 06:49:49 +00:00
Gustavo Valverde
e64ff720fb fix: unify host classification and close SSRF gaps across packages (#9226) 2026-04-17 23:25:25 +00:00
Jonathan Samines
a844c7dd08 chore(core): update @opentelemetry/api dep declaration to be optional (#9111)
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
2026-04-17 14:26:40 +00:00