Commit Graph
2402 Commits
Author SHA1 Message Date
TaesuandGitHub 720dcfcd6d docs: add payments section (#7030) 2025-12-28 22:57:03 -08:00
TaesuandGitHub 211ca6e6ae docs: improve set active organization guide (#7010) 2025-12-26 18:54:17 -08:00
b8d5f71b99 feat(stripe): flexible subscription cancellation and termination management (#6961)
Co-authored-by: GautamBytes <manchandanigautam@gmail.com>
2025-12-26 15:01:01 +08:00
Alex Yang e8458c47df Reapply "docs: add Commet plugin documentation (#6827)"
This reverts commit 380d4c7cae.
2025-12-26 14:46:00 +08:00
Dylan VanmaliandGitHub 243ce021d3 fix(oauth-provider): only session db store currently supported (#7000) 2025-12-25 15:36:22 -08:00
f6b820760e docs: add notes about cookie cache session revocation (#6966)
Co-authored-by: Alex Yang <himself65@outlook.com>
2025-12-25 11:08:39 -08:00
e8aa51c052 feat: support form data for email sign-in/sign-up and fallback to checking fetch Metadata for first login (#6314)
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
Co-authored-by: Bereket Engida <86073083+Bekacru@users.noreply.github.com>
Co-authored-by: Jonathan Samines <jn.samines@gmail.com>
2025-12-25 11:05:23 -08:00
Aryan ChaurasiaandGitHub 4e63c40da9 docs: add Open in Cursor option (#6992) 2025-12-25 15:28:43 +08:00
4f1ec5414e fix: correct accountLinking default to true (#6963)
Co-authored-by: Alex Yang <himself65@outlook.com>
2025-12-25 01:11:06 +08:00
Joél SolanoandGitHub 12f6f954ef docs(api-key): correct table name in schema section (#6856) 2025-12-25 00:04:51 +08:00
Alex YangandGitHub 5a8ff63e8d chore: bump next (#6986) 2025-12-25 00:01:06 +08:00
Alex YangGitHubcubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
cd5cdf4168 docs: use data table for community plugin list (#6953)
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
2025-12-24 23:38:15 +08:00
Alex YangandGitHub ebb889ff84 chore: move @better-auth/utils to catalog (#6981) 2025-12-24 21:38:06 +08:00
Jean-Pierre DUPUISandGitHub 2bc3d629e0 docs: fix RequestInit body typing for exactOptionalPropertyTypes (#6852) 2025-12-24 21:22:52 +08:00
Paola Estefanía de CamposandGitHub 7c593ad4d9 feat(saml): add XML parser hardening with configurable size limits (#6805) 2025-12-24 20:27:36 +08:00
Dylan VanmaliandGitHub 0492750c7e docs: improve oauth provider setup instructions (#6968) 2025-12-23 19:27:22 -08:00
Dylan VanmaliandGitHub b361a27beb docs: OAuth Migration improvements (#6964) 2025-12-23 13:40:10 -08:00
Alex YangandGitHub 7d8786cd87 feat: add code property for api error instance (#6633) 2025-12-23 23:55:50 +08:00
Alex Yang 380d4c7cae Revert "docs: add Commet plugin documentation (#6827)"
This reverts commit 0ca1431fc6.
2025-12-23 23:42:46 +08:00
Alexander AsombaandAlex Yang 75d13a0414 docs: add Paystack plugin to community plugins list (#6782) 2025-12-23 23:38:29 +08:00
38b24f6ad3 docs: update plugin schema definition (#6951)
Co-authored-by: Mikiyas Tibebu <mikitebe123@gmail.com>
2025-12-23 19:00:03 +08:00
Salih CandirandGitHub 66a6c804f1 docs: update file naming example in Next.js integration guide (#6948) 2025-12-23 18:44:19 +08:00
Paola Estefanía de CamposandGitHub 1f171cb3fd feat(saml): reject deprecated SAML signature and digest algorithms (#6784) 2025-12-23 17:39:24 +08:00
0ca1431fc6 docs: add Commet plugin documentation (#6827)
Co-authored-by: Alex Yang <himself65@outlook.com>
2025-12-23 17:39:03 +08:00
TaesuandGitHub ae90b482d0 fix: correct wildcard pattern matching for trustedOrigins (#6904) 2025-12-23 14:08:58 +08:00
Dhruv JainandGitHub a0580b78fe docs: fix mongodb page join link (#6941) 2025-12-22 20:52:45 -08:00
d0andGitHub bf71de5f0b docs: add stargate to community plugins list (#6846) 2025-12-23 12:41:31 +08:00
TaesuandGitHub 2bf224cad8 docs: correct OAuth Provider sidebar icon color (#6935) 2025-12-23 11:08:36 +08:00
Dylan VanmaliandGitHub 686fba4e11 feat(oauth-provider): an oauth 2.1 compliant plugin (#4163)
An upgrade to oidc-provider plugin that makes it oauth2.1 compliant and has a configuration that is secure by default.

Plans for the deprecation of oidc-provider plugin due to many inherent flaws in its design. Internally, plugin functions now share logic, providing for better future extensibility if new code_grants need to be written or user/client jwt or opaque tokens need to be written. Furthermore, as an oAuth 2.1 provider, it provides logic valid for an MCP server. When using the scope "openid" (optional, enabled by default), the server acts like an OpenId server able to issue id tokens and provides a /userinfo endpoint.

Features

OAuth 2.1 by default
Properly supports authorization_code, refresh_token, and client_credentials grants
PKCE by default (removes plain completely)
Public and confidential client registration
JWT plugin is required by default, but can be disabled using disableJWTPlugin flag
Access tokens can now be received in JWT verifiable format using the resource parameter (ie JWT aud field)
Id tokens are still verifiable by JWKS when using JWT Plugin, or clientSecret if disabled. Fixes issue to prevent public clients when disableJWTPlugin: true from obtaining id tokens directly even when they shouldn't be allowed an id token and should use /userinfo instead.
Protects /userinfo with scope check
Separates Refresh Token and Access token on database schema to allow multiple access tokens per refresh and multiple refresh tokens per login session.
oauthAccessToken strictly deals with opaque tokens
Opaque tokens are given only when resource parameter (aka audience) is not provided
Option to Encode and Decode refresh tokens
allowDynamicClientRegistration with allowUnauthenticatedClientRegistration flags
Separation of default expiration times
Proper creation of public and confidential clients
Prevents misconfiguration between .well-known/openid-configuration endpoint and plugin settings
scopeExpirations to assign scopes specific expiration
Custom claims through separated functions: customAccessTokenClaims, customIdTokenClaims, and customUserInfoClaims
Organizational support through activeOrganizationalId on a session such as through the organizational plugin. Attaches to oAuthClient via reference_id.
Rp-initiated logout
Account Selection via prompt=select_account.
Account Creation via prompt=create.
Prompt combinations prompt=select_account+consent and prompt=login+consent

Docs available at https://www.better-auth.com/docs/plugins/oauth-provider (pr: https://github.com/better-auth/better-auth/blob/main/docs/content/docs/plugins/oauth-provider.mdx)
2025-12-22 11:16:42 -08:00
d544ba97f9 feat: add a global backgroundTasks config option to defer actions like sending email and updates to run after response is sent (#6713)
Co-authored-by: Bereket Engida <86073083+Bekacru@users.noreply.github.com>
Co-authored-by: Bereket Engida <Bekacru@gmail.com>
2025-12-20 11:43:03 -08:00
30dc04b12f docs(organization): update default organization limit to 'unlimited' (#6808)
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-20 07:38:11 -08:00
6743a7a84b docs: clarify username sign-in functionality in documentation (#6901)
Co-authored-by: Jilles Soeters <jilleswf@gmail.com>
2025-12-20 16:17:04 +08:00
Alex YangandGitHub e1dfdc3c27 chore(docs): bump tailwindcss (#6896) 2025-12-20 15:18:09 +08:00
vijit-larkandGitHub cfb56fdab4 docs: add community plugin Lark billing (#6813) 2025-12-19 18:06:23 -08:00
Mauricio GalvezandGitHub becb4e96ee docs: fix typo in Organization plugin docs (#6885) 2025-12-19 16:41:04 -08:00
Paola Estefanía de CamposandGitHub 65193cb56d doc(auth): clarify trustedOrigins callback request parameter (#6890) 2025-12-19 16:40:37 -08:00
Paola Estefanía de CamposandGitHub 19d2b3a990 fix(auth): respect trustedOrigins when baseURL is inferred (#6882) 2025-12-19 09:08:37 -08:00
TaesuandGitHub e9cd882f1f docs: use dotenv instead of env (#6883) 2025-12-19 09:03:46 -08:00
Alex Yang 373a1c658a docs: fix twitter id 2025-12-19 22:25:00 +08:00
4981827262 docs: add baseURL configuration warning to Google provider (#6878)
Co-authored-by: Gautam Manchandani <gautammanch@Gautams-MacBook-Air.local>
2025-12-19 20:00:13 +08:00
TaesuandGitHub 8a67c2be76 chore: remove unnecessary custom word (#6825) 2025-12-18 21:57:23 -08:00
Soham DattaandGitHub 519bdb1014 docs(convex): fix import statement for authConfig (#6861) 2025-12-19 13:27:53 +08:00
TaesuandGitHub 9ffaa0f628 docs: fix AI chat code formatting issue (#6869) 2025-12-19 13:26:44 +08:00
TaesuandGitHub d3ebfacd91 fix: respect IP headers in dev/test environments (#6854) 2025-12-18 20:25:10 +08:00
Bennett DamsandGitHub 3897be5603 docs: change role type from string to enum values (#6844) 2025-12-18 14:23:57 +08:00
Dominik K.andGitHub e973bd95be docs(convex): clean up documentation (#6829) 2025-12-18 10:27:36 +08:00
Dominik K.andGitHub 9bf9ad88b5 docs(polar): update client import (#6830) 2025-12-18 10:26:43 +08:00
TaesuandGitHub 9952a78bbf docs: update logo for Christmas (#6806) 2025-12-17 17:14:07 -08:00
AnmolandGitHub 0227dde8ec docs: uses latest getRequestHeaders() to grab headers from request in Auth Middleware in Tanstack Start (#6824) 2025-12-17 13:20:38 -08:00
07cdd67dae feat: add patreon social provider (#6245)
Co-authored-by: benkingcode <ben@lionfeet.com>
Co-authored-by: Kinfe123 <kinfishtech@gmail.com>
2025-12-17 11:57:00 +08:00