Commit Graph
82 Commits
Author SHA1 Message Date
MaxwellandGitHub f6bf45123f fix(api-key): add better-call as peer dependency to fix TS4023 declaration emit (#9759) 2026-05-27 00:05:31 +00:00
Gustavo ValverdeandGitHub e637c7d8ff fix(deps): resolve dependabot security alerts (#9662) 2026-05-18 01:41:47 +00:00
d427d1dba9 fix(oauth-provider): export declaration helper types (#9406)
Co-authored-by: cyphercodes <7407177+cyphercodes@users.noreply.github.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
2026-05-06 05:20:44 +00:00
TaesuandGitHub d17ee3e534 test: add regression tests for public type exports from better-auth/types (#9419) 2026-05-01 01:16:02 +00:00
a02e07cb89 fix(passkey): resolve exactOptionalPropertyTypes incompatibility (#9270)
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
2026-04-23 09:48:05 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>TaesuTaesu
88d4a0507e chore(deps): bump @hono/node-server from 1.19.11 to 1.19.14 (#9306)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
2026-04-22 12:00:49 +00:00
TaesuandGitHub 3d39e63cd2 test: remove dead stripe option from fixture (#9303) 2026-04-22 10:30:50 +00:00
TaesuGitHubleonardo2204better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
5f84335815 feat(stripe): support Stripe SDK v21 and v22 (#9084)
Co-authored-by: leonardo2204 <1509421+leonardo2204@users.noreply.github.com>
Co-authored-by: better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
2026-04-10 06:19:34 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>Taesu
514a3062ec chore(deps-dev): bump vite from 7.3.1 to 7.3.2 (#9001)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Taesu <bytaesu@gmail.com>
2026-04-08 08:02:56 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8ad1995077 chore(deps): bump drizzle-orm from 0.45.1 to 0.45.2 (#9033)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-08 07:40:52 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
63bf778ea4 chore(deps): bump hono from 4.12.7 to 4.12.12 (#9029)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-08 06:49:06 +00:00
TaesuandGitHub 141781d6fc fix: generate session id when using secondary storage without database (#8927) 2026-04-06 14:43:47 +00:00
Gustavo ValverdeandGitHub d06b5865f4 fix(ci): mark test packages as private and remove duplicate beta title suffix (#8950) 2026-04-04 06:10:47 +00:00
Gustavo ValverdeandGitHub 7c2ce8a371 feat(passkey): add pre-auth registration and extensions (#7154) 2026-03-30 06:43:10 +00:00
Alex YangandGitHub a67630edb4 fix(sso): use namespace import for samlify to fix ESM compatibility (#8697) 2026-03-19 19:31:11 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
58883e97b5 chore(deps): bump hono from 4.12.5 to 4.12.7 (#8541)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-11 02:13:10 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7caec1727a chore(deps): bump @hono/node-server from 1.19.9 to 1.19.10 (#8396)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-06 02:20:06 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
938f25d554 chore(deps): bump hono from 4.12.3 to 4.12.4 (#8390)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-05 20:40:54 +00:00
Alex YangandGitHub af9e010e36 fix: updateAge should extend session_token cookie on stateless mode (#7995) 2026-02-28 14:19:53 -08:00
Alex YangandGitHub 8048a1d367 chore: upgrade dependencies (#8183) 2026-02-27 08:11:46 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
87767a97e1 chore(deps): bump hono from 4.11.7 to 4.11.10 (#8074)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-20 13:07:53 +00:00
Alex YangandGitHub 425ec38f84 fix(sso): import cjs dep (#8041) 2026-02-18 10:44:43 +00:00
Alex YangandGitHub 62d51d00c7 test: check client output (#7979) 2026-02-15 09:29:23 +00:00
Alex YangandGitHub d5955d6ab2 chore: bump version (#7882) 2026-02-12 13:27:12 +00:00
Alex Yang 00c95728f1 Revert "feat: make name field optional (#7617)"
This reverts commit e0df7c9e38.
2026-02-02 10:52:19 -08:00
TaesuandGitHub e0df7c9e38 feat: make name field optional (#7617) 2026-01-29 23:42:52 +00:00
8630f6f56b fix(anonymous): export types (#7661)
Co-authored-by: Alex Yang <himself65@outlook.com>
2026-01-27 23:44:58 -08:00
Alex YangandGitHub 1251787f72 feat: remove deprecated API (#7623) 2026-01-28 01:49:50 +00:00
Alex YangandGitHub c1f046f588 chore: bump version (#7646) 2026-01-27 23:12:31 +00:00
Alex YangandGitHub b0a6fb89c4 chore: bump version (#7626) 2026-01-27 21:05:02 +00:00
Alex YangandGitHub 0f2287891e refactor: remove duplicate session id generation (#7583) 2026-01-26 22:56:59 +00:00
Alex YangandGitHub 2398811cd7 test(smoke): secdonary storage with redis (#7590) 2026-01-26 19:22:08 +00:00
Alex YangandGitHub 7065c2fac2 refactor: rename test packages (#7503) 2026-01-20 20:44:24 +00:00
Alex YangandGitHub 57af0f7b91 fix(rate-limit): support IPv6 address normalization and subnet (#7470) 2026-01-19 23:30:38 +00:00
Alex YangandGitHub 1668a33372 fix: /minimal includes unexpected deps (#7467) 2026-01-19 20:32:29 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8f6c46d91f chore(deps): bump hono from 4.11.3 to 4.11.4 (#7343)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-13 15:25:45 -08:00
Alex YangandGitHub 47b9aa90da chore: update cloudflare fixture (#7293) 2026-01-12 09:03:52 -08:00
Alex YangandGitHub 4c897d19d2 chore: bump dev deps (#7287) 2026-01-12 03:36:24 -08:00
e8aa51c052 feat: support form data for email sign-in/sign-up and fallback to checking fetch Metadata for first login (#6314)
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
Co-authored-by: Bereket Engida <86073083+Bekacru@users.noreply.github.com>
Co-authored-by: Jonathan Samines <jn.samines@gmail.com>
2025-12-25 11:05:23 -08:00
Dylan VanmaliandGitHub 686fba4e11 feat(oauth-provider): an oauth 2.1 compliant plugin (#4163)
An upgrade to oidc-provider plugin that makes it oauth2.1 compliant and has a configuration that is secure by default.

Plans for the deprecation of oidc-provider plugin due to many inherent flaws in its design. Internally, plugin functions now share logic, providing for better future extensibility if new code_grants need to be written or user/client jwt or opaque tokens need to be written. Furthermore, as an oAuth 2.1 provider, it provides logic valid for an MCP server. When using the scope "openid" (optional, enabled by default), the server acts like an OpenId server able to issue id tokens and provides a /userinfo endpoint.

Features

OAuth 2.1 by default
Properly supports authorization_code, refresh_token, and client_credentials grants
PKCE by default (removes plain completely)
Public and confidential client registration
JWT plugin is required by default, but can be disabled using disableJWTPlugin flag
Access tokens can now be received in JWT verifiable format using the resource parameter (ie JWT aud field)
Id tokens are still verifiable by JWKS when using JWT Plugin, or clientSecret if disabled. Fixes issue to prevent public clients when disableJWTPlugin: true from obtaining id tokens directly even when they shouldn't be allowed an id token and should use /userinfo instead.
Protects /userinfo with scope check
Separates Refresh Token and Access token on database schema to allow multiple access tokens per refresh and multiple refresh tokens per login session.
oauthAccessToken strictly deals with opaque tokens
Opaque tokens are given only when resource parameter (aka audience) is not provided
Option to Encode and Decode refresh tokens
allowDynamicClientRegistration with allowUnauthenticatedClientRegistration flags
Separation of default expiration times
Proper creation of public and confidential clients
Prevents misconfiguration between .well-known/openid-configuration endpoint and plugin settings
scopeExpirations to assign scopes specific expiration
Custom claims through separated functions: customAccessTokenClaims, customIdTokenClaims, and customUserInfoClaims
Organizational support through activeOrganizationalId on a session such as through the organizational plugin. Attaches to oAuthClient via reference_id.
Rp-initiated logout
Account Selection via prompt=select_account.
Account Creation via prompt=create.
Prompt combinations prompt=select_account+consent and prompt=login+consent

Docs available at https://www.better-auth.com/docs/plugins/oauth-provider (pr: https://github.com/better-auth/better-auth/blob/main/docs/content/docs/plugins/oauth-provider.mdx)
2025-12-22 11:16:42 -08:00
Alex YangandGitHub cbd215f6ac fix: export necessary adapter types (#6903) 2025-12-20 16:33:13 +08:00
a96e907b7d test: ensure no unexpected output for cloudflare worker (#6704)
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-14 14:47:01 +09:00
Alex YangandGitHub c79b6e3aae chore: bump devDependencies (#6562) 2025-12-06 18:44:23 +09:00
MaxwellandGitHub 2fc58d664f fix(oidc): compatibility with exact-optional-property (#6502) 2025-12-03 20:52:26 -08:00
Jonathan SaminesandGitHub fbe51c8f93 chore: add spell checker (#6319) 2025-12-01 10:33:38 -08:00
Alex YangandGitHub 2edee431cc chore(deps): update dependencies in package.json and pnpm-workspace.yaml (#6255) 2025-11-24 09:26:58 -08:00
Stephen ZhouandGitHub 0c6787506d chore: fix package depends on itself (#6189) 2025-11-22 07:49:07 -08:00
Taisei MimaandGitHub c4579f4745 chore(deps): bump stripe v20 (#6162) 2025-11-21 16:48:04 +00:00
Jonathan SaminesandGitHub 57ee11a26f chore(lint): enforce consistent import type style (#6044) 2025-11-17 21:11:39 +00:00
Alex YangandGitHub 6c9fe209e2 chore: bump vitest (#6012) 2025-11-15 23:28:56 +00:00