[PR #5411] [MERGED] chore: refactor origin check middleware #14238

New Issue

Closed

opened 2026-04-13 09:22:20 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-13 09:22:20 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/better-auth/better-auth/pull/5411
Author: @Bekacru
Created: 10/19/2025
Status: ✅ Merged
Merged: 10/19/2025
Merged by: @Bekacru

Base: canary ← Head: fix/origin-check

---

📝 Commits (10+)

• 6215481 chore: enforce content type in origin check middleware
• 653ca45 Update packages/better-auth/src/api/middlewares/origin-check.ts
• a2b54ee chore: type fix
• 4bf225a chore: use func for is dev && default to disabling csrf check on test
• 6bb5659 chore: update doc
• b9a3bac chore: update security docs
• 205ea4e update docs
• d02b54e chore: header
• 654ee3e add disable origin check
• e3e59a3 change to post

📊 Changes

13 files changed (+171 additions, -18 deletions)

View changed files

📝 docs/content/docs/reference/security.mdx (+37 -1)
📝 packages/better-auth/src/__snapshots__/init.test.ts.snap (+2 -0)
📝 packages/better-auth/src/api/middlewares/origin-check.test.ts (+36 -1)
📝 packages/better-auth/src/api/middlewares/origin-check.ts (+50 -5)
📝 packages/better-auth/src/api/routes/sign-up.ts (+1 -1)
📝 packages/better-auth/src/init.ts (+8 -1)
📝 packages/better-auth/src/oauth2/link-account.ts (+1 -1)
📝 packages/better-auth/src/test-utils/test-instance.ts (+0 -4)
📝 packages/better-auth/src/utils/get-request-ip.ts (+1 -1)
📝 packages/core/src/env/env-impl.ts (+2 -1)
📝 packages/core/src/types/context.ts (+21 -0)
📝 packages/core/src/types/init-options.ts (+9 -1)
📝 packages/stripe/src/stripe.test.ts (+3 -1)

📄 Description

Summary by cubic

Enforce application/json content type and stricter Origin checks in the origin-check middleware to block invalid or unsafe POST requests.

• Bug Fixes

  • Reject POST requests with non-JSON content type.
  • When cookies are used, require a non-null Origin/Referer and validate it unless CSRF checks are disabled.

• Refactors

  • Standardized header access, renamed usesCookies to useCookies, and pass request to options.trustedOrigins callback.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/better-auth/better-auth/pull/5411 **Author:** [@Bekacru](https://github.com/Bekacru) **Created:** 10/19/2025 **Status:** ✅ Merged **Merged:** 10/19/2025 **Merged by:** [@Bekacru](https://github.com/Bekacru) **Base:** `canary` ← **Head:** `fix/origin-check` --- ### 📝 Commits (10+) - [`6215481`](https://github.com/better-auth/better-auth/commit/62154819d60f5e3c57bb1cf7df947f8260bf7d10) chore: enforce content type in origin check middleware - [`653ca45`](https://github.com/better-auth/better-auth/commit/653ca456f507c0ffae2c034c8689f7f14914eddc) Update packages/better-auth/src/api/middlewares/origin-check.ts - [`a2b54ee`](https://github.com/better-auth/better-auth/commit/a2b54eece8ed3225bff98168cee5890f06e9cd70) chore: type fix - [`4bf225a`](https://github.com/better-auth/better-auth/commit/4bf225aab4ecaca569ebdff0a90987681e293c74) chore: use func for is dev && default to disabling csrf check on test - [`6bb5659`](https://github.com/better-auth/better-auth/commit/6bb5659515b6585d42dde6c3a0526d062c049ead) chore: update doc - [`b9a3bac`](https://github.com/better-auth/better-auth/commit/b9a3bac4e31f87a5682f0bc83f04131bf0ceb351) chore: update security docs - [`205ea4e`](https://github.com/better-auth/better-auth/commit/205ea4e5ec4802f07d30205b769b34c8a22dff14) update docs - [`d02b54e`](https://github.com/better-auth/better-auth/commit/d02b54e9441e995a136253199908666498aa0f0f) chore: header - [`654ee3e`](https://github.com/better-auth/better-auth/commit/654ee3e9d531a79d7515042f48f0894ddf273e16) add disable origin check - [`e3e59a3`](https://github.com/better-auth/better-auth/commit/e3e59a3fd3abe7b1bfd734bd2809dc8ca86fb395) change to post ### 📊 Changes **13 files changed** (+171 additions, -18 deletions) <details> <summary>View changed files</summary> 📝 `docs/content/docs/reference/security.mdx` (+37 -1) 📝 `packages/better-auth/src/__snapshots__/init.test.ts.snap` (+2 -0) 📝 `packages/better-auth/src/api/middlewares/origin-check.test.ts` (+36 -1) 📝 `packages/better-auth/src/api/middlewares/origin-check.ts` (+50 -5) 📝 `packages/better-auth/src/api/routes/sign-up.ts` (+1 -1) 📝 `packages/better-auth/src/init.ts` (+8 -1) 📝 `packages/better-auth/src/oauth2/link-account.ts` (+1 -1) 📝 `packages/better-auth/src/test-utils/test-instance.ts` (+0 -4) 📝 `packages/better-auth/src/utils/get-request-ip.ts` (+1 -1) 📝 `packages/core/src/env/env-impl.ts` (+2 -1) 📝 `packages/core/src/types/context.ts` (+21 -0) 📝 `packages/core/src/types/init-options.ts` (+9 -1) 📝 `packages/stripe/src/stripe.test.ts` (+3 -1) </details> ### 📄 Description <!-- This is an auto-generated description by cubic. --> ## Summary by cubic Enforce application/json content type and stricter Origin checks in the origin-check middleware to block invalid or unsafe POST requests. - **Bug Fixes** - Reject POST requests with non-JSON content type. - When cookies are used, require a non-null Origin/Referer and validate it unless CSRF checks are disabled. - **Refactors** - Standardized header access, renamed usesCookies to useCookies, and pass request to options.trustedOrigins callback. <!-- End of auto-generated description by cubic. --> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-04-13 09:22:20 -05:00

GiteaMirror closed this issue 2026-04-13 09:22:21 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

2026-05-13/ci/stabilize-docker-startup

dependabot/npm_and_yarn/samlify-2.13.0

changeset-release/main

main

2026-05-22/chore/adopt-agents-md

2026-05-22/refactor/string-case-utils

2026-05-14/fix/passkey-verify-error-and-claim

changeset-release/next

next

ping-maxwell/c-ping-maxwell/fix-error-link-apostrophe-f89a

dependabot/npm_and_yarn/demo/electron/demo-minor-patch-519ef7475f

dependabot/github_actions/github-actions-98f3470200

client-assertions-main

2026-05-15/ci/fix-sqlite-abi-mismatch

2026-05-15/fix/organization-team-add-cascade

2026-05-15/fix/parse-set-cookie-value-validation

2026-05-13/feat/captcha-wildcard-endpoints

fix/i18n-before-hook-translation

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

2026-05-08/feat/register-before-send

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-24/fix/update-user-info-on-link

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

better-auth@1.6.11

auth@1.6.11

@better-auth/test-utils@1.6.11

@better-auth/telemetry@1.6.11

@better-auth/stripe@1.6.11

@better-auth/sso@1.6.11

@better-auth/scim@1.6.11

@better-auth/api-key@1.6.11

@better-auth/redis-storage@1.6.11

@better-auth/core@1.6.11

@better-auth/oauth-provider@1.6.11

@better-auth/mongo-adapter@1.6.11

@better-auth/memory-adapter@1.6.11

@better-auth/kysely-adapter@1.6.11

@better-auth/i18n@1.6.11

@better-auth/expo@1.6.11

@better-auth/electron@1.6.11

@better-auth/drizzle-adapter@1.6.11

@better-auth/prisma-adapter@1.6.11

@better-auth/passkey@1.6.11

v1.6.11

better-auth@1.7.0-beta.3

auth@1.7.0-beta.3

@better-auth/test-utils@1.7.0-beta.3

@better-auth/telemetry@1.7.0-beta.3

@better-auth/stripe@1.7.0-beta.3

@better-auth/sso@1.7.0-beta.3

@better-auth/scim@1.7.0-beta.3

@better-auth/redis-storage@1.7.0-beta.3

@better-auth/prisma-adapter@1.7.0-beta.3

@better-auth/passkey@1.7.0-beta.3

@better-auth/oauth-provider@1.7.0-beta.3

@better-auth/mongo-adapter@1.7.0-beta.3

@better-auth/memory-adapter@1.7.0-beta.3

@better-auth/kysely-adapter@1.7.0-beta.3

@better-auth/i18n@1.7.0-beta.3

@better-auth/expo@1.7.0-beta.3

@better-auth/electron@1.7.0-beta.3

@better-auth/drizzle-adapter@1.7.0-beta.3

@better-auth/core@1.7.0-beta.3

@better-auth/cimd@1.7.0-beta.3

@better-auth/api-key@1.7.0-beta.3

v1.7.0-beta.3

better-auth@1.6.10

auth@1.6.10

@better-auth/test-utils@1.6.10

@better-auth/telemetry@1.6.10

@better-auth/stripe@1.6.10

@better-auth/sso@1.6.10

@better-auth/scim@1.6.10

@better-auth/redis-storage@1.6.10

@better-auth/prisma-adapter@1.6.10

@better-auth/passkey@1.6.10

@better-auth/oauth-provider@1.6.10

@better-auth/mongo-adapter@1.6.10

@better-auth/memory-adapter@1.6.10

@better-auth/kysely-adapter@1.6.10

@better-auth/i18n@1.6.10

@better-auth/expo@1.6.10

@better-auth/electron@1.6.10

@better-auth/drizzle-adapter@1.6.10

@better-auth/core@1.6.10

@better-auth/api-key@1.6.10

v1.6.10

better-auth@1.6.9

auth@1.6.9

@better-auth/test-utils@1.6.9

@better-auth/telemetry@1.6.9

@better-auth/stripe@1.6.9

@better-auth/sso@1.6.9

@better-auth/scim@1.6.9

@better-auth/redis-storage@1.6.9

@better-auth/prisma-adapter@1.6.9

@better-auth/passkey@1.6.9

@better-auth/oauth-provider@1.6.9

@better-auth/mongo-adapter@1.6.9

@better-auth/memory-adapter@1.6.9

@better-auth/kysely-adapter@1.6.9

@better-auth/i18n@1.6.9

@better-auth/expo@1.6.9

@better-auth/electron@1.6.9

@better-auth/drizzle-adapter@1.6.9

@better-auth/core@1.6.9

@better-auth/api-key@1.6.9

v1.6.9

better-auth@1.6.8

auth@1.6.8

@better-auth/test-utils@1.6.8

@better-auth/telemetry@1.6.8

@better-auth/stripe@1.6.8

@better-auth/sso@1.6.8

@better-auth/scim@1.6.8

@better-auth/redis-storage@1.6.8

@better-auth/prisma-adapter@1.6.8

@better-auth/passkey@1.6.8

@better-auth/oauth-provider@1.6.8

@better-auth/mongo-adapter@1.6.8

@better-auth/memory-adapter@1.6.8

@better-auth/kysely-adapter@1.6.8

@better-auth/i18n@1.6.8

@better-auth/expo@1.6.8

@better-auth/electron@1.6.8

@better-auth/drizzle-adapter@1.6.8

@better-auth/core@1.6.8

@better-auth/api-key@1.6.8

v1.6.8

@better-auth/api-key@1.7.0-beta.2

better-auth@1.7.0-beta.2

auth@1.7.0-beta.2

@better-auth/test-utils@1.7.0-beta.2

@better-auth/telemetry@1.7.0-beta.2

@better-auth/stripe@1.7.0-beta.2

@better-auth/sso@1.7.0-beta.2

@better-auth/scim@1.7.0-beta.2

@better-auth/redis-storage@1.7.0-beta.2

@better-auth/prisma-adapter@1.7.0-beta.2

@better-auth/passkey@1.7.0-beta.2

@better-auth/oauth-provider@1.7.0-beta.2

@better-auth/mongo-adapter@1.7.0-beta.2

@better-auth/memory-adapter@1.7.0-beta.2

@better-auth/kysely-adapter@1.7.0-beta.2

@better-auth/i18n@1.7.0-beta.2

@better-auth/expo@1.7.0-beta.2

@better-auth/electron@1.7.0-beta.2

@better-auth/drizzle-adapter@1.7.0-beta.2

@better-auth/core@1.7.0-beta.2

@better-auth/cimd@1.7.0-beta.2

v1.7.0-beta.2

better-auth@1.6.7

auth@1.6.7

@better-auth/test-utils@1.6.7

@better-auth/telemetry@1.6.7

@better-auth/stripe@1.6.7

@better-auth/sso@1.6.7

@better-auth/scim@1.6.7

@better-auth/redis-storage@1.6.7

@better-auth/prisma-adapter@1.6.7

@better-auth/passkey@1.6.7

@better-auth/oauth-provider@1.6.7

@better-auth/mongo-adapter@1.6.7

@better-auth/memory-adapter@1.6.7

@better-auth/kysely-adapter@1.6.7

@better-auth/i18n@1.6.7

@better-auth/expo@1.6.7

@better-auth/electron@1.6.7

@better-auth/drizzle-adapter@1.6.7

@better-auth/core@1.6.7

@better-auth/api-key@1.6.7

v1.6.7

better-auth@1.6.6

auth@1.6.6

@better-auth/test-utils@1.6.6

@better-auth/telemetry@1.6.6

@better-auth/stripe@1.6.6

@better-auth/sso@1.6.6

@better-auth/scim@1.6.6

@better-auth/redis-storage@1.6.6

@better-auth/prisma-adapter@1.6.6

@better-auth/passkey@1.6.6

@better-auth/oauth-provider@1.6.6

@better-auth/mongo-adapter@1.6.6

@better-auth/memory-adapter@1.6.6

@better-auth/kysely-adapter@1.6.6

@better-auth/i18n@1.6.6

@better-auth/expo@1.6.6

@better-auth/electron@1.6.6

@better-auth/drizzle-adapter@1.6.6

@better-auth/core@1.6.6

@better-auth/api-key@1.6.6

v1.6.6

better-auth@1.6.5

auth@1.6.5

@better-auth/test-utils@1.6.5

@better-auth/telemetry@1.6.5

@better-auth/stripe@1.6.5

@better-auth/sso@1.6.5

@better-auth/scim@1.6.5

@better-auth/redis-storage@1.6.5

@better-auth/prisma-adapter@1.6.5

@better-auth/passkey@1.6.5

@better-auth/oauth-provider@1.6.5

@better-auth/mongo-adapter@1.6.5

@better-auth/memory-adapter@1.6.5

@better-auth/kysely-adapter@1.6.5

@better-auth/i18n@1.6.5

@better-auth/expo@1.6.5

@better-auth/electron@1.6.5

@better-auth/drizzle-adapter@1.6.5

@better-auth/core@1.6.5

@better-auth/api-key@1.6.5

v1.6.5

@better-auth/api-key@1.6.4

better-auth@1.6.4

auth@1.6.4

@better-auth/test-utils@1.6.4

@better-auth/telemetry@1.6.4

@better-auth/stripe@1.6.4

@better-auth/sso@1.6.4

@better-auth/scim@1.6.4

@better-auth/redis-storage@1.6.4

@better-auth/prisma-adapter@1.6.4

@better-auth/passkey@1.6.4

@better-auth/oauth-provider@1.6.4

@better-auth/mongo-adapter@1.6.4

@better-auth/memory-adapter@1.6.4

@better-auth/kysely-adapter@1.6.4

@better-auth/i18n@1.6.4

@better-auth/expo@1.6.4

@better-auth/electron@1.6.4

@better-auth/drizzle-adapter@1.6.4

@better-auth/core@1.6.4

v1.6.4

@better-auth/cimd@1.7.0-beta.1

v1.7.0-beta.1

@better-auth/api-key@1.6.3

better-auth@1.6.3

auth@1.6.3

@better-auth/test-utils@1.6.3

@better-auth/telemetry@1.6.3

@better-auth/stripe@1.6.3

@better-auth/sso@1.6.3

@better-auth/scim@1.6.3

@better-auth/redis-storage@1.6.3

@better-auth/prisma-adapter@1.6.3

@better-auth/passkey@1.6.3

@better-auth/oauth-provider@1.6.3

@better-auth/mongo-adapter@1.6.3

@better-auth/memory-adapter@1.6.3

@better-auth/kysely-adapter@1.6.3

@better-auth/i18n@1.6.3

@better-auth/expo@1.6.3

@better-auth/electron@1.6.3

@better-auth/drizzle-adapter@1.6.3

@better-auth/core@1.6.3

v1.6.3

@better-auth/api-key@1.7.0-beta.0

better-auth@1.7.0-beta.0

auth@1.7.0-beta.0

@better-auth/test-utils@1.7.0-beta.0

@better-auth/telemetry@1.7.0-beta.0

@better-auth/stripe@1.7.0-beta.0

@better-auth/sso@1.7.0-beta.0

@better-auth/scim@1.7.0-beta.0

@better-auth/redis-storage@1.7.0-beta.0

@better-auth/prisma-adapter@1.7.0-beta.0

@better-auth/passkey@1.7.0-beta.0

@better-auth/oauth-provider@1.7.0-beta.0

@better-auth/mongo-adapter@1.7.0-beta.0

@better-auth/memory-adapter@1.7.0-beta.0

@better-auth/kysely-adapter@1.7.0-beta.0

@better-auth/i18n@1.7.0-beta.0

@better-auth/expo@1.7.0-beta.0

@better-auth/electron@1.7.0-beta.0

@better-auth/drizzle-adapter@1.7.0-beta.0

@better-auth/core@1.7.0-beta.0

v1.7.0-beta.0

better-auth@1.6.2

auth@1.6.2

@better-auth/test-utils@1.6.2

@better-auth/telemetry@1.6.2

@better-auth/stripe@1.6.2

@better-auth/sso@1.6.2

@better-auth/scim@1.6.2

@better-auth/redis-storage@1.6.2

@better-auth/prisma-adapter@1.6.2

@better-auth/passkey@1.6.2

@better-auth/oauth-provider@1.6.2

@better-auth/mongo-adapter@1.6.2

@better-auth/memory-adapter@1.6.2

@better-auth/kysely-adapter@1.6.2

@better-auth/i18n@1.6.2

@better-auth/expo@1.6.2

@better-auth/electron@1.6.2

@better-auth/drizzle-adapter@1.6.2

@better-auth/core@1.6.2

@better-auth/api-key@1.6.2

v1.6.2

better-auth@1.6.1

auth@1.6.1

@better-auth/test-utils@1.6.1

@better-auth/telemetry@1.6.1

@better-auth/stripe@1.6.1

@better-auth/sso@1.6.1

@better-auth/scim@1.6.1

@better-auth/redis-storage@1.6.1

@better-auth/prisma-adapter@1.6.1

@better-auth/passkey@1.6.1

@better-auth/oauth-provider@1.6.1

@better-auth/mongo-adapter@1.6.1

@better-auth/memory-adapter@1.6.1

@better-auth/kysely-adapter@1.6.1

@better-auth/i18n@1.6.1

@better-auth/expo@1.6.1

@better-auth/electron@1.6.1

@better-auth/drizzle-adapter@1.6.1

@better-auth/core@1.6.1

@better-auth/api-key@1.6.1

v1.6.1

better-auth@1.6.0

auth@1.6.0

@better-auth/test-utils@1.6.0

@better-auth/telemetry@1.6.0

@better-auth/stripe@1.6.0

@better-auth/sso@1.6.0

@better-auth/scim@1.6.0

@better-auth/redis-storage@1.6.0

@better-auth/prisma-adapter@1.6.0

@better-auth/passkey@1.6.0

@better-auth/oauth-provider@1.6.0

@better-auth/mongo-adapter@1.6.0

@better-auth/memory-adapter@1.6.0

@better-auth/kysely-adapter@1.6.0

@better-auth/i18n@1.6.0

@better-auth/expo@1.6.0

@better-auth/electron@1.6.0

@better-auth/drizzle-adapter@1.6.0

@better-auth/core@1.6.0

@better-auth/api-key@1.6.0

v1.6.0

v1.5.7-beta.1

v1.5.1-beta.4

v1.5.6

v1.4.22

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1-beta.3

v1.5.1-beta.2

v1.5.1

v1.4.21

v1.5.1-beta.1

v1.5.0

v1.4.20

v1.5.0-beta.20

v1.5.0-beta.19

v1.5.0-beta.18

v1.4.19

v1.5.0-beta.17

v1.5.0-beta.16

v1.5.0-beta.15

v1.5.0-beta.14

v1.5.0-beta.13

v1.5.0-beta.12

v1.5.0-beta.11

v1.4.18

v1.5.0-beta.10

v1.5.0-beta.9

v1.4.17

v1.4.16

v1.4.15

v1.5.0-beta.8

v1.4.14

v1.4.13

v1.5.0-beta.7

v1.4.12

v1.4.12-beta.2

v1.5.0-beta.6

v1.4.12-beta.1

v1.5.0-beta.5

v1.4.11

v1.5.0-beta.4

v1.4.11-beta.2

v1.5.0-beta.3

v1.4.11-beta.1

v1.4.10

v1.5.0-beta.2

v1.4.10-beta.1

v1.4.9-beta.1

v1.5.0-beta.1

v1.4.9

v1.4.8

v1.4.8-beta.7

v1.4.8-beta.6

v1.4.8-beta.5

v1.4.8-beta.4

v1.4.8-beta.3

v1.4.8-beta.2

v1.4.8-beta.1

v1.4.7

v1.4.7-beta.4

v1.4.7-beta.3

v1.4.7-beta.2

v1.4.6-beta.5

v1.4.7-beta.1

v1.4.6

v1.4.6-beta.4

v1.4.6-beta.3

v1.4.5

v1.4.6-beta.2

v1.4.6-beta.1

v1.4.5-beta.2

v1.4.5-beta.1

v1.4.4-beta.3

v1.4.4

v1.4.4-beta.2

v1.4.4-beta.1

v1.4.3

v1.4.2

v1.4.2-beta.5

v1.4.2-beta.4

v1.4.2-beta.3

v1.4.2-beta.2

v1.4.2-beta.1

v1.4.1

v1.4.1-beta.1

v1.4.0

v1.4.0-beta.28

v1.4.0-beta.27

v1.4.0-beta.26

v1.4.0-beta.25

v1.4.0-beta.24

v1.4.0-beta.23

v1.4.0-beta.22

v1.4.0-beta.21

v1.4.0-beta.20

v1.4.0-beta.19

v1.4.0-beta.18

v1.4.0-beta.17

v1.4.0-beta.16

v1.4.0-beta.15

v1.3.34

v1.3.33

v1.4.0-beta.14

v1.3.32

v1.3.31

v1.3.30

v1.4.0-beta.13

v1.3.29

v1.4.0-beta.12

v1.3.28

v1.4.0-beta.11

v1.4.0-beta.10

v1.4.0-beta.9

v1.4.0-beta.8

v1.3.27

v1.4.0-beta.7

v1.3.26

v1.3.25

v1.3.24

v1.4.0-beta.6

v1.3.23

v1.3.22

v1.3.21

v1.3.20

v1.3.19

v1.4.0-beta.5

v1.3.18

v1.4.0-beta.4

v1.3.17

v1.4.0-beta.3

v1.3.16

v1.3.15

v1.3.14

v1.4.0-beta.2

v1.3.13

v1.4.0-beta.1

v1.3.12

v1.3.11-beta.2

v1.3.11

v1.3.11-beta.1

v1.3.10

v1.3.10-beta.7

v1.3.10-beta.6

v1.3.10-beta.5

v1.3.10-beta.4

v1.3.10-beta.3

v1.3.10-beta.2

v1.3.10-beta.1

v1.3.9

v1.3.9-beta.4

v1.3.9-beta.3

v1.3.9-beta.2

v1.3.9-beta.1

v1.3.8

v1.3.8-beta.11

v1.3.8-beta.10

v1.3.8-beta.9

v1.3.8-beta.8

v1.3.8-beta.7

v1.3.8-beta.6

v1.3.8-beta.5

v1.3.8-beta.4

v1.3.8-beta.3

v1.3.8-beta.2

v1.3.8-beta.1

v1.3.7

v1.3.7-beta.4

v1.3.7-beta.3

v1.3.7-beta.2

v1.3.7-beta.1

v1.3.6

v1.3.6-beta.2

v1.3.6-beta.1

v1.3.5

v1.3.5-beta.7

v1.3.5-beta.6

v1.3.5-beta.5

v1.3.5-beta.4

v1.3.5-beta.3

v1.3.5-beta.2

v1.3.5-beta.1

better-auth@1.3.4

@better-auth/stripe@1.3.4

@better-auth/sso@1.3.4

@better-auth/expo@1.3.4

@better-auth/cli@1.3.4

v1.3.4-beta.3

v1.3.4-beta.2

v1.3.4-beta.1

v1.3.3

v1.3.2

v1.3.1

v1.3.1-beta.1

v1.3.0

v1.3.0-beta.11

v1.3.0-beta.10

v1.3.0-beta.9

v1.3.0-beta.8

v1.3.0-beta.7

v1.3.0-beta.6

v1.3.0-beta.5

v1.3.0-beta.4

v1.2.12

v1.3.0-beta.3

v1.3.0-beta.2

v1.3.0-beta.1

v1.2.11

v1.2.10

v1.2.10-pkce-fix.3

v1.2.10-beta.1

v1.2.9

v1.2.9-beta.10

v1.2.9-beta.9

feat/2867-oidcprovider-trusted

v1.2.9-beta.8

v1.2.9-beta.7

v1.2.9-beta.6

v1.2.9-beta.5

v1.2.9-beta.4

v1.2.9-beta.3

v1.2.9-beta.2

v1.2.9-beta.1

v1.2.8

v1.2.8-beta.8

v1.2.8-beta.7

v1.2.8-beta.6

v1.2.8-beta.5

v1.2.8-beta.4

v1.2.8-beta.3

v1.2.8-beta.2

v1.2.8-beta.1

v1.2.7

v1.2.7-beta.1

v1.2.6

v1.2.6-beta.13

v1.2.6-beta.12

v1.2.6-beta.11

v1.2.6-beta.10

v1.2.6-beta.9

v1.2.6-beta.8

v1.2.6-beta.7

v1.2.6-beta.6

v1.2.6-beta.5

v1.2.6-beta.4

v1.2.6-beta.3

v1.2.6-beta.2

v1.2.6-beta.1

v1.2.5

v1.2.5-beta.10

v1.2.5-beta.9

v1.2.5-beta.8

v1.2.5-beta.7

v1.2.5-beta.6

v1.2.5-beta.5

v1.2.5-beta.4

v1.2.5-beta.3

v1.2.5-beta.2

v1.2.5-beta.1

v1.2.4

v1.2.4-beta.12

v1.2.4-beta.11

v1.2.4-beta.10

v1.2.4-beta.9

v1.2.4-beta.8

v1.2.4-beta.7

v1.2.4-beta.6

v1.2.4-beta.5

v1.2.4-beta.4

v1.2.4-beta.3

v1.2.4-beta.2

v1.2.4-beta.1

v1.2.3

v1.2.3-beta.3

v1.2.3-beta.2

v1.2.3-beta.1

v1.2.2

v1.2.2-beta.6

v1.2.2-beta.5

v1.2.2-beta.4

v1.2.2-beta.3

v1.2.2-beta.2

v1.2.2-beta.1

v1.2.1

v1.2.1-beta.8

v1.2.1-beta.7

v1.2.1-beta.6

v1.2.1-beta.5

v1.2.1-beta.4

v1.2.1-beta.3

v1.2.1-beta.2

v1.2.1-beta.1

v1.2.0

v1.2.0-beta.19

v1.2.0-beta.18

v1.2.0-beta.17

v1.1.22-beta.2

v1.1.22-beta.1

v1.2.0-beta.16

v1.1.21

v1.1.21-beta.1

v1.2.0-beta.15

v1.1.20

v1.1.20-beta.5

v1.1.20-beta.4

v1.2.0-beta.14

v1.2.0-beta.13

v1.1.20-beta.3

v1.1.20-beta.2

v1.2.0-beta.12

v1.1.20-beta.1

v1.2.0-beta.11

v1.1.19

v1.1.19-beta.3

v1.2.0-beta.10

v1.2.0-beta.9

v1.2.0-beta.8

v1.2.0-beta.7

v1.1.19-beta.2

v1.1.19-beta.1

v1.1.18

v1.2.0-beta.6

v1.2.0-beta.5

v1.1.18-beta.3

v1.1.18-beta.2

v1.1.18-beta.1

v1.2.0-beta.4

v1.2.0-beta.3

v1.2.0-beta.2

v1.1.17

v1.2.0-beta.1

v1.1.17-beta.5

v1.1.17-beta.4

v1.1.17-beta.3

v1.1.17-beta.2

v1.1.17-beta.1

v1.1.16

v1.1.16-beta.10

v1.1.16-beta.9

v1.1.16-beta.8

v1.1.16-beta.7

v1.1.16-beta.6

v1.1.16-beta.5

v1.1.16-beta.4

v1.1.16-beta.3

v1.1.16-beta.2

v1.1.16-beta.1

v1.1.15

v1.1.15-beta.7

v1.1.15-beta.6

v1.1.15-beta.5

v1.1.15-beta.4

v1.1.15-beta.3

v1.1.15-beta.2

v1.1.15-beta.1

v1.1.14

v1.1.14-beta.6

v1.1.14-beta.5

v1.1.14-beta.4

v1.1.14-beta.3

v1.1.14-beta.2

v1.1.14-beta.1

v1.1.13

v1.1.13-beta.3

v1.1.13-beta.2

v1.1.13-beta.1

v1.1.12

v1.1.12-beta.4

v1.1.12-beta.3

v1.1.12-beta.2

v1.1.12-beta.1

v1.1.11

v1.1.11-beta.1

v1.1.10

v1.1.10-beta.2

v1.1.10-beta.1

v1.1.9

v1.1.9-beta.1

v1.1.8

v1.1.8-beta.3

v1.1.8-beta.2

v1.1.8-beta.1

v1.1.7

v1.1.7-beta.5

v1.1.7-beta.4

v1.1.7-beta.3

v1.1.7-beta.2

v1.1.7-beta.1

v1.1.6

v1.1.5

v1.1.4

v1.1.4-beta.2

v1.1.4-beta.1

v1.1.3

v1.1.3-beta.9

v1.1.3-beta.8

v1.1.3-beta.7

v1.1.3-beta.6

v1.1.3-beta.4

v1.1.3-beta.2

v1.1.3-beta.1

v1.1.2

v1.1.2-beta.4

v1.1.2-beta.3

v1.1.2-beta.2

v1.1.2-beta.1

v1.1.1

v1.1.0

v1.0.23-beta.6

v1.0.23-beta.5

v1.0.23-beta.4

v1.0.23-beta.3

v1.0.23-beta.2

v1.0.23-beta.1

v1.0.22

v1.0.22-beta.4

v1.0.22-beta.3

v1.0.22-beta.2

v1.0.22-beta.1

v1.0.21

v1.0.20

v1.0.19

v1.0.18

v1.0.17

v1.0.16

v1.0.16-beta.2

v1.0.16-beta.1

v1.0.15

v1.0.15-beta.1

v1.0.14

v1.0.13

v1.0.12

v1.0.12-beta.3

v1.0.12-beta.2

v1.0.12-beta.1

v1.0.11

v1.0.11-beta.8

v1.0.11-beta.7

v1.0.11-beta.6

v1.0.11-beta.5

v1.0.11-beta.4

v1.0.11-beta.3

v1.0.11-beta.2

v1.0.11-beta.1

v1.0.10

v1.0.10-beta.3

v1.0.10-beta.2

v1.0.10-beta.1

v1.0.9

v1.0.9-beta.7

v1.0.9-beta.6

v1.0.9-beta.5

v1.0.9-beta.4

v1.0.9-beta.3

v1.0.9-beta.2

v1.0.9-beta.1

v1.0.8

v1.0.8-beta.4

v1.0.8-beta.3

v1.0.8-beta.2

v1.0.8-beta.1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v1.0.0-canary.14

v1.0.0-canary.13

v1.0.0-canary.12

v1.0.0-canary.11

v1.0.0-canary.10

v1.0.0-canary.9

v1.0.0-canary.8

v1.0.0-canary.7

v1.0.0-canary.6

v0.8.9-beta.2

v0.8.9-beta.1

v1.0.0-canary.5

v1.0.0-canary.4

v1.0.0-canary.3

v1.0.0-canary.2

v1.0.0-canary.1

v0.8.8

v0.8.8-beta.2

v0.8.8-beta.1

v0.9.0-canary.1

v0.8.7

v0.8.7-canary.2

v0.8.7-canary.1

v0.8.7-beta.5

v0.8.7-beta.4

v0.8.7-beta.3

v0.8.7-beta.2

v0.8.7-beta.1

v0.8.6

v0.8.6-beta.6

v0.8.6-beta.5

v0.8.6-beta.4

v0.8.6-beta.3

v0.8.6-beta.2

v0.8.6-beta.1

v0.8.5

v0.8.5-beta.3

v0.8.5-beta.2

v0.8.5-beta.1

v0.8.4

v0.8.4-beta.7

v0.8.4-beta.6

v0.8.4-beta.5

v0.8.4-beta.4

v0.8.4-beta.2

v0.8.4-beta.1

v0.8.3

v0.8.3-beta.7

v0.8.3-beta.6

v0.8.3-beta.5

v0.8.3-beta.4

v0.8.3-beta.3

v0.8.3-beta.2

v0.8.3-beta.1

v0.8.2

v0.8.2-beta.3

v0.8.2-beta.2

v0.8.2-beta.1

v0.8.1

v0.8.1-beta.5

v0.8.1-beta.4

v0.8.1-beta.3

v0.8.1-beta.2

v0.8.1-beta.1

v0.8.0

v0.7.6-beta.4

v0.7.6-beta.3

v0.7.6-beta.2

v0.7.6-beta.1

v0.7.5

v0.7.5-beta.9

v0.7.5-beta.8

v0.7.5-beta.7

v0.7.5-beta.6

v0.7.5-beta.5

v0.7.5-beta.4

v0.7.5-beta.3

v0.7.5-beta.2

v0.7.5-beta.1

v0.7.4

v0.7.4-beta.1

v0.7.3

v0.7.3-beta.11

v0.7.3-beta.10

v0.7.3-beta.9

v0.7.3-beta.8

v0.7.3-beta.7

v0.7.3-beta.6

v0.7.3-beta.5

v0.7.3-beta.4

v0.7.3-beta.3

v0.7.3-beta.2

v0.7.3-beta.1

v0.7.2

v0.7.2-beta.5

v0.7.2-beta.4

v0.7.2-beta.3

v0.7.2-beta.2

v0.7.2-beta.1

v0.7.1

v0.7.1-beta.6

v0.7.1-beta.5

v0.7.1-beta.4

v0.7.1-beta.3

v0.7.1-beta.2

v0.7.1-beta.1

v0.7.0

v0.7.0-beta.1

v0.6.3-beta.5

v0.6.3-beta.4

v0.6.3-beta.3

v0.6.3-beta.2

v0.6.3-beta.1

v0.6.2

v0.6.2-beta.8

v0.6.2-beta.7

v0.6.2-beta.6

v0.6.2-beta.5

v0.6.2-beta.4

v0.6.2-beta.3

v0.6.2-beta.2

v0.6.2-beta.1

v0.6.1

v0.6.1-beta.9

v0.6.1-beta.8

v0.6.1-beta.7

v0.6.1-beta.6

v0.6.1-beta.5

v0.6.1-beta.4

v0.6.1-beta.3

v0.6.1-beta.2

v0.6.1-beta.1

v0.6.0

v0.6.0-beta.1

v0.5.4-beta.9

v0.5.4-beta.8

v0.5.4-beta.7

v0.5.4-beta.6

v0.5.4-beta.5

v0.5.4-beta.4

v0.5.4-beta.3

v0.5.4-beta.2

v0.5.4-beta.1

v0.5.3

v0.5.3-beta.17

v0.5.3-beta.16

v0.5.3-beta.15

v0.5.3-beta.14

v0.5.3-beta.13

v0.5.3-beta.12

v0.5.3-beta.11

v0.5.3-beta.10

v0.5.3-beta.9

v0.5.3-beta.8

v0.5.3-beta.7

v0.5.3-beta.6

v0.5.3-beta.5

v0.5.3-beta.4

v0.5.3-beta.3

v0.5.3-beta.2

v0.5.3-beta.1

v0.5.2

v0.5.2-beta.21

v0.5.2-beta.20

v0.5.2-beta.19

v0.5.2-beta.18

v0.5.2-beta.17

v0.5.2-beta.16

v0.5.2-beta.15

v0.5.2-beta.14

v0.5.2-beta.13

v0.5.2-beta.12

v0.5.2-beta.11

v0.5.2-beta.10

v0.5.2-beta.9

v0.5.2-beta.8

v0.5.2-beta.7

v0.5.2-beta.6

v0.5.2-beta.5

v0.5.2-beta.4

v0.5.2-beta.3

v0.5.2-beta.2

v0.5.2-beta.1

v0.5.1

v0.5.1-beta.7

v0.5.1-beta.6

v0.5.1-beta.5

v0.5.1-beta.4

v0.5.1-beta.3

v0.5.1-beta.2

v0.5.1-beta.1

v0.5.0

v0.4.14-beta.2

v0.4.14-beta.1

v0.4.13

v0.4.12

v0.4.12-beta.7

v0.4.12-beta.6

v0.4.12-beta.5

v0.4.12-beta.4

v0.4.12-beta.3

v0.4.12-beta.2

v0.4.12-beta.1

v0.4.11

v0.4.11-beta.3

v0.4.11-beta.2

v0.4.11-beta.1

v0.4.10-beta.10

v0.4.10-beta.9

v0.4.10

v0.4.10-beta.8

v0.4.10-beta.7

v0.4.10-beta.6

v0.4.10-beta.5

v0.4.10-beta.4

v0.4.10-beta.3

v0.4.10-beta.2

v0.4.10-beta.1

v0.4.9

v0.4.9-beta.14

v0.4.9-beta.13

v0.4.9-beta.12

v0.4.9-beta.11

v0.4.9-beta.10

v0.4.9-beta.9

v0.4.9-beta.8

v0.4.9-beta.7

v0.4.9-beta.6

v0.4.9-beta.5

v0.4.9-beta.4

v0.4.9-beta.3

v0.4.9-beta.2

v0.4.9-beta.1

v0.4.8

v0.4.7

v0.4.7-beta.2

v0.4.7-beta.1

v0.4.6

v0.4.5

v0.4.4

v0.4.4-beta.1

v0.4.3

v0.4.3-beta.1

v0.4.2

v0.4.2-beta.1

v0.4.1

v0.4.0

v0.3.6

v0.3.5

v0.3.5-beta.8

v0.3.5-beta.7

v0.3.5-beta.6

v0.3.5-beta.5

v0.3.5-beta.4

v0.3.5-beta.3

v0.3.5-beta.2

v0.3.5-beta.1

v0.3.4

v0.3.4-beta.6

v0.3.4-beta.5

v0.3.4-beta.4

v0.3.4-beta.3

v0.3.4-beta.2

v0.3.4-beta.1

v0.3.3

v0.3.3-beta.12

v0.3.3-beta.11

v0.3.3-beta.10

v0.3.3-beta.9

v0.3.3-beta.8

v0.3.3-beta.7

v0.3.3-beta.6

v0.3.3-beta.5

v0.3.3-beta.4

v0.3.3-beta.3

v0.3.3-beta.2

v0.3.3-beta.1

v0.3.2

v0.3.1

v0.3.0

v0.2.11

v0.2.10

v0.2.9

v0.2.9-beta.10

v0.2.9-beta.9

v0.2.9-beta.8

v0.2.9-beta.7

v0.2.9-beta.6

v0.2.9-beta.5

v0.2.9-beta.4

v0.2.9-beta.3

v0.2.9-beta.2

v0.2.9-beta.1

v0.2.8

v0.2.8-beta.13

v0.2.8-beta.12

v0.2.8-beta.11

v0.2.8-beta.10

v0.2.8-beta.9

v0.2.8-beta.8

v0.2.8-beta.7

v0.2.8-beta.6

v0.2.8-beta.5

v0.2.8-beta.4

v0.2.8-beta.3

v0.2.8-beta.2

v0.2.8-beta.1

v0.2.7

v0.2.6

v0.2.6-beta.10

v0.2.6-beta.9

v0.2.6-beta.8

v0.2.6-beta.7

v0.2.6-beta.6

v0.2.6-beta.5

v0.2.6-beta.4

v0.2.6-beta.3

v0.2.6-beta.2

v0.2.6-beta.1

v0.2.5

v0.2.5-beta.5

v0.2.5-beta.4

v0.2.5-beta.3

v0.2.5-beta.2

v0.2.5-beta.1

v0.2.4

v0.2.3

v0.2.3-beta.14

v0.2.3-beta.13

v0.2.3-beta.12

v0.2.3-beta.11

v0.2.3-beta.10

v0.2.3-beta.9

v0.2.3-beta.8

v0.2.3-beta.7

v0.2.3-beta.6

v0.2.3-beta.5

v0.2.3-beta.4

v0.2.3-beta.3

v0.2.3-beta.2

v0.2.3-beta.1

v0.2.2

v0.2.1

v0.2.1-beta.1

v0.2.0

v0.1.1-beta.6

v0.1.1-beta.5

v0.1.1-beta.4

v0.1.1-beta.3

v0.1.1-beta.2

v0.1.1-beta.1

v0.1.0

v0.0.10-beta.27

v0.0.10-beta.26

v0.0.10-beta.25

v0.0.10-beta.24

v0.0.10-beta.23

v0.0.10-beta.22

v0.0.10-beta.21

v0.0.10-beta.20

v0.0.10-beta.19

v0.0.10-beta.18

v0.0.10-beta.17

v0.0.10-beta.16

v0.0.10-beta.15

v0.0.10-beta.14

v0.0.10-beta.13

v0.0.10-beta.12

v0.0.10-beta.11

v0.0.10-beta.10

v0.0.10-beta.9

v0.0.10-beta.8

v0.0.10-beta.7

v0.0.10-beta.6

v0.0.10-beta.5

v0.0.10-beta.4

v0.0.10-beta.3

v0.0.10-beta.2

v0.0.10-beta.1

v0.0.9

v0.0.9-beta.38

v0.0.9-beta.37

v0.0.9-beta.36

v0.0.9-beta.35

v0.0.9-beta.34

v0.0.9-beta.33

v0.0.9-beta.32

v0.0.9-beta.31

v0.0.9-beta.30

v0.0.9-beta.29

v0.0.9-beta.28

v0.0.9-beta.27

v0.0.9-beta.26

v0.0.9-beta.25

v0.0.9-beta.24

v0.0.9-beta.23

v0.0.9-beta.22

v0.0.9-beta.21

v0.0.9-beta.20

v0.0.9-beta.19

v0.0.9-beta.18

v0.0.9-beta.17

v0.0.9-beta.16

v0.0.9-beta.15

v0.0.9-beta.14

v0.0.9-beta.13

v0.0.9-beta.12

v0.0.9-beta.11

v0.0.9-beta.10

v0.0.9-beta.9

v0.0.9-beta.8

v0.0.9-beta.7

v0.0.9-beta.6

v0.0.9-beta.5

v0.0.9-beta.4

v0.0.9-beta.3

v0.0.9-beta.2

v0.0.9-beta.1

v0.0.8

v0.0.8-beta.29

v0.0.8-beta.28

v0.0.8-beta.27

v0.0.8-beta.26

v0.0.8-beta.25

v0.0.8-beta.24

v0.0.8-beta.23

v0.0.8-beta.22

v0.0.8-beta.21

v0.0.8-beta.20

v0.0.8-beta.19

v0.0.8-beta.18

v0.0.8-beta.17

v0.0.8-beta.16

v0.0.8-beta.15

v0.0.8-beta.14

v0.0.8-beta.13

v0.0.8-beta.12

v0.0.8-beta.11

v0.0.8-beta.10

v0.0.8-beta.9

v0.0.8-beta.8

v0.0.8-beta.7

v0.0.8-beta.6

v0.0.8-beta.5

v0.0.8-beta.4

v0.0.8-beta.3

v0.0.8-beta.2

v0.0.8-beta.1

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.2-beta.8

v0.0.2-beta.7

v0.0.2-beta.6

v0.0.2-beta.5

v0.0.2-beta.4

v0.0.2-beta.3

v0.0.2-beta.2

v0.0.2-beta.1

Labels

Clear labels

adapter

astro

awaiting external contributor

blocked

breaking

breaking change

bug

c-devops

core

credentials

database

dependencies

devops

devtools

docs

documentation

duplicate

elysia

enhancement

enterprise

expo

express

fastify

good first issue

help wanted

hono

identity

infra

integration

invalid

javascript

locked

maintenance

need-more-information

needs: info

needs: repro

nextjs

nuxt

oauth

organization

P0

payments

perf

platform

plugin

pull-request

Mirrored from GitHub Pull Request

question

ready

regression

remix

security

social-provider

solid

stale

svelte

tanstack-start

tracking

version-bump

vue

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#14238