[PR #3729] [CLOSED] Use discovery endpoint on SSO Provider registration #21877

New Issue

GiteaMirror · 2026-04-15T20:40:20-05:00

GiteaMirror commented

2026-04-15 20:40:20 -05:00

📋 Pull Request Information

Original PR: https://github.com/better-auth/better-auth/pull/3729
Author: @TheUntraceable
Created: 8/1/2025
Status: ❌ Closed

Base: canary ← Head: main

📝 Commits (10+)

d1fe109 Revert "chore: bump tailwindcss to v4 (#4681)"
1e86e4c refactor: remove unused generics (#4691)
62b5069 fix(api-key): cascade api keys on user deletion (#4703)
578a64e fix: device authorization plugin (#4695)
adfc484 fix(organization): decouple client and server permission checks (#4707)
fd29b5b fix: reduce any type in generator.ts (#4710)
bb5513d Reapply "chore: bump tailwindcss to v4 (#4681)"
c335407 fix: refresh secondary storage sessions on user update (#4522)
c6e5dab fix(adapter): returning null as string for optional id references (#4713)
3ec47de chore(demo): fix globals.css (#4725)

📊 Changes

36 files changed (+730 additions, -276 deletions)

View changed files

📝 demo/nextjs/app/globals.css (+91 -51)
📝 docs/content/docs/authentication/discord.mdx (+42 -16)
📝 docs/content/docs/concepts/oauth.mdx (+201 -30)
📝 docs/content/docs/plugins/device-authorization.mdx (+6 -6)
📝 packages/better-auth/package.json (+1 -1)
📝 packages/better-auth/src/__snapshots__/init.test.ts.snap (+2 -1)
📝 packages/better-auth/src/adapters/adapter-factory/index.ts (+5 -2)
📝 packages/better-auth/src/adapters/adapter-factory/test/adapter-factory.test.ts (+47 -0)
📝 packages/better-auth/src/adapters/adapter-factory/types.ts (+1 -0)
📝 packages/better-auth/src/adapters/drizzle-adapter/drizzle-adapter.ts (+1 -1)
📝 packages/better-auth/src/adapters/kysely-adapter/dialect.ts (+4 -0)
📝 packages/better-auth/src/adapters/kysely-adapter/kysely-adapter.ts (+1 -1)
📝 packages/better-auth/src/adapters/mongodb-adapter/mongodb-adapter.ts (+1 -1)
📝 packages/better-auth/src/adapters/prisma-adapter/prisma-adapter.ts (+1 -1)
📝 packages/better-auth/src/adapters/test.ts (+29 -2)
📝 packages/better-auth/src/api/index.ts (+6 -6)
📝 packages/better-auth/src/api/routes/email-verification.test.ts (+59 -0)
📝 packages/better-auth/src/auth.ts (+5 -3)
📝 packages/better-auth/src/db/internal-adapter.ts (+38 -35)
📝 packages/better-auth/src/db/utils.ts (+5 -4)

...and 16 more files

📄 Description

Summary by cubic

Added support for using the OIDC discovery endpoint during SSO provider registration to auto-populate required endpoints and validate configuration.

New Features
- Fetches and validates OIDC endpoints from the discovery URL.
- Ensures issuer, token, authorization, userinfo, and JWKS endpoints are present and correct.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/better-auth/better-auth/pull/3729 **Author:** [@TheUntraceable](https://github.com/TheUntraceable) **Created:** 8/1/2025 **Status:** ❌ Closed **Base:** `canary` ← **Head:** `main` --- ### 📝 Commits (10+) - [`d1fe109`](https://github.com/better-auth/better-auth/commit/d1fe10962079c82920ea078a9847f65a59907b81) Revert "chore: bump tailwindcss to v4 (#4681)" - [`1e86e4c`](https://github.com/better-auth/better-auth/commit/1e86e4c138235fe6539e2795d0fd8a9f511b4716) refactor: remove unused generics (#4691) - [`62b5069`](https://github.com/better-auth/better-auth/commit/62b50691b1db7396241aaacf6a6501c09c97e1b6) fix(api-key): cascade api keys on user deletion (#4703) - [`578a64e`](https://github.com/better-auth/better-auth/commit/578a64eb965da77254c14a676128812df4646d83) fix: device authorization plugin (#4695) - [`adfc484`](https://github.com/better-auth/better-auth/commit/adfc484fcd9dce4976a649795a7915bcd9f116a0) fix(organization): decouple client and server permission checks (#4707) - [`fd29b5b`](https://github.com/better-auth/better-auth/commit/fd29b5bd19f3dd8ee46c7615a5a581efc18fe1cc) fix: reduce any type in generator.ts (#4710) - [`bb5513d`](https://github.com/better-auth/better-auth/commit/bb5513d216b996206d9e21b21cdee20f4d98fd60) Reapply "chore: bump tailwindcss to v4 (#4681)" - [`c335407`](https://github.com/better-auth/better-auth/commit/c33540765860569a016574cb9e9cdc74f0ecfec5) fix: refresh secondary storage sessions on user update (#4522) - [`c6e5dab`](https://github.com/better-auth/better-auth/commit/c6e5dab8ab40386ac033e15e2695832105f66edf) fix(adapter): returning null as string for optional id references (#4713) - [`3ec47de`](https://github.com/better-auth/better-auth/commit/3ec47dedbd6f2c87f337a9fcbe93d70cc39d735d) chore(demo): fix globals.css (#4725) ### 📊 Changes **36 files changed** (+730 additions, -276 deletions) <details> <summary>View changed files</summary> 📝 `demo/nextjs/app/globals.css` (+91 -51) 📝 `docs/content/docs/authentication/discord.mdx` (+42 -16) 📝 `docs/content/docs/concepts/oauth.mdx` (+201 -30) 📝 `docs/content/docs/plugins/device-authorization.mdx` (+6 -6) 📝 `packages/better-auth/package.json` (+1 -1) 📝 `packages/better-auth/src/__snapshots__/init.test.ts.snap` (+2 -1) 📝 `packages/better-auth/src/adapters/adapter-factory/index.ts` (+5 -2) 📝 `packages/better-auth/src/adapters/adapter-factory/test/adapter-factory.test.ts` (+47 -0) 📝 `packages/better-auth/src/adapters/adapter-factory/types.ts` (+1 -0) 📝 `packages/better-auth/src/adapters/drizzle-adapter/drizzle-adapter.ts` (+1 -1) 📝 `packages/better-auth/src/adapters/kysely-adapter/dialect.ts` (+4 -0) 📝 `packages/better-auth/src/adapters/kysely-adapter/kysely-adapter.ts` (+1 -1) 📝 `packages/better-auth/src/adapters/mongodb-adapter/mongodb-adapter.ts` (+1 -1) 📝 `packages/better-auth/src/adapters/prisma-adapter/prisma-adapter.ts` (+1 -1) 📝 `packages/better-auth/src/adapters/test.ts` (+29 -2) 📝 `packages/better-auth/src/api/index.ts` (+6 -6) 📝 `packages/better-auth/src/api/routes/email-verification.test.ts` (+59 -0) 📝 `packages/better-auth/src/auth.ts` (+5 -3) 📝 `packages/better-auth/src/db/internal-adapter.ts` (+38 -35) 📝 `packages/better-auth/src/db/utils.ts` (+5 -4) _...and 16 more files_ </details> ### 📄 Description  ## Summary by cubic Added support for using the OIDC discovery endpoint during SSO provider registration to auto-populate required endpoints and validate configuration. - **New Features** - Fetches and validates OIDC endpoints from the discovery URL. - Ensures issuer, token, authorization, userinfo, and JWKS endpoints are present and correct.  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-15 20:40:20 -05:00

GiteaMirror closed this issue

2026-04-15 20:40:21 -05:00

Sign in to join this conversation.

Branches Tags

changeset-release/main

main

dependabot/npm_and_yarn/hono-4.12.18

dependabot/npm_and_yarn/fast-xml-parser-5.7.0

2026-05-13/fix/access-authorize-edge-cases

fix/oauth-provider-consent-missing-client

fix/oauth-provider-basic-auth-secret-colon

2026-05-13/feat/captcha-wildcard-endpoints

dependabot/github_actions/github-actions-98f3470200

dependabot/npm_and_yarn/demo/nextjs/hono-4.12.18

dependabot/npm_and_yarn/demo/electron/postcss-8.5.13

2026-05-13/ci/stabilize-docker-startup

changeset-release/next

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/lenient-cookie-parser

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

dependabot/npm_and_yarn/demo/expo/babel/plugin-transform-modules-systemjs-7.29.4

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

dependabot/npm_and_yarn/demo/nextjs/fast-uri-3.1.2

dependabot/npm_and_yarn/demo/electron/fast-uri-3.1.2

2026-05-08/feat/register-before-send

dependabot/npm_and_yarn/demo/electron/ip-address-10.2.0

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-additional-params

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-24/fix/update-user-info-on-link

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#21877