[GH-ISSUE #8016] oauth-provider: /oauth2/token crashes on clientSecret format mismatch (hex decode error) instead of invalid_client #28294

New Issue

Closed

opened 2026-04-17 19:43:45 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-17 19:43:45 -05:00

Owner

Copy Link

Originally created by @ikemHood on GitHub (Feb 17, 2026).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/8016

Is this suited for github?

• Yes, this is suited for github

To Reproduce

1. Create an Express backend using better-auth@1.4.18 + @better-auth/oauth-provider@1.4.18.
2. Configure OAuth provider and use persisted OAuth clients (oauthClient.clientSecret) created before the latest config/runtime changes.
3. Run OAuth authorization code flow from a client app using generic OAuth.
4. POST to /oauth2/token with valid form-urlencoded payload:
   • grant_type=authorization_code
   • code
   • code_verifier
   • redirect_uri
   • client_id
   • client_secret
5. Observe server crash during token exchange with:
   • hex string expected, got unpadded hex of length 43
   • stack includes decryptStoredClientSecret / verifyStoredClientSecret / validateClientCredentials.

Current vs. Expected behavior

Current behavior:

• Token request reaches /oauth2/token correctly (form-urlencoded body includes grant_type and other expected fields), but client secret verification throws:
  hex string expected, got unpadded hex of length 43
• This appears to happen when stored oauthClient.clientSecret format does not match decrypt expectations.
• Endpoint returns server error instead of a controlled OAuth error.

Expected behavior:

• If stored secret format is incompatible, return a controlled OAuth error (for example invalid_client) instead of throwing an internal crypto parsing error.
• Ideally provide clearer compatibility/migration handling between hashed and encrypted client-secret storage formats.

What version of Better Auth are you using?

1.4.18

System info

OS: macOS 15.1.1 (24B91), Darwin 24.1.0, arm64
Node.js: v22.11.0
npm: 11.4.2
pnpm: 10.17.0
better-auth: 1.4.18
@better-auth/oauth-provider: 1.4.18

Which area(s) are affected? (Select all that apply)

• Backend
• Package

Auth config (if applicable)

import { betterAuth } from "better-auth";
import { oauthProvider } from "@better-auth/oauth-provider";

export const auth = betterAuth({
  // adapter + base config omitted
  plugins: [
    oauthProvider({
      loginPage: "/oauth/login",
      consentPage: "/oauth/consent",
      accessTokenExpiresIn: 60 * 60,
      refreshTokenExpiresIn: 60 * 60 * 24 * 30,
      codeExpiresIn: 60 * 10,
      scopes: ["openid", "profile", "email", "offline_access"],
      // Our compatibility workaround:
      // storeClientSecret: "hashed",
    }),
  ],
});

Additional context

• We originally had a separate body-parsing issue where /oauth2/token got an empty body. After fixing middleware order/scoping, request body is now confirmed correct.
• Example observed token-request diagnostics after fix:
  • contentType: application/x-www-form-urlencoded
  • bodyHasGrantType: true
  • bodyKeys: grant_type, code, code_verifier, redirect_uri, client_id, client_secret
• The remaining bug is specifically in client secret verification/decryption path.
• Temporary workaround on our side: explicitly pin storeClientSecret: "hashed" for compatibility with existing clients.

Originally created by @ikemHood on GitHub (Feb 17, 2026). Original GitHub issue: https://github.com/better-auth/better-auth/issues/8016 ### Is this suited for github? - [x] Yes, this is suited for github ### To Reproduce 1. Create an Express backend using `better-auth@1.4.18` + `@better-auth/oauth-provider@1.4.18`. 2. Configure OAuth provider and use persisted OAuth clients (`oauthClient.clientSecret`) created before the latest config/runtime changes. 3. Run OAuth authorization code flow from a client app using generic OAuth. 4. POST to `/oauth2/token` with valid form-urlencoded payload: - `grant_type=authorization_code` - `code` - `code_verifier` - `redirect_uri` - `client_id` - `client_secret` 5. Observe server crash during token exchange with: - `hex string expected, got unpadded hex of length 43` - stack includes `decryptStoredClientSecret` / `verifyStoredClientSecret` / `validateClientCredentials`. ### Current vs. Expected behavior Current behavior: - Token request reaches `/oauth2/token` correctly (form-urlencoded body includes `grant_type` and other expected fields), but client secret verification throws: `hex string expected, got unpadded hex of length 43` - This appears to happen when stored `oauthClient.clientSecret` format does not match decrypt expectations. - Endpoint returns server error instead of a controlled OAuth error. Expected behavior: - If stored secret format is incompatible, return a controlled OAuth error (for example `invalid_client`) instead of throwing an internal crypto parsing error. - Ideally provide clearer compatibility/migration handling between hashed and encrypted client-secret storage formats. ### What version of Better Auth are you using? 1.4.18 ### System info ```bash OS: macOS 15.1.1 (24B91), Darwin 24.1.0, arm64 Node.js: v22.11.0 npm: 11.4.2 pnpm: 10.17.0 better-auth: 1.4.18 @better-auth/oauth-provider: 1.4.18 ``` ### Which area(s) are affected? (Select all that apply) - Backend - Package ### Auth config (if applicable) ```typescript import { betterAuth } from "better-auth"; import { oauthProvider } from "@better-auth/oauth-provider"; export const auth = betterAuth({ // adapter + base config omitted plugins: [ oauthProvider({ loginPage: "/oauth/login", consentPage: "/oauth/consent", accessTokenExpiresIn: 60 * 60, refreshTokenExpiresIn: 60 * 60 * 24 * 30, codeExpiresIn: 60 * 10, scopes: ["openid", "profile", "email", "offline_access"], // Our compatibility workaround: // storeClientSecret: "hashed", }), ], }); ``` ### Additional context - We originally had a separate body-parsing issue where `/oauth2/token` got an empty body. After fixing middleware order/scoping, request body is now confirmed correct. - Example observed token-request diagnostics after fix: - `contentType: application/x-www-form-urlencoded` - `bodyHasGrantType: true` - `bodyKeys: grant_type, code, code_verifier, redirect_uri, client_id, client_secret` - The remaining bug is specifically in client secret verification/decryption path. - Temporary workaround on our side: explicitly pin `storeClientSecret: "hashed"` for compatibility with existing clients.

GiteaMirror added the lockedbug labels 2026-04-17 19:43:45 -05:00

GiteaMirror closed this issue 2026-04-17 19:43:46 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

2026-05-22/chore/adopt-agents-md

2026-05-22/refactor/string-case-utils

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/turbo-2.9.14

changeset-release/main

main

2026-05-14/fix/passkey-verify-error-and-claim

dependabot/npm_and_yarn/samlify-2.13.0

dependabot/npm_and_yarn/ws-8.20.1

changeset-release/next

next

ping-maxwell/c-ping-maxwell/fix-error-link-apostrophe-f89a

dependabot/npm_and_yarn/demo/electron/demo-minor-patch-519ef7475f

dependabot/github_actions/github-actions-98f3470200

client-assertions-main

2026-05-15/ci/fix-sqlite-abi-mismatch

2026-05-15/fix/organization-team-add-cascade

2026-05-15/fix/parse-set-cookie-value-validation

2026-05-13/feat/captcha-wildcard-endpoints

2026-05-13/ci/stabilize-docker-startup

fix/i18n-before-hook-translation

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

2026-05-08/feat/register-before-send

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-24/fix/update-user-info-on-link

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

better-auth@1.6.11

auth@1.6.11

@better-auth/test-utils@1.6.11

@better-auth/telemetry@1.6.11

@better-auth/stripe@1.6.11

@better-auth/sso@1.6.11

@better-auth/scim@1.6.11

@better-auth/api-key@1.6.11

@better-auth/redis-storage@1.6.11

@better-auth/core@1.6.11

@better-auth/oauth-provider@1.6.11

@better-auth/mongo-adapter@1.6.11

@better-auth/memory-adapter@1.6.11

@better-auth/kysely-adapter@1.6.11

@better-auth/i18n@1.6.11

@better-auth/expo@1.6.11

@better-auth/electron@1.6.11

@better-auth/drizzle-adapter@1.6.11

@better-auth/prisma-adapter@1.6.11

@better-auth/passkey@1.6.11

v1.6.11

better-auth@1.7.0-beta.3

auth@1.7.0-beta.3

@better-auth/test-utils@1.7.0-beta.3

@better-auth/telemetry@1.7.0-beta.3

@better-auth/stripe@1.7.0-beta.3

@better-auth/sso@1.7.0-beta.3

@better-auth/scim@1.7.0-beta.3

@better-auth/redis-storage@1.7.0-beta.3

@better-auth/prisma-adapter@1.7.0-beta.3

@better-auth/passkey@1.7.0-beta.3

@better-auth/oauth-provider@1.7.0-beta.3

@better-auth/mongo-adapter@1.7.0-beta.3

@better-auth/memory-adapter@1.7.0-beta.3

@better-auth/kysely-adapter@1.7.0-beta.3

@better-auth/i18n@1.7.0-beta.3

@better-auth/expo@1.7.0-beta.3

@better-auth/electron@1.7.0-beta.3

@better-auth/drizzle-adapter@1.7.0-beta.3

@better-auth/core@1.7.0-beta.3

@better-auth/cimd@1.7.0-beta.3

@better-auth/api-key@1.7.0-beta.3

v1.7.0-beta.3

better-auth@1.6.10

auth@1.6.10

@better-auth/test-utils@1.6.10

@better-auth/telemetry@1.6.10

@better-auth/stripe@1.6.10

@better-auth/sso@1.6.10

@better-auth/scim@1.6.10

@better-auth/redis-storage@1.6.10

@better-auth/prisma-adapter@1.6.10

@better-auth/passkey@1.6.10

@better-auth/oauth-provider@1.6.10

@better-auth/mongo-adapter@1.6.10

@better-auth/memory-adapter@1.6.10

@better-auth/kysely-adapter@1.6.10

@better-auth/i18n@1.6.10

@better-auth/expo@1.6.10

@better-auth/electron@1.6.10

@better-auth/drizzle-adapter@1.6.10

@better-auth/core@1.6.10

@better-auth/api-key@1.6.10

v1.6.10

better-auth@1.6.9

auth@1.6.9

@better-auth/test-utils@1.6.9

@better-auth/telemetry@1.6.9

@better-auth/stripe@1.6.9

@better-auth/sso@1.6.9

@better-auth/scim@1.6.9

@better-auth/redis-storage@1.6.9

@better-auth/prisma-adapter@1.6.9

@better-auth/passkey@1.6.9

@better-auth/oauth-provider@1.6.9

@better-auth/mongo-adapter@1.6.9

@better-auth/memory-adapter@1.6.9

@better-auth/kysely-adapter@1.6.9

@better-auth/i18n@1.6.9

@better-auth/expo@1.6.9

@better-auth/electron@1.6.9

@better-auth/drizzle-adapter@1.6.9

@better-auth/core@1.6.9

@better-auth/api-key@1.6.9

v1.6.9

better-auth@1.6.8

auth@1.6.8

@better-auth/test-utils@1.6.8

@better-auth/telemetry@1.6.8

@better-auth/stripe@1.6.8

@better-auth/sso@1.6.8

@better-auth/scim@1.6.8

@better-auth/redis-storage@1.6.8

@better-auth/prisma-adapter@1.6.8

@better-auth/passkey@1.6.8

@better-auth/oauth-provider@1.6.8

@better-auth/mongo-adapter@1.6.8

@better-auth/memory-adapter@1.6.8

@better-auth/kysely-adapter@1.6.8

@better-auth/i18n@1.6.8

@better-auth/expo@1.6.8

@better-auth/electron@1.6.8

@better-auth/drizzle-adapter@1.6.8

@better-auth/core@1.6.8

@better-auth/api-key@1.6.8

v1.6.8

@better-auth/api-key@1.7.0-beta.2

better-auth@1.7.0-beta.2

auth@1.7.0-beta.2

@better-auth/test-utils@1.7.0-beta.2

@better-auth/telemetry@1.7.0-beta.2

@better-auth/stripe@1.7.0-beta.2

@better-auth/sso@1.7.0-beta.2

@better-auth/scim@1.7.0-beta.2

@better-auth/redis-storage@1.7.0-beta.2

@better-auth/prisma-adapter@1.7.0-beta.2

@better-auth/passkey@1.7.0-beta.2

@better-auth/oauth-provider@1.7.0-beta.2

@better-auth/mongo-adapter@1.7.0-beta.2

@better-auth/memory-adapter@1.7.0-beta.2

@better-auth/kysely-adapter@1.7.0-beta.2

@better-auth/i18n@1.7.0-beta.2

@better-auth/expo@1.7.0-beta.2

@better-auth/electron@1.7.0-beta.2

@better-auth/drizzle-adapter@1.7.0-beta.2

@better-auth/core@1.7.0-beta.2

@better-auth/cimd@1.7.0-beta.2

v1.7.0-beta.2

better-auth@1.6.7

auth@1.6.7

@better-auth/test-utils@1.6.7

@better-auth/telemetry@1.6.7

@better-auth/stripe@1.6.7

@better-auth/sso@1.6.7

@better-auth/scim@1.6.7

@better-auth/redis-storage@1.6.7

@better-auth/prisma-adapter@1.6.7

@better-auth/passkey@1.6.7

@better-auth/oauth-provider@1.6.7

@better-auth/mongo-adapter@1.6.7

@better-auth/memory-adapter@1.6.7

@better-auth/kysely-adapter@1.6.7

@better-auth/i18n@1.6.7

@better-auth/expo@1.6.7

@better-auth/electron@1.6.7

@better-auth/drizzle-adapter@1.6.7

@better-auth/core@1.6.7

@better-auth/api-key@1.6.7

v1.6.7

better-auth@1.6.6

auth@1.6.6

@better-auth/test-utils@1.6.6

@better-auth/telemetry@1.6.6

@better-auth/stripe@1.6.6

@better-auth/sso@1.6.6

@better-auth/scim@1.6.6

@better-auth/redis-storage@1.6.6

@better-auth/prisma-adapter@1.6.6

@better-auth/passkey@1.6.6

@better-auth/oauth-provider@1.6.6

@better-auth/mongo-adapter@1.6.6

@better-auth/memory-adapter@1.6.6

@better-auth/kysely-adapter@1.6.6

@better-auth/i18n@1.6.6

@better-auth/expo@1.6.6

@better-auth/electron@1.6.6

@better-auth/drizzle-adapter@1.6.6

@better-auth/core@1.6.6

@better-auth/api-key@1.6.6

v1.6.6

better-auth@1.6.5

auth@1.6.5

@better-auth/test-utils@1.6.5

@better-auth/telemetry@1.6.5

@better-auth/stripe@1.6.5

@better-auth/sso@1.6.5

@better-auth/scim@1.6.5

@better-auth/redis-storage@1.6.5

@better-auth/prisma-adapter@1.6.5

@better-auth/passkey@1.6.5

@better-auth/oauth-provider@1.6.5

@better-auth/mongo-adapter@1.6.5

@better-auth/memory-adapter@1.6.5

@better-auth/kysely-adapter@1.6.5

@better-auth/i18n@1.6.5

@better-auth/expo@1.6.5

@better-auth/electron@1.6.5

@better-auth/drizzle-adapter@1.6.5

@better-auth/core@1.6.5

@better-auth/api-key@1.6.5

v1.6.5

@better-auth/api-key@1.6.4

better-auth@1.6.4

auth@1.6.4

@better-auth/test-utils@1.6.4

@better-auth/telemetry@1.6.4

@better-auth/stripe@1.6.4

@better-auth/sso@1.6.4

@better-auth/scim@1.6.4

@better-auth/redis-storage@1.6.4

@better-auth/prisma-adapter@1.6.4

@better-auth/passkey@1.6.4

@better-auth/oauth-provider@1.6.4

@better-auth/mongo-adapter@1.6.4

@better-auth/memory-adapter@1.6.4

@better-auth/kysely-adapter@1.6.4

@better-auth/i18n@1.6.4

@better-auth/expo@1.6.4

@better-auth/electron@1.6.4

@better-auth/drizzle-adapter@1.6.4

@better-auth/core@1.6.4

v1.6.4

@better-auth/cimd@1.7.0-beta.1

v1.7.0-beta.1

@better-auth/api-key@1.6.3

better-auth@1.6.3

auth@1.6.3

@better-auth/test-utils@1.6.3

@better-auth/telemetry@1.6.3

@better-auth/stripe@1.6.3

@better-auth/sso@1.6.3

@better-auth/scim@1.6.3

@better-auth/redis-storage@1.6.3

@better-auth/prisma-adapter@1.6.3

@better-auth/passkey@1.6.3

@better-auth/oauth-provider@1.6.3

@better-auth/mongo-adapter@1.6.3

@better-auth/memory-adapter@1.6.3

@better-auth/kysely-adapter@1.6.3

@better-auth/i18n@1.6.3

@better-auth/expo@1.6.3

@better-auth/electron@1.6.3

@better-auth/drizzle-adapter@1.6.3

@better-auth/core@1.6.3

v1.6.3

@better-auth/api-key@1.7.0-beta.0

better-auth@1.7.0-beta.0

auth@1.7.0-beta.0

@better-auth/test-utils@1.7.0-beta.0

@better-auth/telemetry@1.7.0-beta.0

@better-auth/stripe@1.7.0-beta.0

@better-auth/sso@1.7.0-beta.0

@better-auth/scim@1.7.0-beta.0

@better-auth/redis-storage@1.7.0-beta.0

@better-auth/prisma-adapter@1.7.0-beta.0

@better-auth/passkey@1.7.0-beta.0

@better-auth/oauth-provider@1.7.0-beta.0

@better-auth/mongo-adapter@1.7.0-beta.0

@better-auth/memory-adapter@1.7.0-beta.0

@better-auth/kysely-adapter@1.7.0-beta.0

@better-auth/i18n@1.7.0-beta.0

@better-auth/expo@1.7.0-beta.0

@better-auth/electron@1.7.0-beta.0

@better-auth/drizzle-adapter@1.7.0-beta.0

@better-auth/core@1.7.0-beta.0

v1.7.0-beta.0

better-auth@1.6.2

auth@1.6.2

@better-auth/test-utils@1.6.2

@better-auth/telemetry@1.6.2

@better-auth/stripe@1.6.2

@better-auth/sso@1.6.2

@better-auth/scim@1.6.2

@better-auth/redis-storage@1.6.2

@better-auth/prisma-adapter@1.6.2

@better-auth/passkey@1.6.2

@better-auth/oauth-provider@1.6.2

@better-auth/mongo-adapter@1.6.2

@better-auth/memory-adapter@1.6.2

@better-auth/kysely-adapter@1.6.2

@better-auth/i18n@1.6.2

@better-auth/expo@1.6.2

@better-auth/electron@1.6.2

@better-auth/drizzle-adapter@1.6.2

@better-auth/core@1.6.2

@better-auth/api-key@1.6.2

v1.6.2

better-auth@1.6.1

auth@1.6.1

@better-auth/test-utils@1.6.1

@better-auth/telemetry@1.6.1

@better-auth/stripe@1.6.1

@better-auth/sso@1.6.1

@better-auth/scim@1.6.1

@better-auth/redis-storage@1.6.1

@better-auth/prisma-adapter@1.6.1

@better-auth/passkey@1.6.1

@better-auth/oauth-provider@1.6.1

@better-auth/mongo-adapter@1.6.1

@better-auth/memory-adapter@1.6.1

@better-auth/kysely-adapter@1.6.1

@better-auth/i18n@1.6.1

@better-auth/expo@1.6.1

@better-auth/electron@1.6.1

@better-auth/drizzle-adapter@1.6.1

@better-auth/core@1.6.1

@better-auth/api-key@1.6.1

v1.6.1

better-auth@1.6.0

auth@1.6.0

@better-auth/test-utils@1.6.0

@better-auth/telemetry@1.6.0

@better-auth/stripe@1.6.0

@better-auth/sso@1.6.0

@better-auth/scim@1.6.0

@better-auth/redis-storage@1.6.0

@better-auth/prisma-adapter@1.6.0

@better-auth/passkey@1.6.0

@better-auth/oauth-provider@1.6.0

@better-auth/mongo-adapter@1.6.0

@better-auth/memory-adapter@1.6.0

@better-auth/kysely-adapter@1.6.0

@better-auth/i18n@1.6.0

@better-auth/expo@1.6.0

@better-auth/electron@1.6.0

@better-auth/drizzle-adapter@1.6.0

@better-auth/core@1.6.0

@better-auth/api-key@1.6.0

v1.6.0

v1.5.7-beta.1

v1.5.1-beta.4

v1.5.6

v1.4.22

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1-beta.3

v1.5.1-beta.2

v1.5.1

v1.4.21

v1.5.1-beta.1

v1.5.0

v1.4.20

v1.5.0-beta.20

v1.5.0-beta.19

v1.5.0-beta.18

v1.4.19

v1.5.0-beta.17

v1.5.0-beta.16

v1.5.0-beta.15

v1.5.0-beta.14

v1.5.0-beta.13

v1.5.0-beta.12

v1.5.0-beta.11

v1.4.18

v1.5.0-beta.10

v1.5.0-beta.9

v1.4.17

v1.4.16

v1.4.15

v1.5.0-beta.8

v1.4.14

v1.4.13

v1.5.0-beta.7

v1.4.12

v1.4.12-beta.2

v1.5.0-beta.6

v1.4.12-beta.1

v1.5.0-beta.5

v1.4.11

v1.5.0-beta.4

v1.4.11-beta.2

v1.5.0-beta.3

v1.4.11-beta.1

v1.4.10

v1.5.0-beta.2

v1.4.10-beta.1

v1.4.9-beta.1

v1.5.0-beta.1

v1.4.9

v1.4.8

v1.4.8-beta.7

v1.4.8-beta.6

v1.4.8-beta.5

v1.4.8-beta.4

v1.4.8-beta.3

v1.4.8-beta.2

v1.4.8-beta.1

v1.4.7

v1.4.7-beta.4

v1.4.7-beta.3

v1.4.7-beta.2

v1.4.6-beta.5

v1.4.7-beta.1

v1.4.6

v1.4.6-beta.4

v1.4.6-beta.3

v1.4.5

v1.4.6-beta.2

v1.4.6-beta.1

v1.4.5-beta.2

v1.4.5-beta.1

v1.4.4-beta.3

v1.4.4

v1.4.4-beta.2

v1.4.4-beta.1

v1.4.3

v1.4.2

v1.4.2-beta.5

v1.4.2-beta.4

v1.4.2-beta.3

v1.4.2-beta.2

v1.4.2-beta.1

v1.4.1

v1.4.1-beta.1

v1.4.0

v1.4.0-beta.28

v1.4.0-beta.27

v1.4.0-beta.26

v1.4.0-beta.25

v1.4.0-beta.24

v1.4.0-beta.23

v1.4.0-beta.22

v1.4.0-beta.21

v1.4.0-beta.20

v1.4.0-beta.19

v1.4.0-beta.18

v1.4.0-beta.17

v1.4.0-beta.16

v1.4.0-beta.15

v1.3.34

v1.3.33

v1.4.0-beta.14

v1.3.32

v1.3.31

v1.3.30

v1.4.0-beta.13

v1.3.29

v1.4.0-beta.12

v1.3.28

v1.4.0-beta.11

v1.4.0-beta.10

v1.4.0-beta.9

v1.4.0-beta.8

v1.3.27

v1.4.0-beta.7

v1.3.26

v1.3.25

v1.3.24

v1.4.0-beta.6

v1.3.23

v1.3.22

v1.3.21

v1.3.20

v1.3.19

v1.4.0-beta.5

v1.3.18

v1.4.0-beta.4

v1.3.17

v1.4.0-beta.3

v1.3.16

v1.3.15

v1.3.14

v1.4.0-beta.2

v1.3.13

v1.4.0-beta.1

v1.3.12

v1.3.11-beta.2

v1.3.11

v1.3.11-beta.1

v1.3.10

v1.3.10-beta.7

v1.3.10-beta.6

v1.3.10-beta.5

v1.3.10-beta.4

v1.3.10-beta.3

v1.3.10-beta.2

v1.3.10-beta.1

v1.3.9

v1.3.9-beta.4

v1.3.9-beta.3

v1.3.9-beta.2

v1.3.9-beta.1

v1.3.8

v1.3.8-beta.11

v1.3.8-beta.10

v1.3.8-beta.9

v1.3.8-beta.8

v1.3.8-beta.7

v1.3.8-beta.6

v1.3.8-beta.5

v1.3.8-beta.4

v1.3.8-beta.3

v1.3.8-beta.2

v1.3.8-beta.1

v1.3.7

v1.3.7-beta.4

v1.3.7-beta.3

v1.3.7-beta.2

v1.3.7-beta.1

v1.3.6

v1.3.6-beta.2

v1.3.6-beta.1

v1.3.5

v1.3.5-beta.7

v1.3.5-beta.6

v1.3.5-beta.5

v1.3.5-beta.4

v1.3.5-beta.3

v1.3.5-beta.2

v1.3.5-beta.1

better-auth@1.3.4

@better-auth/stripe@1.3.4

@better-auth/sso@1.3.4

@better-auth/expo@1.3.4

@better-auth/cli@1.3.4

v1.3.4-beta.3

v1.3.4-beta.2

v1.3.4-beta.1

v1.3.3

v1.3.2

v1.3.1

v1.3.1-beta.1

v1.3.0

v1.3.0-beta.11

v1.3.0-beta.10

v1.3.0-beta.9

v1.3.0-beta.8

v1.3.0-beta.7

v1.3.0-beta.6

v1.3.0-beta.5

v1.3.0-beta.4

v1.2.12

v1.3.0-beta.3

v1.3.0-beta.2

v1.3.0-beta.1

v1.2.11

v1.2.10

v1.2.10-pkce-fix.3

v1.2.10-beta.1

v1.2.9

v1.2.9-beta.10

v1.2.9-beta.9

feat/2867-oidcprovider-trusted

v1.2.9-beta.8

v1.2.9-beta.7

v1.2.9-beta.6

v1.2.9-beta.5

v1.2.9-beta.4

v1.2.9-beta.3

v1.2.9-beta.2

v1.2.9-beta.1

v1.2.8

v1.2.8-beta.8

v1.2.8-beta.7

v1.2.8-beta.6

v1.2.8-beta.5

v1.2.8-beta.4

v1.2.8-beta.3

v1.2.8-beta.2

v1.2.8-beta.1

v1.2.7

v1.2.7-beta.1

v1.2.6

v1.2.6-beta.13

v1.2.6-beta.12

v1.2.6-beta.11

v1.2.6-beta.10

v1.2.6-beta.9

v1.2.6-beta.8

v1.2.6-beta.7

v1.2.6-beta.6

v1.2.6-beta.5

v1.2.6-beta.4

v1.2.6-beta.3

v1.2.6-beta.2

v1.2.6-beta.1

v1.2.5

v1.2.5-beta.10

v1.2.5-beta.9

v1.2.5-beta.8

v1.2.5-beta.7

v1.2.5-beta.6

v1.2.5-beta.5

v1.2.5-beta.4

v1.2.5-beta.3

v1.2.5-beta.2

v1.2.5-beta.1

v1.2.4

v1.2.4-beta.12

v1.2.4-beta.11

v1.2.4-beta.10

v1.2.4-beta.9

v1.2.4-beta.8

v1.2.4-beta.7

v1.2.4-beta.6

v1.2.4-beta.5

v1.2.4-beta.4

v1.2.4-beta.3

v1.2.4-beta.2

v1.2.4-beta.1

v1.2.3

v1.2.3-beta.3

v1.2.3-beta.2

v1.2.3-beta.1

v1.2.2

v1.2.2-beta.6

v1.2.2-beta.5

v1.2.2-beta.4

v1.2.2-beta.3

v1.2.2-beta.2

v1.2.2-beta.1

v1.2.1

v1.2.1-beta.8

v1.2.1-beta.7

v1.2.1-beta.6

v1.2.1-beta.5

v1.2.1-beta.4

v1.2.1-beta.3

v1.2.1-beta.2

v1.2.1-beta.1

v1.2.0

v1.2.0-beta.19

v1.2.0-beta.18

v1.2.0-beta.17

v1.1.22-beta.2

v1.1.22-beta.1

v1.2.0-beta.16

v1.1.21

v1.1.21-beta.1

v1.2.0-beta.15

v1.1.20

v1.1.20-beta.5

v1.1.20-beta.4

v1.2.0-beta.14

v1.2.0-beta.13

v1.1.20-beta.3

v1.1.20-beta.2

v1.2.0-beta.12

v1.1.20-beta.1

v1.2.0-beta.11

v1.1.19

v1.1.19-beta.3

v1.2.0-beta.10

v1.2.0-beta.9

v1.2.0-beta.8

v1.2.0-beta.7

v1.1.19-beta.2

v1.1.19-beta.1

v1.1.18

v1.2.0-beta.6

v1.2.0-beta.5

v1.1.18-beta.3

v1.1.18-beta.2

v1.1.18-beta.1

v1.2.0-beta.4

v1.2.0-beta.3

v1.2.0-beta.2

v1.1.17

v1.2.0-beta.1

v1.1.17-beta.5

v1.1.17-beta.4

v1.1.17-beta.3

v1.1.17-beta.2

v1.1.17-beta.1

v1.1.16

v1.1.16-beta.10

v1.1.16-beta.9

v1.1.16-beta.8

v1.1.16-beta.7

v1.1.16-beta.6

v1.1.16-beta.5

v1.1.16-beta.4

v1.1.16-beta.3

v1.1.16-beta.2

v1.1.16-beta.1

v1.1.15

v1.1.15-beta.7

v1.1.15-beta.6

v1.1.15-beta.5

v1.1.15-beta.4

v1.1.15-beta.3

v1.1.15-beta.2

v1.1.15-beta.1

v1.1.14

v1.1.14-beta.6

v1.1.14-beta.5

v1.1.14-beta.4

v1.1.14-beta.3

v1.1.14-beta.2

v1.1.14-beta.1

v1.1.13

v1.1.13-beta.3

v1.1.13-beta.2

v1.1.13-beta.1

v1.1.12

v1.1.12-beta.4

v1.1.12-beta.3

v1.1.12-beta.2

v1.1.12-beta.1

v1.1.11

v1.1.11-beta.1

v1.1.10

v1.1.10-beta.2

v1.1.10-beta.1

v1.1.9

v1.1.9-beta.1

v1.1.8

v1.1.8-beta.3

v1.1.8-beta.2

v1.1.8-beta.1

v1.1.7

v1.1.7-beta.5

v1.1.7-beta.4

v1.1.7-beta.3

v1.1.7-beta.2

v1.1.7-beta.1

v1.1.6

v1.1.5

v1.1.4

v1.1.4-beta.2

v1.1.4-beta.1

v1.1.3

v1.1.3-beta.9

v1.1.3-beta.8

v1.1.3-beta.7

v1.1.3-beta.6

v1.1.3-beta.4

v1.1.3-beta.2

v1.1.3-beta.1

v1.1.2

v1.1.2-beta.4

v1.1.2-beta.3

v1.1.2-beta.2

v1.1.2-beta.1

v1.1.1

v1.1.0

v1.0.23-beta.6

v1.0.23-beta.5

v1.0.23-beta.4

v1.0.23-beta.3

v1.0.23-beta.2

v1.0.23-beta.1

v1.0.22

v1.0.22-beta.4

v1.0.22-beta.3

v1.0.22-beta.2

v1.0.22-beta.1

v1.0.21

v1.0.20

v1.0.19

v1.0.18

v1.0.17

v1.0.16

v1.0.16-beta.2

v1.0.16-beta.1

v1.0.15

v1.0.15-beta.1

v1.0.14

v1.0.13

v1.0.12

v1.0.12-beta.3

v1.0.12-beta.2

v1.0.12-beta.1

v1.0.11

v1.0.11-beta.8

v1.0.11-beta.7

v1.0.11-beta.6

v1.0.11-beta.5

v1.0.11-beta.4

v1.0.11-beta.3

v1.0.11-beta.2

v1.0.11-beta.1

v1.0.10

v1.0.10-beta.3

v1.0.10-beta.2

v1.0.10-beta.1

v1.0.9

v1.0.9-beta.7

v1.0.9-beta.6

v1.0.9-beta.5

v1.0.9-beta.4

v1.0.9-beta.3

v1.0.9-beta.2

v1.0.9-beta.1

v1.0.8

v1.0.8-beta.4

v1.0.8-beta.3

v1.0.8-beta.2

v1.0.8-beta.1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v1.0.0-canary.14

v1.0.0-canary.13

v1.0.0-canary.12

v1.0.0-canary.11

v1.0.0-canary.10

v1.0.0-canary.9

v1.0.0-canary.8

v1.0.0-canary.7

v1.0.0-canary.6

v0.8.9-beta.2

v0.8.9-beta.1

v1.0.0-canary.5

v1.0.0-canary.4

v1.0.0-canary.3

v1.0.0-canary.2

v1.0.0-canary.1

v0.8.8

v0.8.8-beta.2

v0.8.8-beta.1

v0.9.0-canary.1

v0.8.7

v0.8.7-canary.2

v0.8.7-canary.1

v0.8.7-beta.5

v0.8.7-beta.4

v0.8.7-beta.3

v0.8.7-beta.2

v0.8.7-beta.1

v0.8.6

v0.8.6-beta.6

v0.8.6-beta.5

v0.8.6-beta.4

v0.8.6-beta.3

v0.8.6-beta.2

v0.8.6-beta.1

v0.8.5

v0.8.5-beta.3

v0.8.5-beta.2

v0.8.5-beta.1

v0.8.4

v0.8.4-beta.7

v0.8.4-beta.6

v0.8.4-beta.5

v0.8.4-beta.4

v0.8.4-beta.2

v0.8.4-beta.1

v0.8.3

v0.8.3-beta.7

v0.8.3-beta.6

v0.8.3-beta.5

v0.8.3-beta.4

v0.8.3-beta.3

v0.8.3-beta.2

v0.8.3-beta.1

v0.8.2

v0.8.2-beta.3

v0.8.2-beta.2

v0.8.2-beta.1

v0.8.1

v0.8.1-beta.5

v0.8.1-beta.4

v0.8.1-beta.3

v0.8.1-beta.2

v0.8.1-beta.1

v0.8.0

v0.7.6-beta.4

v0.7.6-beta.3

v0.7.6-beta.2

v0.7.6-beta.1

v0.7.5

v0.7.5-beta.9

v0.7.5-beta.8

v0.7.5-beta.7

v0.7.5-beta.6

v0.7.5-beta.5

v0.7.5-beta.4

v0.7.5-beta.3

v0.7.5-beta.2

v0.7.5-beta.1

v0.7.4

v0.7.4-beta.1

v0.7.3

v0.7.3-beta.11

v0.7.3-beta.10

v0.7.3-beta.9

v0.7.3-beta.8

v0.7.3-beta.7

v0.7.3-beta.6

v0.7.3-beta.5

v0.7.3-beta.4

v0.7.3-beta.3

v0.7.3-beta.2

v0.7.3-beta.1

v0.7.2

v0.7.2-beta.5

v0.7.2-beta.4

v0.7.2-beta.3

v0.7.2-beta.2

v0.7.2-beta.1

v0.7.1

v0.7.1-beta.6

v0.7.1-beta.5

v0.7.1-beta.4

v0.7.1-beta.3

v0.7.1-beta.2

v0.7.1-beta.1

v0.7.0

v0.7.0-beta.1

v0.6.3-beta.5

v0.6.3-beta.4

v0.6.3-beta.3

v0.6.3-beta.2

v0.6.3-beta.1

v0.6.2

v0.6.2-beta.8

v0.6.2-beta.7

v0.6.2-beta.6

v0.6.2-beta.5

v0.6.2-beta.4

v0.6.2-beta.3

v0.6.2-beta.2

v0.6.2-beta.1

v0.6.1

v0.6.1-beta.9

v0.6.1-beta.8

v0.6.1-beta.7

v0.6.1-beta.6

v0.6.1-beta.5

v0.6.1-beta.4

v0.6.1-beta.3

v0.6.1-beta.2

v0.6.1-beta.1

v0.6.0

v0.6.0-beta.1

v0.5.4-beta.9

v0.5.4-beta.8

v0.5.4-beta.7

v0.5.4-beta.6

v0.5.4-beta.5

v0.5.4-beta.4

v0.5.4-beta.3

v0.5.4-beta.2

v0.5.4-beta.1

v0.5.3

v0.5.3-beta.17

v0.5.3-beta.16

v0.5.3-beta.15

v0.5.3-beta.14

v0.5.3-beta.13

v0.5.3-beta.12

v0.5.3-beta.11

v0.5.3-beta.10

v0.5.3-beta.9

v0.5.3-beta.8

v0.5.3-beta.7

v0.5.3-beta.6

v0.5.3-beta.5

v0.5.3-beta.4

v0.5.3-beta.3

v0.5.3-beta.2

v0.5.3-beta.1

v0.5.2

v0.5.2-beta.21

v0.5.2-beta.20

v0.5.2-beta.19

v0.5.2-beta.18

v0.5.2-beta.17

v0.5.2-beta.16

v0.5.2-beta.15

v0.5.2-beta.14

v0.5.2-beta.13

v0.5.2-beta.12

v0.5.2-beta.11

v0.5.2-beta.10

v0.5.2-beta.9

v0.5.2-beta.8

v0.5.2-beta.7

v0.5.2-beta.6

v0.5.2-beta.5

v0.5.2-beta.4

v0.5.2-beta.3

v0.5.2-beta.2

v0.5.2-beta.1

v0.5.1

v0.5.1-beta.7

v0.5.1-beta.6

v0.5.1-beta.5

v0.5.1-beta.4

v0.5.1-beta.3

v0.5.1-beta.2

v0.5.1-beta.1

v0.5.0

v0.4.14-beta.2

v0.4.14-beta.1

v0.4.13

v0.4.12

v0.4.12-beta.7

v0.4.12-beta.6

v0.4.12-beta.5

v0.4.12-beta.4

v0.4.12-beta.3

v0.4.12-beta.2

v0.4.12-beta.1

v0.4.11

v0.4.11-beta.3

v0.4.11-beta.2

v0.4.11-beta.1

v0.4.10-beta.10

v0.4.10-beta.9

v0.4.10

v0.4.10-beta.8

v0.4.10-beta.7

v0.4.10-beta.6

v0.4.10-beta.5

v0.4.10-beta.4

v0.4.10-beta.3

v0.4.10-beta.2

v0.4.10-beta.1

v0.4.9

v0.4.9-beta.14

v0.4.9-beta.13

v0.4.9-beta.12

v0.4.9-beta.11

v0.4.9-beta.10

v0.4.9-beta.9

v0.4.9-beta.8

v0.4.9-beta.7

v0.4.9-beta.6

v0.4.9-beta.5

v0.4.9-beta.4

v0.4.9-beta.3

v0.4.9-beta.2

v0.4.9-beta.1

v0.4.8

v0.4.7

v0.4.7-beta.2

v0.4.7-beta.1

v0.4.6

v0.4.5

v0.4.4

v0.4.4-beta.1

v0.4.3

v0.4.3-beta.1

v0.4.2

v0.4.2-beta.1

v0.4.1

v0.4.0

v0.3.6

v0.3.5

v0.3.5-beta.8

v0.3.5-beta.7

v0.3.5-beta.6

v0.3.5-beta.5

v0.3.5-beta.4

v0.3.5-beta.3

v0.3.5-beta.2

v0.3.5-beta.1

v0.3.4

v0.3.4-beta.6

v0.3.4-beta.5

v0.3.4-beta.4

v0.3.4-beta.3

v0.3.4-beta.2

v0.3.4-beta.1

v0.3.3

v0.3.3-beta.12

v0.3.3-beta.11

v0.3.3-beta.10

v0.3.3-beta.9

v0.3.3-beta.8

v0.3.3-beta.7

v0.3.3-beta.6

v0.3.3-beta.5

v0.3.3-beta.4

v0.3.3-beta.3

v0.3.3-beta.2

v0.3.3-beta.1

v0.3.2

v0.3.1

v0.3.0

v0.2.11

v0.2.10

v0.2.9

v0.2.9-beta.10

v0.2.9-beta.9

v0.2.9-beta.8

v0.2.9-beta.7

v0.2.9-beta.6

v0.2.9-beta.5

v0.2.9-beta.4

v0.2.9-beta.3

v0.2.9-beta.2

v0.2.9-beta.1

v0.2.8

v0.2.8-beta.13

v0.2.8-beta.12

v0.2.8-beta.11

v0.2.8-beta.10

v0.2.8-beta.9

v0.2.8-beta.8

v0.2.8-beta.7

v0.2.8-beta.6

v0.2.8-beta.5

v0.2.8-beta.4

v0.2.8-beta.3

v0.2.8-beta.2

v0.2.8-beta.1

v0.2.7

v0.2.6

v0.2.6-beta.10

v0.2.6-beta.9

v0.2.6-beta.8

v0.2.6-beta.7

v0.2.6-beta.6

v0.2.6-beta.5

v0.2.6-beta.4

v0.2.6-beta.3

v0.2.6-beta.2

v0.2.6-beta.1

v0.2.5

v0.2.5-beta.5

v0.2.5-beta.4

v0.2.5-beta.3

v0.2.5-beta.2

v0.2.5-beta.1

v0.2.4

v0.2.3

v0.2.3-beta.14

v0.2.3-beta.13

v0.2.3-beta.12

v0.2.3-beta.11

v0.2.3-beta.10

v0.2.3-beta.9

v0.2.3-beta.8

v0.2.3-beta.7

v0.2.3-beta.6

v0.2.3-beta.5

v0.2.3-beta.4

v0.2.3-beta.3

v0.2.3-beta.2

v0.2.3-beta.1

v0.2.2

v0.2.1

v0.2.1-beta.1

v0.2.0

v0.1.1-beta.6

v0.1.1-beta.5

v0.1.1-beta.4

v0.1.1-beta.3

v0.1.1-beta.2

v0.1.1-beta.1

v0.1.0

v0.0.10-beta.27

v0.0.10-beta.26

v0.0.10-beta.25

v0.0.10-beta.24

v0.0.10-beta.23

v0.0.10-beta.22

v0.0.10-beta.21

v0.0.10-beta.20

v0.0.10-beta.19

v0.0.10-beta.18

v0.0.10-beta.17

v0.0.10-beta.16

v0.0.10-beta.15

v0.0.10-beta.14

v0.0.10-beta.13

v0.0.10-beta.12

v0.0.10-beta.11

v0.0.10-beta.10

v0.0.10-beta.9

v0.0.10-beta.8

v0.0.10-beta.7

v0.0.10-beta.6

v0.0.10-beta.5

v0.0.10-beta.4

v0.0.10-beta.3

v0.0.10-beta.2

v0.0.10-beta.1

v0.0.9

v0.0.9-beta.38

v0.0.9-beta.37

v0.0.9-beta.36

v0.0.9-beta.35

v0.0.9-beta.34

v0.0.9-beta.33

v0.0.9-beta.32

v0.0.9-beta.31

v0.0.9-beta.30

v0.0.9-beta.29

v0.0.9-beta.28

v0.0.9-beta.27

v0.0.9-beta.26

v0.0.9-beta.25

v0.0.9-beta.24

v0.0.9-beta.23

v0.0.9-beta.22

v0.0.9-beta.21

v0.0.9-beta.20

v0.0.9-beta.19

v0.0.9-beta.18

v0.0.9-beta.17

v0.0.9-beta.16

v0.0.9-beta.15

v0.0.9-beta.14

v0.0.9-beta.13

v0.0.9-beta.12

v0.0.9-beta.11

v0.0.9-beta.10

v0.0.9-beta.9

v0.0.9-beta.8

v0.0.9-beta.7

v0.0.9-beta.6

v0.0.9-beta.5

v0.0.9-beta.4

v0.0.9-beta.3

v0.0.9-beta.2

v0.0.9-beta.1

v0.0.8

v0.0.8-beta.29

v0.0.8-beta.28

v0.0.8-beta.27

v0.0.8-beta.26

v0.0.8-beta.25

v0.0.8-beta.24

v0.0.8-beta.23

v0.0.8-beta.22

v0.0.8-beta.21

v0.0.8-beta.20

v0.0.8-beta.19

v0.0.8-beta.18

v0.0.8-beta.17

v0.0.8-beta.16

v0.0.8-beta.15

v0.0.8-beta.14

v0.0.8-beta.13

v0.0.8-beta.12

v0.0.8-beta.11

v0.0.8-beta.10

v0.0.8-beta.9

v0.0.8-beta.8

v0.0.8-beta.7

v0.0.8-beta.6

v0.0.8-beta.5

v0.0.8-beta.4

v0.0.8-beta.3

v0.0.8-beta.2

v0.0.8-beta.1

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.2-beta.8

v0.0.2-beta.7

v0.0.2-beta.6

v0.0.2-beta.5

v0.0.2-beta.4

v0.0.2-beta.3

v0.0.2-beta.2

v0.0.2-beta.1

Labels

Clear labels

adapter

astro

awaiting external contributor

blocked

breaking

breaking change

bug

c-devops

core

credentials

database

dependencies

devops

devtools

docs

documentation

duplicate

elysia

enhancement

enterprise

expo

express

fastify

good first issue

help wanted

hono

identity

infra

integration

invalid

javascript

locked

maintenance

need-more-information

needs: info

needs: repro

nextjs

nuxt

oauth

organization

P0

payments

perf

platform

plugin

pull-request

Mirrored from GitHub Pull Request

question

ready

regression

remix

security

social-provider

solid

stale

svelte

tanstack-start

tracking

version-bump

vue

wontfix

No Label bug locked

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#28294