[PR #2760] [CLOSED] Add customTypes support to Email OTP plugin #4471

New Issue

GiteaMirror · 2026-03-13T11:48:19-05:00

GiteaMirror commented

2026-03-13 11:48:19 -05:00

📋 Pull Request Information

Original PR: https://github.com/better-auth/better-auth/pull/2760
Author: @totigm
Created: 5/23/2025
Status: ❌ Closed

Base: v1.3 ← Head: email-otp/add-custom-types

📝 Commits (10+)

0ded5b1 Add custom types to email OTP
8437273 Update Email OTP docs
eb40756 Update Email OTP Client
56da3b3 Update client docs
ae00dcf Linter fix
fb8b1ac Add tests
635c333 Merge branch 'v1.3' into pr/2760
03ea11f Merge remote-tracking branch 'origin/v1.3' into pr/2760
416c61e chore: lock file
fd50e3d check if email is verified before update and avoid creating a session if it already exist

📊 Changes

6 files changed (+241 additions, -92 deletions)

View changed files

📝 docs/content/docs/plugins/email-otp.mdx (+90 -3)
📝 packages/better-auth/package.json (+1 -1)
📝 packages/better-auth/src/plugins/email-otp/client.ts (+7 -2)
📝 packages/better-auth/src/plugins/email-otp/email-otp.test.ts (+59 -4)
📝 packages/better-auth/src/plugins/email-otp/index.ts (+83 -81)
📝 pnpm-lock.yaml (+1 -1)

📄 Description

Description

This PR enhances the Email OTP plugin and its client to allow you to add your own customTypes alongside the default OTP types, with full TypeScript literal-union inference on both server handlers and client calls. It also updates the documentation to include a dedicated Custom Types section and clear examples for using custom OTP types in your server and client code.
Additionally, it adds new tests verifying customTypes support for both server and client flows.

What’s changed

Server plugin (`emailOTP`)

Conditional merging of default and custom types. z.enum(types) now includes both default and custom types:

DefaultEmailOtpType | CustomType
// e.g. "sign-in" | "email-verification"  | "forget-password" | "set-password" | "your-own-type"

If customTypes is omitted, you still get the defaults:

"email-verification" | "sign-in" | "forget-password"

Server call

The generated API client’s sendVerificationOTP method now correctly infers the type parameter as the union of default and any customTypes you provided:

auth.api.sendVerificationOTP({
  body: {
    type: "set-password",  // "sign-in" | "email-verification"  | "forget-password" | "set-password" | "your-own-type"
    email: "test@test.com",
  },
});

Client plugin (`emailOTPClient`)

Made the client factory generic over CustomType extends string and accept the same customTypes?: readonly CustomType[].
Stubbed a no-op EmailOTPOptions<CustomType> so only the TS types are inferred:
```
$InferServerPlugin: {} as ReturnType<typeof emailOTP<CustomType>>,
```

With customTypes = ["set-password", "your-own-type"], you now get:

client.emailOtp.sendVerificationOtp({
  email: string,
  type: "sign-in" | "email-verification"  | "forget-password" | "set-password" | "your-own-type"
})

And without it, you still get the default types.

Documentation

Added a Custom Types section in the MDX docs.
Clarified that customTypes extend (don’t overwrite) the default OTP types and must be passed to the client plugin for autocompletion.

Zod v4 import note

We import from zod/v4 (while staying on v3 in package.json) to pick up fixes in generic inference for z.object().
In v3, z.object() could mark required fields T | undefined due to addQuestionMarks, breaking our strict type field.
This temporary import ensures our type is always required and correctly narrowed.

Why this change

Previously, you were limited to the three default OTP types and could not add any extras. For example, I wanted to do a custom OTP email for users that logged in with a social provider at first, but wanted to set a password now. Now users can set their own types depending on their needs, while still defaulting to the same we had before.

Code examples

Server usage

import { betterAuth } from "better-auth"
import { emailOTP } from "better-auth/plugins"

const auth = betterAuth({
  plugins: [
    emailOTP({
      customTypes: ["set-password", "your-own-type"],
      async sendVerificationOTP({ email, otp, type }) {
        if (type === "set-password") {
          // Send OTP to set password for first time
        } else {
          // Handle other types
        }
      },
    }),
  ],
});

Client usage

import { createAuthClient } from "better-auth/client"
import { emailOTPClient } from "better-auth/client/plugins"

const client = createAuthClient({
  plugins: [
    emailOTPClient({
      customTypes: ["set-password", "your-own-type"],
    }),
  ],
});

await client.emailOtp.sendVerificationOtp({
  email: "test@test.com",
  type: "set-password", // "sign-in" | "email-verification"  | "forget-password" | "set-password" | "your-own-type"
});

Tests

Custom OTP type "set-password"
Verifies that the plugin correctly handles a custom OTP type in both server and client setups.
Client flow
should send OTP with correct type via client
Server API flow
should send OTP with correct type via server api

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/better-auth/better-auth/pull/2760 **Author:** [@totigm](https://github.com/totigm) **Created:** 5/23/2025 **Status:** ❌ Closed **Base:** `v1.3` ← **Head:** `email-otp/add-custom-types` --- ### 📝 Commits (10+) - [`0ded5b1`](https://github.com/better-auth/better-auth/commit/0ded5b1fa516c6e4944d20cfdbd05ad4f735de25) Add custom types to email OTP - [`8437273`](https://github.com/better-auth/better-auth/commit/84372737c8b437b2570a0c2d9b1f84580e26e710) Update Email OTP docs - [`eb40756`](https://github.com/better-auth/better-auth/commit/eb40756fadae27584a2db960828c70df530c27e2) Update Email OTP Client - [`56da3b3`](https://github.com/better-auth/better-auth/commit/56da3b3b2f33f3c2fa11299acd54c3280f38add0) Update client docs - [`ae00dcf`](https://github.com/better-auth/better-auth/commit/ae00dcfb4bfccc833528a2dc542652fcd9c9e16d) Linter fix - [`fb8b1ac`](https://github.com/better-auth/better-auth/commit/fb8b1ac5f891741725f249531db5904407337ed4) Add tests - [`635c333`](https://github.com/better-auth/better-auth/commit/635c333fc9ab2fe3b5f8898c5bd1ba45ca06a1f2) Merge branch 'v1.3' into pr/2760 - [`03ea11f`](https://github.com/better-auth/better-auth/commit/03ea11fde73f3339e37f4507b65738811553c4d2) Merge remote-tracking branch 'origin/v1.3' into pr/2760 - [`416c61e`](https://github.com/better-auth/better-auth/commit/416c61ee69bc7f339c03deb90cae2eeec4a760de) chore: lock file - [`fd50e3d`](https://github.com/better-auth/better-auth/commit/fd50e3d7d4c16b3bb77610ad4d0cbea8cbabf831) check if email is verified before update and avoid creating a session if it already exist ### 📊 Changes **6 files changed** (+241 additions, -92 deletions) <details> <summary>View changed files</summary> 📝 `docs/content/docs/plugins/email-otp.mdx` (+90 -3) 📝 `packages/better-auth/package.json` (+1 -1) 📝 `packages/better-auth/src/plugins/email-otp/client.ts` (+7 -2) 📝 `packages/better-auth/src/plugins/email-otp/email-otp.test.ts` (+59 -4) 📝 `packages/better-auth/src/plugins/email-otp/index.ts` (+83 -81) 📝 `pnpm-lock.yaml` (+1 -1) </details> ### 📄 Description ## Description This PR enhances the `Email OTP plugin` and its client to allow you to add your own `customTypes` alongside the default OTP types, with full TypeScript literal-union inference on both server handlers and client calls. It also updates the documentation to include a dedicated **Custom Types** section and clear examples for using custom OTP types in your server and client code. Additionally, it adds new tests verifying `customTypes` support for both server and client flows. ## What’s changed ### Server plugin (`emailOTP`) - Conditional merging of default and custom types. `z.enum(types)` now includes both default and custom types: ```ts DefaultEmailOtpType | CustomType // e.g. "sign-in" | "email-verification" | "forget-password" | "set-password" | "your-own-type" ``` - If `customTypes` is omitted, you still get the defaults: ```ts "email-verification" | "sign-in" | "forget-password" ``` ### Server call The generated API client’s `sendVerificationOTP` method now correctly infers the `type` parameter as the union of default and any `customTypes` you provided: ```ts title="server-call.ts" auth.api.sendVerificationOTP({ body: { type: "set-password", // "sign-in" | "email-verification" | "forget-password" | "set-password" | "your-own-type" email: "test@test.com", }, }); ``` ### Client plugin (`emailOTPClient`) - Made the client factory generic over `CustomType extends string` and accept the same `customTypes?: readonly CustomType[]`. - Stubbed a no-op `EmailOTPOptions<CustomType>` so only the TS types are inferred: ```ts $InferServerPlugin: {} as ReturnType<typeof emailOTP<CustomType>>, ``` - With `customTypes = ["set-password", "your-own-type"]`, you now get: ```ts client.emailOtp.sendVerificationOtp({ email: string, type: "sign-in" | "email-verification" | "forget-password" | "set-password" | "your-own-type" }) ``` And without it, you still get the default types. ### Documentation - Added a **Custom Types** section in the MDX docs. - Clarified that `customTypes` **extend** (don’t overwrite) the default OTP types and must be passed to the client plugin for autocompletion. ### Zod v4 import note - We import from `zod/v4` (while staying on v3 in `package.json`) to pick up fixes in generic inference for `z.object()`. - In v3, `z.object()` could mark required fields `T | undefined` due to `addQuestionMarks`, breaking our strict `type` field. - This temporary import ensures our `type` is always required and correctly narrowed. ## Why this change Previously, you were limited to the three default OTP types and could not add any extras. For example, I wanted to do a custom OTP email for users that logged in with a social provider at first, but wanted to set a password now. Now users can set their own types depending on their needs, while still defaulting to the same we had before. ## Code examples ### Server usage ```ts title="auth.ts" import { betterAuth } from "better-auth" import { emailOTP } from "better-auth/plugins" const auth = betterAuth({ plugins: [ emailOTP({ customTypes: ["set-password", "your-own-type"], async sendVerificationOTP({ email, otp, type }) { if (type === "set-password") { // Send OTP to set password for first time } else { // Handle other types } }, }), ], }); ``` ### Client usage ```ts title="auth-client.ts" import { createAuthClient } from "better-auth/client" import { emailOTPClient } from "better-auth/client/plugins" const client = createAuthClient({ plugins: [ emailOTPClient({ customTypes: ["set-password", "your-own-type"], }), ], }); await client.emailOtp.sendVerificationOtp({ email: "test@test.com", type: "set-password", // "sign-in" | "email-verification" | "forget-password" | "set-password" | "your-own-type" }); ``` ### Tests - **Custom OTP type `"set-password"`** Verifies that the plugin correctly handles a custom OTP type in both server and client setups. - **Client flow** `should send OTP with correct type via client` - **Server API flow** `should send OTP with correct type via server api` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-03-13 11:48:19 -05:00

GiteaMirror closed this issue

2026-03-13 11:48:20 -05:00

GiteaMirror referenced this issue

2026-04-13 05:47:01 -05:00

[GH-ISSUE #4471] React Native build issue on v1.3.8 #9946

GiteaMirror referenced this issue

2026-04-15 17:04:59 -05:00

[GH-ISSUE #4471] React Native build issue on v1.3.8 #18577

GiteaMirror referenced this issue

2026-04-17 18:11:33 -05:00

[GH-ISSUE #4471] React Native build issue on v1.3.8 #27269

Sign in to join this conversation.

Branches Tags

dependabot/npm_and_yarn/demo/electron/demo-minor-patch-227a091249

dependabot/github_actions/github-actions-98f3470200

2026-05-13/ci/stabilize-docker-startup

dependabot/npm_and_yarn/samlify-2.13.0

changeset-release/main

main

2026-05-22/chore/adopt-agents-md

2026-05-22/refactor/string-case-utils

2026-05-14/fix/passkey-verify-error-and-claim

changeset-release/next

client-assertions-main

2026-05-15/ci/fix-sqlite-abi-mismatch

2026-05-15/fix/organization-team-add-cascade

2026-05-15/fix/parse-set-cookie-value-validation

2026-05-13/feat/captcha-wildcard-endpoints

fix/i18n-before-hook-translation

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

2026-05-08/feat/register-before-send

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-24/fix/update-user-info-on-link

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#4471

[PR #2760] [CLOSED] Add customTypes support to Email OTP plugin #4471

📋 Pull Request Information

📝 Commits (10+)

📊 Changes

📄 Description

Description

What’s changed

Server plugin (emailOTP)

Server call

Client plugin (emailOTPClient)

Documentation

Zod v4 import note

Why this change

Code examples

Server usage

Client usage

Tests

[PR #2760] [CLOSED] Add `customTypes` support to Email OTP plugin #4471

Server plugin (`emailOTP`)

Client plugin (`emailOTPClient`)