mirror of
https://github.com/better-auth/better-auth.git
synced 2026-05-22 14:21:55 -05:00
Closed
opened 2026-04-13 04:25:00 -05:00 by GiteaMirror
·
67 comments
No Branch/Tag Specified
2026-05-22/chore/adopt-agents-md
2026-05-22/refactor/string-case-utils
dependabot/npm_and_yarn/uuid-14.0.0
dependabot/npm_and_yarn/turbo-2.9.14
changeset-release/main
main
2026-05-14/fix/passkey-verify-error-and-claim
dependabot/npm_and_yarn/samlify-2.13.0
dependabot/npm_and_yarn/ws-8.20.1
changeset-release/next
next
ping-maxwell/c-ping-maxwell/fix-error-link-apostrophe-f89a
dependabot/npm_and_yarn/demo/electron/demo-minor-patch-519ef7475f
dependabot/github_actions/github-actions-98f3470200
client-assertions-main
2026-05-15/ci/fix-sqlite-abi-mismatch
2026-05-15/fix/organization-team-add-cascade
2026-05-15/fix/parse-set-cookie-value-validation
2026-05-13/feat/captcha-wildcard-endpoints
2026-05-13/ci/stabilize-docker-startup
fix/i18n-before-hook-translation
fix/disable-migration-generate
2026-05-07/fix/admin-set-password-upsert
2026-05-10/fix/cookie-drain-order
2026-05-10/feat/hooks-finally
2026-05-09/fix/cookie-drain-order
2026-05-09/feat/hooks-finally
2026-05-08/feat/register-before-send
fix/stripe/subscription-data-merge
2026-05-01/chore/pnpm-v11-harden
chore/pnpm-v11
2026-04-29/feat/google-include-granted-scopes
2026-04-29/fix/oauth-account-scope-semantics
2026-04-27/fix/nextcookies-idempotent-writes
2026-04-26/fix/harden-proxy-host-validation
2026-04-26/refactor/stripe-callback-signature-cleanup
2026-04-26/fix/stripe-subscription-callback-timing
2026-04-11/fix/sveltekit-app-modules
feat/open-api-zod-contract
feat/oauth-provider-backchannel-logout-next
feat/oauth-idp-initiated-bounce
refactor/sign-in-challenges
2026-04-21/fix/oauth-rfc-input-validation
fix/release-notes-new-packages
fix/two-factor-identity-guard
fix/resource
feat/emailpassword-authorize
2026-04-12/security/dynamic-baseurl-proxy-trust-default
feat/oauth-provider-at-hash-v2
fix/release-grep-fallback
claude/address-review-comments-JhFLr
claude/slack-update-stripe-docs-consistency-8Sc0w
feat/async-auth
fix/two-factor-totp-verified-enrollment
feat/plugin-ui
codex/blog-1-6-release-post
2026-04-06/fix/type-any-guards
2026-04-05/chore/downgrade-better-call
2026-04-04/ci/skip-vercel-fork-prs
2026-03-28/ci/add-autofix-ci
chore/release-preview-script
himself65/2026/02/19/role
2026-03-24/fix/update-user-info-on-link
2026-03-20/docs/improve-website
2026-03-20/fix/anonymous-onlinkaccount-expo
2026-02-17/fix/anonymous-link-state
fix/8607-saml-inresponseto
fix/8549-scim-patch-noop
v1.4.x
refactor/migration-snapshot-tests
worktree-magic-link-additional-data
chore/migrate-build-to-rollup
worktree-fix-dynamic-baseurl-8447
2026-03-06/chore/public-api-check
fix/close-8156-regression-test
fix/secondary-storage-json-error-handling
himself65/verification-namespace
cursor/issue-8307-validation-79a3
himself65/2026/01/30/error-mdx
v1.4.x-staging
fix/email-otp-user
fix/restrict-full-organization-access-roles
himself65/2026/02/12/count
himself65/2026/02/04/define-plugin
2026-02-04/feat/add-pluralize
cursor/better-auth-js-integration-ec21
cursor/expo-state-mismatch-394c
2026-02-01/fix/org-update-role-sync-members
cursor/issue-7607-investigation-e146
cursor/email-generation-helper-0ff6
himself65/2026/01/21/avoid-spread-operator
himself65/2026/01/14/cli
claude/slack-add-docs-pr-NMvgO
claude/slack-add-advanced-useplural-WHKYL
feat/hooks-pos
feat/2fa-phone
feat/2fa
fix/rotation
fix/username-check
v1.3.x
refactor/organization
feat/multiple-client-ids-social-providers
better-auth@1.6.11
auth@1.6.11
@better-auth/test-utils@1.6.11
@better-auth/telemetry@1.6.11
@better-auth/stripe@1.6.11
@better-auth/sso@1.6.11
@better-auth/scim@1.6.11
@better-auth/api-key@1.6.11
@better-auth/redis-storage@1.6.11
@better-auth/core@1.6.11
@better-auth/oauth-provider@1.6.11
@better-auth/mongo-adapter@1.6.11
@better-auth/memory-adapter@1.6.11
@better-auth/kysely-adapter@1.6.11
@better-auth/i18n@1.6.11
@better-auth/expo@1.6.11
@better-auth/electron@1.6.11
@better-auth/drizzle-adapter@1.6.11
@better-auth/prisma-adapter@1.6.11
@better-auth/passkey@1.6.11
v1.6.11
better-auth@1.7.0-beta.3
auth@1.7.0-beta.3
@better-auth/test-utils@1.7.0-beta.3
@better-auth/telemetry@1.7.0-beta.3
@better-auth/stripe@1.7.0-beta.3
@better-auth/sso@1.7.0-beta.3
@better-auth/scim@1.7.0-beta.3
@better-auth/redis-storage@1.7.0-beta.3
@better-auth/prisma-adapter@1.7.0-beta.3
@better-auth/passkey@1.7.0-beta.3
@better-auth/oauth-provider@1.7.0-beta.3
@better-auth/mongo-adapter@1.7.0-beta.3
@better-auth/memory-adapter@1.7.0-beta.3
@better-auth/kysely-adapter@1.7.0-beta.3
@better-auth/i18n@1.7.0-beta.3
@better-auth/expo@1.7.0-beta.3
@better-auth/electron@1.7.0-beta.3
@better-auth/drizzle-adapter@1.7.0-beta.3
@better-auth/core@1.7.0-beta.3
@better-auth/cimd@1.7.0-beta.3
@better-auth/api-key@1.7.0-beta.3
v1.7.0-beta.3
better-auth@1.6.10
auth@1.6.10
@better-auth/test-utils@1.6.10
@better-auth/telemetry@1.6.10
@better-auth/stripe@1.6.10
@better-auth/sso@1.6.10
@better-auth/scim@1.6.10
@better-auth/redis-storage@1.6.10
@better-auth/prisma-adapter@1.6.10
@better-auth/passkey@1.6.10
@better-auth/oauth-provider@1.6.10
@better-auth/mongo-adapter@1.6.10
@better-auth/memory-adapter@1.6.10
@better-auth/kysely-adapter@1.6.10
@better-auth/i18n@1.6.10
@better-auth/expo@1.6.10
@better-auth/electron@1.6.10
@better-auth/drizzle-adapter@1.6.10
@better-auth/core@1.6.10
@better-auth/api-key@1.6.10
v1.6.10
better-auth@1.6.9
auth@1.6.9
@better-auth/test-utils@1.6.9
@better-auth/telemetry@1.6.9
@better-auth/stripe@1.6.9
@better-auth/sso@1.6.9
@better-auth/scim@1.6.9
@better-auth/redis-storage@1.6.9
@better-auth/prisma-adapter@1.6.9
@better-auth/passkey@1.6.9
@better-auth/oauth-provider@1.6.9
@better-auth/mongo-adapter@1.6.9
@better-auth/memory-adapter@1.6.9
@better-auth/kysely-adapter@1.6.9
@better-auth/i18n@1.6.9
@better-auth/expo@1.6.9
@better-auth/electron@1.6.9
@better-auth/drizzle-adapter@1.6.9
@better-auth/core@1.6.9
@better-auth/api-key@1.6.9
v1.6.9
better-auth@1.6.8
auth@1.6.8
@better-auth/test-utils@1.6.8
@better-auth/telemetry@1.6.8
@better-auth/stripe@1.6.8
@better-auth/sso@1.6.8
@better-auth/scim@1.6.8
@better-auth/redis-storage@1.6.8
@better-auth/prisma-adapter@1.6.8
@better-auth/passkey@1.6.8
@better-auth/oauth-provider@1.6.8
@better-auth/mongo-adapter@1.6.8
@better-auth/memory-adapter@1.6.8
@better-auth/kysely-adapter@1.6.8
@better-auth/i18n@1.6.8
@better-auth/expo@1.6.8
@better-auth/electron@1.6.8
@better-auth/drizzle-adapter@1.6.8
@better-auth/core@1.6.8
@better-auth/api-key@1.6.8
v1.6.8
@better-auth/api-key@1.7.0-beta.2
better-auth@1.7.0-beta.2
auth@1.7.0-beta.2
@better-auth/test-utils@1.7.0-beta.2
@better-auth/telemetry@1.7.0-beta.2
@better-auth/stripe@1.7.0-beta.2
@better-auth/sso@1.7.0-beta.2
@better-auth/scim@1.7.0-beta.2
@better-auth/redis-storage@1.7.0-beta.2
@better-auth/prisma-adapter@1.7.0-beta.2
@better-auth/passkey@1.7.0-beta.2
@better-auth/oauth-provider@1.7.0-beta.2
@better-auth/mongo-adapter@1.7.0-beta.2
@better-auth/memory-adapter@1.7.0-beta.2
@better-auth/kysely-adapter@1.7.0-beta.2
@better-auth/i18n@1.7.0-beta.2
@better-auth/expo@1.7.0-beta.2
@better-auth/electron@1.7.0-beta.2
@better-auth/drizzle-adapter@1.7.0-beta.2
@better-auth/core@1.7.0-beta.2
@better-auth/cimd@1.7.0-beta.2
v1.7.0-beta.2
better-auth@1.6.7
auth@1.6.7
@better-auth/test-utils@1.6.7
@better-auth/telemetry@1.6.7
@better-auth/stripe@1.6.7
@better-auth/sso@1.6.7
@better-auth/scim@1.6.7
@better-auth/redis-storage@1.6.7
@better-auth/prisma-adapter@1.6.7
@better-auth/passkey@1.6.7
@better-auth/oauth-provider@1.6.7
@better-auth/mongo-adapter@1.6.7
@better-auth/memory-adapter@1.6.7
@better-auth/kysely-adapter@1.6.7
@better-auth/i18n@1.6.7
@better-auth/expo@1.6.7
@better-auth/electron@1.6.7
@better-auth/drizzle-adapter@1.6.7
@better-auth/core@1.6.7
@better-auth/api-key@1.6.7
v1.6.7
better-auth@1.6.6
auth@1.6.6
@better-auth/test-utils@1.6.6
@better-auth/telemetry@1.6.6
@better-auth/stripe@1.6.6
@better-auth/sso@1.6.6
@better-auth/scim@1.6.6
@better-auth/redis-storage@1.6.6
@better-auth/prisma-adapter@1.6.6
@better-auth/passkey@1.6.6
@better-auth/oauth-provider@1.6.6
@better-auth/mongo-adapter@1.6.6
@better-auth/memory-adapter@1.6.6
@better-auth/kysely-adapter@1.6.6
@better-auth/i18n@1.6.6
@better-auth/expo@1.6.6
@better-auth/electron@1.6.6
@better-auth/drizzle-adapter@1.6.6
@better-auth/core@1.6.6
@better-auth/api-key@1.6.6
v1.6.6
better-auth@1.6.5
auth@1.6.5
@better-auth/test-utils@1.6.5
@better-auth/telemetry@1.6.5
@better-auth/stripe@1.6.5
@better-auth/sso@1.6.5
@better-auth/scim@1.6.5
@better-auth/redis-storage@1.6.5
@better-auth/prisma-adapter@1.6.5
@better-auth/passkey@1.6.5
@better-auth/oauth-provider@1.6.5
@better-auth/mongo-adapter@1.6.5
@better-auth/memory-adapter@1.6.5
@better-auth/kysely-adapter@1.6.5
@better-auth/i18n@1.6.5
@better-auth/expo@1.6.5
@better-auth/electron@1.6.5
@better-auth/drizzle-adapter@1.6.5
@better-auth/core@1.6.5
@better-auth/api-key@1.6.5
v1.6.5
@better-auth/api-key@1.6.4
better-auth@1.6.4
auth@1.6.4
@better-auth/test-utils@1.6.4
@better-auth/telemetry@1.6.4
@better-auth/stripe@1.6.4
@better-auth/sso@1.6.4
@better-auth/scim@1.6.4
@better-auth/redis-storage@1.6.4
@better-auth/prisma-adapter@1.6.4
@better-auth/passkey@1.6.4
@better-auth/oauth-provider@1.6.4
@better-auth/mongo-adapter@1.6.4
@better-auth/memory-adapter@1.6.4
@better-auth/kysely-adapter@1.6.4
@better-auth/i18n@1.6.4
@better-auth/expo@1.6.4
@better-auth/electron@1.6.4
@better-auth/drizzle-adapter@1.6.4
@better-auth/core@1.6.4
v1.6.4
@better-auth/cimd@1.7.0-beta.1
v1.7.0-beta.1
@better-auth/api-key@1.6.3
better-auth@1.6.3
auth@1.6.3
@better-auth/test-utils@1.6.3
@better-auth/telemetry@1.6.3
@better-auth/stripe@1.6.3
@better-auth/sso@1.6.3
@better-auth/scim@1.6.3
@better-auth/redis-storage@1.6.3
@better-auth/prisma-adapter@1.6.3
@better-auth/passkey@1.6.3
@better-auth/oauth-provider@1.6.3
@better-auth/mongo-adapter@1.6.3
@better-auth/memory-adapter@1.6.3
@better-auth/kysely-adapter@1.6.3
@better-auth/i18n@1.6.3
@better-auth/expo@1.6.3
@better-auth/electron@1.6.3
@better-auth/drizzle-adapter@1.6.3
@better-auth/core@1.6.3
v1.6.3
@better-auth/api-key@1.7.0-beta.0
better-auth@1.7.0-beta.0
auth@1.7.0-beta.0
@better-auth/test-utils@1.7.0-beta.0
@better-auth/telemetry@1.7.0-beta.0
@better-auth/stripe@1.7.0-beta.0
@better-auth/sso@1.7.0-beta.0
@better-auth/scim@1.7.0-beta.0
@better-auth/redis-storage@1.7.0-beta.0
@better-auth/prisma-adapter@1.7.0-beta.0
@better-auth/passkey@1.7.0-beta.0
@better-auth/oauth-provider@1.7.0-beta.0
@better-auth/mongo-adapter@1.7.0-beta.0
@better-auth/memory-adapter@1.7.0-beta.0
@better-auth/kysely-adapter@1.7.0-beta.0
@better-auth/i18n@1.7.0-beta.0
@better-auth/expo@1.7.0-beta.0
@better-auth/electron@1.7.0-beta.0
@better-auth/drizzle-adapter@1.7.0-beta.0
@better-auth/core@1.7.0-beta.0
v1.7.0-beta.0
better-auth@1.6.2
auth@1.6.2
@better-auth/test-utils@1.6.2
@better-auth/telemetry@1.6.2
@better-auth/stripe@1.6.2
@better-auth/sso@1.6.2
@better-auth/scim@1.6.2
@better-auth/redis-storage@1.6.2
@better-auth/prisma-adapter@1.6.2
@better-auth/passkey@1.6.2
@better-auth/oauth-provider@1.6.2
@better-auth/mongo-adapter@1.6.2
@better-auth/memory-adapter@1.6.2
@better-auth/kysely-adapter@1.6.2
@better-auth/i18n@1.6.2
@better-auth/expo@1.6.2
@better-auth/electron@1.6.2
@better-auth/drizzle-adapter@1.6.2
@better-auth/core@1.6.2
@better-auth/api-key@1.6.2
v1.6.2
better-auth@1.6.1
auth@1.6.1
@better-auth/test-utils@1.6.1
@better-auth/telemetry@1.6.1
@better-auth/stripe@1.6.1
@better-auth/sso@1.6.1
@better-auth/scim@1.6.1
@better-auth/redis-storage@1.6.1
@better-auth/prisma-adapter@1.6.1
@better-auth/passkey@1.6.1
@better-auth/oauth-provider@1.6.1
@better-auth/mongo-adapter@1.6.1
@better-auth/memory-adapter@1.6.1
@better-auth/kysely-adapter@1.6.1
@better-auth/i18n@1.6.1
@better-auth/expo@1.6.1
@better-auth/electron@1.6.1
@better-auth/drizzle-adapter@1.6.1
@better-auth/core@1.6.1
@better-auth/api-key@1.6.1
v1.6.1
better-auth@1.6.0
auth@1.6.0
@better-auth/test-utils@1.6.0
@better-auth/telemetry@1.6.0
@better-auth/stripe@1.6.0
@better-auth/sso@1.6.0
@better-auth/scim@1.6.0
@better-auth/redis-storage@1.6.0
@better-auth/prisma-adapter@1.6.0
@better-auth/passkey@1.6.0
@better-auth/oauth-provider@1.6.0
@better-auth/mongo-adapter@1.6.0
@better-auth/memory-adapter@1.6.0
@better-auth/kysely-adapter@1.6.0
@better-auth/i18n@1.6.0
@better-auth/expo@1.6.0
@better-auth/electron@1.6.0
@better-auth/drizzle-adapter@1.6.0
@better-auth/core@1.6.0
@better-auth/api-key@1.6.0
v1.6.0
v1.5.7-beta.1
v1.5.1-beta.4
v1.5.6
v1.4.22
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1-beta.3
v1.5.1-beta.2
v1.5.1
v1.4.21
v1.5.1-beta.1
v1.5.0
v1.4.20
v1.5.0-beta.20
v1.5.0-beta.19
v1.5.0-beta.18
v1.4.19
v1.5.0-beta.17
v1.5.0-beta.16
v1.5.0-beta.15
v1.5.0-beta.14
v1.5.0-beta.13
v1.5.0-beta.12
v1.5.0-beta.11
v1.4.18
v1.5.0-beta.10
v1.5.0-beta.9
v1.4.17
v1.4.16
v1.4.15
v1.5.0-beta.8
v1.4.14
v1.4.13
v1.5.0-beta.7
v1.4.12
v1.4.12-beta.2
v1.5.0-beta.6
v1.4.12-beta.1
v1.5.0-beta.5
v1.4.11
v1.5.0-beta.4
v1.4.11-beta.2
v1.5.0-beta.3
v1.4.11-beta.1
v1.4.10
v1.5.0-beta.2
v1.4.10-beta.1
v1.4.9-beta.1
v1.5.0-beta.1
v1.4.9
v1.4.8
v1.4.8-beta.7
v1.4.8-beta.6
v1.4.8-beta.5
v1.4.8-beta.4
v1.4.8-beta.3
v1.4.8-beta.2
v1.4.8-beta.1
v1.4.7
v1.4.7-beta.4
v1.4.7-beta.3
v1.4.7-beta.2
v1.4.6-beta.5
v1.4.7-beta.1
v1.4.6
v1.4.6-beta.4
v1.4.6-beta.3
v1.4.5
v1.4.6-beta.2
v1.4.6-beta.1
v1.4.5-beta.2
v1.4.5-beta.1
v1.4.4-beta.3
v1.4.4
v1.4.4-beta.2
v1.4.4-beta.1
v1.4.3
v1.4.2
v1.4.2-beta.5
v1.4.2-beta.4
v1.4.2-beta.3
v1.4.2-beta.2
v1.4.2-beta.1
v1.4.1
v1.4.1-beta.1
v1.4.0
v1.4.0-beta.28
v1.4.0-beta.27
v1.4.0-beta.26
v1.4.0-beta.25
v1.4.0-beta.24
v1.4.0-beta.23
v1.4.0-beta.22
v1.4.0-beta.21
v1.4.0-beta.20
v1.4.0-beta.19
v1.4.0-beta.18
v1.4.0-beta.17
v1.4.0-beta.16
v1.4.0-beta.15
v1.3.34
v1.3.33
v1.4.0-beta.14
v1.3.32
v1.3.31
v1.3.30
v1.4.0-beta.13
v1.3.29
v1.4.0-beta.12
v1.3.28
v1.4.0-beta.11
v1.4.0-beta.10
v1.4.0-beta.9
v1.4.0-beta.8
v1.3.27
v1.4.0-beta.7
v1.3.26
v1.3.25
v1.3.24
v1.4.0-beta.6
v1.3.23
v1.3.22
v1.3.21
v1.3.20
v1.3.19
v1.4.0-beta.5
v1.3.18
v1.4.0-beta.4
v1.3.17
v1.4.0-beta.3
v1.3.16
v1.3.15
v1.3.14
v1.4.0-beta.2
v1.3.13
v1.4.0-beta.1
v1.3.12
v1.3.11-beta.2
v1.3.11
v1.3.11-beta.1
v1.3.10
v1.3.10-beta.7
v1.3.10-beta.6
v1.3.10-beta.5
v1.3.10-beta.4
v1.3.10-beta.3
v1.3.10-beta.2
v1.3.10-beta.1
v1.3.9
v1.3.9-beta.4
v1.3.9-beta.3
v1.3.9-beta.2
v1.3.9-beta.1
v1.3.8
v1.3.8-beta.11
v1.3.8-beta.10
v1.3.8-beta.9
v1.3.8-beta.8
v1.3.8-beta.7
v1.3.8-beta.6
v1.3.8-beta.5
v1.3.8-beta.4
v1.3.8-beta.3
v1.3.8-beta.2
v1.3.8-beta.1
v1.3.7
v1.3.7-beta.4
v1.3.7-beta.3
v1.3.7-beta.2
v1.3.7-beta.1
v1.3.6
v1.3.6-beta.2
v1.3.6-beta.1
v1.3.5
v1.3.5-beta.7
v1.3.5-beta.6
v1.3.5-beta.5
v1.3.5-beta.4
v1.3.5-beta.3
v1.3.5-beta.2
v1.3.5-beta.1
better-auth@1.3.4
@better-auth/stripe@1.3.4
@better-auth/sso@1.3.4
@better-auth/expo@1.3.4
@better-auth/cli@1.3.4
v1.3.4-beta.3
v1.3.4-beta.2
v1.3.4-beta.1
v1.3.3
v1.3.2
v1.3.1
v1.3.1-beta.1
v1.3.0
v1.3.0-beta.11
v1.3.0-beta.10
v1.3.0-beta.9
v1.3.0-beta.8
v1.3.0-beta.7
v1.3.0-beta.6
v1.3.0-beta.5
v1.3.0-beta.4
v1.2.12
v1.3.0-beta.3
v1.3.0-beta.2
v1.3.0-beta.1
v1.2.11
v1.2.10
v1.2.10-pkce-fix.3
v1.2.10-beta.1
v1.2.9
v1.2.9-beta.10
v1.2.9-beta.9
feat/2867-oidcprovider-trusted
v1.2.9-beta.8
v1.2.9-beta.7
v1.2.9-beta.6
v1.2.9-beta.5
v1.2.9-beta.4
v1.2.9-beta.3
v1.2.9-beta.2
v1.2.9-beta.1
v1.2.8
v1.2.8-beta.8
v1.2.8-beta.7
v1.2.8-beta.6
v1.2.8-beta.5
v1.2.8-beta.4
v1.2.8-beta.3
v1.2.8-beta.2
v1.2.8-beta.1
v1.2.7
v1.2.7-beta.1
v1.2.6
v1.2.6-beta.13
v1.2.6-beta.12
v1.2.6-beta.11
v1.2.6-beta.10
v1.2.6-beta.9
v1.2.6-beta.8
v1.2.6-beta.7
v1.2.6-beta.6
v1.2.6-beta.5
v1.2.6-beta.4
v1.2.6-beta.3
v1.2.6-beta.2
v1.2.6-beta.1
v1.2.5
v1.2.5-beta.10
v1.2.5-beta.9
v1.2.5-beta.8
v1.2.5-beta.7
v1.2.5-beta.6
v1.2.5-beta.5
v1.2.5-beta.4
v1.2.5-beta.3
v1.2.5-beta.2
v1.2.5-beta.1
v1.2.4
v1.2.4-beta.12
v1.2.4-beta.11
v1.2.4-beta.10
v1.2.4-beta.9
v1.2.4-beta.8
v1.2.4-beta.7
v1.2.4-beta.6
v1.2.4-beta.5
v1.2.4-beta.4
v1.2.4-beta.3
v1.2.4-beta.2
v1.2.4-beta.1
v1.2.3
v1.2.3-beta.3
v1.2.3-beta.2
v1.2.3-beta.1
v1.2.2
v1.2.2-beta.6
v1.2.2-beta.5
v1.2.2-beta.4
v1.2.2-beta.3
v1.2.2-beta.2
v1.2.2-beta.1
v1.2.1
v1.2.1-beta.8
v1.2.1-beta.7
v1.2.1-beta.6
v1.2.1-beta.5
v1.2.1-beta.4
v1.2.1-beta.3
v1.2.1-beta.2
v1.2.1-beta.1
v1.2.0
v1.2.0-beta.19
v1.2.0-beta.18
v1.2.0-beta.17
v1.1.22-beta.2
v1.1.22-beta.1
v1.2.0-beta.16
v1.1.21
v1.1.21-beta.1
v1.2.0-beta.15
v1.1.20
v1.1.20-beta.5
v1.1.20-beta.4
v1.2.0-beta.14
v1.2.0-beta.13
v1.1.20-beta.3
v1.1.20-beta.2
v1.2.0-beta.12
v1.1.20-beta.1
v1.2.0-beta.11
v1.1.19
v1.1.19-beta.3
v1.2.0-beta.10
v1.2.0-beta.9
v1.2.0-beta.8
v1.2.0-beta.7
v1.1.19-beta.2
v1.1.19-beta.1
v1.1.18
v1.2.0-beta.6
v1.2.0-beta.5
v1.1.18-beta.3
v1.1.18-beta.2
v1.1.18-beta.1
v1.2.0-beta.4
v1.2.0-beta.3
v1.2.0-beta.2
v1.1.17
v1.2.0-beta.1
v1.1.17-beta.5
v1.1.17-beta.4
v1.1.17-beta.3
v1.1.17-beta.2
v1.1.17-beta.1
v1.1.16
v1.1.16-beta.10
v1.1.16-beta.9
v1.1.16-beta.8
v1.1.16-beta.7
v1.1.16-beta.6
v1.1.16-beta.5
v1.1.16-beta.4
v1.1.16-beta.3
v1.1.16-beta.2
v1.1.16-beta.1
v1.1.15
v1.1.15-beta.7
v1.1.15-beta.6
v1.1.15-beta.5
v1.1.15-beta.4
v1.1.15-beta.3
v1.1.15-beta.2
v1.1.15-beta.1
v1.1.14
v1.1.14-beta.6
v1.1.14-beta.5
v1.1.14-beta.4
v1.1.14-beta.3
v1.1.14-beta.2
v1.1.14-beta.1
v1.1.13
v1.1.13-beta.3
v1.1.13-beta.2
v1.1.13-beta.1
v1.1.12
v1.1.12-beta.4
v1.1.12-beta.3
v1.1.12-beta.2
v1.1.12-beta.1
v1.1.11
v1.1.11-beta.1
v1.1.10
v1.1.10-beta.2
v1.1.10-beta.1
v1.1.9
v1.1.9-beta.1
v1.1.8
v1.1.8-beta.3
v1.1.8-beta.2
v1.1.8-beta.1
v1.1.7
v1.1.7-beta.5
v1.1.7-beta.4
v1.1.7-beta.3
v1.1.7-beta.2
v1.1.7-beta.1
v1.1.6
v1.1.5
v1.1.4
v1.1.4-beta.2
v1.1.4-beta.1
v1.1.3
v1.1.3-beta.9
v1.1.3-beta.8
v1.1.3-beta.7
v1.1.3-beta.6
v1.1.3-beta.4
v1.1.3-beta.2
v1.1.3-beta.1
v1.1.2
v1.1.2-beta.4
v1.1.2-beta.3
v1.1.2-beta.2
v1.1.2-beta.1
v1.1.1
v1.1.0
v1.0.23-beta.6
v1.0.23-beta.5
v1.0.23-beta.4
v1.0.23-beta.3
v1.0.23-beta.2
v1.0.23-beta.1
v1.0.22
v1.0.22-beta.4
v1.0.22-beta.3
v1.0.22-beta.2
v1.0.22-beta.1
v1.0.21
v1.0.20
v1.0.19
v1.0.18
v1.0.17
v1.0.16
v1.0.16-beta.2
v1.0.16-beta.1
v1.0.15
v1.0.15-beta.1
v1.0.14
v1.0.13
v1.0.12
v1.0.12-beta.3
v1.0.12-beta.2
v1.0.12-beta.1
v1.0.11
v1.0.11-beta.8
v1.0.11-beta.7
v1.0.11-beta.6
v1.0.11-beta.5
v1.0.11-beta.4
v1.0.11-beta.3
v1.0.11-beta.2
v1.0.11-beta.1
v1.0.10
v1.0.10-beta.3
v1.0.10-beta.2
v1.0.10-beta.1
v1.0.9
v1.0.9-beta.7
v1.0.9-beta.6
v1.0.9-beta.5
v1.0.9-beta.4
v1.0.9-beta.3
v1.0.9-beta.2
v1.0.9-beta.1
v1.0.8
v1.0.8-beta.4
v1.0.8-beta.3
v1.0.8-beta.2
v1.0.8-beta.1
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v1.0.0-canary.14
v1.0.0-canary.13
v1.0.0-canary.12
v1.0.0-canary.11
v1.0.0-canary.10
v1.0.0-canary.9
v1.0.0-canary.8
v1.0.0-canary.7
v1.0.0-canary.6
v0.8.9-beta.2
v0.8.9-beta.1
v1.0.0-canary.5
v1.0.0-canary.4
v1.0.0-canary.3
v1.0.0-canary.2
v1.0.0-canary.1
v0.8.8
v0.8.8-beta.2
v0.8.8-beta.1
v0.9.0-canary.1
v0.8.7
v0.8.7-canary.2
v0.8.7-canary.1
v0.8.7-beta.5
v0.8.7-beta.4
v0.8.7-beta.3
v0.8.7-beta.2
v0.8.7-beta.1
v0.8.6
v0.8.6-beta.6
v0.8.6-beta.5
v0.8.6-beta.4
v0.8.6-beta.3
v0.8.6-beta.2
v0.8.6-beta.1
v0.8.5
v0.8.5-beta.3
v0.8.5-beta.2
v0.8.5-beta.1
v0.8.4
v0.8.4-beta.7
v0.8.4-beta.6
v0.8.4-beta.5
v0.8.4-beta.4
v0.8.4-beta.2
v0.8.4-beta.1
v0.8.3
v0.8.3-beta.7
v0.8.3-beta.6
v0.8.3-beta.5
v0.8.3-beta.4
v0.8.3-beta.3
v0.8.3-beta.2
v0.8.3-beta.1
v0.8.2
v0.8.2-beta.3
v0.8.2-beta.2
v0.8.2-beta.1
v0.8.1
v0.8.1-beta.5
v0.8.1-beta.4
v0.8.1-beta.3
v0.8.1-beta.2
v0.8.1-beta.1
v0.8.0
v0.7.6-beta.4
v0.7.6-beta.3
v0.7.6-beta.2
v0.7.6-beta.1
v0.7.5
v0.7.5-beta.9
v0.7.5-beta.8
v0.7.5-beta.7
v0.7.5-beta.6
v0.7.5-beta.5
v0.7.5-beta.4
v0.7.5-beta.3
v0.7.5-beta.2
v0.7.5-beta.1
v0.7.4
v0.7.4-beta.1
v0.7.3
v0.7.3-beta.11
v0.7.3-beta.10
v0.7.3-beta.9
v0.7.3-beta.8
v0.7.3-beta.7
v0.7.3-beta.6
v0.7.3-beta.5
v0.7.3-beta.4
v0.7.3-beta.3
v0.7.3-beta.2
v0.7.3-beta.1
v0.7.2
v0.7.2-beta.5
v0.7.2-beta.4
v0.7.2-beta.3
v0.7.2-beta.2
v0.7.2-beta.1
v0.7.1
v0.7.1-beta.6
v0.7.1-beta.5
v0.7.1-beta.4
v0.7.1-beta.3
v0.7.1-beta.2
v0.7.1-beta.1
v0.7.0
v0.7.0-beta.1
v0.6.3-beta.5
v0.6.3-beta.4
v0.6.3-beta.3
v0.6.3-beta.2
v0.6.3-beta.1
v0.6.2
v0.6.2-beta.8
v0.6.2-beta.7
v0.6.2-beta.6
v0.6.2-beta.5
v0.6.2-beta.4
v0.6.2-beta.3
v0.6.2-beta.2
v0.6.2-beta.1
v0.6.1
v0.6.1-beta.9
v0.6.1-beta.8
v0.6.1-beta.7
v0.6.1-beta.6
v0.6.1-beta.5
v0.6.1-beta.4
v0.6.1-beta.3
v0.6.1-beta.2
v0.6.1-beta.1
v0.6.0
v0.6.0-beta.1
v0.5.4-beta.9
v0.5.4-beta.8
v0.5.4-beta.7
v0.5.4-beta.6
v0.5.4-beta.5
v0.5.4-beta.4
v0.5.4-beta.3
v0.5.4-beta.2
v0.5.4-beta.1
v0.5.3
v0.5.3-beta.17
v0.5.3-beta.16
v0.5.3-beta.15
v0.5.3-beta.14
v0.5.3-beta.13
v0.5.3-beta.12
v0.5.3-beta.11
v0.5.3-beta.10
v0.5.3-beta.9
v0.5.3-beta.8
v0.5.3-beta.7
v0.5.3-beta.6
v0.5.3-beta.5
v0.5.3-beta.4
v0.5.3-beta.3
v0.5.3-beta.2
v0.5.3-beta.1
v0.5.2
v0.5.2-beta.21
v0.5.2-beta.20
v0.5.2-beta.19
v0.5.2-beta.18
v0.5.2-beta.17
v0.5.2-beta.16
v0.5.2-beta.15
v0.5.2-beta.14
v0.5.2-beta.13
v0.5.2-beta.12
v0.5.2-beta.11
v0.5.2-beta.10
v0.5.2-beta.9
v0.5.2-beta.8
v0.5.2-beta.7
v0.5.2-beta.6
v0.5.2-beta.5
v0.5.2-beta.4
v0.5.2-beta.3
v0.5.2-beta.2
v0.5.2-beta.1
v0.5.1
v0.5.1-beta.7
v0.5.1-beta.6
v0.5.1-beta.5
v0.5.1-beta.4
v0.5.1-beta.3
v0.5.1-beta.2
v0.5.1-beta.1
v0.5.0
v0.4.14-beta.2
v0.4.14-beta.1
v0.4.13
v0.4.12
v0.4.12-beta.7
v0.4.12-beta.6
v0.4.12-beta.5
v0.4.12-beta.4
v0.4.12-beta.3
v0.4.12-beta.2
v0.4.12-beta.1
v0.4.11
v0.4.11-beta.3
v0.4.11-beta.2
v0.4.11-beta.1
v0.4.10-beta.10
v0.4.10-beta.9
v0.4.10
v0.4.10-beta.8
v0.4.10-beta.7
v0.4.10-beta.6
v0.4.10-beta.5
v0.4.10-beta.4
v0.4.10-beta.3
v0.4.10-beta.2
v0.4.10-beta.1
v0.4.9
v0.4.9-beta.14
v0.4.9-beta.13
v0.4.9-beta.12
v0.4.9-beta.11
v0.4.9-beta.10
v0.4.9-beta.9
v0.4.9-beta.8
v0.4.9-beta.7
v0.4.9-beta.6
v0.4.9-beta.5
v0.4.9-beta.4
v0.4.9-beta.3
v0.4.9-beta.2
v0.4.9-beta.1
v0.4.8
v0.4.7
v0.4.7-beta.2
v0.4.7-beta.1
v0.4.6
v0.4.5
v0.4.4
v0.4.4-beta.1
v0.4.3
v0.4.3-beta.1
v0.4.2
v0.4.2-beta.1
v0.4.1
v0.4.0
v0.3.6
v0.3.5
v0.3.5-beta.8
v0.3.5-beta.7
v0.3.5-beta.6
v0.3.5-beta.5
v0.3.5-beta.4
v0.3.5-beta.3
v0.3.5-beta.2
v0.3.5-beta.1
v0.3.4
v0.3.4-beta.6
v0.3.4-beta.5
v0.3.4-beta.4
v0.3.4-beta.3
v0.3.4-beta.2
v0.3.4-beta.1
v0.3.3
v0.3.3-beta.12
v0.3.3-beta.11
v0.3.3-beta.10
v0.3.3-beta.9
v0.3.3-beta.8
v0.3.3-beta.7
v0.3.3-beta.6
v0.3.3-beta.5
v0.3.3-beta.4
v0.3.3-beta.3
v0.3.3-beta.2
v0.3.3-beta.1
v0.3.2
v0.3.1
v0.3.0
v0.2.11
v0.2.10
v0.2.9
v0.2.9-beta.10
v0.2.9-beta.9
v0.2.9-beta.8
v0.2.9-beta.7
v0.2.9-beta.6
v0.2.9-beta.5
v0.2.9-beta.4
v0.2.9-beta.3
v0.2.9-beta.2
v0.2.9-beta.1
v0.2.8
v0.2.8-beta.13
v0.2.8-beta.12
v0.2.8-beta.11
v0.2.8-beta.10
v0.2.8-beta.9
v0.2.8-beta.8
v0.2.8-beta.7
v0.2.8-beta.6
v0.2.8-beta.5
v0.2.8-beta.4
v0.2.8-beta.3
v0.2.8-beta.2
v0.2.8-beta.1
v0.2.7
v0.2.6
v0.2.6-beta.10
v0.2.6-beta.9
v0.2.6-beta.8
v0.2.6-beta.7
v0.2.6-beta.6
v0.2.6-beta.5
v0.2.6-beta.4
v0.2.6-beta.3
v0.2.6-beta.2
v0.2.6-beta.1
v0.2.5
v0.2.5-beta.5
v0.2.5-beta.4
v0.2.5-beta.3
v0.2.5-beta.2
v0.2.5-beta.1
v0.2.4
v0.2.3
v0.2.3-beta.14
v0.2.3-beta.13
v0.2.3-beta.12
v0.2.3-beta.11
v0.2.3-beta.10
v0.2.3-beta.9
v0.2.3-beta.8
v0.2.3-beta.7
v0.2.3-beta.6
v0.2.3-beta.5
v0.2.3-beta.4
v0.2.3-beta.3
v0.2.3-beta.2
v0.2.3-beta.1
v0.2.2
v0.2.1
v0.2.1-beta.1
v0.2.0
v0.1.1-beta.6
v0.1.1-beta.5
v0.1.1-beta.4
v0.1.1-beta.3
v0.1.1-beta.2
v0.1.1-beta.1
v0.1.0
v0.0.10-beta.27
v0.0.10-beta.26
v0.0.10-beta.25
v0.0.10-beta.24
v0.0.10-beta.23
v0.0.10-beta.22
v0.0.10-beta.21
v0.0.10-beta.20
v0.0.10-beta.19
v0.0.10-beta.18
v0.0.10-beta.17
v0.0.10-beta.16
v0.0.10-beta.15
v0.0.10-beta.14
v0.0.10-beta.13
v0.0.10-beta.12
v0.0.10-beta.11
v0.0.10-beta.10
v0.0.10-beta.9
v0.0.10-beta.8
v0.0.10-beta.7
v0.0.10-beta.6
v0.0.10-beta.5
v0.0.10-beta.4
v0.0.10-beta.3
v0.0.10-beta.2
v0.0.10-beta.1
v0.0.9
v0.0.9-beta.38
v0.0.9-beta.37
v0.0.9-beta.36
v0.0.9-beta.35
v0.0.9-beta.34
v0.0.9-beta.33
v0.0.9-beta.32
v0.0.9-beta.31
v0.0.9-beta.30
v0.0.9-beta.29
v0.0.9-beta.28
v0.0.9-beta.27
v0.0.9-beta.26
v0.0.9-beta.25
v0.0.9-beta.24
v0.0.9-beta.23
v0.0.9-beta.22
v0.0.9-beta.21
v0.0.9-beta.20
v0.0.9-beta.19
v0.0.9-beta.18
v0.0.9-beta.17
v0.0.9-beta.16
v0.0.9-beta.15
v0.0.9-beta.14
v0.0.9-beta.13
v0.0.9-beta.12
v0.0.9-beta.11
v0.0.9-beta.10
v0.0.9-beta.9
v0.0.9-beta.8
v0.0.9-beta.7
v0.0.9-beta.6
v0.0.9-beta.5
v0.0.9-beta.4
v0.0.9-beta.3
v0.0.9-beta.2
v0.0.9-beta.1
v0.0.8
v0.0.8-beta.29
v0.0.8-beta.28
v0.0.8-beta.27
v0.0.8-beta.26
v0.0.8-beta.25
v0.0.8-beta.24
v0.0.8-beta.23
v0.0.8-beta.22
v0.0.8-beta.21
v0.0.8-beta.20
v0.0.8-beta.19
v0.0.8-beta.18
v0.0.8-beta.17
v0.0.8-beta.16
v0.0.8-beta.15
v0.0.8-beta.14
v0.0.8-beta.13
v0.0.8-beta.12
v0.0.8-beta.11
v0.0.8-beta.10
v0.0.8-beta.9
v0.0.8-beta.8
v0.0.8-beta.7
v0.0.8-beta.6
v0.0.8-beta.5
v0.0.8-beta.4
v0.0.8-beta.3
v0.0.8-beta.2
v0.0.8-beta.1
v0.0.7
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.2-beta.8
v0.0.2-beta.7
v0.0.2-beta.6
v0.0.2-beta.5
v0.0.2-beta.4
v0.0.2-beta.3
v0.0.2-beta.2
v0.0.2-beta.1
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
Mirrored from GitHub Pull Request
No Label
locked
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/better-auth#9101
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @liamlows on GitHub (Apr 9, 2025).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/2202
Hello,
First I would like to say I am very excited to be trying out better-auth, I really like the package so far and it provides a lot of very cool features out of the box. Also please let me know if this issue needs revision if formatted incorrectly.
That being said I had a question or maybe a feature request regarding setup and how better-auth can be deployed in a Next.JS environment. For our deployment we use Keycloak as our IDP as it is used across many other apps some not being Node based. As such, we were looking for a good authentication framework (that isnt next-auth/auth.js due to bugs we have encountered using it in the past) for our next.js app. We also have various APIs behind the next.js app that we would like to pass the Keycloak JWT to in order to verify authentication and authorization. The next.js server side of the app is seldom used for any actual business logic and acts more as a proxy than anything else.
I noticed that when installing better-auth it requires a database be connected. Is this really necessary if we are not supporting username/password login directly with better-auth? We simply want better-auth to handle the storage and facilitate the use of our JWT issued by keycloak. When running the package without a database i noticed the following warning:
Is this warning saying that the memory adapter is still in beta and will soon be a full feature or is it saying that this is just for development of the next.js app and should not be used in production? I was also looking to find information on how better-auth handles refresh token rotation with IDPs such as keycloak, it seems like maybe it already accounts for that behind the scenes?
Maybe our required use case for this is not on the roadmap for better-auth in which case we can try to find an alternative. I could not find this information anywhere though so I figured I'd simply ask directly.
Thanks!
@Bekacru commented on GitHub (Apr 10, 2025):
Better Auth does require a database. The library by itself is a replacement for Keycloak or another IDP as much as it is for next auth. We're not currently planning to support being just an oauth client layer without a database but since this is a frequent request we may consider it.
@liamlows commented on GitHub (Apr 10, 2025):
Sounds good! I think it would be really cool if this could be a feature of better-auth and could be something toggled in the better-auth constructor or simply assumed if no emailAndPassword attribute is provided. Also, let me know if you'd like me to re-create as a feature request and close this issue or leave this one open as the feature request.
@coopbri commented on GitHub (Apr 11, 2025):
We had a similar discussion about this here for some more context: discord.com/channels/1288403910284935179/1349320159093067897
Super hopeful to be able to (fully) migrate from Auth.js to Better Auth! Stateless auth is our last battle.
@ValentinGurkov commented on GitHub (Apr 28, 2025):
We also have a similar use case and would love to see this
@lucasahlgrenToxic commented on GitHub (May 5, 2025):
I would also love to see this!
@stychu commented on GitHub (May 9, 2025):
We also have a strong interest in Better Auth supporting OIDC-only flows without requiring a dedicated database.
Our use case focuses on the following:
In this scenario, where Better Auth would primarily act as the OIDC client and manage the session cookies for downstream API consumption, the requirement for a full database instance feels like an unnecessary overhead for our needs.
To offer a potential perspective on implementation, our current system (not using Better Auth) handles a similar flow by:
Storing the OIDC profile information in one cookie after a successful login.
Storing any additional essential user metadata (which we retrieve from our APIs using the OIDC tokens) in a separate cookie. This second cookie effectively serves as a minimal, client-side equivalent to what might otherwise be stored in a small database table.
This approach helps us minimize server-side state for this specific authentication pattern. We believe a similar stateless or "database-light" capability within Better Auth for OIDC flows would be highly beneficial for the broader user base ;)
We are aware that a fully stateless, cookie-based session design like this inherently limits the server's direct ability to actively control individual client session retention compared to database-backed sessions. However, we believe this trade-off can be partially mitigated.
One possible approach to enhance control in such a stateless design could be a "session busting" feature. For instance, BetterAuth could offer an option to associate a version number with the main OIDC session cookie. If an administrator needs to invalidate all current sessions (e.g., due to a security concern or a significant update), they could increment this session version. BetterAuth would then treat any cookie with an older version number as invalid, effectively forcing all users to re-authenticate.
Furthermore, related to managing the client-side state, control over the schema of the metadata stored in the cookie would also be valuable. If the structure of this metadata (e.g., fields, types) is expected to change over time, BetterAuth could potentially incorporate a versioning mechanism for this metadata schema as well. A mismatch between the expected metadata schema version and the version found in a user's cookie could then trigger a re-login or a specific handling flow. This would provide another layer of control and help manage transitions when the data stored on the client side evolves, which we think is a practical consideration for a robust stateless design.
@Tarek-kharsa commented on GitHub (Jun 18, 2025):
We also have a similar use case and would love to see this
@Bernardomennndes commented on GitHub (Jun 23, 2025):
We are currently investigating alternatives to Auth.js due to persistent compatibility issues affecting our projects. In parallel, we intend to design a custom authentication package built on top of a more extensible and reliable foundation. Core requirements include cross-subdomain cookie support and seamless integration across five independent applications that consume a shared authentication API and token infrastructure. Better-auth emerges as a strong candidate, the potential to integrate with a decoupled external Identity Provider (IDP) would make better-auth an ideal match for our architectural strategy.
@rileyy29 commented on GitHub (Jun 26, 2025):
Similiar use case - would really like to see this as currently it is the only blocker from migrating from Auth.js
@eloraa commented on GitHub (Jun 29, 2025):
Would really like to see this. For now, I have to stick with auth.js, even though I wanted to use better-auth.
@leantrace commented on GitHub (Jul 9, 2025):
+1 for better-auth client only, as we use external IDP
@douwepausma commented on GitHub (Jul 10, 2025):
Looking for this feature as well. We currently manage our auth with Strapi & Auth.js, and like to use Better Auth with Strapi.
@ragecryx commented on GitHub (Jul 10, 2025):
+1 I'd also want that feature
@pstuerner commented on GitHub (Jul 10, 2025):
+1 i'm getting really frustrated using auth.js and would love to try an alternative, however, i'm working on a company project and keycloak is the only option available. this would be awesome.
@ragecryx commented on GitHub (Jul 11, 2025):
TBH (and I don't mean it in a harsh way) its very weird requiring direct access to a DB. For me, the way user data are stored or retrieved/matched is almost out of the responsibilities of such library. Few callback-like functions (like, one for creating a user profile, one for matching a profile etc) should be enough for (almost) everyone that needs storage and it should be trivial to implement by them.
@stychu commented on GitHub (Jul 11, 2025):
That would be a perfect world! <3 In that case,
betteraouthwouldn't need to be concerned with specific database implementations. Instead, it would provide the respective callbacks for handling user-related actions like creation, matching, and retrieval.This approach is ideal because it would decouple the library's core authentication logic from the user's data storage layer. Developers could then implement these simple callback functions to connect
BetterAuthto any database system they choose, making integration into existing projects trivial. This should definitely be the direction 🎊@ggomarighetti commented on GitHub (Jul 13, 2025):
This reminds me of the Supabase Auth library, that when instantiating it you need to pass it the getAll and setAll methods (if I remember correctly) for cookies. I believe that it responded to a problem of access to these from client/server environments in the different JS frameworks with SSR.
I mention it as to have an example of concrete implementation and example that it is adopted/possible.
@CanRau commented on GitHub (Jul 14, 2025):
We use kysely as well, but can't comply with the schema requirements, so we'd also really appreciate callbacks/hooks to handle creating, matching, retrieval, etc of users, sessions, etc ourselves as we have a more "complex" schema (for example, possibly multiple emails per user) with multiple tables already in place we'd like to keep, without adding additional (better-auth) tables where not necessary, but would love to join the amazing better-auth community and be able to provide our users with a wider range of auth options 🥰
I saw that this issue has been added to the v1.3 milestone. Does this mean this feature request has been confirmed for development? 🥹
@robertotcestari commented on GitHub (Jul 16, 2025):
Please let us have this! I also have a use case for that!
@AhmedBaset commented on GitHub (Jul 19, 2025):
This issue was in 1.3.0 milestone. v1.3.0 is out without it
@arohman84 commented on GitHub (Jul 29, 2025):
please free us from the shackles of authjs
@SachinJadeja commented on GitHub (Aug 12, 2025):
This would be an awesome addition, Do it please
@FurkanCodes commented on GitHub (Aug 15, 2025):
Yes! I have been using auth.js for all of my apps but I need an alternative!
@vanducng commented on GitHub (Aug 17, 2025):
+1 with this; in my case, integrating with Keycloak is the only viable option, and the database isn't really necessary.
@carlosrodovalho commented on GitHub (Aug 19, 2025):
+1 with this use case. I am so excited to use better auth instead of authjs, and direcovering that this isn't avaliable (yet) was so sad.
@HasanBITar commented on GitHub (Aug 19, 2025):
+1 I hope this gets implemented
@productdevbook commented on GitHub (Aug 24, 2025):
How can we prevent this when we only use genericOAuth?
@marijngiesen commented on GitHub (Sep 12, 2025):
+1
This would be awesome. We also have a use case for this.
@alishi973 commented on GitHub (Sep 17, 2025):
Is it possible to use custom adapter to use it without DB and persist data in memory like development? Im not sure if its possible and practical. Im thinking about creating some custom adapter that not using DB.
@muradbu commented on GitHub (Sep 20, 2025):
+1
I'm working on a project where I need to authenticate users in more places than on the web:
I decided to use Kanidm as IdP because it solves the first two requirements. It falls short on web authentication as there's no OAuth client functionality or authn strategies like magic link. Kanidm maintains its own user database and I'd like to use this as a single source of truth for my user store.
Being able to use Better Auth as a supplementary layer for other IdP providers would be a very useful feature in cases where existing auth infra or legacy systems exist.
I think in my case Better Auth's SSO is interesting for this but it's still experimental. On another note, I'm also evaluating whether I need Kanidm at all since Better Auth covers much more area so I could build LDAP and pubkey auth on top
@yordis commented on GitHub (Sep 27, 2025):
@Bekacru now with the auth.js "merger", are you reconsidering the add the functionality? I see you changed the milestone, I wonder if you could share your general thoughts here.
I am using ZITADEL and interested to leverage the package for the cookie session management, ZITADEL token introspection, user, and session management will do the rest
@phev8 commented on GitHub (Sep 27, 2025):
Please consider this feature. I was checking out the docs after the auth.js announcement, and saw the need for a database - why? I need a good auth library to manage my users, their sessions etc. in the client. The Next.js app is a proxy to my backend, I don't want to add a database to it. The application already has storage for the user attributes, their tokens, etc. As suggested above, it would be great to be able to customise the storage methods, where I can drop in my API calls instead of using a DB.
@Bekacru commented on GitHub (Sep 27, 2025):
Hey all, we’ll be adding support for stateless auth with no database soon.
The challenge has been figuring out how the many features that currently assume a database like
updateUser, a bunch of plugin endpoints and others should behave.We’re working on some primitives to make this possible without any breaking change. Expect new update from us soon
@CanRau commented on GitHub (Sep 29, 2025):
Providing (optional) hooks in the initializer like
onUpdateUseretc were you'd provide the plumbing if necessary, right?@DrewLandgraveCbsi commented on GitHub (Sep 29, 2025):
@Bekacru This is awesome! We have an internal user registration system that is used across multiple properties and the database requirement was the only thing stopping us from adopting BetterAuth
@Hassanabdelqader commented on GitHub (Oct 7, 2025):
I would also love to see this!
@racosgrove commented on GitHub (Oct 8, 2025):
This describes our own use case exactly. We are upgrading from legacy React Keycloak libraries and I have been trialing Auth.js for months without being satisfied it is production ready. I recently started testing Better Auth and immediately felt it was a step forward, but with the major drawback being no stateless operation as described.
@chiqors commented on GitHub (Oct 8, 2025):
Looking for this integration for keycloak and rbac
@cnbrown04 commented on GitHub (Oct 17, 2025):
I think with this integration it would be nice to have a reference table that could be optionally enabled for things like users, obviously sessions and stuff is handled by the IDP but a reference would be nice so you don't have to reference things from the IDP if it's airgapped from other services.
@CanRau commented on GitHub (Oct 17, 2025):
I guess with the hooks it's up to you how you want to manage your users, sessions etc.
Really looking forward 🥹
@Sparticuz commented on GitHub (Oct 21, 2025):
Is there a branch we can follow?
@cvivieca commented on GitHub (Oct 21, 2025):
Looking forward for this.
@KraKeN-47 commented on GitHub (Oct 24, 2025):
If refresh token is required at your end, then a database is required for token revocation. Your session can actually act as a refresh token and it's explained here: https://clerk.com/blog/combining-the-benefits-of-session-tokens-and-jwts. A nuance is that you have to disable the session refresh and then the session will act as a refresh token. With this setup you get all the benefits of better-auth session management, admin plugins etc. If you revoke the refresh token (session token) - you successfuly invalidated a users session until the jwt expires. Also, a black list strategy can be extended but short lived jwt's are also fine. @Bekacru @himself65 regarding this setup I've described. Maybe this should be documented or an official plugin can be made (should be pretty straightforward)? Also, my described solution is for JWT auth usecases where the actual IdP is an external service provider.
I have implemented this exact setup for my company integrating with an ecommerce SaaS provider and it works great.
Our usecase is that the SaaS stores ecommerce users, however - we want to control the authentication and authorization flow ourselves + store all the sensitive user data at our side. This requires us to perform a handshake with the SaaS provider and sync their issued JWT's with better-auth issued ones - pretty easy to do when extending better-auth's already inbuilt jwt plugin. Then finally - our token pair includes the session token acting as a refresh token (as I've described above). This setup let's us fully utilize all of better-auth plugins out of the box. Love the package design, best regards to the package creators and maintainers!
@Eveeifyeve commented on GitHub (Oct 26, 2025):
Let me know if I can help with this.
Eveeifyeve (CEO of DigitalBrewStudios)
@amaryassa commented on GitHub (Oct 26, 2025):
Hey All !
@Bekacru @himself65 Just wondering if any work has started on this issue yet?
I saw it’s part of the 1.4.X milestone but couldn’t find a related PR or branch.
Thanks!
Update : I think this is the PR !
#5601
@AhmedBaset commented on GitHub (Oct 26, 2025):
https://github.com/better-auth/better-auth/pull/5470 is a step on the way
@Montreal-Dev commented on GitHub (Oct 27, 2025):
Super excited to see stateless auth on the roadmap [1.4.X]!
DB or not, like @Bekacru said :
Gonna make things leaner. Fewer lookups, lower infra costs, no waste. It's going to be challenging but Better Auth can handles this.
Can’t wait to see it make its way over from NextAuth.
❤️ P.S Love y'all
@GRA0007 commented on GitHub (Oct 28, 2025):
Not trying to bring down the vibe here, and apologies for contributing to the problem, but could y'all please stop commenting if you're not adding anything meaningful? Things like "looking forward to this feature" or "excited for this" give everyone who is subscribed to this a notification, and I think we'd all only like those when there is meaningful progress on this issue.
If you want to show your support, leave a thumbs up 👍 at the top so maintainers can see how important this is. Commenting is not going to make it happen any faster.
@AhmedBaset commented on GitHub (Oct 29, 2025):
Update
Now on canary
cd567659b8/docs/content/docs/concepts/session-management.mdx (L234-L323)@CanRau commented on GitHub (Oct 30, 2025):
Nice just found the canary docs, I mean the .md works, but sometimes I like the context, also the Stateless with Secondary Storage looks exactly like what I'm after 😍
@better-auth-agent[bot] commented on GitHub (Oct 30, 2025):
Better Auth currently expects a database connection for storing sessions and other data—even if you’re only using an external identity provider like Keycloak. When you see the warning about “using memory adapter in development,” that means if no database is configured, the package falls back to an in‑memory adapter which is intended solely for development and testing purposes. It isn’t recommended for production use.
If your goal is to have a stateless setup with external JWTs and minimal database involvement, you might want to check out the stateless mode with secondary storage as described in the canary documentation. This mode is designed for scenarios like yours where Next.js mostly acts as a proxy and user credentials aren’t managed internally.
Regarding refresh token rotation with external providers such as Keycloak, Better Auth does have mechanisms for token management. However, it isn’t always explicitly clear from the documentation if these rotate fully “behind the scenes” when you’re using an external system. You might need to verify your particular configuration to ensure that refresh tokens are handled as expected.
Next steps:
This should get you on the right track for deploying Better Auth in a Next.js environment using an external IDP. If you need further clarification, reviewing the canary documentation on stateless session management may provide additional insights [1], [2].
Diagram • Discord • GitHub
@RicardoAvans commented on GitHub (Oct 31, 2025):
Does anyone here know how to get the accessToken when using the stateless mode of better-auth? I saw there is a getAccessToken method but that requires an accountID which I don't know where to get from. I'm using social sign in together with better-auth so I don't want to store users inside a database.
@better-auth-agent[bot] commented on GitHub (Oct 31, 2025):
Based on the issue described, here are the key points and next steps:
• The memory adapter that’s automatically used when no database configuration is provided is intended only for development. In production, Better Auth expects a persistent database connection to reliably store user sessions, account details, and token information. This is why you see the warning – it isn’t indicating that the memory adapter is nearing full production support; rather, it’s alerting you that you’re running in a development mode without persistent storage [1].
• When using an external IDP (Keycloak) and relying solely on its JWT without managing a local user store, you lose the default mechanism Better Auth uses to track users. In production, the framework requires an accountID (or equivalent user identifier) to retrieve tokens via methods like getAccessToken. Without a stored user record (i.e., when running entirely stateless), there is no accountID to reference, and so the getAccessToken method cannot function as expected [2].
• Regarding refresh token rotation: Better Auth’s built-in flows for refresh token handling are designed for scenarios where Better Auth manages user records. If you’re delegating the entire authentication flow to Keycloak and not storing users, the built-in refresh behavior may not automatically apply. You would need to either (a) implement a custom callback during sign-in to capture and relay the JWT and refresh token data, or (b) consider a minimal persistent storage option (even if just to store tokens and essential user IDs) so that you can leverage the full Better Auth functionality for token rotation, sessions, and downstream API calls [2].
Next steps/troubleshooting recommendations:
For a production-ready setup, consider using at least a minimal database (or supported persistent store) to track essential user information (including an accountID) even if you’re only using external IDPs. This will allow Better Auth’s token retrieval and refresh flows to work as intended.
If you prefer to avoid any database completely, you’ll need to customize the authentication flow. Use Better Auth’s callbacks or custom plugins to extract and temporarily store the access token as part of the JWT payload or in a secure cookie. This approach, however, means you’re responsible for managing token lifecycles and secure storage, and it deviates from the default Better Auth pattern.
Evaluate your requirements around refresh token rotation. If your setup depends on that feature, the current stateless (in-memory) approach may not meet your production needs, and the minimal persistent storage route might be preferable.
In summary, the memory adapter warning means that the adapter is only for development, and using Better Auth in a completely stateless (no-database) mode means you won’t have a reliable way of accessing the access token (or performing token rotation) because there’s no stored user entry and accountID for reference. Customizing your flow or adding a minimal persistent backend would be the recommended way forward [1], [2].
Please let me know if you have any questions or need further clarification.
Diagram • Discord • GitHub
@vonazt commented on GitHub (Oct 31, 2025):
Also need this - using
better-authwith NextJS as a proxy for an API, and using Keycloak as an IDP, so still need to get the access token.@better-auth-agent[bot] commented on GitHub (Oct 31, 2025):
Better Auth currently expects a database connection to persist user and session data—even if you're only using an external IDP like Keycloak. The warning you saw indicates that when no database is provided, it falls back to a memory adapter meant solely for development, not for production use. In production, the memory adapter isn’t fully supported.
Regarding access tokens, the getAccessToken method expects an account ID because Better Auth’s design assumes that user data (even if minimal) is stored during the authentication handshake. In a stateless flow (such as solely delegating login to an external backend), you need some mechanism to map the external user (and their tokens) to an internal record. Without any user record in a database, there isn’t a straightforward way to retrieve the access token because that process is tied to the stored session and account information.
In short, for your Next.js proxy setup using Keycloak:
• If you want to use Better Auth’s built‐in session and token management (including refresh token rotation), you’ll need to provide a database adapter, even if it simply stores minimal user records.
• The memory adapter is intended for development only—not as a production solution.
• If you’d prefer not to store users at all, you may need to either develop a custom adapter or reconsider using Better Auth, as its design currently assumes an internal storage layer.
If a truly stateless mode (with no database dependency and full support for external IDPs) is critical for your architecture, you might want to file a feature request or explore another solution until that capability is natively supported. This approach would allow you to delegate login logic to your backend while handling token management separately.
I hope this clarifies the next steps. Please let me know if you have any further questions or need additional troubleshooting details [1][2][3].
Diagram • Discord • GitHub
@leantrace commented on GitHub (Oct 31, 2025):
I came here to realize that Better Auth currently doesn’t support using an external backend as an auth provider.
I’m running Auth.js (next-auth@5.0.0-beta.29), which works perfectly fine with an external IdP.
Since the Better Auth team recently announced they’ll be taking over Auth.js, I was considering migrating, but this limitation is a blocker for now.
I hope supporting external identity providers will become a higher priority soon!
@better-auth-agent[bot] commented on GitHub (Oct 31, 2025):
Better Auth currently requires a database connection for production use—even if you’re only handling external IDPs like Keycloak. When no database is provided, the package falls back to an in-memory adapter that is intended solely for development, and using it in production is not recommended [1]. In addition, while some basic JWT handling is available, there isn’t full support for delegating all login logic to an external auth backend (as Auth.js does) or for managing refresh token rotation entirely behind the scenes for external providers [2].
Next steps:
• If you plan to handle production traffic using external IDPs only, consider implementing a minimal database for session storage or wait for future releases that may offer a stateless mode.
• Submit or follow a feature request for external-auth-only support and enhanced refresh token rotation with providers like Keycloak.
• In the meantime, if not wanting to maintain a database is critical for your use case, you may want to explore alternatives like Auth.js, which already support this workflow [3].
Please note that these limitations are current and the Better Auth team is working on improvements, so checking the roadmap updates periodically would be a good idea.
Diagram • Discord • GitHub
@jaredmcqueen commented on GitHub (Nov 12, 2025):
fyi saw this:
https://canary.better-auth.com/docs/concepts/session-management#stateless-session-management
seems like 1.4 beta supports database-less deployments
pnpm i better-auth@beta@TimFL commented on GitHub (Nov 12, 2025):
I'm a bit confused by how the refreshCache strategy works. The default is database lookup (what db? in memory) and the other options are unclear if refreshing means calling a an e.g. third party IdP to get a new access token, for example... or is it never ever again verifying tokens and just keeps resigning what's in the cookie store?
Imo the documentation is still lacking, would need to do a deep dive into the respective PRs to check source code changes to fully understand how this works.
//EDIT: Just skimmed through the source looking for refreshCache traces and from what I could see, it's really just updating the expires at portion of the cookie, no external validation whether something is still valid. Is there a way to tie this into e.g. OIDC on primary auth server and generic oauth on secondary, where stateless mode still enforces refresh token checks for updated access tokens? That'd be the best of both worlds, having no DB backing your secondary auth setups (e.g. apps on subdomains etc.) but the generic oauth flow is still honored by refreshing your authentication data when your session is about to expire.
@realtebo commented on GitHub (Nov 13, 2025):
We are using latest beta and can confirm stateless is working without problems.
Add a cent: it's working on aws amplify, that is something like a battle arena for js
Whern 1.4 will be released we will switch to stable.
actually we're in prod with beta versione due to hurry up to kick off the train the next-auth
@iRajatDas commented on GitHub (Nov 13, 2025):
Hey, could you please share the working starter project?
@marungbukid commented on GitHub (Nov 13, 2025):
getAccessTokendoesn't work on the stateless mode@devhmac commented on GitHub (Nov 13, 2025):
marungbukid
Also interested to understand what the plan for these two parts going forward is. I have this Beta implemented in our project, and while it totally works for initial login, in struggling a bit to understand:
Intended access to the
accessTokenas needed as a an auth header header for authenticated requests - givengetAccessTokendoesnt work (Assuming this is because its not being stored anywhere associated with the cookie session id by default) - Is the intention to then just set it as part of custom session in http only cookies? or just manage storage yourself?Im utilizing
genericOAuthto configure this against my IDP, and as the above commenter calls out theres no real references at all to any refresh/validation strategy - and want to know where that fitsTotally respect this is all just in beta, and was just put out, but would be helpful to know plan to evaluate if this is something we're going to be able to utilize at scale
@CanRau commented on GitHub (Nov 18, 2025):
From Discord:
Hey, as stateless has finally shipped in canary, I'm finally trying to integrate better auth into a project, for compatibility reasons I want to start with the emailOTP plugin but am not yet completely sure as to how to properly make it work with Stateless with Secondary Storage. There's currently not a direct option to store and verify the otp manually in my own backend, right? I think one option currently could be using storeOTP with custom encryptor setting I guess right? Or is there a better way?
[..]
storeOTP doesn't seem to be the right place, at least for verification as decrypt doesn't get called, maybe it'd be nice to be able to override checkVerificationOTP, but maybe I can work around this using hooks, tho not yet sure how
Also considered a custom db adapter, as I basically just need to make it work with our schema 🤓 maybe that'd be the "best" option in our case? 🤔
@TimFL commented on GitHub (Nov 19, 2025):
I think there is a misunderstanding what stateless is supposed to achieve. It's supposed to be a client that consumes an external IdP / Auth server and does not manage auth on it's own (other than the active session in memory). EmailOTP is supposed to be on your IdP / Auth server (and your stateless better-auth setup just consumes that OIDC / OAuth server via the generic Oauth plugin for authentication).
I don't think it makes sense to integrate any plugin with a stateless auth setup (since it's supposed to tie into an external auth server that can have any number of authentication ways / plugins attached, your app needs to know nothing about them).
@CanRau commented on GitHub (Nov 19, 2025):
Great point so yea in my case a custom db adapter is probably the way to go I guess
@realtebo commented on GitHub (Dec 4, 2025):
Thanks a lot to the dev team.
This feature is excellent.
Is working and we are using in production using v1. 4.5 and next 16.
Again. Thanks.