ff54a99c55
* feat(mcp): add support for public clients with PKCE authentication - Add conditional client authentication based on client type - Support public clients using PKCE without client_secret requirement - Add "none" to supported token endpoint authentication methods - Make clientSecret optional in database schema for public clients - Update client registration to handle public clients automatically - Maintain backward compatibility with confidential clients Fixes authentication issues with Claude.ai and other public OAuth clients that use PKCE (Proof Key for Code Exchange) without client secrets. Resolves #2813 * style: format code with prettier and fix trailing commas * fix: resolve TypeScript errors in MCP plugin and tests - Fix missing loginPage in oidcConfig for MCP tests - Add type assertions for unknown response data types - Handle optional clientSecret with null coalescing operators - Update OIDC provider to support "none" auth method in metadata - Fix type compatibility issues between public and confidential clients * fix: resolve TypeScript, Vitest, and CI compatibility issues - Fix missing loginPage in oidcConfig for MCP tests - Add type assertions for unknown response data types - Handle optional clientSecret with null coalescing operators - Update OIDC provider to support "none" auth method in metadata - Fix async describe callback to use synchronous setup with beforeAll - Use ephemeral port allocation to prevent CI port conflicts - Add explicit type annotations to avoid implicit any errors * OpenAPI Schema Contract Fixed * fix: resolve lint * fix: ensure OAuth 2.0 spec compliance for public client registration - Fix public client registration to omit client_secret field entirely - Public clients now receive no client_secret property (was empty string) - Maintains backward compatibility with confidential clients - Addresses OAuth 2.0 Dynamic Client Registration (RFC 7591) requirements * update docs * remove any * dont return secret on public client oidc * remove any * conditionally verify client secret * update test --------- Co-authored-by: Bereket Engida <Bekacru@gmail.com>
Better Auth
The most comprehensive authentication library for TypeScript
Learn more »
Discord
·
Website
·
Issues
About the Project
Better Auth is framework-agnostic authentication (and authorization) library for TypeScript. It provides a comprehensive set of features out of the box and includes a plugin ecosystem that simplifies adding advanced functionalities with minimal code in short amount of time. Whether you need 2FA, multi-tenant support, or other complex features. It lets you focus on building your actual application instead of reinventing the wheel.
Why Better Auth
Authentication in the TypeScript ecosystem is a half-solved problem. Other open-source libraries often requires a lot of additional code for anything beyond basic authentication. Rather than just pushing third-party services as the solution, I believe we can do better as a community—hence, Better Auth.
Contribution
Better Auth is free and open source project licensed under the MIT License. You are free to do whatever you want with it.
You could help continuing its development by:
Security
If you discover a security vulnerability within Better Auth, please send an e-mail to security@better-auth.com.
All reports will be promptly addressed, and you'll be credited accordingly.