better-auth/packages/scim/CHANGELOG.md

@better-auth/scim

1.6.11

Patch Changes

• #9162 a26333b Thanks @ping-maxwell! - fix: cleanup sessions when admin, anonymous, or SCIM deletes a user

• #9579 2f5d91c Thanks @gustavovalverde! - POST /scim/generate-token accepted a providerId that collided with a built-in account.providerId value (credential, email-otp, magic-link, phone-number, anonymous, siwe, or any configured social provider key), so a SCIM caller could mint a token that authenticated against accounts it never provisioned.

  generateSCIMToken now rejects providerId values that collide with the built-in account provider list, returning BAD_REQUEST at issuance. The configured-social-provider check reads from options.socialProviders rather than the resolved provider list so that providers disabled with enabled: false are still rejected: their account rows can persist from when the provider was enabled.

  providerOwnership.enabled stays default false on this patch release so existing SQL deployments do not need a schema migration mid-upgrade. The follow-up on next flips the default to true and ships the corresponding scimProvider.userId schema column so non-organization SCIM tokens are owner-locked by default. Operators who need owner-locking immediately can opt in today with scim({ providerOwnership: { enabled: true } }) and add the userId column manually.

• Updated dependencies [0cbddb8, a26333b, 99a254a, ee93485, 5f09d56, b4bc65a, da7e50b, a1c9f3c, 23094a6, 142b86c, 1f2ff42, b0ef96f, 699b09a, e21d744]:

  • @better-auth/core@1.6.11
  • better-auth@1.6.11

1.6.10

Patch Changes

• Updated dependencies [1e0f26d, 8c1e917, b2d655c, 09f1327, 906b7b3, e9c978e, e71aad3, 80a655d, 15ff28a, 88a7c67, 9a7b51d, 1b25902, cf59136, a597ee0, fc02ced, 9f1ef1f, 36ef808, c1336c5, 3a9a2c3, fde0432, 2220a6d]:
  • better-auth@1.6.10
  • @better-auth/core@1.6.10

1.6.9

Patch Changes

• Updated dependencies [815ecf6]:
  • @better-auth/core@1.6.9
  • better-auth@1.6.9

1.6.8

Patch Changes

• Updated dependencies [856ab24, 9aa8e63]:
  • better-auth@1.6.8
  • @better-auth/core@1.6.8

1.6.7

Patch Changes

• Updated dependencies [307196a, 4a180f0, 4f373ee, e1b1cfc, d053a45]:
  • better-auth@1.6.7
  • @better-auth/core@1.6.7

1.6.6

Patch Changes

• Updated dependencies [b5742f9, 4debfb6, 9ea7eb1, a844c7d, ab4c10f, a61083e, e64ff72]:
  • @better-auth/core@1.6.6
  • better-auth@1.6.6

1.6.5

Patch Changes

• Updated dependencies [938dd80, 0538627]:
  • better-auth@1.6.5
  • @better-auth/core@1.6.5

1.6.4

Patch Changes

• Updated dependencies [9aed910, acbd6ef, 39d6af2]:
  • better-auth@1.6.4
  • @better-auth/core@1.6.4

1.6.3

Patch Changes

• Updated dependencies [5142e9c, 484ce6a, f875897, 6ce30cf, f6428d0, 9a6d475, 513dabb, c5066fe, 5f84335]:
  • better-auth@1.6.3
  • @better-auth/core@1.6.3

1.6.2

Patch Changes

• Updated dependencies [9deb793, 2cbcb9b, b20fa42, 608d8c3, 8409843, e78a7b1]:
  • better-auth@1.6.2
  • @better-auth/core@1.6.2

1.6.1

Patch Changes

• Updated dependencies [2e537df, f61ad1c, 7495830]:
  • better-auth@1.6.1
  • @better-auth/core@1.6.1

1.6.0

Minor Changes

• #8836 5dd9e44 Thanks @gustavovalverde! - Add optional version field to the plugin interface and expose version from all built-in plugins

Patch Changes

• Updated dependencies [dd537cb, bd9bd58, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 5dd9e44, 469eee6, 560230f]:
  • better-auth@1.6.0
  • @better-auth/core@1.6.0

1.6.0-beta.0

Minor Changes

• 28b1291 Thanks @gustavovalverde! - Add optional version field to the plugin interface and expose version from all built-in plugins

Patch Changes

• Updated dependencies [28b1291, 28b1291, 28b1291, 28b1291, 28b1291, 28b1291, 28b1291, 28b1291, 28b1291, 28b1291, 28b1291, 28b1291, 28b1291]:
  • better-auth@1.6.0-beta.0
  • @better-auth/core@1.6.0-beta.0