All of the changes made will be available here.

Better Auth is comprehensive authentication library for TypeScript that provides a wide range of features to make authentication easier and more secure.

DocumentationGitHubCommunity

BETTER-AUTH.

v1.3.11

πŸš€ Features

  • Flip emailVerified when link the account – @himself65

🐞 Bug Fixes

  • Check if user exists before banning the user – @anmol-fzr @himself65
  • Timestamp issues in kysely – @frectonz @himself65
  • Respect errorCallbackURL in failed oauth flows – @frectonz
  • plugins: Asynchronous init – @LightTab2 @himself65
Β Β Β Β View changes on GitHub

v1.3.10

Β Β Β Maintenance update: We fixed lots of issues from the community. Thanks to everyone for contributing to better-auth.

πŸš€ Features

  • Add getActiveRoleMember – @fathisiddiqi @Kinfe123 @himself65
  • Database transaction support – @himself65
  • logger: Option to disable colors – @martiinii @himself65
  • passkey: Error codes in passkey client – @frectonz @Kinfe123 @Bekacru
  • sqlite: Remove autoincrement for SQLite – @pspeter3

🐞 Bug Fixes

  • Ignore cookiecache on auth sensitive functions – @Kinfe123
  • Custom field for refreshTokenExpiresAt – @himself65
  • Return local IP in development mode – @DiiiaZoTe @himself65
  • Make cookie cache respect dontRememberMe mode – @frectonz
  • Normalize zod imports – @gabrielmar
  • Check endpoint conflicts respect method – @himself65
  • Respect username validator – @azaek @himself65
  • Set clientId in ProviderOptions to unknown by default – @himself65
  • Pick the first clientId for oauth provider – @himself65
  • Remove use of global.crypto – @himself65
  • Should infer types correctly when empty list of plugins is provided – @frectonz
  • Correct MongoDB adapter import path in CLI – @aajeeth-m
  • Make sure fetch function doesn't get called repeatedly on onMount – @frectonz
  • Prevent lastLoginMethod plugin from setting cookie on failed auth – @Kinfe123
  • admin:
    • Change the order of role and user id check when both are provider on userHasPermission – @Bekacru
  • anonymous:
    • Prevent false positive error on first anonymous sign-in – @ajanraj @himself65
  • cli:
    • info shows the correct version – @himself65
    • Add missing JSON type to schema generation – @TheGB0077 @Kinfe123
  • demo:
    • Update forgot password link to /forget-password – @GivenBY
  • docs:
    • Remove duplicated RFC compliance mention – @TheUntraceable
  • expo:
    • window.crypto is undefined – @himself65
    • Missing peer deps – @himself65
  • lastLoginMethod:
    • Inherit cross-subdomain cookie settings in lastLoginMethod plugin – @lumpinif
  • memory-adapter:
    • Should respect where connector – @jslno
  • multi-session:
    • Multi-session cookie name preface preventing multiple accounts signed in – @PacifismPostMortem
  • one-time-token:
    • Typo and clean – @gabrielmar
  • organization:
    • checkRolePermission shouldn't be a promise – @ping-maxwell
    • Member and team hooks should apply on create organization – @Bekacru
    • Before org create hooks not applying customized data – @Bekacru
    • [security] updateOrgRole should check for userId properly – @Bekacru
    • Restrict role check by user id – @himself65
  • prisma:
    • Handle optional field relation types correctly – @LiYulin-s
  • stripe:
    • Properly resolve plans by lookup keys – @AlexProgrammerDE
    • Subscription is created without completing payment – @himself65
    • Prevent multiple free trials for same user – @RikhiSingh
    • Use correct request method for billing-portal – @danielepintore
  • tiktok:
    • Remove client_secrect from authorizationUrl – @arslan2012
  • username:
    • Add missing normalization – @bortoz @himself65
    • Sign in should work with post normalization – @Bekacru @himself65
  • vue:
    • Correct baseURL – @himself65
Β Β Β Β View changes on GitHub

v1.3.9

πŸš€ Features

  • Add support for not in operator – @Bekacru
  • Lynx integration – @himself65
  • mcp: Customize resource in protected resource metadata – @frectonz
  • rate-limiter: Allow disabling custom paths to not be rate limited – @Bekacru

🐞 Bug Fixes

  • Cloudflare build warning with node:sqlite – @himself65
  • Shouldn't update personal sub when upgrading with org ref id – @Bekacru
  • Properly generate OpenAPI schema for nested ZodObject and ZodOptional – @Kinfe123
  • Respect allow different email linking option on callbacks – @Bekacru
  • expo: Handle link social – @frectonz
  • jwt: Revert set default iat for /token endpoint – @dvanmali
  • mcp: Remove duplicate /api/auth from wwwAuthenticateValue and properly format the header – @paoloricciuti
  • org: List user teams had incorrect path method in jsdoc – @ping-maxwell
  • paypal: Use base64.encode – @himself65
  • stripe: Prevent multiple free trials – @hendrik-krebs
  • tiktok: Refresh token flow uses client_key – @Manokii
Β Β Β Β View changes on GitHub

v1.3.8

πŸš€ Features

  • Support to infer error types from endpoint – @himself65
  • Support node:sqlite – @himself65
  • Remote sign a jwt payload – @dvanmali @himself65
  • Support device authorization – @himself65
  • Support custom schema merging in SIWE plugin – @himself65
  • Add figma provider – @ShobhitPatra @Kinfe123
  • Enhance Microsoft Entra ID type definitions – @Kinfe123
  • Add onUpdate field on db schema generation – @himself65
  • Add onInvitationAccepted callback for org invitations – @Kinfe123
  • Add query parameter to useSession().refetch() for cache control consistency – @adriandlam @himself65
  • Add last login method plugin – @Bekacru
  • Check endpoint conflits – @himself65
  • Add json field type – @dvanmali
  • Add @default and @updatedAt for prisma generator – @himself65
  • Use defaultNow() for drizzle timestamp fields – @Badbird5907 @himself65
  • admin:
    • Get user – @0xJJW @ping-maxwell
    • /admin/update-user role as array – @alliefitter
  • atlassian:
    • Add atlassian social provider – @ShobhitPatra
  • cli:
    • Add info script – @himself65
  • cognito:
    • Add amazon cognito provider – @ShobhitPatra
  • demo:
    • Improve sign-up component – @himself65
  • jwt:
    • Add disableSettingJwtHeader flag to prevent issuance of signed jwt – @dvanmali
    • Jwks remote url – @dvanmali
  • mcp:
    • Add protected-resource metadata endpoint – @frectonz @himself65
  • microsoft:
    • Add support for setting authority – @Stadly
  • openapi:
    • Support Scalar Theme – @bytaesu
  • org:
    • Dynamic Access Control – @ping-maxwell @himself65
  • organization:
    • Organization life cycle hooks – @Bekacru @ping-maxwell
  • paypal:
    • Add paypal OAuth2 provider – @ShobhitPatra
  • salesforce:
    • Add salesforce provider – @ShobhitPatra @himself65
  • social:
    • Add Line provider – @linyiru
    • Add Kakao, Naver provider – @bytaesu
  • stripe:
    • Add locale to stripe billing portal options – @melsonic @himself65

🐞 Bug Fixes

  • Constant time compare – @himself65
  • Secondary storage should allow returning both string and parsed json – @Bekacru
  • Telemetry should be opt in not opt out – @frectonz
  • Show error stack in debug mode – @himself65
  • Move stack check into inner function – @himself65
  • Check x-api-key for all auth endpoint – @himself65
  • Avoid general oauth flow duplicate user – @himself65
  • Small dx for device login – @himself65
  • Invalid pages on docs throw a 500 server error instead of 404 – @Kinfe123
  • Make zod as dependency – @himself65
  • Device authorization interval – @himself65
  • Schema onUpdate not working – @himself65
  • Member not exist on org – @himself65
  • Never type still requires setting clientId to never – @szcharlesji @himself65
  • Team id zod schema meta property for array type – @Kinfe123
  • Resolve field naming inconsistency in account listing endpoint – @Kinfe123
  • Changelogs incorrect mentions – @okisdev
  • Leave error from fetch API as-is – @himself65
  • Update organization requiring all additional fields for update payload – @Bekacru
  • Prevent build error for node:sqlite – @bytaesu
  • Prevent undefined from passed to adapter in username plugin – @Kinfe123
  • Add missing defaultValue on core schema – @himself65
  • Strict social provider type – @himself65
  • apple:
    • Ensures name is always present in profile for mapProfileToUser – @ShobhitPatra
    • Allow audience to be `string
  • cli:
    • Check for undefined defaultValue instead of truthy value when generating drizzle schema – @eni4sure
    • generate throws error with default export – @himself65
    • Incorrect drizzle schema gen – @ping-maxwell
    • Simplify and correct comma insertion logic in plugin array – @bytaesu
  • client:
    • Prevent proxy promise-like behavior – @Aditya-ingole21 @Bekacru @Kinfe123 @himself65
    • Prevent proxy promise-like behavior – @Aditya-ingole21 @Bekacru @Kinfe123 @himself65
    • Avoid atom to be proxy – @himself65
  • custom-session:
    • Also mutate multi-session response – @ping-maxwell
  • db:
    • Special case schema generation ID – @himself65
  • expo:
    • Fix the inability to dynamically import a dependency – @fax1ty @himself65
    • Fix signout clobbering store session properties – @arin-c
  • oauth2:
    • Correct basic auth header construction for refresh token – @CodeWithAlexander
  • oidc:
    • Allow custom schemas – @julen @ping-maxwell
    • Specify foreign key references in the schema – @julen @himself65
  • oidc-provider:
    • Handle string timestamps in user profile claims – @Louis454545
  • organization:
    • Was possible to remove sole org owner – @gwoodbridge
  • stripe:
    • Fix unset values on session completed with trial – @Ooscaar
    • Allow sync function to get plans – @himself65
Β Β Β Β View changes on GitHub

v1.3.7

πŸš€ Features

  • Add disableRedirect to linkSocial – @frectonz
  • admin:
    • Add control to prevent admin users from deleting themselves – @yakupensarsayin
  • cli:
    • Resolves tsconfig references for path aliases – @ericc-ch
    • Support sveltekit $ imports in CLI generate cmd – @Kinfe123
  • email-otp:
    • Add check verification otp endpoint – @jasongerbes
  • jwt:
    • Sign with jwt for artbitrary payload – @Bekacru
  • vk:
    • Add user name mapping by default – @Daniel-dev-s

🐞 Bug Fixes

  • Throw proper error if session is null when deleting organization – @Kinfe123
  • Prevent file system access when telemetry is disabled – @Kinfe123
  • Memory leak in custom session plugin – @tehnrd
  • Use wider types for database hooks payloads – @Bekacru
  • admin:
    • ImpersonatedBy not appearing in client (type fix) – @atharvadeosthale
  • cli:
    • Clean up unused pg and mysql import in drizzle schema generator – @Kinfe123
    • Add FK onDelete cascade and CURRENT_TIMESTAMP defaults on generation – @Kinfe123
    • Clean up unused pg and mysql import in drizzle schema generator – @Kinfe123
  • organization:
    • Prevent fk constraint violation when creating invitation without teams – @Kinfe123
    • Resend invitation should reuse existing invitation instead of creating duplicate – @gingeekrishna
  • sso:
    • [⚠︎Security] - membership check should be required before allowing users to create sso for an organization – @Bekacru
  • stripe:
    • Prevent undefined assignment to optional properties – @Kinfe123
  • sveltekit:
    • Use permissive typing for RequestEvent params – @n00ki
  • telemetry:
    • process referenced on non-nodejs runtime – @Kinfe123
Β Β Β Β View changes on GitHub