All of the changes made will be available here.

Better Auth is comprehensive authentication library for TypeScript that provides a wide range of features to make authentication easier and more secure.


BETTER-AUTH.

v1.3.8

πŸš€ Features

  • Support to infer error types from endpoint – @himself65
  • Support node:sqlite – @himself65
  • Remote sign a jwt payload – @dvanmali @himself65
  • Support device authorization – @himself65
  • Support custom schema merging in SIWE plugin – @himself65
  • Add figma provider – @ShobhitPatra @Kinfe123
  • Enhance Microsoft Entra ID type definitions – @Kinfe123
  • Add onUpdate field on db schema generation – @himself65
  • Add onInvitationAccepted callback for org invitations – @Kinfe123
  • Add query parameter to useSession().refetch() for cache control consistency – @adriandlam @himself65
  • Add last login method plugin – @Bekacru
  • Check endpoint conflits – @himself65
  • Add json field type – @dvanmali
  • Add @default and @updatedAt for prisma generator – @himself65
  • Use defaultNow() for drizzle timestamp fields – @Badbird5907 @himself65
  • admin:
    • Get user – @0xJJW @ping-maxwell
    • /admin/update-user role as array – @alliefitter
  • atlassian:
    • Add atlassian social provider – @ShobhitPatra
  • cli:
    • Add info script – @himself65
  • cognito:
    • Add amazon cognito provider – @ShobhitPatra
  • demo:
    • Improve sign-up component – @himself65
  • jwt:
    • Add disableSettingJwtHeader flag to prevent issuance of signed jwt – @dvanmali
    • Jwks remote url – @dvanmali
  • mcp:
    • Add protected-resource metadata endpoint – @frectonz @himself65
  • microsoft:
    • Add support for setting authority – @Stadly
  • openapi:
    • Support Scalar Theme – @bytaesu
  • org:
    • Dynamic Access Control – @ping-maxwell @himself65
  • organization:
    • Organization life cycle hooks – @Bekacru @ping-maxwell
  • paypal:
    • Add paypal OAuth2 provider – @ShobhitPatra
  • salesforce:
    • Add salesforce provider – @ShobhitPatra @himself65
  • social:
    • Add Line provider – @linyiru
    • Add Kakao, Naver provider – @bytaesu
  • stripe:
    • Add locale to stripe billing portal options – @melsonic @himself65

🐞 Bug Fixes

  • Constant time compare – @himself65
  • Secondary storage should allow returning both string and parsed json – @Bekacru
  • Telemetry should be opt in not opt out – @frectonz
  • Show error stack in debug mode – @himself65
  • Move stack check into inner function – @himself65
  • Check x-api-key for all auth endpoint – @himself65
  • Avoid general oauth flow duplicate user – @himself65
  • Small dx for device login – @himself65
  • Invalid pages on docs throw a 500 server error instead of 404 – @Kinfe123
  • Make zod as dependency – @himself65
  • Device authorization interval – @himself65
  • Schema onUpdate not working – @himself65
  • Member not exist on org – @himself65
  • Never type still requires setting clientId to never – @szcharlesji @himself65
  • Team id zod schema meta property for array type – @Kinfe123
  • Resolve field naming inconsistency in account listing endpoint – @Kinfe123
  • Changelogs incorrect mentions – @okisdev
  • Leave error from fetch API as-is – @himself65
  • Update organization requiring all additional fields for update payload – @Bekacru
  • Prevent build error for node:sqlite – @bytaesu
  • Prevent undefined from passed to adapter in username plugin – @Kinfe123
  • Add missing defaultValue on core schema – @himself65
  • Strict social provider type – @himself65
  • apple:
    • Ensures name is always present in profile for mapProfileToUser – @ShobhitPatra
    • Allow audience to be `string
  • cli:
    • Check for undefined defaultValue instead of truthy value when generating drizzle schema – @eni4sure
    • generate throws error with default export – @himself65
    • Incorrect drizzle schema gen – @ping-maxwell
    • Simplify and correct comma insertion logic in plugin array – @bytaesu
  • client:
    • Prevent proxy promise-like behavior – @Aditya-ingole21 @Bekacru @Kinfe123 @himself65
    • Prevent proxy promise-like behavior – @Aditya-ingole21 @Bekacru @Kinfe123 @himself65
    • Avoid atom to be proxy – @himself65
  • custom-session:
    • Also mutate multi-session response – @ping-maxwell
  • db:
    • Special case schema generation ID – @himself65
  • expo:
    • Fix the inability to dynamically import a dependency – @fax1ty @himself65
    • Fix signout clobbering store session properties – @arin-c
  • oauth2:
    • Correct basic auth header construction for refresh token – @CodeWithAlexander
  • oidc:
    • Allow custom schemas – @julen @ping-maxwell
    • Specify foreign key references in the schema – @julen @himself65
  • oidc-provider:
    • Handle string timestamps in user profile claims – @Louis454545
  • organization:
    • Was possible to remove sole org owner – @gwoodbridge
  • stripe:
    • Fix unset values on session completed with trial – @Ooscaar
    • Allow sync function to get plans – @himself65
Β Β Β Β View changes on GitHub

v1.3.7

πŸš€ Features

  • Add disableRedirect to linkSocial – @frectonz
  • admin:
    • Add control to prevent admin users from deleting themselves – @yakupensarsayin
  • cli:
    • Resolves tsconfig references for path aliases – @ericc-ch
    • Support sveltekit $ imports in CLI generate cmd – @Kinfe123
  • email-otp:
    • Add check verification otp endpoint – @jasongerbes
  • jwt:
    • Sign with jwt for artbitrary payload – @Bekacru
  • vk:
    • Add user name mapping by default – @Daniel-dev-s

🐞 Bug Fixes

  • Throw proper error if session is null when deleting organization – @Kinfe123
  • Prevent file system access when telemetry is disabled – @Kinfe123
  • Memory leak in custom session plugin – @tehnrd
  • Use wider types for database hooks payloads – @Bekacru
  • admin:
    • ImpersonatedBy not appearing in client (type fix) – @atharvadeosthale
  • cli:
    • Clean up unused pg and mysql import in drizzle schema generator – @Kinfe123
    • Add FK onDelete cascade and CURRENT_TIMESTAMP defaults on generation – @Kinfe123
    • Clean up unused pg and mysql import in drizzle schema generator – @Kinfe123
  • organization:
    • Prevent fk constraint violation when creating invitation without teams – @Kinfe123
    • Resend invitation should reuse existing invitation instead of creating duplicate – @gingeekrishna
  • sso:
    • [⚠︎Security] - membership check should be required before allowing users to create sso for an organization – @Bekacru
  • stripe:
    • Prevent undefined assignment to optional properties – @Kinfe123
  • sveltekit:
    • Use permissive typing for RequestEvent params – @n00ki
  • telemetry:
    • process referenced on non-nodejs runtime – @Kinfe123
Β Β Β Β View changes on GitHub

v1.3.5

πŸš€ Features

  • List organization memebrs with pagination and filter queries – @Bekacru
  • Return false from generateId callback to imply database-generated ID – @aleclarson
  • Support multiple aud for apple oauth – @Kinfe123
  • Allow getUserInfo to return number type – @himself65
  • Remove revoked session from active sessions list – @himself65
  • Add telemetry – @frectonz @Kinfe123 @himself65
  • cli:
    • Added --yes for generate/migrate, deprecated --y – @nktnet1
  • oidc-provider:
    • Add client to getAdditionalUserInfoClaim callback – @grant0417
    • Allow passing oauth consent code via query params – @grant0417
  • organization:
    • Additional fields support separate client-server projects – @ping-maxwell
    • Add membersLimit param to allow to fetch more or less members than the membership limit – @Bekacru
    • Add option for requiring email verificaiton – @Bekacru
  • passkey:
    • Allow custom passkey name during registration – @Fyoxy
  • stripe:
    • Create billing portal session – @rhitune2

🐞 Bug Fixes

  • Shouldn't refresh a token if access token expires is undefined or null – @Bekacru
  • Ensure session is added to context when reading from cookie cache – @gaganref
  • Make sveltekit plugin ALS-agnostic – @Kinfe123
  • Use same expires at date for cookie session data payload and signature – @PacifismPostMortem
  • Resolve notion oauth user info extraction – @Kinfe123
  • Cast dates from db to Date when using date methods – @erquhart
  • Twitter refresh token requires basic authentication – @bytechase
  • Pass loginHint to Microsoft oauth URL – @widavies
  • Cast dates from session to Date when using date methods – @erquhart
  • Incorrect initialization of remaining value within API key – @eaoliver
  • Add missing team reference in teamMember schema – @Kinfe123
  • Await ctx in middleware – @himself65
  • Plugins options type compatibility issue with exactOptionalPropertyTypes enabled in ts-config – @Kinfe123
  • Client secret should be optional in configuring the generic oauth plugin – @frectonz @Bekacru
  • Ensure zod v4 type annotations work with core types – @Kinfe123
  • Remove deep array merge when merging hooks context – @Adityakk9031
  • Allow returning response object to skip after hooks – @Bekacru
  • Handle inconsistent user update error in phone number plugin – @Kinfe123
  • admin:
    • Export type definitions from the admin plugin – @daidr
  • cli:
    • --yes option does not work on @better-auth/cli generate – @phanect
    • Prisma schema generate mismatch on custom plugin table names – @Kinfe123
    • Only show the overwrite message when the schema file exists and the code has changed – @frectonz
  • deps:
    • Update better-auth dependencies
  • expo:
    • Improve cookie expiration handling – @Kinfe123
  • generic-oauth:
    • Set account id from mapped user fields when creating account – @charlietlamb
  • jwt:
    • Ensure alg is added to the jwks when generating via /token endpoint – @elliottminns
    • Expose jwt options to plugins – @grant0417
  • magic-link:
    • Magic link URL construction – @Kinfe123
  • mcp:
    • Redirect returns json instead of 302 – @ping-maxwell
  • mssql:
    • "text" datatype is not working with mssql – @ludoblues
  • org:
    • Use correct slug lookup when setting active org – @Kinfe123
  • organization:
    • Updated types for the user argument in allowUserToCreateOrganization to support custom fields – @TimurBas
    • Team members should be cleaned up on delete team – @Kinfe123
    • Convert emails to lower case for invitation lookups – @gwoodbridge
  • organizaton:
    • Avoid cross organization member role updates – @max-om
  • plugins:
    • Export siwe plugin – @chunterb
  • reddit:
    • Refresh access token should use basic auth – @Kinfe123
  • stripe:
    • Prevent duplicate trials when switching plans – @Bekacru
    • Update customer id should also trigger secondary storage update – @Bekacru
    • Fallback to subscription id instead of picking the first sub if id is provided – @Bekacru
  • tiktok:
    • Client id is not used for TikTok social provider – @himself65
  • username:
    • isUsernameAvailable should validate usernames – @ping-maxwell
    • isUsernameAvailable should validate usernames " – @Bekacru
    • Remove normalize transform for displayUsername – @oskar-gmerek
Β Β Β Β View changes on GitHub

better-auth@1.3.4

Patch Changes

  • Added listMembers API with pagination, sorting, and filtering.
  • Added membersLimit param to getFullOrganization.
  • Improved client inference for additional fields in organization schemas.
  • Fixed date handling by casting DB values to Date objects before using date methods.
  • Fixed Notion OAuth to extract user info correctly.
  • Ensured session is set in context when reading from cookie cach

@better-auth/stripe@1.3.4

Patch Changes

  • ac6baba: chore: fix typo on freeTrial
  • c2fb1aa: Fix duplicate trials when switching plans