All of the changes made will be available here.

Better Auth is comprehensive authentication library for TypeScript that provides a wide range of features to make authentication easier and more secure.


BETTER-AUTH.

v1.2.5

🚀 Features

  • Add onEmailVerification callback – @Bekacru
  • Disabled paths – @Bekacru
  • Refresh token endpoint – @Kinfe123
  • account: Add option to allow unlinking all accounts – @Bekacru
  • admin: Allow creating users without admin session on server api – @Bekacru
  • oidc: Allow passing additional user claims – @Bekacru

🐞 Bug Fixes

  • Allow plus signs in relative callback URLs – @javawizard
  • Multiple issues with openapi types and references – @Ehesp
  • Typescript cannot be named without reference error – @Bekacru
  • Get session cookie helper should use better url retrieval and read config overrides – @Bekacru
  • Get session cookie should check for both secure and non secure cookies – @Bekacru
  • Access of undefined in runtime that does have great support of instanceof – @jamesone
  • Use instead of relying on instanceOf for incoming request type checks – @Bekacru
  • Double matcher on username plugin – @Kinfe123
  • Trigger session refetch on verify email – @Bekacru
  • Support numeric user IDs – @benkingcode
  • UnlinkAccount should support optional accountId – @Bekacru
  • Respect disable signup on social providers – @Bekacru
  • Only delete verification token on password reset after succesful db query – @moshetanzer
  • Additional fields type inference breaking on default value – @Bekacru
  • admin:
    • Remove undefined type from list-users openapi documentation  -  by @Ehesp in https://github.com/better-auth/better-auth/issues/1845 <samp>(a2748)</samp>
  • api-key:
    • Delete keys on client should use POST method instead  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1858 <samp>(cd828)</samp>
  • cli:
    • Invalid prisma init config  -  by @pnodet in https://github.com/better-auth/better-auth/issues/1964 <samp>(43ab2)</samp>
  • expo:
    • Better fetch type mismatch causing type error on expo client plugin  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/1825 <samp>(54bdb)</samp>
  • generic-oauth:
    • Added basic auth param in oAuth2Callback  -  by @beermonsterdota in https://github.com/better-auth/better-auth/issues/1810 <samp>(765dd)</samp>
  • oauth:
    • Support passing prompt, access_type, type_hint and additional params when constructing authorization URL  -  by @waleedlatif1 in https://github.com/better-auth/better-auth/issues/1888 <samp>(3d36a)</samp>
  • organization:
    • Trigger session refetch on set-active  -  by @Bekacru <samp>(d7890)</samp>
    • Client infer for Member is using incorrect type  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1857 <samp>(cc688)</samp>
    • Membership limit incorrect usage breaks list organizations  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/1961 <samp>(ae78d)</samp>
  • rate-limiter:
    • Handle missing IP address in rate limit function  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/1959 <samp>(4a310)</samp>
    • Custom rate limiing table name breaking db query  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/1960 <samp>(09830)</samp>
  • stripe:
    • Allow plan retrieval by annual discount price ID  -  by @Lionvsx in https://github.com/better-auth/better-auth/issues/1941 <samp>(3c60c)</samp>
  • username:
  • web:
    View changes on GitHub

v1.2.4

🚀 Features

  • Support promise return trusted origins – @Bekacru
  • Support reverse proxied base URLs – @Bekacru
  • Add Kick social provider – @deestt
  • account: Multiple account with the same provider – @Kinfe123
  • admin: Custom banned user error message – @Bekacru
  • generic-oauth: Allow basic auth – @beermonsterdota
  • oidc-provider: Implement OIDC rfc7591 compliant /register endpoint – @remorses
  • organization: Allow passing teamId in addMember – @Netrifier

🐞 Bug Fixes

  • Update session cookie after in place email change – @Bekacru
  • Lowercase email in change email process, find as it is – @hyoban
  • Should consitently use defaultErrorURL for fallback error redirections – @Bekacru
  • Use account ID instead of compound key for account unlinking – @Bekacru
  • Accept secure cookie flag on getSessionCookie helper – @ahmed-m-abbass
  • Remove otp code from the response of send phone number otp – @Bekacru
  • Use subscription Id to fetch the current active subscription from stripe – @x751685875
  • On change email request for unverified emails should use the newEmail on verification token payload – @Bekacru
  • admin:
  • api-key:
    • Creating API keys metadata always returns null  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1698 <samp>(0ffbb)</samp>
    • Results of verify endpoint's metadata isn't parsed  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1719 <samp>(e4aa6)</samp>
  • drizzle-adapter:
  • jwt:
    • Use context.secret instead of relying on user passed secret to not fail on build  -  by @Bekacru <samp>(ea81d)</samp>
    • Improve private key decryption error handling  -  by @Bekacru <samp>(4d5bc)</samp>
  • multi-session:
    • Return only unique user sessions  -  by @Bekacru <samp>(97a4c)</samp>
    • Use small cased cookie name inside revoke endpoint  -  by @ahmed-m-abbass in https://github.com/better-auth/better-auth/issues/1783 <samp>(284d4)</samp>
  • oauth:
  • organization:
    • Remove unused schema type and make team creator optional  -  by @Bekacru <samp>(c5c5b)</samp>
    • Custom permissions access control type inference breaking on the client  -  by @Bekacru <samp>(c051c)</samp>
    • Use membership limit to fetch members user data  -  by @Bekacru <samp>(535c9)</samp>
    • Properly throw error on update organization  -  by @Bekacru <samp>(e9993)</samp>
    • Check permission types and support multiple permission on hasPermissions checks  -  by @Bekacru <samp>(59765)</samp>
    • Multiple role array not referenced properly  -  by @Netrifier in https://github.com/better-auth/better-auth/issues/1792 <samp>(3af31)</samp>
  • phone-number:
  • rate-limiter:
  • roblox:
    • MapProfileToUser should run before returning user info  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1706 <samp>(5c94c)</samp>
  • stripe:
    • Convert subscription period timestamps to Date objects  -  by @Bekacru <samp>(0d6b4)</samp>
    • Webhook constructor should use async version  -  by @BlueLightStudio in https://github.com/better-auth/better-auth/issues/1664 <samp>(46dcd)</samp>
    • Add origin check on success callback  -  by @Bekacru <samp>(d3d10)</samp>
    • Inconsistent referenceId usage  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/1736 <samp>(0ce3f)</samp>
    • Call onCustomerCreate callback handle error logging  -  by @Bekacru <samp>(21fea)</samp>
    • Rely on subscription Id instead of reference ID for subscriptions  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/1789 <samp>(35fe9)</samp>
  • two-factor:
    • Custom user options should be passed to backup code generator  -  by @Wundero in https://github.com/better-auth/better-auth/issues/1688 <samp>(88bab)</samp>
  • types:
    View changes on GitHub

v1.2.3

🐞 Bug Fixes

  • admin:
    • Missing options parameter on hasPermission checks  -  by @jslno in https://github.com/better-auth/better-auth/issues/1666 <samp>(50637)</samp>
    • Require adminRoles option for a role to be considered an admin role  -  by @Bekacru <samp>(31c97)</samp>
  • jwt:
  • multi-session:
    • Use small cased token name for multi-session cookie management  -  by @Bekacru <samp>(650d5)</samp>
  • stripe:
    View changes on GitHub