All of the changes made will be available here.

Better Auth is the most comprehensive authentication framework for TypeScript that provides a wide range of features to make authentication easier and more secure.

DocumentationGitHubCommunity

BETTER-AUTH.

v1.3.34

🐞 Bug Fixes

  • Type annotation issue – @himself65
    View changes on GitHub

v1.3.33

🐞 Bug Fixes

  • Urls without protocol shouldn't be able to satisfy a wildcard origin – @Bekacru
  • email-otp: Fix openapi schema for /email-otp/verify-email endpoint – @jonathansamines
  • oidc-provider: Use consistent iat claim and allow configurable issuer – @ephraimduncan @himself65
  • two-factor: Use twoFactorEnabled flag instead of database lookup for OTP validation " – @himself65
    View changes on GitHub

v1.3.31

🐞 Bug Fixes

  • expo: Origin check failing due to null origin in expo – @Bekacru
    View changes on GitHub

v1.3.30

🐞 Bug Fixes

  • Remove async local storage export – @himself65
  • core: Correctly set typesVersions paths – @XiNiHa
    View changes on GitHub

v1.3.29

🚀 Features

  • Enhance PostgreSQL support for non-public schema by respecting search_path configuration – @okisdev
  • stripe: Upgrade stripe support to v19.1.0 – @okisdev

🐞 Bug Fixes

  • Unused peer dependency – @himself65
  • admin: Validate admin role updates against the configured roles to prevent setting a non-existent role – @hieudien14310
    View changes on GitHub

v1.3.28

🐞 Bug Fixes

  • Argument where of type TwoFactorWhereUniqueInput needs at least one of id arguments – @AlexStrNik
  • Ensure falsy values are valid default values – @ocherry341
  • Add optional chaining for process.platform – @bytaesu
  • client:
    • Missing isRefetching type in react useSession@ThibautCuchet
  • docs:
    • Anchor link scrolling with conflict prevention – @Kinfe123
  • expo:
    • Set-header retrigger $sessionSignal@himself65
  • gitlab:
    • Fix the token endpoint – @Tobix99
  • passkey:
    • Atom listeners not working – @ping-maxwell
    • Passkey breaks with throw: true@ping-maxwell @Bekacru
  • two-factor:
    • Return parsed array in viewBackupCodes – @ahmed-abdat
    • Backup codes shouldn't be encrypted twice – @Bekacru
    View changes on GitHub

v1.3.27

🐞 Bug Fixes

  • Session update database hook should expect partial session type – @Bekacru
  • Deprecate options.advanced.generateId type – @himself65
  • Api keys should properly check if a request is from client or server – @Bekacru
  • Improve username transformation logic – @ping-maxwell
  • api-key:
    • Shouldn't issue api key a mock session by default – @Bekacru
  • organization:
    • Prevent empty name and slug in create/update – @kira-1011
  • sso:
    • OIDC scopes should fallback to provider scopes – @Bekacru
    • Add deprecated flag to the old sso plugin export – @Bekacru
  • stripe:
    • Throw error if event failed to be constructed – @Bekacru
  • telemetry:
    • Avoid async import if telemetry disabled, fix for esbuild – @erquhart
  • url:
    • Handle empty and root path in withPath, prevent double slashes, add tests – @surafel58
    View changes on GitHub

v1.3.26

🐞 Bug Fixes

  • [security] api keys should properly check if a request is from client or server – @Bekacru
  • api-key: Shouldn't issue api key a mock session by default – @Bekacru
    View changes on GitHub

v1.3.25

🚀 Features

  • Additional fields on account – @dvanmali
  • Add support for custom callback for token url – @acusti
  • captcha: Add support for CaptchaFox – @tgrassl
  • cli: Add mcp client configs from cli@Kinfe123 @himself65

🐞 Bug Fixes

  • Support compressed ipv6 format – @Velka-DEV
  • Add required constraint to slug filed in org plugin – @bytaesu
  • Use consistent messaging on requestPasswordReset@Eazash
  • Cookie size limit shouldn't throw error – @Bekacru @himself65
  • Handle symbols in proxy get trap to prevent TypeError – @zbeyens @himself65
  • Ttl for rate limited secondary storage – @dvanmali
  • adapter:
    • Use updated field values in WHERE clause during update – @QuintenStr @ping-maxwell
    • Foreign keys that are nullable on number ids can return string of null@ping-maxwell
  • api-key:
    • Correct refill interval time calculation – @Pankaj3112 @himself65
  • client:
    • Add lynx client exports – @JagritGumber
  • device-authorization:
    • Fix client error type for deny device – @3ddelano
  • last-login-method:
    • Custom resolver method default logic – @ThibautCuchet
  • oauth-proxy:
    • Should skip state check for oauth proxy – @Bekacru
  • oidc:
    • Properly enforce consent requirements per OIDC spec – @himself65
  • org:
    • Update type to include undefined – @himself65
  • sso:
    • Safe json parsing for saml/oidc configs – @natetewelde @himself65
    • Prevent duplicate SSO provider creation with same providerId – @xiaoyu2er
  • stripe:
    • Update with an existing subscription – @himself65
    • Sync customer email on db change – @himself65
    • getCustomerCreateParams not actually being called – @ebalo55 @himself65

🏎 Performance

  • Lazy load create telemetry – @himself65
    View changes on GitHub

v1.3.24

🚀 Features

  • Add support for custom callback for authorization url – @Bekacru

🐞 Bug Fixes

  • Refresh secondary storage sessions on user update – @frectonz
  • cli: Timestamp in schema for Drizzle with SQLite – @zy1p
  • db: onDelete is ignored – @himself65
  • deps: Update dependency @nanostores/react to v1

🏎 Performance

  • Improve type Auth@himself65
    View changes on GitHub

v1.3.19

🐞 Bug Fixes

  • getSession shouldn't expose options and path types – @Bekacru
    View changes on GitHub

v1.3.18

🐞 Bug Fixes

  • Ttl sessions list expiration – @dvanmali
  • Tests failing due to clock drift – @dvanmali
  • Moved email verification check after password check – @QuintenStr
  • cli: DefaultNow is deprecated in schema for Drizzle with SQLite – @himself65
  • custom-session: Don't overwrite the Set-Cookie header – @frectonz
  • email-otp: Call reset password callback – @HoshangDEV
    View changes on GitHub

v1.3.17

🚀 Features

  • sso: Provide default service provider metadata – @dvanmali

🐞 Bug Fixes

  • nuxt: Avoid load env base url for SSR – @himself65
    View changes on GitHub

v1.3.16

No significant changes

    View changes on GitHub

v1.3.15

🐞 Bug Fixes

  • types: Include null in getSession return type – @jcajuab
    View changes on GitHub

v1.3.14

🚀 Features

  • passkey: Allow multiple passkey origins – @kevcube
  • sso: DefaultSSO options and ACS endpoint – @Kinfe123

🐞 Bug Fixes

  • Wrap Math.floor around the division when calculating TTL – @DevDuki @himself65
  • api-key:
    • Calling client on server side – @himself65
  • mcp:
    • Missing Content-Type header for mcp DCR – @Berndwl
  • organization:
    • Pass ctx to DB hooks – @ping-maxwell
    • Allow passing id through beforeCreateOrganization@ping-maxwell
  • username:
    • Username should respect send on sign config – @QuintenStr
    View changes on GitHub