All of the changes made will be available here.
Better Auth is comprehensive authentication library for TypeScript that provides a wide range of features to make authentication easier and more secure.
v1.2.5
🚀 Features
- Add onEmailVerification callback –
- Disabled paths –
- Refresh token endpoint –
- account: Add option to allow unlinking all accounts –
- admin: Allow creating users without admin session on server api –
- oidc: Allow passing additional user claims –
🐞 Bug Fixes
- Allow plus signs in relative callback URLs –
- Multiple issues with openapi types and references –
- Typescript cannot be named without reference error –
- Get session cookie helper should use better url retrieval and read config overrides –
- Get session cookie should check for both secure and non secure cookies –
- Access of undefined in runtime that does have great support of instanceof –
- Use instead of relying on instanceOf for incoming request type checks –
- Double matcher on username plugin –
- Trigger session refetch on verify email –
- Support numeric user IDs –
- UnlinkAccount should support optional accountId –
- Respect disable signup on social providers –
- Only delete verification token on password reset after succesful db query –
- Additional fields type inference breaking on default value –
- admin:
- Remove undefined type from list-users openapi documentation - by @Ehesp in https://github.com/better-auth/better-auth/issues/1845 <samp>(a2748)</samp>
- api-key:
- Delete keys on client should use POST method instead - by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1858 <samp>(cd828)</samp>
- cli:
- Invalid prisma init config - by @pnodet in https://github.com/better-auth/better-auth/issues/1964 <samp>(43ab2)</samp>
- expo:
- Better fetch type mismatch causing type error on expo client plugin - by @Bekacru in https://github.com/better-auth/better-auth/issues/1825 <samp>(54bdb)</samp>
- generic-oauth:
- Added basic auth param in oAuth2Callback - by @beermonsterdota in https://github.com/better-auth/better-auth/issues/1810 <samp>(765dd)</samp>
- oauth:
- Support passing prompt, access_type, type_hint and additional params when constructing authorization URL - by @waleedlatif1 in https://github.com/better-auth/better-auth/issues/1888 <samp>(3d36a)</samp>
- organization:
- Trigger session refetch on set-active - by @Bekacru <samp>(d7890)</samp>
- Client infer for Member is using incorrect type - by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1857 <samp>(cc688)</samp>
- Membership limit incorrect usage breaks list organizations - by @Bekacru in https://github.com/better-auth/better-auth/issues/1961 <samp>(ae78d)</samp>
- rate-limiter:
- Handle missing IP address in rate limit function - by @Bekacru in https://github.com/better-auth/better-auth/issues/1959 <samp>(4a310)</samp>
- Custom rate limiing table name breaking db query - by @Bekacru in https://github.com/better-auth/better-auth/issues/1960 <samp>(09830)</samp>
- stripe:
- Allow plan retrieval by annual discount price ID - by @Lionvsx in https://github.com/better-auth/better-auth/issues/1941 <samp>(3c60c)</samp>
- username:
- Update validator to allow dots in usernames - by @Bekacru <samp>(7ea59)</samp>
- web:
- Project metadata - by @Kinfe123 <samp>(b1f3a)</samp>
View changes on GitHub
v1.2.4
🚀 Features
- Support promise return trusted origins –
- Support reverse proxied base URLs –
- Add Kick social provider –
- account: Multiple account with the same provider –
- admin: Custom banned user error message –
- generic-oauth: Allow basic auth –
- oidc-provider: Implement OIDC rfc7591 compliant /register endpoint –
- organization: Allow passing teamId in addMember –
🐞 Bug Fixes
- Update session cookie after in place email change –
- Lowercase email in change email process, find as it is –
- Should consitently use defaultErrorURL for fallback error redirections –
- Use account ID instead of compound key for account unlinking –
- Accept secure cookie flag on getSessionCookie helper –
- Remove otp code from the response of send phone number otp –
- Use subscription Id to fetch the current active subscription from stripe –
- On change email request for unverified emails should use the newEmail on verification token payload –
- admin:
- Fetch session on has permission checks - by @Bekacru <samp>(e4f15)</samp>
- Only evaluate permissions for access control - by @Bekacru <samp>(388dd)</samp>
- api-key:
- Creating API keys metadata always returns null - by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1698 <samp>(0ffbb)</samp>
- Results of
verifyendpoint's metadata isn't parsed - by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1719 <samp>(e4aa6)</samp>
- drizzle-adapter:
- Add lt and lte query operators - by @Bekacru <samp>(c71ca)</samp>
- jwt:
- Use context.secret instead of relying on user passed secret to not fail on build - by @Bekacru <samp>(ea81d)</samp>
- Improve private key decryption error handling - by @Bekacru <samp>(4d5bc)</samp>
- multi-session:
- Return only unique user sessions - by @Bekacru <samp>(97a4c)</samp>
- Use small cased cookie name inside revoke endpoint - by @ahmed-m-abbass in https://github.com/better-auth/better-auth/issues/1783 <samp>(284d4)</samp>
- oauth:
- Remove state value on expiry - by @Bekacru <samp>(45dab)</samp>
- organization:
- Remove unused schema type and make team creator optional - by @Bekacru <samp>(c5c5b)</samp>
- Custom permissions access control type inference breaking on the client - by @Bekacru <samp>(c051c)</samp>
- Use membership limit to fetch members user data - by @Bekacru <samp>(535c9)</samp>
- Properly throw error on update organization - by @Bekacru <samp>(e9993)</samp>
- Check permission types and support multiple permission on
hasPermissionschecks - by @Bekacru <samp>(59765)</samp> - Multiple role array not referenced properly - by @Netrifier in https://github.com/better-auth/better-auth/issues/1792 <samp>(3af31)</samp>
- phone-number:
- Prevent duplicate phone number update - by @Bekacru <samp>(f7edb)</samp>
- rate-limiter:
- Use better path extraction for rate limiting - by @Bekacru <samp>(b6e17)</samp>
- roblox:
- MapProfileToUser should run before returning user info - by @ping-maxwell in https://github.com/better-auth/better-auth/issues/1706 <samp>(5c94c)</samp>
- stripe:
- Convert subscription period timestamps to Date objects - by @Bekacru <samp>(0d6b4)</samp>
- Webhook constructor should use async version - by @BlueLightStudio in https://github.com/better-auth/better-auth/issues/1664 <samp>(46dcd)</samp>
- Add origin check on success callback - by @Bekacru <samp>(d3d10)</samp>
- Inconsistent referenceId usage - by @Bekacru in https://github.com/better-auth/better-auth/issues/1736 <samp>(0ce3f)</samp>
- Call onCustomerCreate callback handle error logging - by @Bekacru <samp>(21fea)</samp>
- Rely on subscription Id instead of reference ID for subscriptions - by @Bekacru in https://github.com/better-auth/better-auth/issues/1789 <samp>(35fe9)</samp>
- two-factor:
- Custom user options should be passed to backup code generator - by @Wundero in https://github.com/better-auth/better-auth/issues/1688 <samp>(88bab)</samp>
- types:
- Passing body breaking fetchOptions
throw:trueinference - by @Bekacru <samp>(3ae3c)</samp>
- Passing body breaking fetchOptions
View changes on GitHub
v1.2.3
🐞 Bug Fixes
- admin:
- Missing options parameter on hasPermission checks - by @jslno in https://github.com/better-auth/better-auth/issues/1666 <samp>(50637)</samp>
- Require adminRoles option for a role to be considered an admin role - by @Bekacru <samp>(31c97)</samp>
- jwt:
- Fallback to newSession when retrieving session token - by @Bekacru <samp>(f8f13)</samp>
- multi-session:
- Use small cased token name for multi-session cookie management - by @Bekacru <samp>(650d5)</samp>
- stripe:
- Improve handling of multiple subscriptions in webhook - by @Bekacru <samp>(c5c74)</samp>
- OnTrailEnd should only take subscription object - by @Bekacru <samp>(ad141)</samp>