All of the changes made will be available here.

Better Auth is comprehensive authentication library for TypeScript that provides a wide range of features to make authentication easier and more secure.


BETTER-AUTH.

v1.2.12

🐞 Bug Fixes

  • account:
    • Add placeholder URL for type inference in linkSocialAccount response – @Bekacru
  • create-adapter:
    • getModelName should apply plural to custom model names – @ping-maxwell
    • TransformWhere should account for customTransformInput – @ping-maxwell
    • Doesn't work with mongoAdapter – @ping-maxwell
  • email-otp:
    • Doesn't call onEmailVerification – @ping-maxwell
    View changes on GitHub

v1.2.11

🐞 Bug Fixes

  • api-key: Update should only use by ID – @Kinfe123
  • sveltekit: Only dynamic import $app/environment once – @tehnrd
  • user-card: Refactor email verification button and update trusted origins – @Bekacru
  • username: Log the correct username – @bortoz
    View changes on GitHub

v1.2.10

🚀 Features

  • Allow passing id in DB hook create@ping-maxwell
  • Link account with idToken – @reslear
  • Add Hugging Face provider – @coyotte508
  • cli: Allow cli to use custom adapter createSchema if implemented – @taivo
  • organization: MaximumMembersPerTeam support – @ping-maxwell

🐞 Bug Fixes

  • Support "ne" (not equal) filter in Prisma adapter – @matteovava
  • Propagate a secondary storage updates on updated user – @Kinfe123
  • Incremental scopes for Microsoft and return all granted scopes for Google – @jafri
  • Remove active organization when member isn't found – @Bekacru
  • DeleteUser check session freshAge using ms instead of sec – @etler
  • Always use custom errorURL when available – @ErikPetersenDev
  • Duplicate oauth registration – @Bekacru
  • Expose-headers override in bearer plugin when setting set-auth-token@Kinfe123
  • Delete user should respect freshAge config – @Bekacru
  • Use correct refresh token endpoint for github – @artemoire
  • OnLinkAccount trigger on phone number verification – @Kinfe123
  • Expose headers override in jwt plugin – @Kinfe123
  • email-otp: Auto-verify on email otp reset – @Kinfe123
  • email-verification: Improve email verification logic to check session and user email consistency – @Bekacru
  • expo: Remove duplicated trusted origins – @Bekacru
  • get-session: Missing null type on /get-session when throw:true is set – @ping-maxwell
  • oauth-proxy: Resolve current URL with precedence – @juliusmarminge
  • organization: Organization with no members error – @seanlucakrueger
  • twitter: Update email verification logic in profile mapping – @Xirynx
    View changes on GitHub

v1.2.9

🚀 Features

  • Support bun sqlite by default – @Bekacru
  • MCP plugin – @Bekacru
  • New user delete flow – @BlankParticle
  • Add account info endpoint – @BlankParticle @Bekacru
  • Add promise support for custom user info claims – @zackify
  • Add getCookieCache helper and update session handling – @Bekacru
  • Support passing error callback url for account linking – @Bekacru
  • Support stripe seat upgrade – @Bekacru
  • customPaths: Provide an option to modify and map api paths – @CrutchTheClutch
  • passkey: AAGUID field support – @s3f5

🐞 Bug Fixes

  • Use dynamic list of social providers to allow generic oauth – @BlankParticle
  • Make sure updatedAt is updated on session refresh – @Kinfe123
  • Improve the callbackURL parameter for social, oauth, SSO – @gee1k
  • Plugin init context should carry modified context from other plugins – @Bekacru
  • Avoid refreshing tokens if the provider doesn't return refresh tokens – @stephenjason89
  • Init snapshot – @ping-maxwell
  • Prisma schema not required on dev/bun – @Kinfe123
  • SSR handling in useAuthQuery to prevent hydration issues – @yerzham
  • Encoded callbackURL – @Kinfe123
  • Allow contains filter for users in admin – @Kinfe123
  • Microsoft entra token refresh scope – @CarbonNeuron
  • Demo build & upgrades – @Kinfe123
  • Docs sidebar height – @Kinfe123
  • Default value on generate – @Kinfe123
  • Construct valid URL from VERCEL_URL env – @juliusmarminge
  • Add prompt option on github – @Kinfe123
  • Remove empty migration with semi colon – @Kinfe123
  • Rename forgetPassword APIs to requestPasswordReset@Bekacru
  • Lookup keys without the priceId – @Kinfe123
  • Oauth proxy between http and https – @juliusmarminge
  • X:
    • Used x.com domain for all twitter provider urls – @armannaj
  • admin:
    • Respect cookie prefix for impersonate admin cookies – @Bekacru
  • api-key:
    • Rate limits not working – @ntgussoni
  • apple:
    • Correctly map email verification status from profile – @gee1k
    • Response type should be set to idToken code to get full user profile data – @Bekacru
  • cli:
    • Missing dependency @babel/core – @NormalGaussian
  • demo:
    • Avoid page refresh on session termination – @Kinfe123
  • magic-link:
    • URI-encode magic link callbackURL – @philipp-lampert
  • mongo-adapter:
    • Fix incorrect transformation of findOneAndX outputs – @matt-shipman
  • oidc-provider:
    • Consent should be able to be accepted if state is empty – @zackify
    • Authorize post-auth flow – @BadPirate
  • prisma:
    • "eq" invalid argument OR clause – @Konixy
  • stripe:
    • Inconsistency preventing subscription upgrades – @rgodha24
    • Use the stripeSubscriptionId from the fetched subscription instead of the one from the request – @TheYoxy
    View changes on GitHub

v1.2.8

🚀 Features

  • Make update account on signin optional – @Bekacru
  • Add getAccessToken api for oauth accounts – @BlankParticle
  • getActions from client plugins to include clientOptions in get user client config – @ping-maxwell
  • Add one time token generator – @Bekacru
  • adapter:
    • Allow providing id in create method – @ping-maxwell
  • anonymous:
    • Custom anonymous names – @ping-maxwell
  • api-key:
    • Disable hashing API Keys – @ping-maxwell
  • custom-session:
    • Add ctx on custom session callback fn – @Bekacru
  • generic-oauth:
    • Support same provider account linking – @Bekacru
    • Authorization request headers – @KGALLET
  • stripe:
    • Migrate to stripe sdk v18.0.0 – @kkMihai

🐞 Bug Fixes

  • Username empty field on update guard – @Kinfe123
  • Docs on oauth refresh token fn – @Kinfe123
  • MapProfileToUser getting called twice during idToken login – @Bekacru
  • Awaitable calls – @Kinfe123
  • Enforce override user info on oauth signin – @Bekacru
  • Join waitlist banner styling – @Kinfe123
  • Fields for custom schema should be optional – @Bekacru
  • UpdateAt field on banning/unbanning users – @Kinfe123
  • Improve signin builder and tabs functionality – @Kinfe123
  • Add a default value for generated fields – @Kinfe123
  • Resolve type error caused by incorrect plugin import – @Kinfe123
  • Resolve custom ts config path – @Kinfe123
  • Core schema model name definition on api-key – @Kinfe123
  • Username error code export – @Kinfe123
  • Resolve logo assets redirection and toaster styling issues – @Kinfe123
  • Remove unnecessary password hashing – @Kinfe123
  • Revoke session on password reset – @Kinfe123
  • Added password hashing to prevent timing attacks – @Kinfe123
  • Add default refreshAccessToken for microsoft provider – @BlankParticle
  • Pass context into createVerificationValue – @Livog
  • Origin check failing when there is symbol in a query param – @Bekacru
  • Remove userInfoUrl check to allow using custom function without url – @BlankParticle
  • getAccessToken should be available on the client – @BlankParticle
  • admin:
    • Handle redirecting banned users properly – @Bekacru
  • api-key:
    • Pass real rateLimitvalue from ctx.body – @Siumauricio
  • create-adapter:
    • Get default model ingetModelname@ping-maxwell
  • drizzle-adapter:
    • Missing operators – @ping-maxwell
  • generic-oauth:
    • On link account make sure to match provider Id before updating existing account – @Bekacru
    • Include missing tokens in account linking – @Bekacru
  • open-api:
    • Misplaced requires properties – @cwstra
  • organization:
    • Incorrect delete team error message – @ping-maxwell
  • passkey:
    • Add userDisplayName to the simplewebauthn generateRegistrationOptions call – @EugeneDraitsev
  • stripe:
    • Include priceId on list active subscriptions – @Bekacru
    • Reactivate subcrition filtering to only active or trialing subscription – @Konixy
  • two-factor:
    • Verification deletion on otp should use the correct ID – @Bekacru
    View changes on GitHub

v1.2.7

🚀 Features

  • Error code support for haveibeenpwned – @Kinfe123
  • plugin: Error code support for haveibeenpwned plugin – @Kinfe123

🐞 Bug Fixes

  • Added c.authentication to refresh token – @CodeWithAlexander
  • Authentication type missing on refershToken options – @Kinfe123
  • Prevent a user from created on haveibeenpwned – @Kinfe123
  • adapter:
    • Improve field lookup logic in createAdapter – @Bekacru
  • cli:
    • Schema gen with Drizzle for PG to generate text instead of uuid@ping-maxwell
  • drizzle-adapter:
    • Correct count retrieval in the update function – @okxiaoliang4
  • haveIBeenPwned:
    • Add proper error code – @JE4GLE
  • organization:
    • Checking if User is intended recipient of Invite is casesensetive – @SNRSE
  • plugin:
    • Prevent user from being created on compromised password – @Kinfe123
  • stripe:
    • Force post method for subscription restore – @Bekacru
    • Adding ability to restore cancelled trialing subscriptions – @Konixy
    View changes on GitHub

v1.2.6

🚀 Features

  • MapProfileToUser in vk social-provider – @MagicFun1241
  • One-time token plugin – @Bekacru
  • createAdapter and useNumberId@ping-maxwell
  • Support user data mapping in id token social sign-in – @Bekacru
  • Update hover style for light mode in community page – @sudoskys
  • Zoom social provider – @nktnet1
  • (captcha plugin) adding support for Google ReCAPTCHA v3 and hCaptcha – @0scrm
  • Openapi spec update – @solarsoft0
  • Have-i-been-pwned plugin – @moshetanzer
  • Support custom issuer totp – @Siumauricio
  • Delete token expiry configuration – @Bekacru
  • Add option to disable session refresh on use – @Bekacru
  • admin:
    • Add support for passing multiple roles as array – @Netrifier
  • email-otp:
    • Support attempt numbers for email-otp – @Bekacru
  • facebook:
    • Add support for business login using config ids – @arlyon
  • generic-oauth:
    • Added field discoveryHeaders to GenericOAuthConfig – @RyanWSweeney
  • jwt:
    • Add sub claim and getSubject@Bekacru
  • oauth2:
    • Override user info on provider sign-in – @Bekacru
  • organization:
    • Add invitation limit – @Bekacru
    • Support multiple permissions check – @rxri
  • phone-number:
    • Add attempts check – @Bekacru
    • Add number of attempts configuration – @Bekacru
    • Add phone number verification requirement before sign-in – @Bekacru
  • provider:
    • Twitter email support – @Kinfe123
  • react-start:
    • Add react-start integration for cookie handling – @Bekacru
  • socialLink:
    • Add support for custom scopes in social account linking – @leoleducq
  • stripe:
    • Restore subscription – @JNLei
  • two-factor:
    • Refactor two-factor authentication with better error handling, configurable otp limits and verification – @Bekacru
  • username:
    • Export the correct error codes for the plugin – @Bekacru

🐞 Bug Fixes

  • Import orders and alias to avoid conflict in ac code examples – @AmagiDDmxh
  • Fallback to checking main db on session retrieval when storeSessionInDatabase is enabled – @Bekacru
  • Export oAuth types – @hyoban
  • Og image compat – @Kinfe123
  • Og image compatibility on multiple link previews – @Kinfe123
  • Tooltip arrow – @Kinfe123
  • Tooltip arrow pointer – @Kinfe123
  • Forget password flow failing because of id conversion – @sosweetham
  • Dep issue – @Kinfe123
  • Deployment compat issue – @Kinfe123
  • Verify github email when profile has an email – @erquhart
  • Docs syntax spacing – @Kinfe123
  • GenericOAuth default redirectURI for account linking – @dbworku
  • Missing disableRefresh type in server side getSession – @Bekacru
  • Redirect to defaultErrorURL if errorURL doens't exist – @Bekacru
  • Plugin middleware docs – @Kinfe123
  • Improve header value retrieval for IP address extraction – @ozgurozalp
  • Prisma client docs – @Kinfe123
  • Community page interaction – @Kinfe123
  • Community page interaction – @Kinfe123
  • Hover style for light mode in community page – @Kinfe123
  • IpAddress and userAgent missing on server authentication – @Bekacru
  • Missing export one time token plugin – @wadefletch
  • Delete from session table when stopImpersonate called – @Kinfe123
  • Filter out fields with returned: false from session cookie cache – @Kinfe123
  • Rethrow error from db hooks if it is APIError instances – @Bekacru
  • admin:
    • Pass where clause to adapter.count to fix total value on listUser – @Netrifier
    • DefaultRoles, adminRoles + others not applying user config – @ping-maxwell
    • 'dontRememberMe' cookie handling during impersonation – @Bekacru
  • api-key:
    • Return value of permissions should be object, not string – @ping-maxwell
    • Update rateLimitEnabled default to consider options – @ismael-iskauskas
  • apple:
    • Update responseType to include code and id_token – @Bekacru
  • custom-session:
    • Custom session failing to set cookies – @Bekacru
  • generic-oauth:
    • Should check for email after mapProfileToUser – @Bekacru
  • oauth:
    • Encode clientId and clientSecret in authorization header – @xinyao27
  • oauth-proxy:
    • Extend callback and sign-in path matchers to include /oauth2/callback and /sign-in/oauth2 – @Bekacru
  • oidc-provider:
    • Add cookie options for path and sameSite in authorize – @Bekacru
  • open-api:
    • Hide disabled paths – @CrutchTheClutch
  • organization:
    • Update default invitation expiration time to use seconds – @Bekacru
    • Fix conditional teamId inference – @Netrifier
    • UpdateMemberRole failing if issuer has multiple roles – @dustin-we
  • stripe:
    • Allow customizing subscription schema – @ping-maxwell
    • Throw err if passed referenceId when no subscription authorizeReference` is defined – @ping-maxwell
    • Update referenceId in checkout session to use client_reference_id instead of metadata – @Bekacru
  • two-factor:
    • 2fa error codes failing to infer – @ping-maxwell
    View changes on GitHub