All of the changes made will be available here.

Better Auth is comprehensive authentication library for TypeScript that provides a wide range of features to make authentication easier and more secure.


BETTER-AUTH.

v1.3.2

🐞 Bug Fixes

  • Improve setting active org performance – @Kinfe123
    View changes on GitHub

v1.3.1

🐞 Bug Fixes

  • Changed the Twitter provider to use "post" authentication instead of "basic" when validating the authorization code – @dagmawibabi
  • organization:
    • Dixed organization schema inference when multiple plugins are present in the plugins array – @ping-maxwell
    • Multi teams breaking active organization id type inference – @Bekacru
    View changes on GitHub

v1.3.0

🚀 Features

  • Sveltekit cookie helper plugin – @Kinfe123
  • SSO plugin with OIDC and SAML support – @Bekacru
  • Linear social provider – @JedPattersonn
  • Add encryption for OTPs and other verification information – @ping-maxwell
  • Notion provider – @ephraimduncan
  • Add sendOnSignIn option to make sending verification link in sign in route explicit – @kmate19
  • Add inferAuth to infer plugin types and more on the client without needing client plugins – @Bekacru
  • Add rememberMe option to signUpEmail@aleclarson
  • Add slack social provider – @ephraimduncan
  • Add an option to encrypt oauth tokens by default – @Bekacru
  • OnPasswordReset callback – @Kinfe123
  • AfterEmailVerification callback – @Kinfe123
  • SIWE plugin – @rokitgg
  • admin:
    • Update user – @Bekacru
  • anonymous:
    • Update generateName to support returning a promise – @btx-systems
  • api-key:
    • Async support for verify key – @Kinfe123 @Bekacru
    • requireName to enforce name on keys – @ping-maxwell
  • docs:
    • APIMethod, documents all server & client auth examples – @ping-maxwell
  • drizzle:
    • Support camel case schema generation – @Bekacru
  • email-otp:
    • Support email verification override – @Bekacru
  • generic-oauth:
    • Add support for additional token URL params in generic OAuth – @CaoMeiYouRen
  • magic-link:
    • Support errorCallbackURL & newUserCallbackURL – @ping-maxwell
  • oidc:
    • Add refresh token support to discovery document and token endpoint – @tinkerer-shubh
    • Support JWKs with JWT plugin – @NefixEstrada
    • Add support for public clients with PKCE authentication – @pekastel
  • oidc-provider:
    • Trusted clients – @BadPirate
    • Support encrypting and hashing secrets – @Bekacru
  • organization:
    • listUserInvitations adds the ability to list all invitations for a given user – @ping-maxwell
    • AdditionalFields for org, member, invitation & team – @ping-maxwell
    • Multi-team support – @Bekacru
  • social-providers:
    • Add Faceit Social Provider – @Whats-A-MattR
    • Add Faceit Social Provider " – @Bekacru
  • sso:
    • Configurable provider limit – @Kinfe123
  • stripe:
    • Pass context obejct to stripe plugin callbacks – @Bekacru
  • username:
    • Check username availability – @ping-maxwell
    • Add custom username normalization option – @bortoz

🐞 Bug Fixes

  • Import setCookie from tanstack start core package – @asterikx
  • Exclude current user from username update checks – @kylekz
  • Correct way detect facebook limited token jwt – @reslear
  • Update Discord link to use the correct invite URL in blogs section – @vagxrth
  • Linking accounts for anon users with one tap and passkey – @Kinfe123
  • Don't require email for account linking – @arlyon
  • Add image option to signUpEmail types and schema – @acusti
  • Implement standard Base64 encoding for HTTP Basic Auth in token refresh and validation – @naimkhrof
  • Schema generation when using advanced.databse.useNumberId – @body20002
  • Mysql foreign key constraints on generate – @Kinfe123
  • Zodv4 migration leftover due to conflict – @Kinfe123
  • Sso typecheck – @Kinfe123
  • Global onSuccess callback hook not being called – @Kinfe123
  • admin:
    • Throw an error if user id in /remove-user is invalid – @ping-maxwell
    • Before create hook was not triggered when creating a user through the admin plugin – @Kinfe123
    • Pass ctx to user create db hook – @ping-maxwell
  • api-key:
    • Incorrect rate limit error status code – @ping-maxwell
    • Incorrect rate limit error status code – @ping-maxwell
    • Non-expiring API keys (with expiresAt set to null) were being deleted by mistake – @reslear
  • cli:
    • Format drizzle schema output – @Kinfe123
  • db:
    • Add varchar to postgres string mapping and normalize type comparison – @tinkerer-shubh
  • drizzle-cli:
    • Use serial as PK when useNumberId is enabled – @ismi-abbas
    • Use serial as PK when useNumberId is enabled – @ismi-abbas
  • dropbox:
    • Added support for the token access type option – @Kinfe123
  • email-otp:
    • Throw USER_NOT_FOUND when sign-up is disabled – @tinkerer-shubh
    • Throw USER_NOT_FOUND when sign-up is disabled – @tinkerer-shubh
  • expo:
    • Expo plugin should import types from the types path – @Kinfe123
  • generic-oauth:
    • Error callback should avoid malformed URLs when the original URL already has query parameters – @Lqm1
  • jwt:
    • Allow to generate JWKS with other algorithm than the default one – @LightTab2
  • mcp:
    • Issue with hardcoded baseURL in withMcpAuth – @lazakrisz
  • mongodb:
    • Honor custom generateId in create – @tinkerer-shubh
  • next-cookies:
    • Don't throw in monorepo workspaces – @ping-maxwell
  • oauth:
    • Google prompt doesn't allow +@ping-maxwell
    • Extended oauth2 tokens with refresh_token_expires_in field – @0xCodeMaieutics
  • oidc-provider:
    • Relax offline_access scope validation by removing prompt=consent requirement – @tinkerer-shubh
  • open-api:
    • Include additional fields – @Kinfe123
  • organization:
    • List-teams endpoint returns unknown@ping-maxwell
    • Allow org owner to update their own roles – @frectonz
  • origin-check:
    • Support protocol-specific wildcard trusted origins – @nascode
  • phone-number:
    • Verification value should be removed after successful password reset – @Bekacru
  • social-providers:
    • Twitch provider not returning if email is valid – @Pantotone
  • sso:
    • Saml redirection – @Kinfe123
  • stripe:
    • Allow upgrading incomplete subscriptions – @Kinfe123
    • Prevent duplicate customers – @dagmawibabi
  • two-factor:
    • Incorrect default OTP period & fix incorrect docs – @ping-maxwell
    • Incorrect default OTP period & fix incorrect docs – @ping-maxwell
    • Getting totp uri shouldn't require twoFactor enabled – @occorune
    • Otp separator mismatch – @Kinfe123
    • Use twoFactorEnabled flag instead of database lookup for OTP validation – @bairdj
  • username:
    • Add callbackURL option to signInUsername@aleclarson
    View changes on GitHub

v1.2.12

🐞 Bug Fixes

  • account:
    • Add placeholder URL for type inference in linkSocialAccount response – @Bekacru
  • create-adapter:
    • getModelName should apply plural to custom model names – @ping-maxwell
    • TransformWhere should account for customTransformInput – @ping-maxwell
    • Doesn't work with mongoAdapter – @ping-maxwell
  • email-otp:
    • Doesn't call onEmailVerification – @ping-maxwell
    View changes on GitHub

v1.2.11

🐞 Bug Fixes

  • api-key: Update should only use by ID – @Kinfe123
  • sveltekit: Only dynamic import $app/environment once – @tehnrd
  • user-card: Refactor email verification button and update trusted origins – @Bekacru
  • username: Log the correct username – @bortoz
    View changes on GitHub

v1.2.10

🚀 Features

  • Allow passing id in DB hook create@ping-maxwell
  • Link account with idToken – @reslear
  • Add Hugging Face provider – @coyotte508
  • cli: Allow cli to use custom adapter createSchema if implemented – @taivo
  • organization: MaximumMembersPerTeam support – @ping-maxwell

🐞 Bug Fixes

  • Support "ne" (not equal) filter in Prisma adapter – @matteovava
  • Propagate a secondary storage updates on updated user – @Kinfe123
  • Incremental scopes for Microsoft and return all granted scopes for Google – @jafri
  • Remove active organization when member isn't found – @Bekacru
  • DeleteUser check session freshAge using ms instead of sec – @etler
  • Always use custom errorURL when available – @ErikPetersenDev
  • Duplicate oauth registration – @Bekacru
  • Expose-headers override in bearer plugin when setting set-auth-token@Kinfe123
  • Delete user should respect freshAge config – @Bekacru
  • Use correct refresh token endpoint for github – @artemoire
  • OnLinkAccount trigger on phone number verification – @Kinfe123
  • Expose headers override in jwt plugin – @Kinfe123
  • email-otp: Auto-verify on email otp reset – @Kinfe123
  • email-verification: Improve email verification logic to check session and user email consistency – @Bekacru
  • expo: Remove duplicated trusted origins – @Bekacru
  • get-session: Missing null type on /get-session when throw:true is set – @ping-maxwell
  • oauth-proxy: Resolve current URL with precedence – @juliusmarminge
  • organization: Organization with no members error – @seanlucakrueger
  • twitter: Update email verification logic in profile mapping – @Xirynx
    View changes on GitHub

v1.2.9

🚀 Features

  • Support bun sqlite by default – @Bekacru
  • MCP plugin – @Bekacru
  • New user delete flow – @BlankParticle
  • Add account info endpoint – @BlankParticle @Bekacru
  • Add promise support for custom user info claims – @zackify
  • Add getCookieCache helper and update session handling – @Bekacru
  • Support passing error callback url for account linking – @Bekacru
  • Support stripe seat upgrade – @Bekacru
  • customPaths: Provide an option to modify and map api paths – @CrutchTheClutch
  • passkey: AAGUID field support – @s3f5

🐞 Bug Fixes

  • Use dynamic list of social providers to allow generic oauth – @BlankParticle
  • Make sure updatedAt is updated on session refresh – @Kinfe123
  • Improve the callbackURL parameter for social, oauth, SSO – @gee1k
  • Plugin init context should carry modified context from other plugins – @Bekacru
  • Avoid refreshing tokens if the provider doesn't return refresh tokens – @stephenjason89
  • Init snapshot – @ping-maxwell
  • Prisma schema not required on dev/bun – @Kinfe123
  • SSR handling in useAuthQuery to prevent hydration issues – @yerzham
  • Encoded callbackURL – @Kinfe123
  • Allow contains filter for users in admin – @Kinfe123
  • Microsoft entra token refresh scope – @CarbonNeuron
  • Demo build & upgrades – @Kinfe123
  • Docs sidebar height – @Kinfe123
  • Default value on generate – @Kinfe123
  • Construct valid URL from VERCEL_URL env – @juliusmarminge
  • Add prompt option on github – @Kinfe123
  • Remove empty migration with semi colon – @Kinfe123
  • Rename forgetPassword APIs to requestPasswordReset@Bekacru
  • Lookup keys without the priceId – @Kinfe123
  • Oauth proxy between http and https – @juliusmarminge
  • X:
    • Used x.com domain for all twitter provider urls – @armannaj
  • admin:
    • Respect cookie prefix for impersonate admin cookies – @Bekacru
  • api-key:
    • Rate limits not working – @ntgussoni
  • apple:
    • Correctly map email verification status from profile – @gee1k
    • Response type should be set to idToken code to get full user profile data – @Bekacru
  • cli:
    • Missing dependency @babel/core – @NormalGaussian
  • demo:
    • Avoid page refresh on session termination – @Kinfe123
  • magic-link:
    • URI-encode magic link callbackURL – @philipp-lampert
  • mongo-adapter:
    • Fix incorrect transformation of findOneAndX outputs – @matt-shipman
  • oidc-provider:
    • Consent should be able to be accepted if state is empty – @zackify
    • Authorize post-auth flow – @BadPirate
  • prisma:
    • "eq" invalid argument OR clause – @Konixy
  • stripe:
    • Inconsistency preventing subscription upgrades – @rgodha24
    • Use the stripeSubscriptionId from the fetched subscription instead of the one from the request – @TheYoxy
    View changes on GitHub

v1.2.8

🚀 Features

  • Make update account on signin optional – @Bekacru
  • Add getAccessToken api for oauth accounts – @BlankParticle
  • getActions from client plugins to include clientOptions in get user client config – @ping-maxwell
  • Add one time token generator – @Bekacru
  • adapter:
    • Allow providing id in create method – @ping-maxwell
  • anonymous:
    • Custom anonymous names – @ping-maxwell
  • api-key:
    • Disable hashing API Keys – @ping-maxwell
  • custom-session:
    • Add ctx on custom session callback fn – @Bekacru
  • generic-oauth:
    • Support same provider account linking – @Bekacru
    • Authorization request headers – @KGALLET
  • stripe:
    • Migrate to stripe sdk v18.0.0 – @kkMihai

🐞 Bug Fixes

  • Username empty field on update guard – @Kinfe123
  • Docs on oauth refresh token fn – @Kinfe123
  • MapProfileToUser getting called twice during idToken login – @Bekacru
  • Awaitable calls – @Kinfe123
  • Enforce override user info on oauth signin – @Bekacru
  • Join waitlist banner styling – @Kinfe123
  • Fields for custom schema should be optional – @Bekacru
  • UpdateAt field on banning/unbanning users – @Kinfe123
  • Improve signin builder and tabs functionality – @Kinfe123
  • Add a default value for generated fields – @Kinfe123
  • Resolve type error caused by incorrect plugin import – @Kinfe123
  • Resolve custom ts config path – @Kinfe123
  • Core schema model name definition on api-key – @Kinfe123
  • Username error code export – @Kinfe123
  • Resolve logo assets redirection and toaster styling issues – @Kinfe123
  • Remove unnecessary password hashing – @Kinfe123
  • Revoke session on password reset – @Kinfe123
  • Added password hashing to prevent timing attacks – @Kinfe123
  • Add default refreshAccessToken for microsoft provider – @BlankParticle
  • Pass context into createVerificationValue – @Livog
  • Origin check failing when there is symbol in a query param – @Bekacru
  • Remove userInfoUrl check to allow using custom function without url – @BlankParticle
  • getAccessToken should be available on the client – @BlankParticle
  • admin:
    • Handle redirecting banned users properly – @Bekacru
  • api-key:
    • Pass real rateLimitvalue from ctx.body – @Siumauricio
  • create-adapter:
    • Get default model ingetModelname@ping-maxwell
  • drizzle-adapter:
    • Missing operators – @ping-maxwell
  • generic-oauth:
    • On link account make sure to match provider Id before updating existing account – @Bekacru
    • Include missing tokens in account linking – @Bekacru
  • open-api:
    • Misplaced requires properties – @cwstra
  • organization:
    • Incorrect delete team error message – @ping-maxwell
  • passkey:
    • Add userDisplayName to the simplewebauthn generateRegistrationOptions call – @EugeneDraitsev
  • stripe:
    • Include priceId on list active subscriptions – @Bekacru
    • Reactivate subcrition filtering to only active or trialing subscription – @Konixy
  • two-factor:
    • Verification deletion on otp should use the correct ID – @Bekacru
    View changes on GitHub