🚀 New Features
- OIDC Plugin: An experimental new plugin that lets you create your own OIDC-compliant server. Checkout plugin docs - by @Bekacru in #765 (4555f)
- Enterprise SSO Provider: A new plugin that allows you to sign in users with OIDC servers configured by users. It handles provisioning new users, integrates with the organization plugin, and more. (SAML support coming soon!) Checkout plugin docs - by @Bekacru in #951 (f9102)
- Hooks: a new API for hook. You no longer need to create a plugin—these allow you to modify any requests and responses within Better Auth. Check out Hook Docs - by @Bekacru in #916 (384ef)
- Better Auth Utils: We made a typescript auth utility and Better Auth now depends on that for auth related utility needs. - by @Bekacru in #852 (74b6e)
- Stop Impersonating API: Admins can now stop impersonating a user and return to their session without logging out and back in. . - by @Bekacru in #883 (97725)
✨ Improvements and API Changes
- Endpoints that previously returned the entire user object now only return a
token. This change allows for storing sensitive fields in the user table and eliminates unnecessary returned data. As a result, all endpoints, except/get-session, now enforce this. - by @Bekacru in #968 (eacf0) - Expo plugin now requires a storage to be passed instead of defaulting to secure storage. - by @hyoban in #931 (d8a26)
- By default the bearer plugin now accepts unsigned tokens and provides an option to require signed tokens only. - by @Bekacru in #953 (9ab5d)
- User deletion now offers an improved user experience. It introduces a callback URL to redirect users to custom pages after their account is removed. Additionally, it accepts a
token, to enable custom flows. - by @Bekacru in #929 (cfd24) - Replaced Consola with a custom logger for better compatibility with Cloudflare deployments. - by @Bekacru in #948 (e6dc7)
- Export available provider types - by @TinsFox in #936 (b4594)
🐞 Bug Fixes
- Get-config paths for missing slash for
/lib/server- by @xKesvaL in #919 (74fff) - Remove nanoid dependcy and genreate id manually - by @Bekacru in #922 (ea482)
- Export passkey only on its own route - by @Bekacru (30d40)
- Ensure that error messages thrown from a DB hook are returned unchanged on social callback - by @Bekacru (ba552)
- Skip updating userinfo on oauth callback - by @Bekacru (fe30a)
- Protect phone number login with 2fa - by @Bekacru (52eaa)
- Email-otp on signup breaking when emailVerification is requried - by @Bekacru in #964 (5e84b)
- Sign In with Apple With ID Token not work - by @hyoban in #966 (b4ff5)
- Type seralization error - by @Bekacru in #962 (14575)
- ActiveOrgId should always refer to the ID instead of the slug - by @Bekacru (79625)
- bearer: Pre-check token signature to ignore if invalid - by @Bekacru in #933 (5f823)
- jwt: Pass session on definePayload callback - by @Bekacru in #921 (0b473)
- social: OAuth should find a user based on a provider returned account id - by @Bekacru in #963 (de1b7)