better-auth 1.3.0

v1.3.0

on Node.js NPM

   🚀 Features

• Sveltekit cookie helper plugin  -  by @Kinfe123 in #3049 (4e386)
• SSO plugin with OIDC and SAML support  -  by @Bekacru in #3185 (a6a66)
• Linear social provider  -  by @JedPattersonn in #2617 (6e291)
• Add encryption for OTPs and other verification information  -  by @ping-maxwell in #3164 (00d1e)
• Notion provider  -  by @ephraimduncan in #3068 (0bff4)
• Add sendOnSignIn option to make sending verification link in sign in route explicit  -  by @kmate19 in #2422 (991e2)
• Add inferAuth to infer plugin types and more on the client without needing client plugins  -  by @Bekacru in #3313 (378eb)
• Add rememberMe option to signUpEmail  -  by @aleclarson in #3325 (1c6a1)
• Add slack social provider  -  by @ephraimduncan in #3315 (84348)
• Add an option to encrypt oauth tokens by default  -  by @Bekacru in #2552 (7d034)
• OnPasswordReset callback  -  by @Kinfe123 in #2994 (a342b)
• AfterEmailVerification callback  -  by @Kinfe123 in #3046 (1a159)
• SIWE plugin  -  by @rokitgg in #2579 (370e8)
• admin:
  • Update user  -  by @Bekacru (ebde3)
• anonymous:
  • Update generateName to support returning a promise  -  by @btx-systems in #3259 (57baf)
• api-key:
  • Async support for verify key  -  by @Kinfe123 and @Bekacru in #3204 (3439f)
  • requireName to enforce name on keys  -  by @ping-maxwell in #3129 (79f5f)
• docs:
  • APIMethod, documents all server & client auth examples  -  by @ping-maxwell in #2577 (1ed38)
• drizzle:
  • Support camel case schema generation  -  by @Bekacru in #2550 (847fc)
• email-otp:
  • Support email verification override  -  by @Bekacru in #3292 (e3a45)
• generic-oauth:
  • Add support for additional token URL params in generic OAuth  -  by @CaoMeiYouRen in #3410 (2ac4f)
• magic-link:
  • Support errorCallbackURL & newUserCallbackURL  -  by @ping-maxwell in #3268 (8e4f9)
• oidc:
  • Add refresh token support to discovery document and token endpoint  -  by @tinkerer-shubh in #3373 (6f0f6)
  • Support JWKs with JWT plugin  -  by @NefixEstrada in #2755 (82b69)
  • Add support for public clients with PKCE authentication  -  by @pekastel in #3091 (ff54a)
• oidc-provider:
  • Trusted clients  -  by @BadPirate in #2878 (8223d)
  • Support encrypting and hashing secrets  -  by @Bekacru in #3416 (d4fc7)
• organization:
  • listUserInvitations adds the ability to list all invitations for a given user  -  by @ping-maxwell in #3121 (3547c)
  • AdditionalFields for org, member, invitation & team  -  by @ping-maxwell in #3447 (93698)
  • Multi-team support  -  by @Bekacru (28c84)
• social-providers:
  • Add Faceit Social Provider  -  by @Whats-A-MattR in #3140 (87927)
  • Add Faceit Social Provider "  -  by @Bekacru in #3140 and #3432 (ea0fc)
• sso:
  • Configurable provider limit  -  by @Kinfe123 in #3433 (1b2f3)
• stripe:
  • Pass context obejct to stripe plugin callbacks  -  by @Bekacru in #2990 (8fa4c)
• username:
  • Check username availability  -  by @ping-maxwell in #3025 (be3fa)
  • Add custom username normalization option  -  by @bortoz in #3412 (41fb4)

   🐞 Bug Fixes

• Import setCookie from tanstack start core package  -  by @asterikx in #3284 (b1851)
• Exclude current user from username update checks  -  by @kylekz in #2612 (0989e)
• Correct way detect facebook limited token jwt  -  by @reslear in #2877 (ab251)
• Update Discord link to use the correct invite URL in blogs section  -  by @vagxrth (bda8a)
• Linking accounts for anon users with one tap and passkey  -  by @Kinfe123 in #3124 (a2029)
• Don't require email for account linking  -  by @arlyon in #3335 (9c3a1)
• Add image option to signUpEmail types and schema  -  by @acusti in #3357 (78351)
• Implement standard Base64 encoding for HTTP Basic Auth in token refresh and validation  -  by @naimkhrof in #3388 (7364c)
• Schema generation when using advanced.databse.useNumberId  -  by @body20002 in #3311 (e02c2)
• Mysql foreign key constraints on generate  -  by @Kinfe123 in #2828 (15452)
• Zodv4 migration leftover due to conflict  -  by @Kinfe123 (5508b)
• Sso typecheck  -  by @Kinfe123 (78e38)
• Global onSuccess callback hook not being called  -  by @Kinfe123 in #3032 (26391)
• admin:
  • Throw an error if user id in /remove-user is invalid  -  by @ping-maxwell in #3271 (32d83)
  • Before create hook was not triggered when creating a user through the admin plugin  -  by @Kinfe123 in #3418 (adf8b)
  • Pass ctx to user create db hook  -  by @ping-maxwell in #2521 (65152)
• api-key:
  • Incorrect rate limit error status code  -  by @ping-maxwell in #3213 (7c471)
  • Incorrect rate limit error status code  -  by @ping-maxwell in #3213 (b136f)
  • Non-expiring API keys (with expiresAt set to null) were being deleted by mistake  -  by @reslear in #3413 (57c76)
• cli:
  • Format drizzle schema output  -  by @Kinfe123 in #3244 (6444c)
• db:
  • Add varchar to postgres string mapping and normalize type comparison  -  by @tinkerer-shubh in #3225 (5ead4)
• drizzle-cli:
  • Use serial as PK when useNumberId is enabled  -  by @ismi-abbas in #3228 (12e15)
  • Use serial as PK when useNumberId is enabled  -  by @ismi-abbas in #3228 (4a5d7)
• dropbox:
  • Added support for the token access type option  -  by @Kinfe123 in #3419 (29c76)
• email-otp:
  • Throw USER_NOT_FOUND when sign-up is disabled  -  by @tinkerer-shubh in #3223 (74311)
  • Throw USER_NOT_FOUND when sign-up is disabled  -  by @tinkerer-shubh in #3223 (d1ae4)
• expo:
  • Expo plugin should import types from the types path  -  by @Kinfe123 in #2526 (ba5f1)
• generic-oauth:
  • Error callback should avoid malformed URLs when the original URL already has query parameters  -  by @Lqm1 in #3430 (9c129)
• jwt:
  • Allow to generate JWKS with other algorithm than the default one  -  by @LightTab2 in #3219 (f9b19)
• mcp:
  • Issue with hardcoded baseURL in withMcpAuth  -  by @lazakrisz in #2971 (6119d)
• mongodb:
  • Honor custom generateId in create  -  by @tinkerer-shubh in #3178 (379b5)
• next-cookies:
  • Don't throw in monorepo workspaces  -  by @ping-maxwell in #3381 (8bd66)
• oauth:
  • Google prompt doesn't allow +  -  by @ping-maxwell in #3303 (8e7ee)
  • Extended oauth2 tokens with refresh_token_expires_in field  -  by @0xCodeMaieutics in #3167 (9bf74)
• oidc-provider:
  • Relax offline_access scope validation by removing prompt=consent requirement  -  by @tinkerer-shubh in #3420 (d1308)
• open-api:
  • Include additional fields  -  by @Kinfe123 in #3439 (5242d)
• organization:
  • List-teams endpoint returns unknown  -  by @ping-maxwell in #3243 (b08d1)
  • Allow org owner to update their own roles  -  by @frectonz in #3426 (577ad)
• origin-check:
  • Support protocol-specific wildcard trusted origins  -  by @nascode in #3155 (2734d)
• phone-number:
  • Verification value should be removed after successful password reset  -  by @Bekacru in #3261 (e82bc)
• social-providers:
  • Twitch provider not returning if email is valid  -  by @Pantotone in #3453 (3cd29)
• sso:
  • Saml redirection  -  by @Kinfe123 in #3343 (d66c6)
• stripe:
  • Allow upgrading incomplete subscriptions  -  by @Kinfe123 in #2930 (ce75d)
  • Prevent duplicate customers  -  by @dagmawibabi in #3459 (a9e09)
• two-factor:
  • Incorrect default OTP period & fix incorrect docs  -  by @ping-maxwell in #3231 (6beac)
  • Incorrect default OTP period & fix incorrect docs  -  by @ping-maxwell in #3231 (eea77)
  • Getting totp uri shouldn't require twoFactor enabled  -  by @occorune in #2620 (6ef51)
  • Otp separator mismatch  -  by @Kinfe123 in #2989 (c483f)
  • Use twoFactorEnabled flag instead of database lookup for OTP validation  -  by @bairdj in #3302 (26fd7)
• username:
  • Add callbackURL option to signInUsername  -  by @aleclarson in #3324 (63921)

    View changes on GitHub