better-auth 1.4.11

v1.4.11

on Node.js NPM

   🚀 Features

• Add auth.api.verifyPassword  -  by @SaviruFr and @himself65 in #6934 (c0414)
• anonymous: Delete anonymous user endpoint  -  by @ping-maxwell in #6377 (cf2b3)
• generic-oauth: Add Gumroad login support  -  by @ptaberg and @himself65 in #7100 (3c5d5)
• saml: Reject SAML responses containing multiple assertions  -  by @Paola3stefania and Alexander Asomba in #6836 (40a82)
• stripe: Enhance stripe plugin with organization customer support  -  by @bytaesu and Cmion in #7142 (6937f)

   🐞 Bug Fixes

• Filter null values from dynamic trusted origins  -  by @bytaesu and @himself65 in #7080 (0e7a5)
• Call hooks on change-email-verification flow  -  by @bytaesu in #7160 (740b2)
• Clean up expired rate-limit entries on memory storage  -  by @ping-maxwell in #7161 (89567)
• Set Location header on redirected responses  -  by @GautamBytes and @ping-maxwell in #6232 (59643)
• anonymous:
  • Prevent Convex cleanup from deleting fresh sessions  -  by @RodrigoRafaelSantos7 and @ping-maxwell in #5825 (5630b)
• api-key:
  • Remove strict length pre-check in verifyApiKey  -  by @GautamBytes and @ping-maxwell in #6259 (06db3)
  • Remove double stringify/parse of metadata field  -  by @xiaoyu2er, @ping-maxwell and @himself65 in #7076 (4d769)
  • Log key verification errors  -  by @ping-maxwell and @himself65 in #7174 (65ea3)
• core:
  • Detect dual module error  -  by @himself65 in #7097 (1baaa)
  • Separate CSRF and origin checks  -  by @Paola3stefania and @himself65 in #7204 (35caa)
• docs:
  • Correct tos and policy types in oauth-provider  -  by @GautamBytes, Gautam Manchandani and @ping-maxwell in #7194 (8ec99)
• email-otp:
  • Call afterEmailVerification hook on verification  -  by @GautamBytes and Gautam Manchandani in #7121 (396d7)
• email-verification:
  • Sending email verification of another user fails with EMAIL_ALREADY_VERIFIED  -  by @ping-maxwell in #7215 (bb5d0)
• mcp:
  • Restore ctx.query from cookie in OAuth flow  -  by @bytaesu in #6974 (7bd13)
• one-tap:
  • Respect user dismiss actions in prompt retry logic  -  by @bytaesu in #7211 (eb8a5)
• open-api:
  • Correctly infer type for ZodDefault fields  -  by @MuzzaiyyanHussain and Taesu in #7150 (6fa91)
• organization:
  • Use opts pattern to enable hook injection  -  by @bytaesu in #7130 (53776)
• passkey:
  • Add error logs during client verification error  -  by @ping-maxwell in #7193 (28329)
• prisma-adapter:
  • Lift eq AND conditions to root so update detects unique where field  -  by @ping-maxwell in #7096 (b3241)
• stripe:
  • Improve error handling and subscriptionSuccess route  -  by @bytaesu in #7087 (14fc9)
  • Pass metadata to subscription object in upgrade method  -  by @bytaesu in #7090 (d1c3a)
  • Prevent duplicate subscription creation when a subscription already exists  -  by @bytaesu in #7104 (46ac1)
• two-factor:
  • Prisma issue  -  by @okisdev, @Bekacru, @ping-maxwell and ping-maxwell in #5347 (e4d72)
  • Add missing POST endpoints to client pathMethods  -  by @theonlypal in #7284 (63d67)

    View changes on GitHub