better-auth 1.4.18

v1.4.18

on Node.js NPM

   🚀 Features

• Add disableImplicitLinking to accountLinking  -  by @Paola3stefania and @himself65 in #7270 (a7740)
• Mark /forget-password/email-otp as deprecation  -  by @bytaesu in #7645 (8f333)
• device-authorization:
  • Add user id checks  -  by @himself65 in #7632 (4d79c)
• one-tap:
  • Add button mode for Google sign-in  -  by @himself65 and Alex Yang in #7482 (aeb92)
• sso:
  • Support multi-domain providers  -  by @Paola3stefania in #7541 (5be34)
  • Add provider list and detail endpoints  -  by @Paola3stefania and @himself65 in #6967 (d0ed1)

   🐞 Bug Fixes

• Correctly handle OAuth callback and Apple email field  -  by @bytaesu in #7181 (c918e)
• Centralize cookie parsing and handle Expires dates correctly  -  by @bytaesu, @cursoragent, taesu and @himself65 in #7556 (d598b)
• Refresh account_data cookie when session is refreshed  -  by @bytaesu and @himself65 in #7576 (5d3f7)
• Remove duplicate secondary storage writes from setSessionCookie  -  by @bytaesu in #7592 (7a4bc)
• Set default logger level to "warn"  -  by @bytaesu, @cursoragent and taesu in #7597 (5d0e7)
• Respect the explicitly set sendOnSignUp option  -  by @bytaesu in #7593 (33619)
• Handle serial and false cases in generateId  -  by @bytaesu in #7474 (949cd)
• Log error when misconfigured  -  by @himself65 in #7584 (16201)
• Update google oauth endpoints  -  by @bytaesu in #7442 (d401b)
• Consistent api version for facebook provider  -  by @bytaesu in #7445 (cf619)
• Check jsconfig.json in getPathAliases  -  by @jycouet in #7650 (9cb45)
• 2fa:
  • Server-side trust device expiration and configurable maxAge  -  by @Paola3stefania and @himself65 in #7644 (5d15b)
• anonymous:
  • Export types  -  by @CalLavicka and @himself65 in #7661 (133a2)
• cli:
  • Use inkeep remote mcp url  -  by @Bekacru in #7543 (27af8)
  • Update MCP URL from Chonkie to Inkeep  -  by @Paola3stefania in #7585 (79621)
• core:
  • Consolidate rateLimit table schema definition  -  by @bytaesu in #7551 (ea589)
• email-otp:
  • Add stricter default rate limits for password reset endpoints  -  by @bytaesu in #7658 (dcc28)
• expo:
  • Prevent null cookie key when redirect URL has no cookie param  -  by @bytaesu in #7555 (d2ca0)
  • Prevent duplicate listener notifications in FocusManager and OnlineManager  -  by @kimchi-developer and @himself65 in #7552 (a3ffb)
• github:
  • Surface OAuth token exchange errors  -  by @Paola3stefania in #7186 (94b75)
• mcp:
  • Remove local mpc  -  by @Paola3stefania in #7574 (d6d62)
• multi-session:
  • Prevent duplicate cookies when same user signs in multiple times  -  by @Paola3stefania and @himself65 in #7256 (9db76)
• oauth-provider:
  • Properly handle metadata field in client registration  -  by @Paola3stefania in #7232 (33015)
• okta:
  • Userinfo route mismatch  -  by @psigen in #7602 (acf77)
• organization:
  • Filter returned: false fields from API responses  -  by @Paola3stefania and @himself65 in #7531 (57f1e)
• saml:
  • IdP-Initiated Callback Routing  -  by @Paola3stefania and Alex Yang in #6675 (c6f8f)
• session:
  • Skip invalid sessions in list  -  by @Paola3stefania and @himself65 in #7182 (b6986)
• stripe:
  • Allow billing interval change for same plan  -  by @bytaesu in #7542 (1cfcc)
  • Find active subscription correctly when upgrading  -  by @bytaesu in #7547 (663d4)

   🏎 Performance

• Fix infinite typecheck  -  by @himself65 in #7563 (12f4c)

    View changes on GitHub