better-auth 1.4.19

v1.4.19

on Node.js NPM

   🚀 Features

• adapter:
  • Improve select support  -  by @jslno in #7667 (4aae0)
• oauth-provider:
  • Add iss parameter to authorization responses (RFC 9207)  -  by @Paola3stefania in #7669 (766fc)
  • Add configurable rate limiting for OAuth endpoints  -  by @Paola3stefania in #7666 (2410d)
  • Enforce HTTPS for redirect URIs  -  by @Paola3stefania in #7670 (cf473)
• phone-number:
  • Support user additionalFields in signUpOnVerification flow  -  by @bytaesu and @himself65 in #7699 (f3080)

   🐞 Bug Fixes

• Skip sending email verification to already verified users without a session  -  by @bytaesu in #7712 (1667f)
• Improve Headers detection with instanceof check and cross-realm fallback  -  by @bytaesu in #7651 (1dc6a)
• Safely coerce date values from DB in OAuth provider plugin  -  by @himself65 in #7937 (f7074)
• Correct error redirect URL construction  -  by @bytaesu in #7799 (61cc2)
• Encode callbackURL in delete-user verification email  -  by @Paola3stefania in #8007 (fab61)
• Add error handling for id token verification in Apple and Google providers  -  by @Paola3stefania in #8011 (90ffd)
• access:
  • Allow passing statements directly into newRole  -  by @jslno in #7687 (9312d)
• adapter:
  • Use getCurrentAdapter for user lookup to avoid transaction deadlock  -  by @sakamoto-wk in #7758 (327ee)
• admin:
  • Change list type from never[] to UserWithRole[]  -  by @LovelessCodes in #7701 (3c0c5)
  • Apply listUsers filter when filterValue is defined  -  by @coderrshyam, @bytaesu and Taesu in #7827 (5f611)
  • Optional chain user in hooks  -  by @jslno in #8026 (17407)
• api-key:
  • Error details not passed to response  -  by @ping-maxwell and @himself65 in #7692 (8fd94)
• cli:
  • Add .env.local to dotenv  -  by @himself65 in #7831 (e804e)
• cookie:
  • Relax cookie retrieval for getSessionCookie  -  by @jslno in #8008 (81f50)
• custom-session:
  • Use getSetCookie() to preserve individual Set-Cookie headers  -  by @thomaspeklak in #7879 (0f035)
• db:
  • Infer default value for required attr properly  -  by @jslno in #7996 (c44a8)
• email-otp:
  • Typo in OpenAPI response metadata  -  by @smsunarto and Claude Opus 4.5 in #7737 (defcb)
• expo:
  • Construct the new Request to avoid immutable headers error on Cloudflare Workers  -  by @bytaesu in #7774 (5e83e)
  • Avoid a leading “; ” when constructing the first cookie  -  by @Laurin-Notemann in #7821 (3f5c1)
  • Support wildcard trusted origins in deep link cookie injection  -  by @bytaesu in #8013 (7153e)
• generic-oauth:
  • Emit duplicate id warning  -  by @himself65 in #7779 (c682a)
• microsoft:
  • Add verifyIdToken support for Microsoft Entra ID provider  -  by @bytaesu in #7795 (80120)
• oauth:
  • Support case-insensitive email matching for social account linking  -  by @karuppusamy-d in #7812 (987f4)
• oauth-provider:
  • Return url instead of uri in continue and consent endpoints  -  by @bytaesu in #7811 (fb56f)
  • Add missing oauthClient createdAt/updatedAt values  -  by @dvanmali in #7851 (16b11)
  • Return "invalid_client" on encrypted secret verification failure  -  by @bytaesu in #8030 (358a8)
• organization:
  • Prevent deletion of roles assigned to members  -  by @bytaesu in #7736 (8d98b)
  • Remove unreachable null check in acceptInvitation  -  by @Saurav3004, Taesu and @himself65 in #7825 (3f254)
• passkey:
  • Compute expirationTime per-request instead of at init  -  by @bytaesu in #7731 (763fd)
  • Use deleteVerificationByIdentifier for secondary-storage cleanup  -  by @bytaesu in #7790 (6efdc)
• sso:
  • Add better-call peerDeps  -  by @bytaesu in #7676 (d323b)
  • Allow custom organization roles in provisioning types  -  by @MuzzaiyyanHussain in #7722 (2803e)
  • Resolve TXT record at verification subdomain instead of root domain  -  by @Paola3stefania in #7935 (87093)
  • Correct IdentityProvider configuration in signInSSO  -  by @theNailz and Claude Opus 4.5 in #7708 (69ea7)
  • Fix broken relay state redirect on SAML ACS route  -  by @rbayliss in #7781 (68b6b)
  • Validate aud claim in OpenID Connect ID tokens  -  by @Paola3stefania in #7816 (3cd15)
  • Harden SAML ACS error redirects and add regression test for #7777  -  by @Paola3stefania in #7815 and #7777 (a6d8d)
• stripe:
  • Restore better-call peerDeps  -  by @bytaesu in #7675 (f63bf)
  • Use correct stripeCustomerId on /subscription/cancel/callback endpoint  -  by @bytaesu in #8032 (15519)
  • Clarify error when authorizeReference is missing  -  by @bytaesu in #7741 (91130)

    View changes on GitHub