fix(expo): window.crypto is undefined (#4620)

packages/better-auth/package.json

@@ -698,7 +698,7 @@
     }
   },
   "dependencies": {
-    "@better-auth/utils": "0.2.6",
+    "@better-auth/utils": "0.3.0",
     "@better-fetch/fetch": "catalog:",
     "@noble/ciphers": "^2.0.0",
     "@noble/hashes": "^2.0.0",

packages/better-auth/src/crypto/password.ts

@@ -1,6 +1,5 @@
 import { constantTimeEqual } from "./buffer";
 import { scryptAsync } from "@noble/hashes/scrypt.js";
-import { getRandomValues } from "@better-auth/utils";
 import { hex } from "@better-auth/utils/hex";
 import { hexToBytes } from "@noble/hashes/utils.js";
 import { BetterAuthError } from "../error";
@@ -23,7 +22,7 @@ async function generateKey(password: string, salt: string) {
 }
 
 export const hashPassword = async (password: string) => {
-	const salt = hex.encode(getRandomValues(new Uint8Array(16)));
+	const salt = hex.encode(crypto.getRandomValues(new Uint8Array(16)));
 	const key = await generateKey(password, salt);
 	return `${salt}:${hex.encode(key)}`;
 };

packages/better-auth/src/plugins/device-authorization/index.ts

@@ -5,7 +5,6 @@ import type { BetterAuthPlugin, InferOptionSchema } from "../../types/plugins";
 import { generateRandomString } from "../../crypto";
 import { getSessionFromCtx } from "../../api/routes/session";
 import { ms, type StringValue as MSStringValue } from "ms";
-import { getRandomValues } from "@better-auth/utils";
 import { schema, type DeviceCode } from "./schema";
 import { mergeSchema } from "../../db";
 
@@ -150,7 +149,7 @@ const defaultGenerateDeviceCode = (length: number) => {
  */
 const defaultGenerateUserCode = (length: number) => {
 	const chars = new Uint8Array(length);
-	return Array.from(getRandomValues(chars))
+	return Array.from(crypto.getRandomValues(chars))
 		.map((byte) => defaultCharset[byte % defaultCharset.length])
 		.join("");
 };

packages/better-auth/src/plugins/jwt/utils.ts

@@ -1,4 +1,4 @@
-import { subtle, getRandomValues } from "@better-auth/utils";
+import { getWebcryptoSubtle } from "@better-auth/utils";
 import { base64 } from "@better-auth/utils/base64";
 import { joseSecs } from "../../utils/time";
 import type { JwtOptions, Jwk } from "./types";
@@ -31,6 +31,7 @@ export function toExpJWT(
 
 async function deriveKey(secretKey: string): Promise<CryptoKey> {
 	const enc = new TextEncoder();
+	const subtle = getWebcryptoSubtle();
 	const keyMaterial = await subtle.importKey(
 		"raw",
 		enc.encode(secretKey),
@@ -58,10 +59,10 @@ export async function encryptPrivateKey(
 	secretKey: string,
 ): Promise<{ encryptedPrivateKey: string; iv: string; authTag: string }> {
 	const key = await deriveKey(secretKey); // Derive a 32-byte key from the provided secret
-	const iv = getRandomValues(new Uint8Array(12)); // 12-byte IV for AES-GCM
+	const iv = crypto.getRandomValues(new Uint8Array(12)); // 12-byte IV for AES-GCM
 
 	const enc = new TextEncoder();
-	const ciphertext = await subtle.encrypt(
+	const ciphertext = await getWebcryptoSubtle().encrypt(
 		{
 			name: "AES-GCM",
 			iv: iv,
@@ -94,7 +95,7 @@ export async function decryptPrivateKey(
 	const ivBuffer = base64.decode(iv);
 	const ciphertext = base64.decode(encryptedPrivateKey);
 
-	const decrypted = await subtle.decrypt(
+	const decrypted = await getWebcryptoSubtle().decrypt(
 		{
 			name: "AES-GCM",
 			iv: ivBuffer as BufferSource,

packages/better-auth/src/plugins/mcp/index.ts

@@ -16,7 +16,7 @@ import { APIError, getSessionFromCtx } from "../../api";
 import { base64 } from "@better-auth/utils/base64";
 import { generateRandomString } from "../../crypto";
 import { createHash } from "@better-auth/utils/hash";
-import { subtle } from "@better-auth/utils";
+import { getWebcryptoSubtle } from "@better-auth/utils";
 import { SignJWT } from "jose";
 import type { BetterAuthOptions, GenericEndpointContext } from "../../types";
 import { parseSetCookieHeader } from "../../cookies";
@@ -568,7 +568,7 @@ export const mcp = (options: MCPOptions) => {
 					}
 					let secretKey = {
 						alg: "HS256",
-						key: await subtle.generateKey(
+						key: await getWebcryptoSubtle().generateKey(
 							{
 								name: "HMAC",
 								hash: "SHA-256",

pnpm-lock.yaml

@@ -630,8 +630,8 @@ importers:
   packages/better-auth:
     dependencies:
       '@better-auth/utils':
-        specifier: 0.2.6
-        version: 0.2.6
+        specifier: 0.3.0
+        version: 0.3.0
       '@better-fetch/fetch':
         specifier: 'catalog:'
         version: 1.1.18
@@ -1623,8 +1623,8 @@ packages:
     resolution: {integrity: sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q==}
     engines: {node: '>=6.9.0'}
 
-  '@better-auth/utils@0.2.6':
-    resolution: {integrity: sha512-3y/vaL5Ox33dBwgJ6ub3OPkVqr6B5xL2kgxNHG8eHZuryLyG/4JSPGqjbdRSgjuy9kALUZYDFl+ORIAxlWMSuA==}
+  '@better-auth/utils@0.3.0':
+    resolution: {integrity: sha512-W+Adw6ZA6mgvnSnhOki270rwJ42t4XzSK6YWGF//BbVXL6SwCLWfyzBc1lN2m/4RM28KubdBKQ4X5VMoLRNPQw==}
 
   '@better-fetch/fetch@1.1.18':
     resolution: {integrity: sha512-rEFOE1MYIsBmoMJtQbl32PGHHXuG2hDxvEd7rUHE0vCBoFQVSDqaVs9hkZEtHCxRoY+CljXKFCOuJ8uxqw1LcA==}
@@ -13053,9 +13053,7 @@ snapshots:
       '@babel/helper-string-parser': 7.27.1
       '@babel/helper-validator-identifier': 7.27.1
 
-  '@better-auth/utils@0.2.6':
-    dependencies:
-      uncrypto: 0.1.3
+  '@better-auth/utils@0.3.0': {}
 
   '@better-fetch/fetch@1.1.18': {}
 
@@ -15876,7 +15874,9 @@ snapshots:
       metro-runtime: 0.83.1
     transitivePeerDependencies:
       - '@babel/core'
+      - bufferutil
       - supports-color
+      - utf-8-validate
 
   '@react-native/normalize-colors@0.79.5': {}