chore: cleanup

demo/nextjs/app/accept-invitation/[id]/page.tsx

@@ -15,7 +15,6 @@ import { useParams, useRouter } from "next/navigation";
 import { Skeleton } from "@/components/ui/skeleton";
 import { client, organization } from "@/lib/auth-client";
 import { InvitationError } from "./invitation-error";
-import { Invitation } from "@/lib/auth-types";
 
 export default function InvitationPage() {
 	const params = useParams<{

packages/better-auth/src/api/routes/callback.ts

@@ -56,16 +56,16 @@ export const callbackOAuth = createAuthEndpoint(
 		}
 
 		const {
-			data: { callbackURL, currentURL, dontRememberMe, code },
+			data: { callbackURL, currentURL, code: stateCode },
 		} = parsedState;
 
-		const storedCode = await c.getSignedCookie(
+		const storedState = await c.getSignedCookie(
 			c.context.authCookies.state.name,
 			c.context.secret,
 		);
 
-		if (storedCode !== code) {
-			logger.error("Oauth code mismatch", storedCode, code);
+		if (storedState !== stateCode) {
+			logger.error("OAuth state mismatch", storedState, stateCode);
 			throw c.redirect(
 				`${c.context.baseURL}/error?error=please_restart_the_process`,
 			);
@@ -186,7 +186,6 @@ export const callbackOAuth = createAuthEndpoint(
 			const session = await c.context.internalAdapter.createSession(
 				userId || id,
 				c.request,
-				dontRememberMe,
 			);
 			if (!session) {
 				const url = new URL(currentURL || callbackURL);
@@ -194,7 +193,7 @@ export const callbackOAuth = createAuthEndpoint(
 				throw c.redirect(url.toString());
 			}
 			try {
-				await setSessionCookie(c, session.id, dontRememberMe);
+				await setSessionCookie(c, session.id);
 			} catch (e) {
 				c.context.logger.error("Unable to set session cookie", e);
 				const url = new URL(currentURL || callbackURL);

packages/better-auth/src/api/routes/sign-in.ts

@@ -30,10 +30,6 @@ export const signInOAuth = createAuthEndpoint(
 			 * OAuth2 provider to use`
 			 */
 			provider: z.enum(oAuthProviderList),
-			/**
-			 * If this is true the session will only be valid for the current browser session
-			 */
-			dontRememberMe: z.boolean().default(false).optional(),
 		}),
 	},
 	async (c) => {
@@ -62,37 +58,33 @@ export const signInOAuth = createAuthEndpoint(
 			callbackURL || currentURL?.origin || c.context.baseURL,
 			c.query?.currentURL,
 		);
-		try {
-			await c.setSignedCookie(
-				cookie.state.name,
-				state.code,
-				c.context.secret,
-				cookie.state.options,
-			);
-			const codeVerifier = generateCodeVerifier();
-			await c.setSignedCookie(
-				cookie.pkCodeVerifier.name,
-				codeVerifier,
-				c.context.secret,
-				cookie.pkCodeVerifier.options,
-			);
-			const url = provider.createAuthorizationURL({
-				state: state.state,
-				codeVerifier,
-			});
-			url.searchParams.set(
-				"redirect_uri",
-				`${c.context.baseURL}/callback/${c.body.provider}`,
-			);
-			return {
-				url: url.toString(),
-				state: state.state,
-				codeVerifier,
-				redirect: true,
-			};
-		} catch (e) {
-			throw new APIError("INTERNAL_SERVER_ERROR");
-		}
+		await c.setSignedCookie(
+			cookie.state.name,
+			state.code,
+			c.context.secret,
+			cookie.state.options,
+		);
+		const codeVerifier = generateCodeVerifier();
+		await c.setSignedCookie(
+			cookie.pkCodeVerifier.name,
+			codeVerifier,
+			c.context.secret,
+			cookie.pkCodeVerifier.options,
+		);
+		const url = provider.createAuthorizationURL({
+			state: state.state,
+			codeVerifier,
+		});
+		url.searchParams.set(
+			"redirect_uri",
+			`${c.context.baseURL}/callback/${c.body.provider}`,
+		);
+		return {
+			url: url.toString(),
+			state: state.state,
+			codeVerifier,
+			redirect: true,
+		};
 	},
 );
 

packages/better-auth/src/cookies/index.ts

@@ -164,6 +164,12 @@ export function deleteSessionCookie(ctx: GenericEndpointContext) {
 	ctx.setCookie(ctx.context.authCookies.sessionToken.name, "", {
 		maxAge: 0,
 	});
+	ctx.setCookie(ctx.context.authCookies.pkCodeVerifier.name, "", {
+		maxAge: 0,
+	});
+	ctx.setCookie(ctx.context.authCookies.state.name, "", {
+		maxAge: 0,
+	});
 	ctx.setCookie(ctx.context.authCookies.dontRememberToken.name, "", {
 		maxAge: 0,
 	});

packages/better-auth/src/social-providers/providers.test.ts

@@ -65,6 +65,7 @@ describe("Social Providers", async () => {
 		const signInRes = await client.signIn.social(
 			{
 				provider: "google",
+				callbackURL: "/callback",
 			},
 			{
 				onSuccess(context) {
@@ -97,6 +98,9 @@ describe("Social Providers", async () => {
 			headers,
 			onError(context) {
 				expect(context.response.status).toBe(302);
+				const location = context.response.headers.get("location");
+				expect(location).toBeDefined();
+				expect(location).toContain("/callback");
 				const cookies = parseSetCookieHeader(
 					context.response.headers.get("set-cookie") || "",
 				);

packages/better-auth/src/utils/state.ts

@@ -1,19 +1,12 @@
 import { generateState as generateStateOAuth } from "oslo/oauth2";
 import { z } from "zod";
 
-export function generateState(
-	callbackURL?: string,
-	currentURL?: string,
-	dontRememberMe?: boolean,
-	additionalFields?: Record<string, any>,
-) {
+export function generateState(callbackURL?: string, currentURL?: string) {
 	const code = generateStateOAuth();
 	const state = JSON.stringify({
 		code,
 		callbackURL,
 		currentURL,
-		dontRememberMe,
-		additionalFields,
 	});
 	return { state, code };
 }
@@ -24,8 +17,6 @@ export function parseState(state: string) {
 			code: z.string(),
 			callbackURL: z.string().optional(),
 			currentURL: z.string().optional(),
-			dontRememberMe: z.boolean().optional(),
-			additionalFields: z.record(z.string()).optional(),
 		})
 		.safeParse(JSON.parse(state));
 	return data;