* fix(email-verification): improve email verification logic to check session and user email consistency (#3042)
* docs(passkey): Fixed signIn passkey props (#3014)
callbackURL doesn't exist.
* fix(email-otp): auto-verify on email otp reset (#3022)
* fix: delete user should respect freshAge config (#3075)
* fix: delete user needs to enforced through fresh age
* cleanup
* cleanup
* chore(org): add comments explaining what shimContext does (#3098)
* feat: Allow passing `id` in DB hook `create` (#3048)
* feat(database-hooks): Allow passing `id` in DB hook `create`
It's the same to using a custom `idGenerator`, except configurable by the database hook which would in theory provide more data.
A use-case is to generate the id based on user info in the user before DB hook.
Solves https://discord.com/channels/1288403910284935179/1379190465588367540/1384217435535835216
* chore: lint
* fix: tests failing
* docs: basic errs with svg props (#3102)
* docs: corrected github user email scope name (#3099)
* docs: corrected github user email scope name
* docs: cubic dev suggestion
* fix: use correct refresh token endpoint for github (#3095)
* chore: fix typo in authorize comment (#3106)
* docs: fix session parameter spelling (#3108)
* docs: input field usage on additional fields (#2991)
* fix: onLinkAccount trigger on phone number verification (#3007)
* fix: expose headers override in jwt plugin (#3019)
* expose headers override in jwt plugin
* clean up
* lint
* fix(expo): remove duplicated trusted origins
* feat: link account with idToken (#1830)
* add idToken to link account
* add docs
* Implemented linking accounts based on idToken
* fix: tests
* docs: prevent diff
* docs: prevent diff
---------
Co-authored-by: kzlar <120426485+kzlar@users.noreply.github.com>
* feat: add Hugging Face provider (#3089)
* feat: add huggingface provider
* Add hugging face to doc
* chore: update hugging face logo
* chore: release v1.2.10
* docs: fix builder failing to open
* docs(NextJS): Improve middleware example to be more secure (#3135)
* docs(NextJS): Improve middleware example to be more secure
Users can skim code without reading the text, and LLMs can read code and miss-understand context correctly. Our current middleware example only checks for existence of a cookie, and doesn't validate it.
While we do warn users this isn't secure, some users has raised concern in a Github issue saying it's not obvious enough for users who skim.
Also we don't provide examples on how to authenticate users on each route, we only show middleware optimistic check examples.
* Update docs/content/docs/integrations/next.mdx
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
---------
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* fix(username): log the correct username (#3127)
* docs: fix typo in plugin (#3122)
* typo
* typo
* typo
* typo
* typo
* docs: fix typos on mcp guide (#3146)
* docs: update TanStack Start integration guide (#3142)
* fix(sveltekit): only dynamic import $app/environment once (#3152)
Co-authored-by: Work <work@Jasons-MacBook-Pro.local>
* docs: fix typo in oauth proxy documentation (#3151)
* blog: seed round announcement (#3168)
* init
* cleanup
* fix seed round announcemnt
* fix seed round announcemnt
* seed round blog
* add nav mobile
* fix typo
* Update docs/content/blogs/seed-round.mdx
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* Update docs/app/blog/[[...slug]]/page.tsx
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* Update docs/app/blog/[[...slug]]/page.tsx
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* update og
* cleanup
---------
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* docs: fix email address
* refactor(mongo-adapter): migrate to createAdapter (#3170)
In the past we didn't have mongoDb adapter move over to createAdapter since we've seen users running into issues.
However some time ago I've merged a PR which I believe fixed the issue, and after testing the org plugin with the mongo adapter that uses `createAdapter` I don't see any issues.
* fix(api-key): update should only use by ID
* docs: fix blog page layout (#3176)
* fix/blog-page-layouts
* clean up
* docs: update contact email in seed round blog
* init
* cleanup
* feat(better-auth): add test utilities and update dependencies
- Introduced a new test utility module in `src/test-utils/index.ts` for better testing support.
- Updated `package.json` to include new test utilities in the build configuration.
- Added `oauth2-mock-server` dependency to `pnpm-lock.yaml` and `sso/package.json` for OAuth2 testing.
- Enhanced the SSO provider registration process with improved error handling.
* docs update
---------
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: KinfeMichael Tariku <65047246+Kinfe123@users.noreply.github.com>
Co-authored-by: Undefined Ninja <74867549+0xCodeMaieutics@users.noreply.github.com>
Co-authored-by: artemoire <18062266+artemoire@users.noreply.github.com>
Co-authored-by: reslear <12596485+reslear@users.noreply.github.com>
Co-authored-by: kzlar <120426485+kzlar@users.noreply.github.com>
Co-authored-by: Eliott C. <coyotte508@protonmail.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
Co-authored-by: Alessandro Bortolin <bortolin.alessandro@outlook.it>
Co-authored-by: Lakshya Thakur <lapstjup@gmail.com>
Co-authored-by: Usman S. (Max Programming) <51731966+max-programming@users.noreply.github.com>
Co-authored-by: Jason Venable <jason.venable@gmail.com>
Co-authored-by: Work <work@Jasons-MacBook-Pro.local>
Co-authored-by: Dan McGrath <daniel.mcgrath9@gmail.com>
* feat: add have i been pwned first draft plugin
* fix: remove error being thrown when no password or body
* fix: return the ctx and ctx body check
* feat: add custom message option
* feat: add first draft docs for plugin
* fix: import in docs
* fix: big typo
* fix: typo
* fix: typo and correct error message
* fix: typo and options optional
* fix: small fixes import and safe options
* feat: add tests - not sure i totaly understand getTestInstance :(
* fix: lint
* simplify checks and fix tests
* feat: add "Have I Been Pwned" plugin to sidebar and update documentation
* build
---------
Co-authored-by: Bereket Engida <bekacru@gmail.com>
* refactor(adapter): `createAdapter` helper
* update: Kysely adapter support
* update: memory adapter
* chore: cleanup
* update: MongoDB adapter supported
* update: mongodb adapter file names
* update: support for prisma adapter
- also fixed memory adapter with `getField`
- disabled all debug logs by default
* chore: lint
* fix: generate an `id` if it isn't already provided
* update(test): init config snapshot
* update: existing adapters tests to include an `id` existence check
* fix: renamed prisma adapter file names
* ^
* update(mongo): Removed `disableIdGeneration` for mongo adapter
* fix: dont add `id` from fields if `disableIdGeneration` is false
* fix: adapter converting dates to string using the wrong value data
* add: create-adapter tests
* update: moved `adapter` to `create-adapter` under the existing `adapters` folder
* WIP: docs
* fix: create-adapter test importing from wrong path
* WIP: docs
* update: key transformation map options are now objs not fns
* chore: lint
* update: cleanup & added debugLogs/usePlural option to some adapters
* update: tests
* chore: cleanup
* update: fields name & made customTransforminput/output to run after supportsDates/supportsBoolean/SupportsJSON to run
* chore: lint
* Update: docs
* update: update-many to not use transformOutput
* chore: lint
* fix: adapter options breaking
* update: set the default limit on findMany
* update: docs
* update: docs & cleaned up code
* update: create schema comes with `tables` now
* This is useless
* fix: api-key shouldn't handle id gen in row creation
* chore: lint
* WIP: useNumberId
* chore: cleanup
* removed all cases of `id` during adapter.create call
* update: useNumberId
* update: drizzle adapter schema generation
- update: pg now sets `id` field to use `uuid`.
- fix: sets the correct reference `onDelete` action.
- refactor: cleaned up the code a lot more
* update: added `supportNumericIds` in create adapter options
* chore: cleanup
* update(tests): added option to disable any adapter tests & created a `useNumberId` test
* fix: skip tests options were using old method
* chore: lint
* WIP: Drizzle tests with number id
* chore: lint
* fix: memory adapter failing on number id adapter tests
* chore: cleanup
* fix: adapter tests fail due to emails needing to be unique
* update: support drizzle adapter use-number-id
* fix: cleanup Drizzle Adapter tests
* fix: drizzle schema generation for reference id fields
* fix: type errs in memory adapter tests
* fix: memory adapter tests
* Update init.test.ts.snap
* fix: prisma tests correctly uses the right primsa client per schema
* Delete run-vitest.ts
* update: create-adapter to support `getDefaultFieldName`
* update: create-adapter adapter options updated
* fix: adapters using older function names
* fix: create-adapter now converts where clauses & added tests
* update: new `getFieldAttributes` option in create-adapter, and fixed convert where clause fn
* chore: cleanup
* update: convertWhereClause in create-adapter improved
* update: BAOptions to start using `database` & updated adapter tests
* fix: type errors
* chore: lint
* update: default config values for the create-adapter config
* fix: getModelName doesnt take into account of plural
* chore: cleanup
* update: improved getDefaultModelname
* fix: create-adapter transform input doesn't take into account reference IDs
* fix: transformInput on reference IDs doesn't take into account of array IDs
* chore: lint
* fix: prisma tests
* fix: Prisma adapter tests running one after another
* fix: init snapshot should state supportJSON as `false`
* fix: drizzle adapter tests
* update: adapter test options to allow passing a test prefix
* chore: add state.txt to gitignore
* remove: state.txt from gitignore, it's useless
* chore: lint
* Update adapter.prisma.numberid.test.ts
* fix: get-migration for mysql & mssql `id` fields to use varchar
* chore: cleanup
* update: adapter comes with adapter-test-debug-log functions
* update: made adapterTestDebugLog functions only be in adapter if config enabled it
* fix: transactionId for debug logs not working correctly
This was due to the adapter being reinitialized each test case
* update: Added colors to debug logs
* update: adapter tests a little more refined
* add: deepmerge dev deps to deep merge better auth options config for adapters
* fix: create-adapter types
* update: revert back to old types
* fix: prisma adapter tests now run one after another
* fix: kysely adapter to work when no `id` is provided
* update: mongoDB to set `supportNumericids` to false
* update(docs): discuss new `database` object in BetterAuthOptions
* add: support for custom ID generation
* fix: docs had incorrect default value for `supportsJSON`
* update(docs): added number id adapter test documentation
* fix: drizzle-adapter mysql tests
* update: drizzle-adapter tests to use deepmerge
* add: drizzle-adapter mysql tests to test useNumberId
* add: Prisma generate to support number id
* update: support the old `generateId` option, but warn the user for deprecation
* update: init test snapshot
* update: adapter tests not included in normal tests
* Update pnpm-lock.yaml
* fix: typo in file names for kysley test files
* update: separated adapter tests
* Update pnpm-lock.yaml
* fix: please tell me I actually fixed this
* fix: pnpm-lock merge conflict
* chore: lint
* fix: sveltekit pkg.json merge conflicts (hopefully)
* Delete pnpm-lock.yaml
* update: createSchema takes into account of rate-limit and secondaryStorage
* improve docs
* add drizzle returning id retriver
* chore: fix test script
---------
Co-authored-by: Bereket Engida <bekacru@gmail.com>
* add(docs): "new" badge in sidebar
* update: made badge place at the end of the div
* add: roblox, tiktok & VK badges
* update: removed border from badge
- also readjusted roblox position
* remove: new badge from "other social providers"
* init
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* feat(stripe): enable subscription support and update pricing plans
* feat(stripe): add Vitest configuration and initial tests for Stripe integration
* feat(stripe): implement setCookieToHeader function and update tests for customer creation and subscription handling
* feat(stripe): add seats support for subscriptions and update related endpoints
* feat(stripe): update schema to include unique referenceId, stripeSubscriptionId, and periodEnd fields
* wip docs
* docs
* docs: imporves
* fix(stripe): update webhook handlers to use correct subscription identification
* refactor(stripe): simplify customer management by storing Stripe customer ID directly on user
* chore(stripe): update package configuration and build setup
- Migrated from tsup to unbuild for build configuration
- Updated package.json with improved export and dependency management
- Added build configuration for better module support
- Removed tsup configuration file
* chore(stripe): update pnpm lockfile dependencies
- Moved `better-auth` from devDependencies to dependencies
- Added `zod` as a direct dependency
- Reorganized package dependencies in the lockfile
* feat(stripe): enhance subscription management and error handling
- Added toast error handling for subscription upgrades in the dashboard
- Updated Stripe price IDs for different plans
- Improved Stripe plugin documentation with beta warning and team subscription details
- Implemented intermediate redirect for checkout success to handle race conditions
- Added support for fetching and updating subscription status after checkout
- Fixed Next.js cookie handling and build configuration
* chore: update snapshot
* docs: sidebar updated for new category
* fix: icons to use fill version
* add: the rest of the pages for the database category
* update: MySQL done
* update: SQLite done. (and updated MySQL)
* update: PostgreSQL
* update: mssql done
* update: added callout to Kysley docs for each core dialect
* update: other relational databases page
* update: drizzle
* docs(fix): wrong words on drizzle page
* update: mongo docs
* update: prisma done
* update: community adapter page
* update: concept/database to refer to the documentation for each dialect in the docs category
* update: drizzle to mention the schema definitions
---------
Co-authored-by: Bereket Engida <86073083+Bekacru@users.noreply.github.com>
* feat: API-key plugin
* add: `deleteAllExpiredApiKeys` functionality
* fix: fetching sessions from headers
* update: types & create-api-key now checks for min & max expiresIn values
* tests: Started working on tests
* add: features
- added list functionality
- added min & max prefix length
- added min & max name length
- added metadata enable/disable option
- added `disableSessionForAPIKeys` option
- verify API key now checks for expiration & refills
- added regex to check prefix of api key
* fix: create-api-key's expiration using `/` instead of `*`
* update: schema `metadata` transforms invalid values as `null`
* fix: create-api-key metadata should go through transformation
* fix: missing metadata wouldn't have `'null'` as value
* update: error types
* fix: remove console.logs from verify
* fix: rate-limit not working
* fix: rate-limit plugin options types
* chore: remove logs
* update: removed `key` field from result apiKey type of the update-api-key endpoint
* fix: typo
* update: create & update if checks
- create now checks if custom expiration times are allowed
- update now allows name values & checks if name is within length range
- update now also checks for custom expiration times are allowed
* update(WIP): tests
* fix: added the missing error throw when there is no values to update
* fix: update-api-key checks expiresIn in days, not ms
- also updated create-api-key & update-api-key to have more detailed event logging
* fix: update api key's remaining count's min & max checks
- also added more detail to the events
* fix: update-api-key can now update refillInterval & refillAmount properly
* fix: metadata in update-api-key transforms between string & obj correctly
* add: all of the `update` tests
* update: get-api-key metadata is now obj instead of string
* add: listApiKeys functionality
* fix: get-session to use mock session based on header API keys
* update: tests to test against get-session, get-api-key, and list-api-key
* add: `start` field to show the first few characters of an API key
* fix: very silly mistake
* update: tests to validate `start` property
* update: create-api-key checks if properties are set from server & allows for custom rate-limit rules
- also updated tests to check against this
* update: verify-api-key to check if a row has the right user-id
- this also should speed up the DB process too. (I'm pretty sure)
* update: `delete-all-expired-api-keys` endpoint added & updated list-api-keys endpoint function name
* add: customAPIKeyValidator fn, and fixed verification `remaining` and `lastRefillAt` values updating DB incorrectly
* update: documentation
* add: rate-limiting enable/disable on a per-key level
* update: docs
* fix: correct expiration time units and improve error messages in API key handling
* fix: allow creating apiKeys by providing userId on the server
* fix: user userId instead of headers to differ server vs client calls on create api key
* wip
* fix: JSDoc comment
* fix: tests not passing due to invalid expiresIn value
Since the expiresIn got changed from `ms` to `sec`, this needed to be changed as well.
* wip
* fix(api-key): update tests and error messages for API key verification
* fix(api-key): update API key fixes
* refactor tests and remove events
* refactor(api-key): remove unused event handling and clean up type definitions
* add: minimum values to `create-api-key` numeric input options
* fix: remove `opts.events` in delete-api-key route
* refactor: all returning routes which can contain `key`
- more performant
- better typed
- cleaner code
:D
* update: added minimum values to update-api-key endpoint as well
* fix: removed `maximumRemaining` & `minimumRemaining` default values in `opts`
* docs: ready (unless I make minor adjustments later) 🫡
* fix(docs): links & invalid code examples
* fix: output transform of metadata to use ParseJSON
* fix: tests failing due to async metadata transform output
* fix: return types for verify-api-key endpoint
* fix: tests failing due to invalid expiresIn minimum value
* docs: reorder sidebar items for API Key
* wip
* docs(api-key): enhance documentation with permissions and usage details
- Updated API key documentation with comprehensive permissions explanation
- Added examples for setting default permissions, creating, verifying, and updating API keys with permissions
- Clarified API key creation, verification, and update processes
- Improved code examples and descriptions for better understanding
* chore: lint
* fix(docs): incorrect wording / explanation on refillInterval/refillAmount
* add(docs): missing permissions info in docs
---------
Co-authored-by: Bereket Engida <bekacru@gmail.com>
* init: plasmo example project
* feat: add example for browser extension with BetterAuth
- Introduced a basic browser extension example using Plasmo framework and BetterAuth for authentication.
- Updated .env.example with BetterAuth configuration.
- Removed unnecessary GitHub workflow file for submitting to Web Store.
- Updated .gitignore to exclude local env files.
- Improved README documentation for the example.
- Included BetterAuth dependency in the package.json and updated the pnpm-lock.yaml.
* add: browser-extension example complete
* fix: content.tsx
* remove: browser-extension package as that isn't needed
* add: browser extension buide
* docs: added references in the guide to the examples code
* remove(dep): unused dependency
* refactor: package.json - remove author & update description
* wip
* chore: update lock file
* docs: update icon
---------
Co-authored-by: Bereket Engida <bekacru@gmail.com>
