LukeParke/better-auth
1
0
Fork 0
mirror of https://github.com/LukeHagar/better-auth.git synced 2025-12-10 04:19:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ff54a99c55cbf3d3f65fbc13d69ef7005362e675
better-auth/docs/content
History
Pekastel ff54a99c55 feat(oidc): add support for public clients with PKCE authentication (#3091) 
* feat(mcp): add support for public clients with PKCE authentication

  - Add conditional client authentication based on client type
  - Support public clients using PKCE without client_secret requirement
  - Add "none" to supported token endpoint authentication methods
  - Make clientSecret optional in database schema for public clients
  - Update client registration to handle public clients automatically
  - Maintain backward compatibility with confidential clients

  Fixes authentication issues with Claude.ai and other public OAuth clients
  that use PKCE (Proof Key for Code Exchange) without client secrets.

  Resolves #2813

* style: format code with prettier and fix trailing commas

* fix: resolve TypeScript errors in MCP plugin and tests

  - Fix missing loginPage in oidcConfig for MCP tests
  - Add type assertions for unknown response data types
  - Handle optional clientSecret with null coalescing operators
  - Update OIDC provider to support "none" auth method in metadata
  - Fix type compatibility issues between public and confidential clients

* fix: resolve TypeScript, Vitest, and CI compatibility issues

  - Fix missing loginPage in oidcConfig for MCP tests
  - Add type assertions for unknown response data types
  - Handle optional clientSecret with null coalescing operators
  - Update OIDC provider to support "none" auth method in metadata
  - Fix async describe callback to use synchronous setup with beforeAll
  - Use ephemeral port allocation to prevent CI port conflicts
  - Add explicit type annotations to avoid implicit any errors

* OpenAPI Schema Contract Fixed

* fix: resolve lint

* fix: ensure OAuth 2.0 spec compliance for public client registration

  - Fix public client registration to omit client_secret field entirely
  - Public clients now receive no client_secret property (was empty string)
  - Maintains backward compatibility with confidential clients
  - Addresses OAuth 2.0 Dynamic Client Registration (RFC 7591) requirements

* update docs

* remove any

* dont return secret on public client oidc

* remove any

* conditionally verify client secret

* update test

---------

Co-authored-by: Bereket Engida <Bekacru@gmail.com>
2025-07-17 00:38:19 -07:00
..
blogs
docs: update reach out email
2025-07-03 11:40:11 -07:00
changelogs
built-in
2025-04-13 14:11:08 +02:00
docs
feat(oidc): add support for public clients with PKCE authentication (#3091)
2025-07-17 00:38:19 -07:00