All of the changes made will be available here.

Better Auth is comprehensive authentication library for TypeScript that provides a wide range of features to make authentication easier and more secure.

DocumentationGitHubCommunity

BETTER-AUTH.

v1.3.8

🚀 Features

  • Support to infer error types from endpoint – @himself65
  • Support node:sqlite@himself65
  • Remote sign a jwt payload – @dvanmali @himself65
  • Support device authorization – @himself65
  • Support custom schema merging in SIWE plugin – @himself65
  • Add figma provider – @ShobhitPatra @Kinfe123
  • Enhance Microsoft Entra ID type definitions – @Kinfe123
  • Add onUpdate field on db schema generation – @himself65
  • Add onInvitationAccepted callback for org invitations – @Kinfe123
  • Add query parameter to useSession().refetch() for cache control consistency – @adriandlam @himself65
  • Add last login method plugin – @Bekacru
  • Check endpoint conflits – @himself65
  • Add json field type – @dvanmali
  • Add @default and @updatedAt for prisma generator – @himself65
  • Use defaultNow() for drizzle timestamp fields – @Badbird5907 @himself65
  • admin:
    • Get user  -  by @0xJJW, @ping-maxwell and ping-maxwell in https://github.com/better-auth/better-auth/issues/2587 <samp>(cf7f2)</samp>
    • /admin/update-user role as array  -  by @alliefitter in https://github.com/better-auth/better-auth/issues/4371 <samp>(6c00b)</samp>
  • atlassian:
    • Add atlassian social provider  -  by @ShobhitPatra in https://github.com/better-auth/better-auth/issues/4221 <samp>(e1552)</samp>
  • cli:
    • Add info script  -  by @himself65 in https://github.com/better-auth/better-auth/issues/4143 <samp>(79311)</samp>
  • cognito:
    • Add amazon cognito provider  -  by @ShobhitPatra in https://github.com/better-auth/better-auth/issues/4229 <samp>(02752)</samp>
  • demo:
    • Improve sign-up component  -  by @himself65 in https://github.com/better-auth/better-auth/issues/3789 <samp>(d4c15)</samp>
  • jwt:
    • Add disableSettingJwtHeader flag to prevent issuance of signed jwt  -  by @dvanmali in https://github.com/better-auth/better-auth/issues/4072 <samp>(4b8a2)</samp>
    • Jwks remote url  -  by @dvanmali in https://github.com/better-auth/better-auth/issues/4071 <samp>(74ccf)</samp>
  • mcp:
    • Add protected-resource metadata endpoint  -  by @frectonz and @himself65 in https://github.com/better-auth/better-auth/issues/4394 <samp>(f937c)</samp>
  • microsoft:
    • Add support for setting authority  -  by @Stadly in https://github.com/better-auth/better-auth/issues/4149 <samp>(f4c41)</samp>
  • openapi:
    • Support Scalar Theme  -  by @bytaesu in https://github.com/better-auth/better-auth/issues/4355 <samp>(9db29)</samp>
  • org:
    • Dynamic Access Control  -  by @ping-maxwell and @himself65 in https://github.com/better-auth/better-auth/issues/4087 <samp>(11bb6)</samp>
  • organization:
    • Organization life cycle hooks  -  by @Bekacru and @ping-maxwell in https://github.com/better-auth/better-auth/issues/4049 <samp>(bba0a)</samp>
  • paypal:
    • Add paypal OAuth2 provider  -  by @ShobhitPatra in https://github.com/better-auth/better-auth/issues/4107 <samp>(96b5f)</samp>
  • salesforce:
    • Add salesforce provider  -  by @ShobhitPatra and @himself65 in https://github.com/better-auth/better-auth/issues/4183 <samp>(da9fc)</samp>
  • social:
    • Add Line provider  -  by @linyiru in https://github.com/better-auth/better-auth/issues/4084 <samp>(28211)</samp>
    • Add Kakao, Naver provider  -  by @bytaesu in https://github.com/better-auth/better-auth/issues/3287 <samp>(bd075)</samp>
  • stripe:
    • Add locale to stripe billing portal options  -  by @melsonic and @himself65 in https://github.com/better-auth/better-auth/issues/4108 <samp>(e7216)</samp>

🐞 Bug Fixes

  • Constant time compare – @himself65
  • Secondary storage should allow returning both string and parsed json – @Bekacru
  • Telemetry should be opt in not opt out – @frectonz
  • Show error stack in debug mode – @himself65
  • Move stack check into inner function – @himself65
  • Check x-api-key for all auth endpoint – @himself65
  • Avoid general oauth flow duplicate user – @himself65
  • Small dx for device login – @himself65
  • Invalid pages on docs throw a 500 server error instead of 404 – @Kinfe123
  • Make zod as dependency – @himself65
  • Device authorization interval – @himself65
  • Schema onUpdate not working – @himself65
  • Member not exist on org – @himself65
  • Never type still requires setting clientId to never – @szcharlesji @himself65
  • Team id zod schema meta property for array type – @Kinfe123
  • Resolve field naming inconsistency in account listing endpoint – @Kinfe123
  • Changelogs incorrect mentions – @okisdev
  • Leave error from fetch API as-is – @himself65
  • Update organization requiring all additional fields for update payload – @Bekacru
  • Prevent build error for node:sqlite – @bytaesu
  • Prevent undefined from passed to adapter in username plugin – @Kinfe123
  • Add missing defaultValue on core schema – @himself65
  • Strict social provider type – @himself65
  • apple:
    • Ensures name is always present in profile for mapProfileToUser  -  by @ShobhitPatra in https://github.com/better-auth/better-auth/issues/4156 <samp>(d3c94)</samp>
    • Allow audience to be string &nbsp;-&nbsp; by **efcf5787** [<samp>( stri)</samp>](https://github.com/better-auth/better-auth/commit/ string[] (#4219))
  • cli:
    • Check for undefined defaultValue instead of truthy value when generating drizzle schema  -  by @eni4sure in https://github.com/better-auth/better-auth/issues/3512 <samp>(d9f88)</samp>
    • generate throws error with default export  -  by @himself65 in https://github.com/better-auth/better-auth/issues/4113 <samp>(bb634)</samp>
    • Incorrect drizzle schema gen  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/4132 <samp>(5d84a)</samp>
    • Simplify and correct comma insertion logic in plugin array  -  by @bytaesu in https://github.com/better-auth/better-auth/issues/4281 <samp>(df615)</samp>
  • client:
    • Prevent proxy promise-like behavior  -  by @Aditya-ingole21, @Bekacru, @Kinfe123 and @himself65 in https://github.com/better-auth/better-auth/issues/3679 <samp>(94378)</samp>
    • Prevent proxy promise-like behavior  -  by @Aditya-ingole21, @Bekacru, @Kinfe123 and @himself65 in https://github.com/better-auth/better-auth/issues/3679 <samp>(e08cf)</samp>
    • Avoid atom to be proxy  -  by @himself65 in https://github.com/better-auth/better-auth/issues/4079 <samp>(73da4)</samp>
  • custom-session:
    • Also mutate multi-session response  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/3868 <samp>(14303)</samp>
  • db:
    • Special case schema generation ID  -  by @himself65 in https://github.com/better-auth/better-auth/issues/4400 <samp>(a6ba8)</samp>
  • expo:
    • Fix the inability to dynamically import a dependency  -  by @fax1ty and @himself65 in https://github.com/better-auth/better-auth/issues/4207 <samp>(4f136)</samp>
    • Fix signout clobbering store session properties  -  by @arin-c and Aaryn Coutanche in https://github.com/better-auth/better-auth/issues/4378 <samp>(0c123)</samp>
  • oauth2:
    • Correct basic auth header construction for refresh token  -  by @CodeWithAlexander in https://github.com/better-auth/better-auth/issues/4126 <samp>(77722)</samp>
  • oidc:
    • Allow custom schemas  -  by @julen and @ping-maxwell in https://github.com/better-auth/better-auth/issues/4200 <samp>(0751e)</samp>
    • Specify foreign key references in the schema  -  by @julen and @himself65 in https://github.com/better-auth/better-auth/issues/4264 <samp>(66be9)</samp>
  • oidc-provider:
    • Handle string timestamps in user profile claims  -  by @Louis454545 in https://github.com/better-auth/better-auth/issues/4176 <samp>(dc6f6)</samp>
  • organization:
    • Was possible to remove sole org owner  -  by @gwoodbridge in https://github.com/better-auth/better-auth/issues/3955 <samp>(55815)</samp>
  • stripe:
    • Fix unset values on session completed with trial  -  by @Ooscaar in https://github.com/better-auth/better-auth/issues/4121 <samp>(40a41)</samp>
    • Allow sync function to get plans  -  by @himself65 in https://github.com/better-auth/better-auth/issues/4370 <samp>(a4e0e)</samp>
    View changes on GitHub

v1.3.7

🚀 Features

  • Add disableRedirect to linkSocial@frectonz
  • admin:
    • Add control to prevent admin users from deleting themselves  -  by @yakupensarsayin in https://github.com/better-auth/better-auth/issues/4008 <samp>(3857c)</samp>
  • cli:
    • Resolves tsconfig references for path aliases  -  by @ericc-ch in https://github.com/better-auth/better-auth/issues/3764 <samp>(c5d10)</samp>
    • Support sveltekit $ imports in CLI generate cmd  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/4042 <samp>(9a6a8)</samp>
  • email-otp:
    • Add check verification otp endpoint  -  by @jasongerbes in https://github.com/better-auth/better-auth/issues/1149 <samp>(95f59)</samp>
  • jwt:
    • Sign with jwt for artbitrary payload  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/4041 <samp>(efcb6)</samp>
  • vk:
    • Add user name mapping by default  -  by @Daniel-dev-s and Шевелев Даниил in https://github.com/better-auth/better-auth/issues/3970 <samp>(aa037)</samp>

🐞 Bug Fixes

  • Throw proper error if session is null when deleting organization – @Kinfe123
  • Prevent file system access when telemetry is disabled – @Kinfe123
  • Memory leak in custom session plugin – @tehnrd
  • Use wider types for database hooks payloads – @Bekacru
  • admin:
    • ImpersonatedBy not appearing in client (type fix)  -  by @atharvadeosthale in https://github.com/better-auth/better-auth/issues/1854 <samp>(f6480)</samp>
  • cli:
    • Clean up unused pg and mysql import in drizzle schema generator  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/3974 <samp>(68f00)</samp>
    • Add FK onDelete cascade and CURRENT_TIMESTAMP defaults on generation  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/3906 <samp>(1cbea)</samp>
    • Clean up unused pg and mysql import in drizzle schema generator  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/3974 <samp>(19933)</samp>
  • organization:
    • Prevent fk constraint violation when creating invitation without teams  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/4035 <samp>(47c1f)</samp>
    • Resend invitation should reuse existing invitation instead of creating duplicate  -  by @gingeekrishna in https://github.com/better-auth/better-auth/issues/3520 <samp>(0c7e8)</samp>
  • sso:
    • [⚠︎Security] - membership check should be required before allowing users to create sso for an organization  -  by @Bekacru <samp>(9c461)</samp>
  • stripe:
    • Prevent undefined assignment to optional properties  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/4037 <samp>(52512)</samp>
  • sveltekit:
    • Use permissive typing for RequestEvent params  -  by @n00ki in https://github.com/better-auth/better-auth/issues/3994 <samp>(375e9)</samp>
  • telemetry:
    • process referenced on non-nodejs runtime  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/4007 <samp>(aa19d)</samp>
    View changes on GitHub

v1.3.5

🚀 Features

  • List organization memebrs with pagination and filter queries – @Bekacru
  • Return false from generateId callback to imply database-generated ID – @aleclarson
  • Support multiple aud for apple oauth – @Kinfe123
  • Allow getUserInfo to return number type – @himself65
  • Remove revoked session from active sessions list – @himself65
  • Add telemetry – @frectonz, @himself65
  • cli:
    • Added --yes for generate/migrate, deprecated --y  -  by @nktnet1 in https://github.com/better-auth/better-auth/issues/3542 <samp>(e11c5)</samp>
  • oidc-provider:
    • Add client to getAdditionalUserInfoClaim callback  -  by @grant0417 in https://github.com/better-auth/better-auth/issues/3790 <samp>(b2ac8)</samp>
    • Allow passing oauth consent code via query params  -  by @grant0417 in https://github.com/better-auth/better-auth/issues/3845 <samp>(18f72)</samp>
  • organization:
    • Additional fields support separate client-server projects  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/3564 <samp>(a83cf)</samp>
    • Add membersLimit param to allow to fetch more or less members than the membership limit  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/3580 <samp>(518ab)</samp>
    • Add option for requiring email verificaiton  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/3785 <samp>(f88e4)</samp>
  • passkey:
    • Allow custom passkey name during registration  -  by @Fyoxy in https://github.com/better-auth/better-auth/issues/3587 <samp>(e5f3f)</samp>
  • stripe:
    • Create billing portal session  -  by @rhitune2 in https://github.com/better-auth/better-auth/issues/3625 <samp>(b5273)</samp>

🐞 Bug Fixes

  • Shouldn't refresh a token if access token expires is undefined or null – @Bekacru
  • Ensure session is added to context when reading from cookie cache – @gaganref
  • Make sveltekit plugin ALS-agnostic – @Kinfe123
  • Use same expires at date for cookie session data payload and signature – @PacifismPostMortem
  • Resolve notion oauth user info extraction – @Kinfe123
  • Cast dates from db to Date when using date methods – @erquhart
  • Twitter refresh token requires basic authentication – @bytechase
  • Pass loginHint to Microsoft oauth URL – @widavies
  • Cast dates from session to Date when using date methods – @erquhart
  • Incorrect initialization of remaining value within API key – @eaoliver
  • Add missing team reference in teamMember schema – @Kinfe123
  • Await ctx in middleware – @himself65
  • Plugins options type compatibility issue with exactOptionalPropertyTypes enabled in ts-config – @Kinfe123
  • Client secret should be optional in configuring the generic oauth plugin – @frectonz @Bekacru
  • Ensure zod v4 type annotations work with core types – @Kinfe123
  • Remove deep array merge when merging hooks context – @Adityakk9031
  • Allow returning response object to skip after hooks – @Bekacru
  • Handle inconsistent user update error in phone number plugin – @Kinfe123
  • admin:
    • Export type definitions from the admin plugin  -  by @daidr in https://github.com/better-auth/better-auth/issues/3628 <samp>(d1d59)</samp>
  • cli:
    • --yes option does not work on @better-auth/cli generate  -  by @phanect in https://github.com/better-auth/better-auth/issues/3749 <samp>(2d8d0)</samp>
    • Prisma schema generate mismatch on custom plugin table names  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/3021 <samp>(48063)</samp>
    • Only show the overwrite message when the schema file exists and the code has changed  -  by @frectonz in https://github.com/better-auth/better-auth/issues/3826 <samp>(7c43f)</samp>
  • deps:
    • Update better-auth dependencies  -  in https://github.com/better-auth/better-auth/issues/3916 <samp>(5da96)</samp>
  • expo:
    • Improve cookie expiration handling  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/3705 <samp>(67f84)</samp>
  • generic-oauth:
    • Set account id from mapped user fields when creating account  -  by @charlietlamb in https://github.com/better-auth/better-auth/issues/3649 <samp>(41146)</samp>
  • jwt:
    • Ensure alg is added to the jwks when generating via /token endpoint  -  by @elliottminns in https://github.com/better-auth/better-auth/issues/3601 <samp>(f9930)</samp>
    • Expose jwt options to plugins  -  by @grant0417 in https://github.com/better-auth/better-auth/issues/3726 <samp>(60c92)</samp>
  • magic-link:
    • Magic link URL construction  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/3770 <samp>(ec660)</samp>
  • mcp:
    • Redirect returns json instead of 302  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/3838 <samp>(53260)</samp>
  • mssql:
    • "text" datatype is not working with mssql  -  by @ludoblues in https://github.com/better-auth/better-auth/issues/3144 <samp>(1b614)</samp>
  • org:
  • organization:
    • Updated types for the user argument in allowUserToCreateOrganization to support custom fields  -  by @TimurBas in https://github.com/better-auth/better-auth/issues/3600 <samp>(7fa90)</samp>
    • Team members should be cleaned up on delete team  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/3833 <samp>(9c4a7)</samp>
    • Convert emails to lower case for invitation lookups  -  by @gwoodbridge in https://github.com/better-auth/better-auth/issues/3835 <samp>(15c1e)</samp>
  • organizaton:
    • Avoid cross organization member role updates  -  by @max-om in https://github.com/better-auth/better-auth/issues/3932 <samp>(553fd)</samp>
  • plugins:
    • Export siwe plugin  -  by @chunterb in https://github.com/better-auth/better-auth/issues/3503 <samp>(85415)</samp>
  • reddit:
    • Refresh access token should use basic auth  -  by @Kinfe123 in https://github.com/better-auth/better-auth/issues/3753 <samp>(669ce)</samp>
  • stripe:
    • Prevent duplicate trials when switching plans  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/3622 <samp>(c2fb1)</samp>
    • Update customer id should also trigger secondary storage update  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/3635 <samp>(a536d)</samp>
    • Fallback to subscription id instead of picking the first sub if id is provided  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/3696 <samp>(2ec8c)</samp>
  • tiktok:
    • Client id is not used for TikTok social provider  -  by @himself65 in https://github.com/better-auth/better-auth/issues/3846 <samp>(dabc5)</samp>
  • username:
    • isUsernameAvailable should validate usernames  -  by @ping-maxwell in https://github.com/better-auth/better-auth/issues/3680 <samp>(e60f7)</samp>
    • isUsernameAvailable should validate usernames "  -  by @Bekacru in https://github.com/better-auth/better-auth/issues/3680 and https://github.com/better-auth/better-auth/issues/3730 <samp>(4d85d)</samp>
    • Remove normalize transform for displayUsername  -  by @oskar-gmerek in https://github.com/better-auth/better-auth/issues/3912 <samp>(fa4c6)</samp>
    View changes on GitHub