better_auth 0.8.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 98014e245459f3b5a7de74fbd1e41ac5449ff223e20e5f9c8ef9500e15c55d9f
-  data.tar.gz: 28252ead0ea2f370233bcc73bcc41568604608ff2d4d891a66abf71f49e01497
+  metadata.gz: c5b3eeb719cd263152d0e166d19735bccbe118bd72a26093b57686105c456815
+  data.tar.gz: 6c7f3fc3653cba526e5f889bb2b1095fefcbcf3bb9b90c1ac50f042635e56071
 SHA512:
-  metadata.gz: 22e4e6488cebfdc63f77d68747df4283ccf27c82381ab6bb7e372485f0c2d93cb4e37dce4748e75020f6556ff08a675ba42d47cf39a57f90c86f2d4a396c09b4
-  data.tar.gz: a05af007c3dcd034bc035a37e825991ce76ff8af9199ae33f4a3ecf2250718ac848ae52baa84d2d60c7b5eace5d7f2750de2d40dde779b182640184b50d1a765
+  metadata.gz: 90a88bf3352d716dc78074b0d61de38d7188c7f6f98b5d930cd426e020ab51f5b5f21fe8d5765ad96adfbb955345113f23396cfdd65317e6b063613ed7a4da70
+  data.tar.gz: 28acb5fd682eff9fff9ff99cf7ac3e5c26b0dce26bb6c37c7a2f4ed6a75b2e9529626a280a244b6755e1edb40631c0057759c0b9e738f0d24c3d4a0d5f9baec4

data/CHANGELOG.md

@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.10.0] - 2026-05-21
+
+### Fixed
+
+- Fixed organization owner counting to page through adapter results instead of
+  relying on a single uncapped `find_many` call.
+- Improved SQL, memory, cookie, rate-limit, plugin schema, social login, and
+  auth response edge cases for more consistent behavior across adapters.
+
 ## [0.7.0] - 2026-05-05
 
 ### Added

data/README.md

@@ -13,11 +13,11 @@
     ·
     <a href="https://better-auth.com">Website</a>
     ·
-    <a href="https://github.com/sebasxsala/better-auth/issues">Issues</a>
+    <a href="https://github.com/sebasxsala/better-auth-rb/issues">Issues</a>
   </p>
 
 [![Gem](https://img.shields.io/gem/v/better_auth?style=flat&colorA=000000&colorB=000000)](https://rubygems.org/gems/better_auth)
-[![GitHub stars](https://img.shields.io/github/stars/sebasxsala/better-auth?style=flat&colorA=000000&colorB=000000)](https://github.com/sebasxsala/better-auth/stargazers)
+[![GitHub stars](https://img.shields.io/github/stars/sebasxsala/better-auth?style=flat&colorA=000000&colorB=000000)](https://github.com/sebasxsala/better-auth-rb/stargazers)
 </p>
 
 ## About the Project
@@ -212,7 +212,7 @@ Full documentation is being adapted in the root [`docs/`](/Users/sebastiansala/p
 
 ```bash
 # 1. Clone the repository
-git clone https://github.com/sebasxsala/better-auth.git
+git clone https://github.com/sebasxsala/better-auth-rb.git
 cd better-auth/packages/better_auth
 
 # 2. Install dependencies
@@ -370,7 +370,7 @@ test/                       # Core tests (Minitest)
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/sebasxsala/better-auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/sebasxsala/better-auth/blob/main/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at https://github.com/sebasxsala/better-auth-rb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/sebasxsala/better-auth-rb/blob/main/CODE_OF_CONDUCT.md).
 
 ## License
 

data/lib/better_auth/adapters/memory.rb

@@ -6,6 +6,8 @@ require "time"
 module BetterAuth
   module Adapters
     class Memory < Base
+      include JoinSupport
+
       attr_reader :db
 
       def initialize(options, db = nil)
@@ -35,17 +37,23 @@ module BetterAuth
       end
 
       def update(model:, where:, update:)
+        model = model.to_s
+        ensure_update_input_has_fields!(model, update)
         records = table_for(model).select { |record| matches_where?(record, where || []) }
-        data = transform_input(model.to_s, update, "update", true)
+        data = transform_input(model, update, "update", true)
+        ensure_update_data!(data)
         records.each { |record| record.merge!(data) }
         records.first
       end
 
       def update_many(model:, where:, update:)
+        model = model.to_s
+        ensure_update_input_has_fields!(model, update)
         records = table_for(model).select { |record| matches_where?(record, where || []) }
-        data = transform_input(model.to_s, update, "update", true)
+        data = transform_input(model, update, "update", true)
+        ensure_update_data!(data)
         records.each { |record| record.merge!(data) }
-        records.first
+        records.length
       end
 
       def delete(model:, where:)
@@ -109,16 +117,34 @@ module BetterAuth
             raise APIError.new("BAD_REQUEST", message: "#{field} is required") unless field == "id"
           end
 
-          output[field] = coerce_value(value, attributes) if value_provided
+          output[field] = coerce_value(value, field, attributes) if value_provided
         end
 
-        output["id"] = generated_id if action == "create" && !output.key?("id")
+        output["id"] = generated_id(model) if action == "create" && fields.key?("id") && (!output.key?("id") || output["id"].nil?)
         output
       end
 
-      def generated_id
+      def ensure_update_data!(data)
+        raise APIError.new("BAD_REQUEST", message: "No fields to update") if data.empty?
+      end
+
+      def ensure_update_input_has_fields!(model, update)
+        raise APIError.new("BAD_REQUEST", message: "No fields to update") unless update.is_a?(Hash)
+
+        fields = Schema.auth_tables(options).fetch(model).fetch(:fields)
+        input = stringify_keys(update)
+        has_updatable_field = input.any? do |field, _value|
+          next false if field == "id" || field == "_id"
+
+          fields.key?(field) || fields.any? { |logical_field, attributes| Schema.storage_key(attributes[:field_name] || logical_field) == field }
+        end
+        raise APIError.new("BAD_REQUEST", message: "No fields to update") unless has_updatable_field
+      end
+
+      def generated_id(model)
         generator = options.advanced.dig(:database, :generate_id)
         return generator.call.to_s if generator.respond_to?(:call)
+        return table_for(model).length + 1 if generator == "serial"
         return SecureRandom.uuid if generator == "uuid"
 
         SecureRandom.hex(16)
@@ -128,8 +154,9 @@ module BetterAuth
         default.respond_to?(:call) ? default.call : default
       end
 
-      def coerce_value(value, attributes)
+      def coerce_value(value, field, attributes)
         return value if value.nil?
+        return coerce_number(value) if serial_id_field?(field, attributes)
         return Time.parse(value) if attributes[:type] == "date" && value.is_a?(String)
 
         value
@@ -155,8 +182,10 @@ module BetterAuth
         field = Schema.storage_key(fetch_key(clause, :field))
         value = fetch_key(clause, :value)
         operator = (fetch_key(clause, :operator) || "eq").to_s
+        mode = (fetch_key(clause, :mode) || "sensitive").to_s
         current = record[field]
         comparable = coerce_where_value(record, field, value, operator)
+        current, comparable = insensitive_values(current, comparable) if insensitive_comparison?(mode, current, comparable)
 
         case operator
         when "in"
@@ -187,9 +216,9 @@ module BetterAuth
       def coerce_where_value(record, field, value, operator)
         attributes = schema_for_record_field(record, field)
         return value unless attributes
-        return Array(value).map { |entry| coerce_scalar_where_value(entry, attributes) } if %w[in not_in].include?(operator)
+        return Array(value).map { |entry| coerce_scalar_where_value(entry, field, attributes) } if %w[in not_in].include?(operator)
 
-        coerce_scalar_where_value(value, attributes)
+        coerce_scalar_where_value(value, field, attributes)
       end
 
       def schema_for_record_field(record, field)
@@ -201,8 +230,9 @@ module BetterAuth
         nil
       end
 
-      def coerce_scalar_where_value(value, attributes)
+      def coerce_scalar_where_value(value, field, attributes)
         return value if value.nil?
+        return coerce_number(value) if serial_id_field?(field, attributes)
 
         case attributes[:type]
         when "boolean"
@@ -221,6 +251,32 @@ module BetterAuth
         value
       end
 
+      def serial_id_field?(field, attributes)
+        return false unless options.advanced.dig(:database, :generate_id) == "serial"
+        return true if field.to_s == "id"
+
+        reference = attributes[:references]
+        return false unless reference
+
+        (reference[:field] || reference["field"]).to_s == "id"
+      end
+
+      def insensitive_comparison?(mode, current, comparable)
+        return false unless mode == "insensitive"
+
+        current.is_a?(String) && (comparable.is_a?(String) || comparable.is_a?(Array))
+      end
+
+      def insensitive_values(current, comparable)
+        normalized_current = current.downcase
+        normalized_comparable = if comparable.is_a?(Array)
+          comparable.map { |entry| entry.is_a?(String) ? entry.downcase : entry }
+        else
+          comparable.downcase
+        end
+        [normalized_current, normalized_comparable]
+      end
+
       def coerce_number(value)
         return value unless value.is_a?(String)
         return value.to_i if /\A-?\d+\z/.match?(value)
@@ -252,18 +308,76 @@ module BetterAuth
 
       def apply_join(model, record, join)
         joined = record.dup
-        join.each_key do |join_model|
-          join_model = join_model.to_s
-          joined[join_model] = case [model, join_model]
-          when ["session", "user"], ["account", "user"]
-            table_for("user").find { |user| user["id"] == record["userId"] }
-          when ["user", "account"]
-            table_for("account").select { |account| account["userId"] == record["id"] }
+        normalized_join(model, join).each do |join_model, config|
+          matches = table_for(join_model).select do |join_record|
+            join_record[config.fetch(:to)] == record[config.fetch(:from)]
+          end.map(&:dup)
+
+          joined[join_model] = if one_to_one_join?(config)
+            matches.first
+          else
+            matches.first(join_limit(config))
           end
         end
         joined
       end
 
+      def one_to_one_join?(config)
+        config[:relation] == "one-to-one" || config[:unique] == true
+      end
+
+      def join_limit(config)
+        value = config[:limit]
+        return 100 if value.nil?
+
+        parsed = Integer(value)
+        parsed.positive? ? parsed : 100
+      rescue ArgumentError, TypeError
+        100
+      end
+
+      def inferred_join_config(model, join_model)
+        foreign_keys = schema_for(join_model).fetch(:fields).select do |_field, attributes|
+          reference_model_matches?(attributes, model)
+        end
+        forward_join = true
+
+        if foreign_keys.empty?
+          foreign_keys = schema_for(model).fetch(:fields).select do |_field, attributes|
+            reference_model_matches?(attributes, join_model)
+          end
+          forward_join = false
+        end
+
+        raise Error, "No foreign key found for model #{join_model} and base model #{model} while performing join operation." if foreign_keys.empty?
+        raise Error, "Multiple foreign keys found for model #{join_model} and base model #{model} while performing join operation. Only one foreign key is supported." if foreign_keys.length > 1
+
+        foreign_key, attributes = foreign_keys.first
+        reference = attributes.fetch(:references)
+        if forward_join
+          unique = attributes[:unique] == true
+          {from: reference.fetch(:field).to_s, to: foreign_key, relation: unique ? "one-to-one" : "one-to-many", unique: unique}
+        else
+          {from: foreign_key, to: reference.fetch(:field).to_s, relation: "one-to-one", unique: true}
+        end
+      end
+
+      def schema_for(model)
+        Schema.auth_tables(options).fetch(model.to_s)
+      end
+
+      def reference_model_matches?(attributes, model)
+        reference = attributes[:references]
+        return false unless reference
+
+        reference_model = reference[:model] || reference["model"]
+        reference_model.to_s == model.to_s || reference_model.to_s == schema_for(model).fetch(:model_name)
+      end
+
+      def storage_key(field)
+        Schema.storage_key(field)
+      end
+
       def stringify_keys(data)
         data.each_with_object({}) do |(key, value), result|
           result[Schema.storage_key(key)] = value

data/lib/better_auth/adapters/sql.rb

@@ -2,6 +2,7 @@
 
 require "securerandom"
 require "json"
+require "monitor"
 require "time"
 
 module BetterAuth
@@ -15,6 +16,7 @@ module BetterAuth
         super(options)
         @connection = connection
         @dialect = dialect.to_sym
+        @connection_lock = Monitor.new
       end
 
       def create(model:, data:, force_allow_id: false)
@@ -30,7 +32,8 @@ module BetterAuth
         row = rows.first
         return normalize_record(model, row) if row
 
-        find_one(model: model, where: [{field: "id", value: input.fetch("id")}])
+        lookup = create_lookup(model, input)
+        lookup ? find_one(model: model, where: [lookup]) : input
       end
 
       def find_one(model:, where: [], select: nil, join: nil)
@@ -61,21 +64,25 @@ module BetterAuth
 
       def update(model:, where:, update:)
         model = model.to_s
+        ensure_update_input_has_fields!(model, update)
         if dialect == :postgres
           records = update_many(model: model, where: where, update: update, returning: true)
           return records.is_a?(Array) ? records.first : records
         end
 
-        existing = find_one(model: model, where: where, select: ["id"])
+        existing = find_one(model: model, where: where)
         return nil unless existing
 
         update_many(model: model, where: where, update: update)
-        find_one(model: model, where: [{field: "id", value: existing.fetch("id")}])
+        lookup = record_lookup(model, existing)
+        lookup ? find_one(model: model, where: [lookup]) : find_one(model: model, where: where)
       end
 
       def update_many(model:, where:, update:, returning: false)
         model = model.to_s
+        ensure_update_input_has_fields!(model, update)
         data = transform_input(model, update, "update", true)
+        ensure_update_data!(data)
         params = []
         assignments = data.each_key.map do |field|
           params << data[field]
@@ -87,11 +94,11 @@ module BetterAuth
         sql << " SET "
         sql << assignments.join(", ")
         sql << " WHERE #{where_sql}" unless where_sql.empty?
-        sql << " RETURNING *" if dialect == :postgres
-        rows = execute(sql, params).map { |row| normalize_record(model, row) }
-        return rows if returning || dialect == :postgres
+        sql << " RETURNING *" if dialect == :postgres && returning
+        result = execute(sql, params, affected_rows_result: !returning)
+        return result.map { |row| normalize_record(model, row) } if returning
 
-        nil
+        affected_rows(result)
       end
 
       def delete(model:, where:)
@@ -106,7 +113,7 @@ module BetterAuth
         sql = +"DELETE FROM "
         sql << quote(table_for(model))
         sql << " WHERE #{where_sql}" unless where_sql.empty?
-        result = execute(sql, params)
+        result = execute(sql, params, affected_rows_result: true)
         affected_rows(result)
       end
 
@@ -122,13 +129,15 @@ module BetterAuth
       end
 
       def transaction
-        execute("BEGIN", [])
-        result = yield self
-        execute("COMMIT", [])
-        result
-      rescue
-        execute("ROLLBACK", [])
-        raise
+        @connection_lock.synchronize do
+          execute("BEGIN", [])
+          result = yield self
+          execute("COMMIT", [])
+          result
+        rescue
+          execute("ROLLBACK", [])
+          raise
+        end
       end
 
       private
@@ -160,10 +169,47 @@ module BetterAuth
           output[field] = coerce_value(value, attributes) if value_provided
         end
 
-        output["id"] = generated_id if action == "create" && !output.key?("id")
+        output["id"] = generated_id if action == "create" && !output.key?("id") && fields.key?("id")
         output
       end
 
+      def create_lookup(model, input)
+        fields = schema_for(model).fetch(:fields)
+        return {field: "id", value: input.fetch("id")} if fields.key?("id") && input.key?("id")
+
+        unique_field = fields.find { |field, attributes| attributes[:unique] && input.key?(field) }
+        return {field: unique_field.first, value: input.fetch(unique_field.first)} if unique_field
+
+        nil
+      end
+
+      def record_lookup(model, record)
+        fields = schema_for(model).fetch(:fields)
+        return {field: "id", value: record.fetch("id")} if fields.key?("id") && record.key?("id")
+
+        unique_field = fields.find { |field, attributes| attributes[:unique] && record.key?(field) }
+        return {field: unique_field.first, value: record.fetch(unique_field.first)} if unique_field
+
+        nil
+      end
+
+      def ensure_update_data!(data)
+        raise APIError.new("BAD_REQUEST", message: "No fields to update") if data.empty?
+      end
+
+      def ensure_update_input_has_fields!(model, update)
+        raise APIError.new("BAD_REQUEST", message: "No fields to update") unless update.is_a?(Hash)
+
+        fields = schema_for(model).fetch(:fields)
+        input = stringify_keys(update)
+        has_updatable_field = input.any? do |field, _value|
+          next false if field == "id" || field == "_id"
+
+          fields.key?(field) || fields.any? { |logical_field, attributes| storage_key(attributes[:field_name] || logical_field) == field }
+        end
+        raise APIError.new("BAD_REQUEST", message: "No fields to update") unless has_updatable_field
+      end
+
       def select_sql(model, select, join)
         fields = Array(select).empty? ? schema_for(model).fetch(:fields).keys : Array(select).map { |field| storage_key(field) }
         columns = fields.map do |field|
@@ -226,28 +272,35 @@ module BetterAuth
           operator = (fetch_key(clause, :operator) || "eq").to_s
           value = fetch_key(clause, :value)
           attributes = schema_for(model).fetch(:fields).fetch(field)
+          insensitive = insensitive_string_predicate?(clause, attributes)
+          predicate_column = insensitive ? "LOWER(#{column})" : column
 
-          expression = case operator
-          when "in", "not_in"
-            values = Array(value).map { |entry| coerce_where_value(entry, attributes) }
-            placeholders = values.map do |entry|
-              params << entry
-              placeholder(params.length)
-            end.join(", ")
-            sql_operator = (operator == "not_in") ? "NOT IN" : "IN"
-            "#{column} #{sql_operator} (#{placeholders})"
-          when "contains", "starts_with", "ends_with"
-            escaped = escape_like(value)
-            pattern = case operator
-            when "starts_with" then "#{escaped}%"
-            when "ends_with" then "%#{escaped}"
-            else "%#{escaped}%"
-            end
-            params << pattern
-            "#{column} LIKE #{placeholder(params.length)} ESCAPE #{escape_literal}"
+          expression = if value.nil? && %w[eq ne].include?(operator)
+            null_operator = (operator == "ne") ? "IS NOT NULL" : "IS NULL"
+            "#{column} #{null_operator}"
           else
-            params << coerce_where_value(value, attributes)
-            "#{column} #{sql_operator(operator)} #{placeholder(params.length)}"
+            case operator
+            when "in", "not_in"
+              values = Array(value).map { |entry| insensitive ? entry.to_s.downcase : coerce_where_value(entry, attributes) }
+              placeholders = values.map do |entry|
+                params << entry
+                placeholder(params.length)
+              end.join(", ")
+              sql_operator = (operator == "not_in") ? "NOT IN" : "IN"
+              "#{predicate_column} #{sql_operator} (#{placeholders})"
+            when "contains", "starts_with", "ends_with"
+              escaped = escape_like(insensitive ? value.to_s.downcase : value)
+              pattern = case operator
+              when "starts_with" then "#{escaped}%"
+              when "ends_with" then "%#{escaped}"
+              else "%#{escaped}%"
+              end
+              params << pattern
+              "#{predicate_column} LIKE #{placeholder(params.length)} ESCAPE #{escape_literal}"
+            else
+              params << (insensitive ? value.to_s.downcase : coerce_where_value(value, attributes))
+              "#{predicate_column} #{sql_operator(operator)} #{placeholder(params.length)}"
+            end
           end
 
           connector = (index.positive? && fetch_key(clause, :connector).to_s.upcase == "OR") ? "OR" : "AND"
@@ -286,32 +339,59 @@ module BetterAuth
         }.fetch(operator, "=")
       end
 
-      def execute(sql, params)
-        if connection.respond_to?(:exec_params)
-          result = connection.exec_params(sql, params)
-          return result.to_a if result.respond_to?(:to_a)
-
-          result
-        elsif connection.respond_to?(:query) && params.empty?
-          result = connection.query(sql)
-          result.respond_to?(:to_a) ? result.to_a : result
-        elsif connection.respond_to?(:prepare)
-          statement = connection.prepare(sql)
-          result = statement.execute(*params)
-          result.respond_to?(:to_a) ? result.to_a : result
-        elsif connection.respond_to?(:execute)
-          result = connection.execute(sql, params)
-          result.respond_to?(:to_a) ? result.to_a : result
-        else
-          raise Error, "SQL connection must respond to exec_params or prepare"
+      def insensitive_string_predicate?(clause, attributes)
+        fetch_key(clause, :mode).to_s == "insensitive" && attributes[:type] == "string"
+      end
+
+      def execute(sql, params, affected_rows_result: false)
+        @connection_lock.synchronize do
+          if connection.respond_to?(:exec_params)
+            result = connection.exec_params(sql, params)
+            return affected_rows_result ? result : [] if result.respond_to?(:fields) && result.fields.empty?
+            return result.to_a if result.respond_to?(:to_a)
+
+            result
+          elsif connection.respond_to?(:query) && params.empty?
+            result = connection.query(sql)
+            result.respond_to?(:to_a) ? result.to_a : result
+          elsif dialect == :sqlite && connection.respond_to?(:execute)
+            result = connection.execute(sql, params)
+            result.respond_to?(:to_a) ? result.to_a : result
+          elsif connection.respond_to?(:prepare)
+            statement = connection.prepare(sql)
+            result = nil
+            begin
+              result = statement.execute(*params)
+              if result.nil?
+                return [] unless affected_rows_result
+                return statement.affected_rows if statement.respond_to?(:affected_rows)
+                return connection.affected_rows if connection.respond_to?(:affected_rows)
+              end
+
+              rows = result.respond_to?(:to_a) ? result.to_a : result
+              rows
+            ensure
+              if result.respond_to?(:close)
+                result.close
+              elsif statement.respond_to?(:close)
+                statement.close
+              end
+            end
+          elsif connection.respond_to?(:execute)
+            result = connection.execute(sql, params)
+            result.respond_to?(:to_a) ? result.to_a : result
+          else
+            raise Error, "SQL connection must respond to exec_params or prepare"
+          end
         end
       end
 
       def affected_rows(result)
         return result.cmd_tuples if result.respond_to?(:cmd_tuples)
         return result.affected_rows if result.respond_to?(:affected_rows)
-        return connection.changes if connection.respond_to?(:changes)
         return result.to_i if result.respond_to?(:to_i)
+        return connection.affected_rows if connection.respond_to?(:affected_rows)
+        return connection.changes if connection.respond_to?(:changes)
 
         0
       end
@@ -406,11 +486,11 @@ module BetterAuth
       end
 
       def escape_like(value)
-        value.to_s.gsub(/[\\%_]/) { |match| "\\#{match}" }
+        value.to_s.gsub(/[!%_]/) { |match| "!#{match}" }
       end
 
       def escape_literal
-        (dialect == :postgres) ? "'\\\\'" : "'\\'"
+        "'!'"
       end
 
       def resolve_default(default)
@@ -423,6 +503,7 @@ module BetterAuth
         return value.iso8601(6) if dialect == :sqlite && attributes[:type] == "date" && value.respond_to?(:iso8601)
         return Time.parse(value) if attributes[:type] == "date" && value.is_a?(String)
         return JSON.generate(value) if json_like?(attributes) && !value.is_a?(String)
+        return value.encode(Encoding::UTF_8) if attributes[:type] == "string" && value.is_a?(String) && value.encoding == Encoding::ASCII_8BIT
 
         value
       end
@@ -446,6 +527,7 @@ module BetterAuth
       def coerce_output_value(value, attributes)
         return value if value.nil?
         return coerce_boolean(value) if attributes[:type] == "boolean"
+        return coerce_number(value) if attributes[:type] == "number"
         return Time.parse(value) if attributes[:type] == "date" && value.is_a?(String)
         return parse_json_value(value) if json_like?(attributes) && value.is_a?(String)
 

data/lib/better_auth/configuration.rb

@@ -75,7 +75,7 @@ module BetterAuth
       @hooks = options[:hooks]
       @on_api_error = symbolize_keys(options[:on_api_error] || options[:on_apierror] || {})
       @telemetry = symbolize_keys(options[:telemetry] || {})
-      @social_providers = symbolize_keys(options[:social_providers] || {})
+      @social_providers = normalize_social_providers(options[:social_providers])
       @trusted_origins_callbacks = []
       @trusted_origins_callbacks << options[:trusted_origins] if options[:trusted_origins].respond_to?(:call)
       @trusted_origins_callback = combined_trusted_origins_callback
@@ -371,6 +371,12 @@ module BetterAuth
       Array(value).compact.reject { |plugin| plugin == false }.map { |plugin| Plugin.coerce(plugin) }
     end
 
+    def normalize_social_providers(value)
+      symbolize_keys(value || {}).reject do |_id, provider|
+        provider.nil? || provider == false || (provider.is_a?(Hash) && provider[:enabled] == false)
+      end
+    end
+
     def normalize_trusted_origins(value)
       origins = []
       origins << base_url unless base_url.nil? || base_url.empty?

data/lib/better_auth/cookies.rb

@@ -67,7 +67,7 @@ module BetterAuth
         name, value = pair.split("=", 2)
         next if name.to_s.empty? || value.nil?
 
-        result[name.strip] = value.strip
+        result[name.strip] = decode_cookie_value(value.strip)
       end
     end
 
@@ -150,12 +150,14 @@ module BetterAuth
       Crypto.symmetric_decode_jwt(value, ctx.context.secret_config, "better-auth-account")
     end
 
-    def get_cookie_cache(request_or_cookie_header, secret:, strategy: "compact", version: nil, cookie_prefix: "better-auth", cookie_name: "session_data", is_secure: nil)
+    def get_cookie_cache(request_or_cookie_header, secret:, strategy: "compact", version: nil, cookie_prefix: "better-auth", cookie_name: "session_data", is_secure: nil, cookie_full_name: nil)
       cookie_header = header_value(request_or_cookie_header)
       return nil if cookie_header.to_s.empty?
 
       parsed = parse_cookies(cookie_header)
-      name = if is_secure.nil?
+      name = if cookie_full_name
+        cookie_full_name
+      elsif is_secure.nil?
         production_environment? ? "#{SECURE_COOKIE_PREFIX}#{cookie_prefix}.#{cookie_name}" : "#{cookie_prefix}.#{cookie_name}"
       else
         secure_prefix = is_secure ? SECURE_COOKIE_PREFIX : ""
@@ -248,6 +250,12 @@ module BetterAuth
       chunks.sort_by(&:first).map(&:last).join
     end
 
+    def decode_cookie_value(value)
+      URI.decode_uri_component(value)
+    rescue ArgumentError
+      value
+    end
+
     def header_value(request_or_cookie_header)
       return request_or_cookie_header.headers["cookie"] if request_or_cookie_header.respond_to?(:headers)
       return request_or_cookie_header.get_header("HTTP_COOKIE") if request_or_cookie_header.respond_to?(:get_header)