@beignet/provider-auth-better-auth 0.0.21 → 0.0.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/README.md +31 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
package/README.md
CHANGED
|
@@ -249,6 +249,18 @@ request once with
|
|
|
249
249
|
then call an app-owned helper such as `requireUser(ctx)` instead of depending
|
|
250
250
|
on the raw request.
|
|
251
251
|
|
|
252
|
+
`beignet doctor --strict` checks that installed Better Auth providers are
|
|
253
|
+
registered in `server/providers.ts`. The provider does not declare Beignet-owned
|
|
254
|
+
env vars because Better Auth configuration, secrets, database adapter options,
|
|
255
|
+
and social provider credentials stay in your app's Better Auth setup.
|
|
256
|
+
|
|
257
|
+
## Installed ports
|
|
258
|
+
|
|
259
|
+
The provider contributes `ctx.ports.auth`, the standard Beignet `AuthPort`.
|
|
260
|
+
It does not expose a Better Auth escape hatch; route handlers that need
|
|
261
|
+
provider-native auth flows should mount Better Auth's own routes separately,
|
|
262
|
+
usually under `app/api/auth/[...all]/route.ts`.
|
|
263
|
+
|
|
252
264
|
## Devtools
|
|
253
265
|
|
|
254
266
|
When `@beignet/devtools` is installed before this provider, auth checks
|
|
@@ -259,6 +271,25 @@ The provider records `auth.getSession`, `auth.getUser`, and
|
|
|
259
271
|
duration. User and session objects are not recorded. Provider failures are
|
|
260
272
|
recorded with `.failed` event names and the original error is rethrown.
|
|
261
273
|
|
|
274
|
+
## Failure behavior
|
|
275
|
+
|
|
276
|
+
Unauthenticated `requireUser(...)` calls throw `AuthUnauthorizedError`, which
|
|
277
|
+
the Beignet server maps to a framework-owned `401` response. Better Auth
|
|
278
|
+
session lookup or route errors are rethrown so hooks and server error handling
|
|
279
|
+
can report them consistently.
|
|
280
|
+
|
|
281
|
+
## Local and tests
|
|
282
|
+
|
|
283
|
+
Use an app-owned fake `AuthPort` in use-case tests and route tests that only
|
|
284
|
+
need authenticated/anonymous branches. Keep Better Auth itself covered through
|
|
285
|
+
the app's auth route tests and provider integration tests.
|
|
286
|
+
|
|
287
|
+
## Deployment notes
|
|
288
|
+
|
|
289
|
+
Deploy the Better Auth database schema and secret configuration before enabling
|
|
290
|
+
authenticated routes. Keep business authorization in feature policies and use
|
|
291
|
+
Beignet auth hooks only for HTTP-boundary authentication.
|
|
292
|
+
|
|
262
293
|
## API reference
|
|
263
294
|
|
|
264
295
|
### `AuthPort<User, Session>`
|
package/package.json
CHANGED