@better-auth/core 1.4.0-beta.25 → 1.4.0-beta.28

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @better-auth/core@1.4.0-beta.25 build /home/runner/work/better-auth/better-auth/packages/core
+> @better-auth/core@1.4.0-beta.28 build /home/runner/work/better-auth/better-auth/packages/core
 > tsdown
 
 ℹ tsdown v0.16.5 powered by rolldown v1.0.0-beta.50
@@ -7,7 +7,7 @@
 ℹ entry: src/index.ts, src/db/index.ts, src/db/adapter/index.ts, src/async_hooks/index.ts, src/context/index.ts, src/env/index.ts, src/oauth2/index.ts, src/api/index.ts, src/social-providers/index.ts, src/utils/index.ts, src/error/index.ts
 ℹ tsconfig: tsconfig.json
 ℹ Build start
-ℹ dist/social-providers/index.mjs     77.94 kB │ gzip: 10.14 kB
+ℹ dist/social-providers/index.mjs     78.21 kB │ gzip: 10.17 kB
 ℹ dist/db/index.mjs                    1.58 kB │ gzip:  0.49 kB
 ℹ dist/api/index.mjs                   0.83 kB │ gzip:  0.40 kB
 ℹ dist/context/index.mjs               0.74 kB │ gzip:  0.27 kB
@@ -18,25 +18,25 @@
 ℹ dist/utils/index.mjs                 0.09 kB │ gzip:  0.09 kB
 ℹ dist/db/adapter/index.mjs            0.01 kB │ gzip:  0.03 kB
 ℹ dist/index.mjs                       0.01 kB │ gzip:  0.03 kB
-ℹ dist/oauth2-D3aE32ZH.mjs             9.16 kB │ gzip:  2.12 kB
+ℹ dist/oauth2-DmgZmPEg.mjs             9.17 kB │ gzip:  2.13 kB
 ℹ dist/env-DwlNAN_D.mjs                7.67 kB │ gzip:  2.54 kB
 ℹ dist/context-DgQ9XGBl.mjs            3.89 kB │ gzip:  1.00 kB
 ℹ dist/error-BhAKg8LX.mjs              1.77 kB │ gzip:  0.79 kB
 ℹ dist/async_hooks-BfRfbd1J.mjs        0.87 kB │ gzip:  0.46 kB
 ℹ dist/utils-C5EN75oV.mjs              0.13 kB │ gzip:  0.12 kB
-ℹ dist/social-providers/index.d.mts    3.78 kB │ gzip:  1.17 kB
+ℹ dist/social-providers/index.d.mts    3.78 kB │ gzip:  1.16 kB
 ℹ dist/context/index.d.mts             3.05 kB │ gzip:  0.96 kB
 ℹ dist/error/index.d.mts               1.84 kB │ gzip:  0.72 kB
 ℹ dist/db/index.d.mts                  1.01 kB │ gzip:  0.38 kB
+ℹ dist/index.d.mts                     0.87 kB │ gzip:  0.34 kB
 ℹ dist/utils/index.d.mts               0.84 kB │ gzip:  0.43 kB
-ℹ dist/index.d.mts                     0.83 kB │ gzip:  0.32 kB
 ℹ dist/oauth2/index.d.mts              0.79 kB │ gzip:  0.30 kB
 ℹ dist/env/index.d.mts                 0.59 kB │ gzip:  0.30 kB
-ℹ dist/db/adapter/index.d.mts          0.53 kB │ gzip:  0.25 kB
+ℹ dist/db/adapter/index.d.mts          0.53 kB │ gzip:  0.24 kB
 ℹ dist/api/index.d.mts                 0.29 kB │ gzip:  0.16 kB
 ℹ dist/async_hooks/index.d.mts         0.14 kB │ gzip:  0.10 kB
-ℹ dist/index-X4TpuzeM.d.mts          204.34 kB │ gzip: 32.16 kB
+ℹ dist/index-CkAWdKH8.d.mts          205.84 kB │ gzip: 32.50 kB
 ℹ dist/index-CdubV7uy.d.mts            3.31 kB │ gzip:  1.11 kB
 ℹ dist/index-DgwIISs7.d.mts            0.24 kB │ gzip:  0.16 kB
-ℹ 31 files, total: 327.60 kB
-✔ Build complete in 4660ms
+ℹ 31 files, total: 329.43 kB
+✔ Build complete in 4688ms

package/dist/api/index.d.mts

@@ -1,3 +1,3 @@
-import { a as optionsMiddleware, i as createAuthMiddleware, n as AuthMiddleware, r as createAuthEndpoint, t as AuthEndpoint } from "../index-X4TpuzeM.mjs";
+import { a as optionsMiddleware, i as createAuthMiddleware, n as AuthMiddleware, r as createAuthEndpoint, t as AuthEndpoint } from "../index-CkAWdKH8.mjs";
 import "../index-CdubV7uy.mjs";
 export { AuthEndpoint, AuthMiddleware, createAuthEndpoint, createAuthMiddleware, optionsMiddleware };

package/dist/context/index.d.mts

@@ -1,4 +1,4 @@
-import { Jn as DBTransactionAdapter, Un as DBAdapter, d as AuthContext } from "../index-X4TpuzeM.mjs";
+import { Wn as DBAdapter, Yn as DBTransactionAdapter, f as AuthContext } from "../index-CkAWdKH8.mjs";
 import "../index-CdubV7uy.mjs";
 import { t as AsyncLocalStorage } from "../index-DgwIISs7.mjs";
 import { EndpointContext, InputContext } from "better-call";

package/dist/db/adapter/index.d.mts

@@ -1,3 +1,3 @@
-import { Gn as DBAdapterFactoryConfig, Hn as CustomAdapter, Jn as DBTransactionAdapter, Kn as DBAdapterInstance, Un as DBAdapter, Vn as CleanedWhere, Wn as DBAdapterDebugLogOption, Xn as JoinOption, Yn as JoinConfig, Zn as Where, qn as DBAdapterSchemaCreation } from "../../index-X4TpuzeM.mjs";
+import { Gn as DBAdapterDebugLogOption, Hn as CleanedWhere, Jn as DBAdapterSchemaCreation, Kn as DBAdapterFactoryConfig, Qn as Where, Un as CustomAdapter, Wn as DBAdapter, Xn as JoinConfig, Yn as DBTransactionAdapter, Zn as JoinOption, qn as DBAdapterInstance } from "../../index-CkAWdKH8.mjs";
 import "../../index-CdubV7uy.mjs";
 export { CleanedWhere, CustomAdapter, DBAdapter, DBAdapterDebugLogOption, DBAdapterFactoryConfig, DBAdapterInstance, DBAdapterSchemaCreation, DBTransactionAdapter, JoinConfig, JoinOption, Where };

package/dist/db/index.d.mts

@@ -1,3 +1,3 @@
-import { $n as BetterAuthDbSchema, Qn as AuthPluginSchema, Sr as SecondaryStorage, _r as DBFieldAttribute, ar as verificationSchema, br as DBPreservedModels, cr as coreSchema, dr as RateLimit, er as FieldAttribute, fr as rateLimitSchema, gr as BetterAuthDBSchema, hr as BetterAuthPluginDBSchema, ir as Verification, lr as Session, mr as accountSchema, nr as FieldType, or as User, pr as Account, rr as Primitive, sr as userSchema, tr as FieldAttributeConfig, ur as sessionSchema, vr as DBFieldAttributeConfig, xr as DBPrimitive, yr as DBFieldType } from "../index-X4TpuzeM.mjs";
+import { $n as AuthPluginSchema, Cr as SecondaryStorage, Sr as DBPrimitive, _r as BetterAuthDBSchema, ar as Verification, br as DBFieldType, cr as userSchema, dr as sessionSchema, er as BetterAuthDbSchema, fr as RateLimit, gr as BetterAuthPluginDBSchema, hr as accountSchema, ir as Primitive, lr as coreSchema, mr as Account, nr as FieldAttributeConfig, or as verificationSchema, pr as rateLimitSchema, rr as FieldType, sr as User, tr as FieldAttribute, ur as Session, vr as DBFieldAttribute, xr as DBPreservedModels, yr as DBFieldAttributeConfig } from "../index-CkAWdKH8.mjs";
 import "../index-CdubV7uy.mjs";
 export { Account, AuthPluginSchema, BetterAuthDBSchema, BetterAuthDbSchema, BetterAuthPluginDBSchema, DBFieldAttribute, DBFieldAttributeConfig, DBFieldType, DBPreservedModels, DBPrimitive, FieldAttribute, FieldAttributeConfig, FieldType, Primitive, RateLimit, SecondaryStorage, Session, User, Verification, accountSchema, coreSchema, rateLimitSchema, sessionSchema, userSchema, verificationSchema };

package/dist/{index-X4TpuzeM.d.mts → index-CkAWdKH8.d.mts}

@@ -775,6 +775,11 @@ interface OAuth2Tokens {
   refreshTokenExpiresAt?: Date | undefined;
   scopes?: string[] | undefined;
   idToken?: string | undefined;
+  /**
+   * Raw token response from the provider.
+   * Preserves provider-specific fields that are not part of the standard OAuth2 token response.
+   */
+  raw?: Record<string, unknown> | undefined;
 }
 type OAuth2UserInfo = {
   id: string | number;
@@ -1116,6 +1121,10 @@ type BetterAuthCookies = {
     name: string;
     options: CookieOptions;
   };
+  accountData: {
+    name: string;
+    options: CookieOptions;
+  };
   dontRememberToken: {
     name: string;
     options: CookieOptions;
@@ -1822,6 +1831,8 @@ interface MicrosoftEntraIDProfile extends Record<string, any> {
   verified_primary_email: string[];
   /** User's verified secondary email addresses */
   verified_secondary_email: string[];
+  /** Whether the user's email is verified (optional claim, must be configured in app registration) */
+  email_verified?: boolean | undefined;
   /** VNET specifier information */
   vnet: string;
   /** Client Capabilities */
@@ -2429,7 +2440,7 @@ declare const twitter: (options: TwitterOption) => {
     user?: {
       name?: {
         firstName?: string;
-        lastName? /** Contains details about the user's profile website. */: string;
+        lastName?: string;
       };
       email?: string;
     } | undefined;
@@ -2759,6 +2770,7 @@ interface GitlabProfile extends Record<string, any> {
   commit_email: string;
   shared_runners_minutes_limit: number;
   extra_shared_runners_minutes_limit: number;
+  email_verified?: boolean | undefined;
 }
 interface GitlabOptions extends ProviderOptions<GitlabProfile> {
   clientId: string;
@@ -2816,7 +2828,7 @@ declare const gitlab: (options: GitlabOptions) => {
       name: string;
       email: string;
       image: string;
-      emailVerified: true;
+      emailVerified: boolean;
     } | {
       id: string | number;
       name: string;
@@ -4024,7 +4036,16 @@ declare const paypal: (options: PayPalOptions) => {
   getUserInfo(token: OAuth2Tokens & {
     user?: {
       name?: {
-        firstName?: string;
+        firstName
+        /**
+         * Whether to request shipping address information
+         * @default false
+         */?
+        /**
+        * Whether to request shipping address information
+        * @default false
+        */
+        : string;
         lastName?: string;
       };
       email?: string;
@@ -4073,6 +4094,7 @@ interface PolarProfile {
   github_username?: string | undefined;
   account_id?: string | undefined;
   public_name?: string | undefined;
+  email_verified?: boolean | undefined;
   profile_settings?: {
     profile_settings_enabled?: boolean;
     profile_settings_public_name?: string;
@@ -5037,7 +5059,7 @@ declare const socialProviders: {
         name: string;
         email: string;
         image: string;
-        emailVerified: true;
+        emailVerified: boolean;
       } | {
         id: string | number;
         name: string;
@@ -6085,27 +6107,6 @@ type BetterAuthAdvancedOptions = {
      */
     generateId?: GenerateIdFn | false | "serial" | "uuid";
   } | undefined;
-  /**
-   * OAuth configuration
-   */
-  oauthConfig?: {
-    /**
-     * Skip state cookie check
-     *
-     * ⚠︎ this has security implications and should only be enabled if you know what you are doing.
-     * @default false
-     */
-    skipStateCookieCheck?: boolean;
-    /**
-     * Strategy for storing OAuth state
-     *
-     * - "cookie": Store state in an encrypted cookie (stateless)
-     * - "database": Store state in the database
-     *
-     * @default "cookie"
-     */
-    storeStateStrategy?: "database" | "cookie";
-  } | undefined;
 };
 type BetterAuthOptions = {
   /**
@@ -6702,6 +6703,32 @@ type BetterAuthOptions = {
      * @default false
      */
     encryptOAuthTokens?: boolean;
+    /**
+     * Skip state cookie check
+     *
+     * ⚠︎ this has security implications and should only be enabled if you know what you are doing.
+     * @default false
+     */
+    skipStateCookieCheck?: boolean;
+    /**
+     * Strategy for storing OAuth state
+     *
+     * - "cookie": Store state in an encrypted cookie (stateless)
+     * - "database": Store state in the database
+     *
+     * @default "cookie"
+     */
+    storeStateStrategy?: "database" | "cookie";
+    /**
+     * Store account data after oauth flow on a cookie
+     *
+     * This is useful for database-less flow
+     *
+     * @default false
+     *
+     * @note This is automatically set to true if you haven't passed a database
+     */
+    storeAccountCookie?: boolean;
   } | undefined;
   /**
    * Verification configuration
@@ -7082,8 +7109,8 @@ interface InternalAdapter<Options extends BetterAuthOptions = BetterAuthOptions>
   } | null>;
   findUserById(userId: string): Promise<User | null>;
   linkAccount(account: Omit<Account, "id" | "createdAt" | "updatedAt"> & Partial<Account>): Promise<Account>;
-  updateUser(userId: string, data: Partial<User> & Record<string, any>): Promise<any>;
-  updateUserByEmail(email: string, data: Partial<User & Record<string, any>>): Promise<User>;
+  updateUser<T extends Record<string, any>>(userId: string, data: Partial<User> & Record<string, any>): Promise<User & T>;
+  updateUserByEmail<T extends Record<string, any>>(email: string, data: Partial<User & Record<string, any>>): Promise<User & T>;
   updatePassword(userId: string, password: string): Promise<void>;
   findAccounts(userId: string): Promise<Account[]>;
   findAccount(accountId: string): Promise<Account | null>;
@@ -7218,6 +7245,17 @@ type ClientAtomListener = {
   matcher: (path: string) => boolean;
   signal: "$sessionSignal" | Omit<string, "$sessionSignal">;
 };
+/**
+ * Better-Fetch options but with additional options for the auth-client.
+ */
+type ClientFetchOption<Body = any, Query extends Record<string, any> = any, Params extends Record<string, any> | Array<string> | undefined = any, Res = any> = BetterFetchOption<Body, Query, Params, Res> & {
+  /**
+   * Certain endpoints, upon successful response, will trigger atom signals and thus rerendering all hooks related to that atom.
+   *
+   * This option is useful when you want to skip hook rerenders.
+   */
+  disableSignal?: boolean | undefined;
+};
 interface RevalidateOptions {
   /**
    * A time interval (in seconds) after which the session will be re-fetched.
@@ -7248,7 +7286,7 @@ interface RevalidateOptions {
   refetchWhenOffline?: boolean | undefined;
 }
 interface BetterAuthClientOptions {
-  fetchOptions?: BetterFetchOption | undefined;
+  fetchOptions?: ClientFetchOption | undefined;
   plugins?: BetterAuthClientPlugin[] | undefined;
   baseURL?: string | undefined;
   basePath?: string | undefined;
@@ -7311,4 +7349,4 @@ declare const createAuthEndpoint: <Path extends string, Opts extends EndpointOpt
 type AuthEndpoint = ReturnType<typeof createAuthEndpoint>;
 type AuthMiddleware = ReturnType<typeof createAuthMiddleware>;
 //#endregion
-export { ZoomOptions as $, BetterAuthDbSchema as $n, microsoft as $t, PayPalProfile as A, generateCodeChallenge as An, DropboxOptions as At, NaverOptions as B, ProviderOptions as Bn, SpotifyProfile as Bt, SocialProviders as C, getApplePublicKey as Cn, LinearOptions as Ct, PolarProfile as D, createAuthorizationCodeRequest as Dn, KickOptions as Dt, PolarOptions as E, BetterAuthCookies as En, linear as Et, paybin as F, clientCredentialsToken as Fn, twitter as Ft, kakao as G, DBAdapterFactoryConfig as Gn, HuggingFaceOptions as Gt, naver as H, CustomAdapter as Hn, SlackOptions as Ht, LineIdTokenPayload as I, createClientCredentialsTokenRequest as In, TwitchOptions as It, notion as J, DBTransactionAdapter as Jn, GoogleOptions as Jt, NotionOptions as K, DBAdapterInstance as Kn, HuggingFaceProfile as Kt, LineOptions as L, OAuth2Tokens as Ln, TwitchProfile as Lt, paypal as M, createRefreshAccessTokenRequest as Mn, dropbox as Mt, PaybinOptions as N, refreshAccessToken as Nn, TwitterOption as Nt, polar as O, validateAuthorizationCode as On, KickProfile as Ot, PaybinProfile as P, createAuthorizationURL as Pn, TwitterProfile as Pt, PronounOption as Q, AuthPluginSchema as Qn, MicrosoftOptions as Qt, LineUserInfo as R, OAuth2UserInfo as Rn, twitch as Rt, SocialProviderListEnum as S, apple as Sn, SecondaryStorage as Sr, linkedin as St, socialProviders as T, LiteralUnion as Tn, LinearUser as Tt, KakaoOptions as U, DBAdapter as Un, SlackProfile as Ut, NaverProfile as V, CleanedWhere as Vn, spotify as Vt, KakaoProfile as W, DBAdapterDebugLogOption as Wn, slack as Wt, LoginType as X, JoinOption as Xn, google as Xt, AccountStatus as Y, JoinConfig as Yn, GoogleProfile as Yt, PhoneNumber as Z, Where as Zn, MicrosoftEntraIDProfile as Zt, GenerateIdFn as _, AtlassianProfile as _n, DBFieldAttribute as _r, GitlabOptions as _t, optionsMiddleware as a, figma as an, verificationSchema as ar, SalesforceOptions as at, SocialProvider as b, AppleOptions as bn, DBPreservedModels as br, LinkedInOptions as bt, BetterAuthClientPlugin as c, facebook as cn, coreSchema as cr, RobloxOptions as ct, AuthContext as d, discord as dn, RateLimit as dr, RedditOptions as dt, GithubOptions as en, FieldAttribute as er, ZoomProfile as et, GenericEndpointContext as f, CognitoOptions as fn, rateLimitSchema as fr, RedditProfile as ft, BetterAuthRateLimitOptions as g, AtlassianOptions as gn, BetterAuthDBSchema as gr, tiktok as gt, BetterAuthOptions as h, getCognitoPublicKey as hn, BetterAuthPluginDBSchema as hr, TiktokProfile as ht, createAuthMiddleware as i, FigmaProfile as in, Verification as ir, vk as it, PayPalTokenResponse as j, getOAuth2Tokens as jn, DropboxProfile as jt, PayPalOptions as k, validateToken as kn, kick as kt, ClientAtomListener as l, DiscordOptions as ln, Session as lr, RobloxProfile as lt, BetterAuthAdvancedOptions as m, cognito as mn, accountSchema as mr, TiktokOptions as mt, AuthMiddleware as n, github as nn, FieldType as nr, VkOption as nt, StandardSchemaV1$1 as o, FacebookOptions as on, User as or, SalesforceProfile as ot, InternalAdapter as p, CognitoProfile as pn, Account as pr, reddit as pt, NotionProfile as q, DBAdapterSchemaCreation as qn, huggingface as qt, createAuthEndpoint as r, FigmaOptions as rn, Primitive$1 as rr, VkProfile as rt, BetterAuthClientOptions as s, FacebookProfile as sn, userSchema as sr, salesforce as st, AuthEndpoint as t, GithubProfile as tn, FieldAttributeConfig as tr, zoom as tt, ClientStore as u, DiscordProfile as un, sessionSchema as ur, roblox as ut, BetterAuthPlugin as v, atlassian as vn, DBFieldAttributeConfig as vr, GitlabProfile as vt, socialProviderList as w, LiteralString as wn, LinearProfile as wt, SocialProviderList as x, AppleProfile as xn, DBPrimitive as xr, LinkedInProfile as xt, HookEndpointContext as y, AppleNonConformUser as yn, DBFieldType as yr, gitlab as yt, line as z, OAuthProvider as zn, SpotifyOptions as zt };
+export { PronounOption as $, AuthPluginSchema as $n, MicrosoftOptions as $t, PayPalOptions as A, validateToken as An, kick as At, line as B, OAuthProvider as Bn, SpotifyOptions as Bt, SocialProviderListEnum as C, apple as Cn, SecondaryStorage as Cr, linkedin as Ct, PolarOptions as D, BetterAuthCookies as Dn, linear as Dt, socialProviders as E, LiteralUnion as En, LinearUser as Et, PaybinProfile as F, createAuthorizationURL as Fn, TwitterProfile as Ft, KakaoProfile as G, DBAdapterDebugLogOption as Gn, slack as Gt, NaverProfile as H, CleanedWhere as Hn, spotify as Ht, paybin as I, clientCredentialsToken as In, twitter as It, NotionProfile as J, DBAdapterSchemaCreation as Jn, huggingface as Jt, kakao as K, DBAdapterFactoryConfig as Kn, HuggingFaceOptions as Kt, LineIdTokenPayload as L, createClientCredentialsTokenRequest as Ln, TwitchOptions as Lt, PayPalTokenResponse as M, getOAuth2Tokens as Mn, DropboxProfile as Mt, paypal as N, createRefreshAccessTokenRequest as Nn, dropbox as Nt, PolarProfile as O, createAuthorizationCodeRequest as On, KickOptions as Ot, PaybinOptions as P, refreshAccessToken as Pn, TwitterOption as Pt, PhoneNumber as Q, Where as Qn, MicrosoftEntraIDProfile as Qt, LineOptions as R, OAuth2Tokens as Rn, TwitchProfile as Rt, SocialProviderList as S, AppleProfile as Sn, DBPrimitive as Sr, LinkedInProfile as St, socialProviderList as T, LiteralString as Tn, LinearProfile as Tt, naver as U, CustomAdapter as Un, SlackOptions as Ut, NaverOptions as V, ProviderOptions as Vn, SpotifyProfile as Vt, KakaoOptions as W, DBAdapter as Wn, SlackProfile as Wt, AccountStatus as X, JoinConfig as Xn, GoogleProfile as Xt, notion as Y, DBTransactionAdapter as Yn, GoogleOptions as Yt, LoginType as Z, JoinOption as Zn, google as Zt, BetterAuthRateLimitOptions as _, AtlassianOptions as _n, BetterAuthDBSchema as _r, tiktok as _t, optionsMiddleware as a, FigmaProfile as an, Verification as ar, vk as at, HookEndpointContext as b, AppleNonConformUser as bn, DBFieldType as br, gitlab as bt, BetterAuthClientPlugin as c, FacebookProfile as cn, userSchema as cr, salesforce as ct, ClientStore as d, DiscordProfile as dn, sessionSchema as dr, roblox as dt, microsoft as en, BetterAuthDbSchema as er, ZoomOptions as et, AuthContext as f, discord as fn, RateLimit as fr, RedditOptions as ft, BetterAuthOptions as g, getCognitoPublicKey as gn, BetterAuthPluginDBSchema as gr, TiktokProfile as gt, BetterAuthAdvancedOptions as h, cognito as hn, accountSchema as hr, TiktokOptions as ht, createAuthMiddleware as i, FigmaOptions as in, Primitive$1 as ir, VkProfile as it, PayPalProfile as j, generateCodeChallenge as jn, DropboxOptions as jt, polar as k, validateAuthorizationCode as kn, KickProfile as kt, ClientAtomListener as l, facebook as ln, coreSchema as lr, RobloxOptions as lt, InternalAdapter as m, CognitoProfile as mn, Account as mr, reddit as mt, AuthMiddleware as n, GithubProfile as nn, FieldAttributeConfig as nr, zoom as nt, StandardSchemaV1$1 as o, figma as on, verificationSchema as or, SalesforceOptions as ot, GenericEndpointContext as p, CognitoOptions as pn, rateLimitSchema as pr, RedditProfile as pt, NotionOptions as q, DBAdapterInstance as qn, HuggingFaceProfile as qt, createAuthEndpoint as r, github as rn, FieldType as rr, VkOption as rt, BetterAuthClientOptions as s, FacebookOptions as sn, User as sr, SalesforceProfile as st, AuthEndpoint as t, GithubOptions as tn, FieldAttribute as tr, ZoomProfile as tt, ClientFetchOption as u, DiscordOptions as un, Session as ur, RobloxProfile as ut, GenerateIdFn as v, AtlassianProfile as vn, DBFieldAttribute as vr, GitlabOptions as vt, SocialProviders as w, getApplePublicKey as wn, LinearOptions as wt, SocialProvider as x, AppleOptions as xn, DBPreservedModels as xr, LinkedInOptions as xt, BetterAuthPlugin as y, atlassian as yn, DBFieldAttributeConfig as yr, GitlabProfile as yt, LineUserInfo as z, OAuth2UserInfo as zn, twitch as zt };

package/dist/index.d.mts

@@ -1,3 +1,3 @@
-import { En as BetterAuthCookies, Tn as LiteralUnion, _ as GenerateIdFn, c as BetterAuthClientPlugin, d as AuthContext, f as GenericEndpointContext, g as BetterAuthRateLimitOptions, h as BetterAuthOptions, l as ClientAtomListener, m as BetterAuthAdvancedOptions, o as StandardSchemaV1, p as InternalAdapter, s as BetterAuthClientOptions, u as ClientStore, v as BetterAuthPlugin, wn as LiteralString, y as HookEndpointContext } from "./index-X4TpuzeM.mjs";
+import { Dn as BetterAuthCookies, En as LiteralUnion, Tn as LiteralString, _ as BetterAuthRateLimitOptions, b as HookEndpointContext, c as BetterAuthClientPlugin, d as ClientStore, f as AuthContext, g as BetterAuthOptions, h as BetterAuthAdvancedOptions, l as ClientAtomListener, m as InternalAdapter, o as StandardSchemaV1, p as GenericEndpointContext, s as BetterAuthClientOptions, u as ClientFetchOption, v as GenerateIdFn, y as BetterAuthPlugin } from "./index-CkAWdKH8.mjs";
 import "./index-CdubV7uy.mjs";
-export { AuthContext, BetterAuthAdvancedOptions, BetterAuthClientOptions, BetterAuthClientPlugin, BetterAuthCookies, BetterAuthOptions, BetterAuthPlugin, BetterAuthRateLimitOptions, ClientAtomListener, ClientStore, GenerateIdFn, GenericEndpointContext, HookEndpointContext, InternalAdapter, LiteralString, LiteralUnion, StandardSchemaV1 };
+export { AuthContext, BetterAuthAdvancedOptions, BetterAuthClientOptions, BetterAuthClientPlugin, BetterAuthCookies, BetterAuthOptions, BetterAuthPlugin, BetterAuthRateLimitOptions, ClientAtomListener, ClientFetchOption, ClientStore, GenerateIdFn, GenericEndpointContext, HookEndpointContext, InternalAdapter, LiteralString, LiteralUnion, StandardSchemaV1 };

package/dist/oauth2/index.d.mts

@@ -1,3 +1,3 @@
-import { An as generateCodeChallenge, Bn as ProviderOptions, Dn as createAuthorizationCodeRequest, Fn as clientCredentialsToken, In as createClientCredentialsTokenRequest, Ln as OAuth2Tokens, Mn as createRefreshAccessTokenRequest, Nn as refreshAccessToken, On as validateAuthorizationCode, Pn as createAuthorizationURL, Rn as OAuth2UserInfo, jn as getOAuth2Tokens, kn as validateToken, zn as OAuthProvider } from "../index-X4TpuzeM.mjs";
+import { An as validateToken, Bn as OAuthProvider, Fn as createAuthorizationURL, In as clientCredentialsToken, Ln as createClientCredentialsTokenRequest, Mn as getOAuth2Tokens, Nn as createRefreshAccessTokenRequest, On as createAuthorizationCodeRequest, Pn as refreshAccessToken, Rn as OAuth2Tokens, Vn as ProviderOptions, jn as generateCodeChallenge, kn as validateAuthorizationCode, zn as OAuth2UserInfo } from "../index-CkAWdKH8.mjs";
 import "../index-CdubV7uy.mjs";
 export { OAuth2Tokens, OAuth2UserInfo, OAuthProvider, ProviderOptions, clientCredentialsToken, createAuthorizationCodeRequest, createAuthorizationURL, createClientCredentialsTokenRequest, createRefreshAccessTokenRequest, generateCodeChallenge, getOAuth2Tokens, refreshAccessToken, validateAuthorizationCode, validateToken };

package/dist/oauth2/index.mjs

@@ -1,3 +1,3 @@
-import { a as refreshAccessToken, c as getOAuth2Tokens, i as createRefreshAccessTokenRequest, l as clientCredentialsToken, n as validateAuthorizationCode, o as createAuthorizationURL, r as validateToken, s as generateCodeChallenge, t as createAuthorizationCodeRequest, u as createClientCredentialsTokenRequest } from "../oauth2-D3aE32ZH.mjs";
+import { a as refreshAccessToken, c as getOAuth2Tokens, i as createRefreshAccessTokenRequest, l as clientCredentialsToken, n as validateAuthorizationCode, o as createAuthorizationURL, r as validateToken, s as generateCodeChallenge, t as createAuthorizationCodeRequest, u as createClientCredentialsTokenRequest } from "../oauth2-DmgZmPEg.mjs";
 
 export { clientCredentialsToken, createAuthorizationCodeRequest, createAuthorizationURL, createClientCredentialsTokenRequest, createRefreshAccessTokenRequest, generateCodeChallenge, getOAuth2Tokens, refreshAccessToken, validateAuthorizationCode, validateToken };

package/dist/{oauth2-D3aE32ZH.mjs → oauth2-DmgZmPEg.mjs}

@@ -65,7 +65,8 @@ function getOAuth2Tokens(data) {
 		accessTokenExpiresAt: data.expires_in ? getDate(data.expires_in) : void 0,
 		refreshTokenExpiresAt: data.refresh_token_expires_in ? getDate(data.refresh_token_expires_in) : void 0,
 		scopes: data?.scope ? typeof data.scope === "string" ? data.scope.split(" ") : data.scope : [],
-		idToken: data.id_token
+		idToken: data.id_token,
+		raw: data
 	};
 }
 async function generateCodeChallenge(codeVerifier) {

package/dist/social-providers/index.d.mts

@@ -1,3 +1,3 @@
-import { $ as ZoomOptions, $t as microsoft, A as PayPalProfile, At as DropboxOptions, B as NaverOptions, Bt as SpotifyProfile, C as SocialProviders, Cn as getApplePublicKey, Ct as LinearOptions, D as PolarProfile, Dt as KickOptions, E as PolarOptions, Et as linear, F as paybin, Ft as twitter, G as kakao, Gt as HuggingFaceOptions, H as naver, Ht as SlackOptions, I as LineIdTokenPayload, It as TwitchOptions, J as notion, Jt as GoogleOptions, K as NotionOptions, Kt as HuggingFaceProfile, L as LineOptions, Lt as TwitchProfile, M as paypal, Mt as dropbox, N as PaybinOptions, Nt as TwitterOption, O as polar, Ot as KickProfile, P as PaybinProfile, Pt as TwitterProfile, Q as PronounOption, Qt as MicrosoftOptions, R as LineUserInfo, Rt as twitch, S as SocialProviderListEnum, Sn as apple, St as linkedin, T as socialProviders, Tt as LinearUser, U as KakaoOptions, Ut as SlackProfile, V as NaverProfile, Vt as spotify, W as KakaoProfile, Wt as slack, X as LoginType, Xt as google, Y as AccountStatus, Yt as GoogleProfile, Z as PhoneNumber, Zt as MicrosoftEntraIDProfile, _n as AtlassianProfile, _t as GitlabOptions, an as figma, at as SalesforceOptions, b as SocialProvider, bn as AppleOptions, bt as LinkedInOptions, cn as facebook, ct as RobloxOptions, dn as discord, dt as RedditOptions, en as GithubOptions, et as ZoomProfile, fn as CognitoOptions, ft as RedditProfile, gn as AtlassianOptions, gt as tiktok, hn as getCognitoPublicKey, ht as TiktokProfile, in as FigmaProfile, it as vk, j as PayPalTokenResponse, jt as DropboxProfile, k as PayPalOptions, kt as kick, ln as DiscordOptions, lt as RobloxProfile, mn as cognito, mt as TiktokOptions, nn as github, nt as VkOption, on as FacebookOptions, ot as SalesforceProfile, pn as CognitoProfile, pt as reddit, q as NotionProfile, qt as huggingface, rn as FigmaOptions, rt as VkProfile, sn as FacebookProfile, st as salesforce, tn as GithubProfile, tt as zoom, un as DiscordProfile, ut as roblox, vn as atlassian, vt as GitlabProfile, w as socialProviderList, wt as LinearProfile, x as SocialProviderList, xn as AppleProfile, xt as LinkedInProfile, yn as AppleNonConformUser, yt as gitlab, z as line, zt as SpotifyOptions } from "../index-X4TpuzeM.mjs";
+import { $ as PronounOption, $t as MicrosoftOptions, A as PayPalOptions, At as kick, B as line, Bt as SpotifyOptions, C as SocialProviderListEnum, Cn as apple, Ct as linkedin, D as PolarOptions, Dt as linear, E as socialProviders, Et as LinearUser, F as PaybinProfile, Ft as TwitterProfile, G as KakaoProfile, Gt as slack, H as NaverProfile, Ht as spotify, I as paybin, It as twitter, J as NotionProfile, Jt as huggingface, K as kakao, Kt as HuggingFaceOptions, L as LineIdTokenPayload, Lt as TwitchOptions, M as PayPalTokenResponse, Mt as DropboxProfile, N as paypal, Nt as dropbox, O as PolarProfile, Ot as KickOptions, P as PaybinOptions, Pt as TwitterOption, Q as PhoneNumber, Qt as MicrosoftEntraIDProfile, R as LineOptions, Rt as TwitchProfile, S as SocialProviderList, Sn as AppleProfile, St as LinkedInProfile, T as socialProviderList, Tt as LinearProfile, U as naver, Ut as SlackOptions, V as NaverOptions, Vt as SpotifyProfile, W as KakaoOptions, Wt as SlackProfile, X as AccountStatus, Xt as GoogleProfile, Y as notion, Yt as GoogleOptions, Z as LoginType, Zt as google, _n as AtlassianOptions, _t as tiktok, an as FigmaProfile, at as vk, bn as AppleNonConformUser, bt as gitlab, cn as FacebookProfile, ct as salesforce, dn as DiscordProfile, dt as roblox, en as microsoft, et as ZoomOptions, fn as discord, ft as RedditOptions, gn as getCognitoPublicKey, gt as TiktokProfile, hn as cognito, ht as TiktokOptions, in as FigmaOptions, it as VkProfile, j as PayPalProfile, jt as DropboxOptions, k as polar, kt as KickProfile, ln as facebook, lt as RobloxOptions, mn as CognitoProfile, mt as reddit, nn as GithubProfile, nt as zoom, on as figma, ot as SalesforceOptions, pn as CognitoOptions, pt as RedditProfile, q as NotionOptions, qt as HuggingFaceProfile, rn as github, rt as VkOption, sn as FacebookOptions, st as SalesforceProfile, tn as GithubOptions, tt as ZoomProfile, un as DiscordOptions, ut as RobloxProfile, vn as AtlassianProfile, vt as GitlabOptions, w as SocialProviders, wn as getApplePublicKey, wt as LinearOptions, x as SocialProvider, xn as AppleOptions, xt as LinkedInOptions, yn as atlassian, yt as GitlabProfile, z as LineUserInfo, zt as twitch } from "../index-CkAWdKH8.mjs";
 import "../index-CdubV7uy.mjs";
 export { AccountStatus, AppleNonConformUser, AppleOptions, AppleProfile, AtlassianOptions, AtlassianProfile, CognitoOptions, CognitoProfile, DiscordOptions, DiscordProfile, DropboxOptions, DropboxProfile, FacebookOptions, FacebookProfile, FigmaOptions, FigmaProfile, GithubOptions, GithubProfile, GitlabOptions, GitlabProfile, GoogleOptions, GoogleProfile, HuggingFaceOptions, HuggingFaceProfile, KakaoOptions, KakaoProfile, KickOptions, KickProfile, LineIdTokenPayload, LineOptions, LineUserInfo, LinearOptions, LinearProfile, LinearUser, LinkedInOptions, LinkedInProfile, LoginType, MicrosoftEntraIDProfile, MicrosoftOptions, NaverOptions, NaverProfile, NotionOptions, NotionProfile, PayPalOptions, PayPalProfile, PayPalTokenResponse, PaybinOptions, PaybinProfile, PhoneNumber, PolarOptions, PolarProfile, PronounOption, RedditOptions, RedditProfile, RobloxOptions, RobloxProfile, SalesforceOptions, SalesforceProfile, SlackOptions, SlackProfile, SocialProvider, SocialProviderList, SocialProviderListEnum, SocialProviders, SpotifyOptions, SpotifyProfile, TiktokOptions, TiktokProfile, TwitchOptions, TwitchProfile, TwitterOption, TwitterProfile, VkOption, VkProfile, ZoomOptions, ZoomProfile, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, github, gitlab, google, huggingface, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paybin, paypal, polar, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vk, zoom };

package/dist/social-providers/index.mjs

@@ -1,5 +1,5 @@
 import { i as logger } from "../env-DwlNAN_D.mjs";
-import { a as refreshAccessToken, c as getOAuth2Tokens, n as validateAuthorizationCode, o as createAuthorizationURL, s as generateCodeChallenge } from "../oauth2-D3aE32ZH.mjs";
+import { a as refreshAccessToken, c as getOAuth2Tokens, n as validateAuthorizationCode, o as createAuthorizationURL, s as generateCodeChallenge } from "../oauth2-DmgZmPEg.mjs";
 import "../utils-C5EN75oV.mjs";
 import { t as BetterAuthError } from "../error-BhAKg8LX.mjs";
 import * as z from "zod";
@@ -517,12 +517,12 @@ const facebook = (options) => {
 				};
 				const userMap$1 = await options.mapProfileToUser?.({
 					...user,
-					email_verified: true
+					email_verified: false
 				});
 				return {
 					user: {
 						...user,
-						emailVerified: true,
+						emailVerified: false,
 						...userMap$1
 					},
 					data: profile$1
@@ -766,7 +766,7 @@ const gitlab = (options) => {
 					name: profile.name ?? profile.username,
 					email: profile.email,
 					image: profile.avatar_url,
-					emailVerified: true,
+					emailVerified: profile.email_verified ?? false,
 					...userMap
 				},
 				data: profile
@@ -1036,7 +1036,7 @@ const kick = (options) => {
 					name: profile.name,
 					email: profile.email,
 					image: profile.profile_picture,
-					emailVerified: true,
+					emailVerified: false,
 					...userMap
 				},
 				data: profile
@@ -1222,7 +1222,7 @@ const linear = (options) => {
 					name: profile.data.viewer.name,
 					email: profile.data.viewer.email,
 					image: profile.data.viewer.avatarUrl,
-					emailVerified: true,
+					emailVerified: false,
 					...userMap
 				},
 				data: userData
@@ -1360,13 +1360,14 @@ const microsoft = (options) => {
 				}
 			});
 			const userMap = await options.mapProfileToUser?.(user);
+			const emailVerified = user.email_verified !== void 0 ? user.email_verified : user.email && (user.verified_primary_email?.includes(user.email) || user.verified_secondary_email?.includes(user.email)) ? true : false;
 			return {
 				user: {
 					id: user.sub,
 					name: user.name,
 					email: user.email,
 					image: user.picture,
-					emailVerified: true,
+					emailVerified,
 					...userMap
 				},
 				data: user
@@ -1788,7 +1789,7 @@ const polar = (options) => {
 					name: profile.public_name || profile.username,
 					email: profile.email,
 					image: profile.avatar_url,
-					emailVerified: true,
+					emailVerified: profile.email_verified ?? false,
 					...userMap
 				},
 				data: profile
@@ -1916,7 +1917,7 @@ const roblox = (options) => {
 					name: profile.nickname || profile.preferred_username || "",
 					image: profile.picture,
 					email: profile.preferred_username || null,
-					emailVerified: true,
+					emailVerified: false,
 					...userMap
 				},
 				data: { ...profile }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/core",
-  "version": "1.4.0-beta.25",
+  "version": "1.4.0-beta.28",
   "description": "The most comprehensive authentication framework for TypeScript.",
   "type": "module",
   "main": "./dist/index.mjs",
@@ -103,7 +103,7 @@
     "@better-auth/utils": "0.3.0",
     "@better-fetch/fetch": "1.1.18",
     "@types/better-sqlite3": "^7.6.13",
-    "better-call": "1.0.28",
+    "better-call": "1.1.0",
     "better-sqlite3": "^12.4.1",
     "jose": "^6.1.0",
     "kysely": "^0.28.5",
@@ -117,7 +117,7 @@
   "peerDependencies": {
     "@better-auth/utils": "0.3.0",
     "@better-fetch/fetch": "1.1.18",
-    "better-call": "1.0.28",
+    "better-call": "1.1.0",
     "jose": "^6.1.0",
     "kysely": "^0.28.5",
     "nanostores": "^1.0.1"

package/src/oauth2/oauth-provider.ts

@@ -8,6 +8,11 @@ export interface OAuth2Tokens {
 	refreshTokenExpiresAt?: Date | undefined;
 	scopes?: string[] | undefined;
 	idToken?: string | undefined;
+	/**
+	 * Raw token response from the provider.
+	 * Preserves provider-specific fields that are not part of the standard OAuth2 token response.
+	 */
+	raw?: Record<string, unknown> | undefined;
 }
 
 export type OAuth2UserInfo = {

package/src/oauth2/utils.ts

@@ -23,6 +23,8 @@ export function getOAuth2Tokens(data: Record<string, any>): OAuth2Tokens {
 				: data.scope
 			: [],
 		idToken: data.id_token,
+		// Preserve the raw token response for provider-specific fields
+		raw: data,
 	};
 }
 

package/src/social-providers/facebook.ts

@@ -152,15 +152,17 @@ export const facebook = (options: FacebookOptions) => {
 				};
 
 				// https://developers.facebook.com/docs/facebook-login/limited-login/permissions
+				// Facebook ID token does not include email_verified claim.
+				// We default to false for security consistency.
 				const userMap = await options.mapProfileToUser?.({
 					...user,
-					email_verified: true,
+					email_verified: false,
 				});
 
 				return {
 					user: {
 						...user,
-						emailVerified: true,
+						emailVerified: false,
 						...userMap,
 					},
 					data: profile,

package/src/social-providers/gitlab.ts

@@ -49,6 +49,7 @@ export interface GitlabProfile extends Record<string, any> {
 	commit_email: string;
 	shared_runners_minutes_limit: number;
 	extra_shared_runners_minutes_limit: number;
+	email_verified?: boolean | undefined;
 }
 
 export interface GitlabOptions extends ProviderOptions<GitlabProfile> {
@@ -135,13 +136,15 @@ export const gitlab = (options: GitlabOptions) => {
 				return null;
 			}
 			const userMap = await options.mapProfileToUser?.(profile);
+			// GitLab may provide email_verified claim, but it's not guaranteed.
+			// We check for it first, then default to false for security consistency.
 			return {
 				user: {
 					id: profile.id,
 					name: profile.name ?? profile.username,
 					email: profile.email,
 					image: profile.avatar_url,
-					emailVerified: true,
+					emailVerified: profile.email_verified ?? false,
 					...userMap,
 				},
 				data: profile,

package/src/social-providers/kick.ts

@@ -74,14 +74,15 @@ export const kick = (options: KickOptions) => {
 			const profile = data.data[0]!;
 
 			const userMap = await options.mapProfileToUser?.(profile);
-
+			// Kick does not provide email_verified claim.
+			// We default to false for security consistency.
 			return {
 				user: {
 					id: profile.user_id,
 					name: profile.name,
 					email: profile.email,
 					image: profile.profile_picture,
-					emailVerified: true,
+					emailVerified: false,
 					...userMap,
 				},
 				data: profile,

package/src/social-providers/linear.ts

@@ -102,14 +102,15 @@ export const linear = (options: LinearOptions) => {
 
 			const userData = profile.data.viewer;
 			const userMap = await options.mapProfileToUser?.(userData);
-
+			// Linear does not provide email_verified claim.
+			// We default to false for security consistency.
 			return {
 				user: {
 					id: profile.data.viewer.id,
 					name: profile.data.viewer.name,
 					email: profile.data.viewer.email,
 					image: profile.data.viewer.avatarUrl,
-					emailVerified: true,
+					emailVerified: false,
 					...userMap,
 				},
 				data: userData,

package/src/social-providers/microsoft-entra-id.ts

@@ -81,6 +81,8 @@ export interface MicrosoftEntraIDProfile extends Record<string, any> {
 	verified_primary_email: string[];
 	/** User's verified secondary email addresses */
 	verified_secondary_email: string[];
+	/** Whether the user's email is verified (optional claim, must be configured in app registration) */
+	email_verified?: boolean | undefined;
 	/** VNET specifier information */
 	vnet: string;
 	/** Client Capabilities */
@@ -208,13 +210,25 @@ export const microsoft = (options: MicrosoftOptions) => {
 				},
 			);
 			const userMap = await options.mapProfileToUser?.(user);
+			// Microsoft Entra ID does NOT include email_verified claim by default.
+			// It must be configured as an optional claim in the app registration.
+			// We default to false when not provided for security consistency.
+			// We can also check verified_primary_email/verified_secondary_email arrays as fallback.
+			const emailVerified =
+				user.email_verified !== undefined
+					? user.email_verified
+					: user.email &&
+							(user.verified_primary_email?.includes(user.email) ||
+								user.verified_secondary_email?.includes(user.email))
+						? true
+						: false;
 			return {
 				user: {
 					id: user.sub,
 					name: user.name,
 					email: user.email,
 					image: user.picture,
-					emailVerified: true,
+					emailVerified,
 					...userMap,
 				},
 				data: user,

package/src/social-providers/polar.ts

@@ -14,6 +14,7 @@ export interface PolarProfile {
 	github_username?: string | undefined;
 	account_id?: string | undefined;
 	public_name?: string | undefined;
+	email_verified?: boolean | undefined;
 	profile_settings?:
 		| {
 				profile_settings_enabled?: boolean;
@@ -90,13 +91,15 @@ export const polar = (options: PolarOptions) => {
 				return null;
 			}
 			const userMap = await options.mapProfileToUser?.(profile);
+			// Polar may provide email_verified claim, but it's not guaranteed.
+			// We check for it first, then default to false for security consistency.
 			return {
 				user: {
 					id: profile.id,
 					name: profile.public_name || profile.username,
 					email: profile.email,
 					image: profile.avatar_url,
-					emailVerified: true,
+					emailVerified: profile.email_verified ?? false,
 					...userMap,
 				},
 				data: profile,

package/src/social-providers/roblox.ts

@@ -90,14 +90,15 @@ export const roblox = (options: RobloxOptions) => {
 			}
 
 			const userMap = await options.mapProfileToUser?.(profile);
-
+			// Roblox does not provide email or email_verified claim.
+			// We default to false for security consistency.
 			return {
 				user: {
 					id: profile.sub,
 					name: profile.nickname || profile.preferred_username || "",
 					image: profile.picture,
 					email: profile.preferred_username || null, // Roblox does not provide email
-					emailVerified: true,
+					emailVerified: false,
 					...userMap,
 				},
 				data: {

package/src/types/context.ts

@@ -104,16 +104,16 @@ export interface InternalAdapter<
 		account: Omit<Account, "id" | "createdAt" | "updatedAt"> & Partial<Account>,
 	): Promise<Account>;
 
-	// fixme: any type
-	updateUser(
+	// Record<string, any> is to take into account additional fields or plugin-added fields
+	updateUser<T extends Record<string, any>>(
 		userId: string,
 		data: Partial<User> & Record<string, any>,
-	): Promise<any>;
+	): Promise<User & T>;
 
-	updateUserByEmail(
+	updateUserByEmail<T extends Record<string, any>>(
 		email: string,
 		data: Partial<User & Record<string, any>>,
-	): Promise<User>;
+	): Promise<User & T>;
 
 	updatePassword(userId: string, password: string): Promise<void>;
 

package/src/types/cookie.ts

@@ -3,5 +3,6 @@ import type { CookieOptions } from "better-call";
 export type BetterAuthCookies = {
 	sessionToken: { name: string; options: CookieOptions };
 	sessionData: { name: string; options: CookieOptions };
+	accountData: { name: string; options: CookieOptions };
 	dontRememberToken: { name: string; options: CookieOptions };
 };

package/src/types/index.ts

@@ -17,5 +17,6 @@ export type {
 	BetterAuthClientOptions,
 	BetterAuthClientPlugin,
 	ClientAtomListener,
+	ClientFetchOption,
 	ClientStore,
 } from "./plugin-client";

package/src/types/init-options.ts

@@ -193,6 +193,7 @@ export type BetterAuthAdvancedOptions = {
 	 * - "session_token"
 	 * - "session_data"
 	 * - "dont_remember"
+	 * - "account_data"
 	 *
 	 * plugins can also add additional cookies
 	 */
@@ -256,29 +257,6 @@ export type BetterAuthAdvancedOptions = {
 				generateId?: GenerateIdFn | false | "serial" | "uuid";
 		  }
 		| undefined;
-	/**
-	 * OAuth configuration
-	 */
-	oauthConfig?:
-		| {
-				/**
-				 * Skip state cookie check
-				 *
-				 * ⚠︎ this has security implications and should only be enabled if you know what you are doing.
-				 * @default false
-				 */
-				skipStateCookieCheck?: boolean;
-				/**
-				 * Strategy for storing OAuth state
-				 *
-				 * - "cookie": Store state in an encrypted cookie (stateless)
-				 * - "database": Store state in the database
-				 *
-				 * @default "cookie"
-				 */
-				storeStateStrategy?: "database" | "cookie";
-		  }
-		| undefined;
 };
 
 export type BetterAuthOptions = {
@@ -921,6 +899,32 @@ export type BetterAuthOptions = {
 				 * @default false
 				 */
 				encryptOAuthTokens?: boolean;
+				/**
+				 * Skip state cookie check
+				 *
+				 * ⚠︎ this has security implications and should only be enabled if you know what you are doing.
+				 * @default false
+				 */
+				skipStateCookieCheck?: boolean;
+				/**
+				 * Strategy for storing OAuth state
+				 *
+				 * - "cookie": Store state in an encrypted cookie (stateless)
+				 * - "database": Store state in the database
+				 *
+				 * @default "cookie"
+				 */
+				storeStateStrategy?: "database" | "cookie";
+				/**
+				 * Store account data after oauth flow on a cookie
+				 *
+				 * This is useful for database-less flow
+				 *
+				 * @default false
+				 *
+				 * @note This is automatically set to true if you haven't passed a database
+				 */
+				storeAccountCookie?: boolean;
 		  }
 		| undefined;
 	/**

package/src/types/plugin-client.ts

@@ -19,6 +19,23 @@ export type ClientAtomListener = {
 	signal: "$sessionSignal" | Omit<string, "$sessionSignal">;
 };
 
+/**
+ * Better-Fetch options but with additional options for the auth-client.
+ */
+export type ClientFetchOption<
+	Body = any,
+	Query extends Record<string, any> = any,
+	Params extends Record<string, any> | Array<string> | undefined = any,
+	Res = any,
+> = BetterFetchOption<Body, Query, Params, Res> & {
+	/**
+	 * Certain endpoints, upon successful response, will trigger atom signals and thus rerendering all hooks related to that atom.
+	 *
+	 * This option is useful when you want to skip hook rerenders.
+	 */
+	disableSignal?: boolean | undefined;
+};
+
 export interface RevalidateOptions {
 	/**
 	 * A time interval (in seconds) after which the session will be re-fetched.
@@ -50,7 +67,7 @@ export interface RevalidateOptions {
 }
 
 export interface BetterAuthClientOptions {
-	fetchOptions?: BetterFetchOption | undefined;
+	fetchOptions?: ClientFetchOption | undefined;
 	plugins?: BetterAuthClientPlugin[] | undefined;
 	baseURL?: string | undefined;
 	basePath?: string | undefined;