@better-auth/core 1.5.0-beta.6 → 1.5.0-beta.7

package/dist/types/context.d.mts

@@ -9,7 +9,7 @@ import { DBAdapter, Where } from "../db/adapter/index.mjs";
 import { createLogger } from "../env/logger.mjs";
 import { OAuthProvider } from "../oauth2/oauth-provider.mjs";
 import "../oauth2/index.mjs";
-import { BetterAuthCookies } from "./cookie.mjs";
+import { BetterAuthCookie, BetterAuthCookies } from "./cookie.mjs";
 import { BetterAuthPlugin } from "./plugin.mjs";
 import { BetterAuthOptions, BetterAuthRateLimitOptions } from "./init-options.mjs";
 import { CookieOptions, EndpointContext } from "better-call";
@@ -89,10 +89,7 @@ interface InternalAdapter<_Options extends BetterAuthOptions = BetterAuthOptions
   deleteVerificationByIdentifier(identifier: string): Promise<void>;
   updateVerificationValue(id: string, data: Partial<Verification>): Promise<Verification>;
 }
-type CreateCookieGetterFn = (cookieName: string, overrideAttributes?: Partial<CookieOptions> | undefined) => {
-  name: string;
-  attributes: CookieOptions;
-};
+type CreateCookieGetterFn = (cookieName: string, overrideAttributes?: Partial<CookieOptions> | undefined) => BetterAuthCookie;
 type CheckPasswordFn<Options extends BetterAuthOptions = BetterAuthOptions> = (userId: string, ctx: GenericEndpointContext<Options>) => Promise<boolean>;
 type PluginContext = {
   getPlugin: <ID extends BetterAuthPluginRegistryIdentifier | LiteralString>(pluginId: ID) => (ID extends BetterAuthPluginRegistryIdentifier ? ReturnType<BetterAuthPluginRegistry<unknown, unknown>[ID]["creator"]> : BetterAuthPlugin) | null;
@@ -111,10 +108,13 @@ type PluginContext = {
    */
   hasPlugin: <ID extends BetterAuthPluginRegistryIdentifier | LiteralString>(pluginId: ID) => boolean;
 };
-type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> = PluginContext & {
-  options: Options;
+type InfoContext = {
   appName: string;
   baseURL: string;
+  version: string;
+};
+type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> = PluginContext & InfoContext & {
+  options: Options;
   trustedOrigins: string[];
   /**
    * Verifies whether url is a trusted origin according to the "trustedOrigins" configuration
@@ -166,7 +166,7 @@ type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> = Plugin
     window: number;
     max: number;
     storage: "memory" | "database" | "secondary-storage";
-  } & BetterAuthRateLimitOptions;
+  } & Omit<BetterAuthRateLimitOptions, "enabled" | "window" | "max" | "storage">;
   adapter: DBAdapter<Options>;
   internalAdapter: InternalAdapter<Options>;
   createAuthCookie: CreateCookieGetterFn;
@@ -205,17 +205,18 @@ type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> = Plugin
     payload: Record<string, any>;
   }) => Promise<void>;
   /**
-   * This skips the origin check for all requests.
+   * Skip origin check for requests.
    *
-   * set to true by default for `test` environments and `false`
-   * for other environments.
+   * - `true`: Skip for ALL requests (DANGEROUS - disables CSRF protection)
+   * - `string[]`: Skip only for specific paths (e.g., SAML callbacks)
+   * - `false`: Enable origin check (default)
    *
-   * It's inferred from the `options.advanced?.disableCSRFCheck`
-   * option or `options.advanced?.disableOriginCheck` option.
+   * Paths support prefix matching (e.g., "/sso/saml2/callback" matches
+   * "/sso/saml2/callback/provider-name").
    *
-   * @default false
+   * @default false (true in test environments)
    */
-  skipOriginCheck: boolean;
+  skipOriginCheck: boolean | string[];
   /**
    * This skips the CSRF check for all requests.
    *
@@ -243,4 +244,4 @@ type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> = Plugin
   runInBackgroundOrAwait: (promise: Promise<unknown> | Promise<void> | void | unknown) => Promise<unknown>;
 };
 //#endregion
-export { AuthContext, BetterAuthPluginRegistry, BetterAuthPluginRegistryIdentifier, GenericEndpointContext, InternalAdapter, PluginContext };
+export { AuthContext, BetterAuthPluginRegistry, BetterAuthPluginRegistryIdentifier, GenericEndpointContext, InfoContext, InternalAdapter, PluginContext };

package/dist/types/cookie.d.mts

@@ -1,23 +1,15 @@
 import { CookieOptions } from "better-call";
 
 //#region src/types/cookie.d.ts
+type BetterAuthCookie = {
+  name: string;
+  attributes: CookieOptions;
+};
 type BetterAuthCookies = {
-  sessionToken: {
-    name: string;
-    options: CookieOptions;
-  };
-  sessionData: {
-    name: string;
-    options: CookieOptions;
-  };
-  accountData: {
-    name: string;
-    options: CookieOptions;
-  };
-  dontRememberToken: {
-    name: string;
-    options: CookieOptions;
-  };
+  sessionToken: BetterAuthCookie;
+  sessionData: BetterAuthCookie;
+  accountData: BetterAuthCookie;
+  dontRememberToken: BetterAuthCookie;
 };
 //#endregion
-export { BetterAuthCookies };
+export { BetterAuthCookie, BetterAuthCookies };

package/dist/types/index.d.mts

@@ -1,8 +1,8 @@
 import { Awaitable, LiteralString, LiteralUnion, Prettify, Primitive } from "./helper.mjs";
-import { BetterAuthCookies } from "./cookie.mjs";
+import { BetterAuthCookie, BetterAuthCookies } from "./cookie.mjs";
 import { BetterAuthPlugin, HookEndpointContext } from "./plugin.mjs";
-import { BetterAuthAdvancedOptions, BetterAuthOptions, BetterAuthRateLimitOptions, GenerateIdFn } from "./init-options.mjs";
-import { AuthContext, BetterAuthPluginRegistry, BetterAuthPluginRegistryIdentifier, GenericEndpointContext, InternalAdapter, PluginContext } from "./context.mjs";
+import { BetterAuthAdvancedOptions, BetterAuthOptions, BetterAuthRateLimitOptions, BetterAuthRateLimitRule, BetterAuthRateLimitStorage, GenerateIdFn } from "./init-options.mjs";
+import { AuthContext, BetterAuthPluginRegistry, BetterAuthPluginRegistryIdentifier, GenericEndpointContext, InfoContext, InternalAdapter, PluginContext } from "./context.mjs";
 import { BetterAuthClientOptions, BetterAuthClientPlugin, ClientAtomListener, ClientFetchOption, ClientStore } from "./plugin-client.mjs";
 import { StandardSchemaV1 as StandardSchemaV1$1 } from "@standard-schema/spec";
 export { type StandardSchemaV1$1 as StandardSchemaV1 };

package/dist/types/init-options.d.mts

@@ -27,46 +27,37 @@ type GenerateIdFn = (options: {
   model: ModelNames;
   size?: number | undefined;
 }) => string | false;
-type BetterAuthRateLimitOptions = {
-  /**
-   * By default, rate limiting is only
-   * enabled on production.
-   */
-  enabled?: boolean | undefined;
+interface BetterAuthRateLimitStorage {
+  get: (key: string) => Promise<RateLimit | null | undefined>;
+  set: (key: string, value: RateLimit, update?: boolean | undefined) => Promise<void>;
+}
+type BetterAuthRateLimitRule = {
   /**
    * Default window to use for rate limiting. The value
    * should be in seconds.
    *
    * @default 10 seconds
    */
-  window?: number | undefined;
+  window: number;
   /**
    * The default maximum number of requests allowed within the window.
    *
    * @default 100 requests
    */
-  max?: number | undefined;
+  max: number;
+};
+type BetterAuthRateLimitOptions = Optional<BetterAuthRateLimitRule> & {
+  /**
+   * By default, rate limiting is only
+   * enabled on production.
+   */
+  enabled?: boolean | undefined;
   /**
    * Custom rate limit rules to apply to
    * specific paths.
    */
   customRules?: {
-    [key: string]: {
-      /**
-       * The window to use for the custom rule.
-       */
-      window: number;
-      /**
-       * The maximum number of requests allowed within the window.
-       */
-      max: number;
-    } | false | ((request: Request) => {
-      window: number;
-      max: number;
-    } | false | Promise<{
-      window: number;
-      max: number;
-    } | false>);
+    [key: string]: BetterAuthRateLimitRule | false | ((request: Request, currentRule: BetterAuthRateLimitRule) => Awaitable<false | BetterAuthRateLimitRule>);
   } | undefined;
   /**
    * Storage configuration
@@ -95,10 +86,7 @@ type BetterAuthRateLimitOptions = {
    * NOTE: If custom storage is used storage
    * is ignored
    */
-  customStorage?: {
-    get: (key: string) => Promise<RateLimit | undefined>;
-    set: (key: string, value: RateLimit) => Promise<void>;
-  };
+  customStorage?: BetterAuthRateLimitStorage;
 };
 type BetterAuthAdvancedOptions = {
   /**
@@ -1263,4 +1251,4 @@ type BetterAuthOptions = {
   };
 };
 //#endregion
-export { BetterAuthAdvancedOptions, BetterAuthOptions, BetterAuthRateLimitOptions, GenerateIdFn };
+export { BetterAuthAdvancedOptions, BetterAuthOptions, BetterAuthRateLimitOptions, BetterAuthRateLimitRule, BetterAuthRateLimitStorage, GenerateIdFn };

package/dist/utils/url.d.mts

@@ -0,0 +1,20 @@
+//#region src/utils/url.d.ts
+/**
+ * Normalizes a request pathname by removing the basePath prefix and trailing slashes.
+ * This is useful for matching paths against configured path lists.
+ *
+ * @param requestUrl - The full request URL
+ * @param basePath - The base path of the auth API (e.g., "/api/auth")
+ * @returns The normalized path without basePath prefix or trailing slashes,
+ *          or "/" if URL parsing fails
+ *
+ * @example
+ * normalizePathname("http://localhost:3000/api/auth/sso/saml2/callback/provider1", "/api/auth")
+ * // Returns: "/sso/saml2/callback/provider1"
+ *
+ * normalizePathname("http://localhost:3000/sso/saml2/callback/provider1/", "/")
+ * // Returns: "/sso/saml2/callback/provider1"
+ */
+declare function normalizePathname(requestUrl: string, basePath: string): string;
+//#endregion
+export { normalizePathname };

package/dist/utils/url.mjs

@@ -0,0 +1,32 @@
+//#region src/utils/url.ts
+/**
+* Normalizes a request pathname by removing the basePath prefix and trailing slashes.
+* This is useful for matching paths against configured path lists.
+*
+* @param requestUrl - The full request URL
+* @param basePath - The base path of the auth API (e.g., "/api/auth")
+* @returns The normalized path without basePath prefix or trailing slashes,
+*          or "/" if URL parsing fails
+*
+* @example
+* normalizePathname("http://localhost:3000/api/auth/sso/saml2/callback/provider1", "/api/auth")
+* // Returns: "/sso/saml2/callback/provider1"
+*
+* normalizePathname("http://localhost:3000/sso/saml2/callback/provider1/", "/")
+* // Returns: "/sso/saml2/callback/provider1"
+*/
+function normalizePathname(requestUrl, basePath) {
+	let pathname;
+	try {
+		pathname = new URL(requestUrl).pathname.replace(/\/+$/, "") || "/";
+	} catch {
+		return "/";
+	}
+	if (basePath === "/" || basePath === "") return pathname;
+	if (pathname === basePath) return "/";
+	if (pathname.startsWith(basePath + "/")) return pathname.slice(basePath.length).replace(/\/+$/, "") || "/";
+	return pathname;
+}
+
+//#endregion
+export { normalizePathname };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/core",
-  "version": "1.5.0-beta.6",
+  "version": "1.5.0-beta.7",
   "description": "The most comprehensive authentication framework for TypeScript.",
   "type": "module",
   "repository": {

package/src/context/endpoint-context.ts

@@ -2,6 +2,7 @@ import type { AsyncLocalStorage } from "@better-auth/core/async_hooks";
 import { getAsyncLocalStorage } from "@better-auth/core/async_hooks";
 import type { EndpointContext, InputContext } from "better-call";
 import type { AuthContext } from "../types";
+import { __getBetterAuthGlobal } from "./global";
 
 export type AuthEndpointContext = Partial<
 	InputContext<string, any> & EndpointContext<string, any>
@@ -9,24 +10,15 @@ export type AuthEndpointContext = Partial<
 	context: AuthContext;
 };
 
-const symbol = Symbol.for("better-auth:endpoint-context-async-storage");
-
-let currentContextAsyncStorage: AsyncLocalStorage<AuthEndpointContext> | null =
-	null;
-
 const ensureAsyncStorage = async () => {
-	if (
-		!currentContextAsyncStorage ||
-		(globalThis as any)[symbol] === undefined
-	) {
+	const betterAuthGlobal = __getBetterAuthGlobal();
+	if (!betterAuthGlobal.context.endpointContextAsyncStorage) {
 		const AsyncLocalStorage = await getAsyncLocalStorage();
-		currentContextAsyncStorage = new AsyncLocalStorage();
-		(globalThis as any)[symbol] = currentContextAsyncStorage;
+		betterAuthGlobal.context.endpointContextAsyncStorage =
+			new AsyncLocalStorage<AuthEndpointContext>();
 	}
-	return (
-		currentContextAsyncStorage ||
-		((globalThis as any)[symbol] as AsyncLocalStorage<AuthEndpointContext>)
-	);
+	return betterAuthGlobal.context
+		.endpointContextAsyncStorage as AsyncLocalStorage<AuthEndpointContext>;
 };
 
 /**

package/src/context/global.ts

@@ -0,0 +1,57 @@
+import type { AsyncLocalStorage } from "@better-auth/core/async_hooks";
+
+interface BetterAuthGlobal {
+	/**
+	 * The version of BetterAuth.
+	 */
+	version: string;
+	/**
+	 * Used to track the number of BetterAuth instances in the same process.
+	 *
+	 * Debugging purposes only.
+	 */
+	epoch: number;
+	/**
+	 * Stores the AsyncLocalStorage instances for each context.
+	 */
+	context: Record<string, AsyncLocalStorage<unknown>>;
+}
+
+const symbol = Symbol.for("better-auth:global");
+let bind: BetterAuthGlobal | null = null;
+
+const __context: Record<string, AsyncLocalStorage<unknown>> = {};
+const __betterAuthVersion: string = import.meta.env
+	.BETTER_AUTH_VERSION as string;
+
+/**
+ * We store context instance in the globalThis.
+ *
+ * The reason we do this is that some bundlers, web framework, or package managers might
+ * create multiple copies of BetterAuth in the same process intentionally or unintentionally.
+ *
+ * For example, yarn v1, Next.js, SSR, Vite...
+ *
+ * @internal
+ */
+export function __getBetterAuthGlobal(): BetterAuthGlobal {
+	if (!(globalThis as any)[symbol]) {
+		(globalThis as any)[symbol] = {
+			version: __betterAuthVersion,
+			epoch: 1,
+			context: __context,
+		};
+		bind = (globalThis as any)[symbol] as BetterAuthGlobal;
+	}
+	bind = (globalThis as any)[symbol] as BetterAuthGlobal;
+	if (bind.version !== __betterAuthVersion) {
+		bind.version = __betterAuthVersion;
+		// Different versions of BetterAuth are loaded in the same process.
+		bind.epoch++;
+	}
+	return (globalThis as any)[symbol] as BetterAuthGlobal;
+}
+
+export function getBetterAuthVersion(): string {
+	return __getBetterAuthGlobal().version;
+}

package/src/context/index.ts

@@ -4,6 +4,7 @@ export {
 	getCurrentAuthContextAsyncLocalStorage,
 	runWithEndpointContext,
 } from "./endpoint-context";
+export { getBetterAuthVersion } from "./global";
 export {
 	defineRequestState,
 	getCurrentRequestState,

package/src/context/request-state.ts

@@ -1,23 +1,18 @@
 import type { AsyncLocalStorage } from "@better-auth/core/async_hooks";
 import { getAsyncLocalStorage } from "@better-auth/core/async_hooks";
+import { __getBetterAuthGlobal } from "./global";
 
 export type RequestStateWeakMap = WeakMap<object, any>;
 
-const symbol = Symbol.for("better-auth:request-state-async-storage");
-
-let requestStateAsyncStorage: AsyncLocalStorage<RequestStateWeakMap> | null =
-	null;
-
 const ensureAsyncStorage = async () => {
-	if (!requestStateAsyncStorage || (globalThis as any)[symbol] === undefined) {
+	const betterAuthGlobal = __getBetterAuthGlobal();
+	if (!betterAuthGlobal.context.requestStateAsyncStorage) {
 		const AsyncLocalStorage = await getAsyncLocalStorage();
-		requestStateAsyncStorage = new AsyncLocalStorage();
-		(globalThis as any)[symbol] = requestStateAsyncStorage;
+		betterAuthGlobal.context.requestStateAsyncStorage =
+			new AsyncLocalStorage<RequestStateWeakMap>();
 	}
-	return (
-		requestStateAsyncStorage ||
-		((globalThis as any)[symbol] as AsyncLocalStorage<RequestStateWeakMap>)
-	);
+	return betterAuthGlobal.context
+		.requestStateAsyncStorage as AsyncLocalStorage<RequestStateWeakMap>;
 };
 
 export async function getRequestStateAsyncLocalStorage() {

package/src/context/transaction.ts

@@ -1,25 +1,16 @@
-import type { AsyncLocalStorage } from "@better-auth/core/async_hooks";
+import type { AsyncLocalStorage } from "node:async_hooks";
 import { getAsyncLocalStorage } from "@better-auth/core/async_hooks";
 import type { DBAdapter, DBTransactionAdapter } from "../db/adapter";
-
-const symbol = Symbol.for("better-auth:transaction-adapter-async-storage");
-
-let currentAdapterAsyncStorage: AsyncLocalStorage<DBTransactionAdapter> | null =
-	null;
+import { __getBetterAuthGlobal } from "./global";
 
 const ensureAsyncStorage = async () => {
-	if (
-		!currentAdapterAsyncStorage ||
-		(globalThis as any)[symbol] === undefined
-	) {
+	const betterAuthGlobal = __getBetterAuthGlobal();
+	if (!betterAuthGlobal.context.adapterAsyncStorage) {
 		const AsyncLocalStorage = await getAsyncLocalStorage();
-		currentAdapterAsyncStorage = new AsyncLocalStorage();
-		(globalThis as any)[symbol] = currentAdapterAsyncStorage;
+		betterAuthGlobal.context.adapterAsyncStorage = new AsyncLocalStorage();
 	}
-	return (
-		currentAdapterAsyncStorage ||
-		((globalThis as any)[symbol] as AsyncLocalStorage<DBTransactionAdapter>)
-	);
+	return betterAuthGlobal.context
+		.adapterAsyncStorage as AsyncLocalStorage<DBTransactionAdapter>;
 };
 
 /**

package/src/db/adapter/factory.ts

@@ -200,7 +200,7 @@ export const createAdapterFactory =
 				let value = data[field];
 				const fieldAttributes = fields[field];
 
-				let newFieldName: string =
+				const newFieldName: string =
 					newMappedKeys[field] || fields[field]!.fieldName || field;
 				if (
 					value === undefined &&
@@ -335,7 +335,7 @@ export const createAdapterFactory =
 							newValue = await field.transform.output(newValue);
 						}
 
-						let newFieldName: string = newMappedKeys[key] || key;
+						const newFieldName: string = newMappedKeys[key] || key;
 
 						if (originalKey === "id" || field.references?.field === "id") {
 							// Even if `useNumberId` is true, we must always return a string `id` output.
@@ -392,7 +392,7 @@ export const createAdapterFactory =
 			unsafe_model = getDefaultModelName(unsafe_model);
 			// for now we just transform the base model
 			// later we append the joined models to this object.
-			let transformedData: Record<string, any> = await transformSingleOutput(
+			const transformedData: Record<string, any> = await transformSingleOutput(
 				data,
 				unsafe_model,
 				select,
@@ -443,7 +443,7 @@ export const createAdapterFactory =
 					joinedData = [joinedData];
 				}
 
-				let transformed = [];
+				const transformed = [];
 
 				if (Array.isArray(joinedData)) {
 					for (const item of joinedData) {
@@ -822,7 +822,7 @@ export const createAdapterFactory =
 				forceAllowId?: boolean;
 			}): Promise<R> => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				unsafeModel = getDefaultModelName(unsafeModel);
 				if (
@@ -903,7 +903,7 @@ export const createAdapterFactory =
 				update: Record<string, any>;
 			}): Promise<T | null> => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				unsafeModel = getDefaultModelName(unsafeModel);
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
@@ -965,7 +965,7 @@ export const createAdapterFactory =
 				update: Record<string, any>;
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1021,7 +1021,7 @@ export const createAdapterFactory =
 				join?: JoinOption;
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1095,7 +1095,7 @@ export const createAdapterFactory =
 				join?: JoinOption;
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const limit =
 					unsafeLimit ??
 					options.advanced?.database?.defaultFindManyLimit ??
@@ -1173,7 +1173,7 @@ export const createAdapterFactory =
 				where: Where[];
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1206,7 +1206,7 @@ export const createAdapterFactory =
 				where: Where[];
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1240,7 +1240,7 @@ export const createAdapterFactory =
 				where?: Where[];
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1350,7 +1350,7 @@ export const createAdapterFactory =
 								}
 
 								//`${colors.fg.blue}|${colors.reset} `,
-								let log: any[] = logs
+								const log: any[] = logs
 									.reverse()
 									.map((log) => {
 										log.args[0] = `\n${log.args[0]}`;

package/src/db/adapter/get-default-model-name.ts

@@ -23,7 +23,7 @@ export const initGetDefaultModelName = ({
 		// It's possible this `model` could had applied `usePlural`.
 		// Thus we'll try the search but without the trailing `s`.
 		if (usePlural && model.charAt(model.length - 1) === "s") {
-			let pluralessModel = model.slice(0, -1);
+			const pluralessModel = model.slice(0, -1);
 			let m = schema[pluralessModel] ? pluralessModel : undefined;
 			if (!m) {
 				m = Object.entries(schema).find(

package/src/db/adapter/get-id-field.ts

@@ -36,7 +36,7 @@ export const initGetIdField = ({
 			options.advanced?.database?.generateId === "serial";
 		const useUUIDs = options.advanced?.database?.generateId === "uuid";
 
-		let shouldGenerateId: boolean = (() => {
+		const shouldGenerateId: boolean = (() => {
 			if (disableIdGeneration) {
 				return false;
 			} else if (useNumberId && !forceAllowId) {
@@ -58,7 +58,7 @@ export const initGetIdField = ({
 				? {
 						defaultValue() {
 							if (disableIdGeneration) return undefined;
-							let generateId = options.advanced?.database?.generateId;
+							const generateId = options.advanced?.database?.generateId;
 							if (generateId === false || useNumberId) return undefined;
 							if (typeof generateId === "function") {
 								return generateId({

package/src/error/index.ts

@@ -1,11 +1,10 @@
 import { APIError as BaseAPIError } from "better-call/error";
 
 export class BetterAuthError extends Error {
-	constructor(message: string, cause?: string | undefined) {
-		super(message);
+	constructor(message: string, options?: { cause?: unknown | undefined }) {
+		super(message, options);
 		this.name = "BetterAuthError";
 		this.message = message;
-		this.cause = cause;
 		this.stack = "";
 	}
 }

package/src/social-providers/apple.ts

@@ -161,9 +161,18 @@ export const apple = (options: AppleOptions) => {
 			if (!profile) {
 				return null;
 			}
-			const name = token.user
-				? `${token.user.name?.firstName} ${token.user.name?.lastName}`
-				: profile.name || profile.email;
+
+			// TODO: " " masking will be removed when the name field is made optional
+			let name: string;
+			if (token.user?.name) {
+				const firstName = token.user.name.firstName || "";
+				const lastName = token.user.name.lastName || "";
+				const fullName = `${firstName} ${lastName}`.trim();
+				name = fullName || " ";
+			} else {
+				name = profile.name || " ";
+			}
+
 			const emailVerified =
 				typeof profile.email_verified === "boolean"
 					? profile.email_verified

package/src/social-providers/gitlab.ts

@@ -65,7 +65,7 @@ const cleanDoubleSlashes = (input: string = "") => {
 };
 
 const issuerToEndpoints = (issuer?: string | undefined) => {
-	let baseUrl = issuer || "https://gitlab.com";
+	const baseUrl = issuer || "https://gitlab.com";
 	return {
 		authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
 		tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),