@better-auth/core 1.5.0-beta.8 → 1.5.0

package/src/social-providers/naver.ts

@@ -96,7 +96,7 @@ export const naver = (options: NaverOptions) => {
 			const res = profile.response || {};
 			const user = {
 				id: res.id,
-				name: res.name || res.nickname,
+				name: res.name || res.nickname || "",
 				email: res.email,
 				image: res.profile_image,
 				emailVerified: false,

package/src/social-providers/notion.ts

@@ -94,7 +94,7 @@ export const notion = (options: NotionOptions) => {
 			return {
 				user: {
 					id: userProfile.id,
-					name: userProfile.name || "Notion User",
+					name: userProfile.name || "",
 					email: userProfile.person?.email || null,
 					image: userProfile.avatar_url,
 					emailVerified: false,

package/src/social-providers/paybin.ts

@@ -104,11 +104,7 @@ export const paybin = (options: PaybinOptions) => {
 			return {
 				user: {
 					id: user.sub,
-					name:
-						user.name ||
-						user.preferred_username ||
-						(user.email ? user.email.split("@")[0] : "User") ||
-						"User",
+					name: user.name || user.preferred_username || "",
 					email: user.email,
 					image: user.picture,
 					emailVerified: user.email_verified || false,

package/src/social-providers/polar.ts

@@ -96,7 +96,7 @@ export const polar = (options: PolarOptions) => {
 			return {
 				user: {
 					id: profile.id,
-					name: profile.public_name || profile.username,
+					name: profile.public_name || profile.username || "",
 					email: profile.email,
 					image: profile.avatar_url,
 					emailVerified: profile.email_verified ?? false,

package/src/social-providers/railway.ts

@@ -0,0 +1,100 @@
+import { betterFetch } from "@better-fetch/fetch";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	createAuthorizationURL,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+
+const authorizationEndpoint = "https://backboard.railway.com/oauth/auth";
+const tokenEndpoint = "https://backboard.railway.com/oauth/token";
+const userinfoEndpoint = "https://backboard.railway.com/oauth/me";
+
+export interface RailwayProfile {
+	/** The user's unique ID (OAuth `sub` claim). */
+	sub: string;
+	/** The user's email address. */
+	email: string;
+	/** The user's display name. */
+	name: string;
+	/** URL of the user's profile picture. */
+	picture: string;
+}
+
+export interface RailwayOptions extends ProviderOptions<RailwayProfile> {
+	clientId: string;
+}
+
+export const railway = (options: RailwayOptions) => {
+	return {
+		id: "railway",
+		name: "Railway",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["openid", "email", "profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "railway",
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint,
+				authentication: "basic",
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) => {
+					return refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint,
+						authentication: "basic",
+					});
+				},
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			const { data: profile, error } = await betterFetch<RailwayProfile>(
+				userinfoEndpoint,
+				{ headers: { authorization: `Bearer ${token.accessToken}` } },
+			);
+			if (error || !profile) {
+				return null;
+			}
+			const userMap = await options.mapProfileToUser?.(profile);
+			// Railway does not provide an email_verified claim.
+			// We default to false for security consistency.
+			return {
+				user: {
+					id: profile.sub,
+					name: profile.name,
+					email: profile.email,
+					image: profile.picture,
+					emailVerified: false,
+					...userMap,
+				},
+				data: profile,
+			};
+		},
+		options,
+	} satisfies OAuthProvider<RailwayProfile>;
+};

package/src/social-providers/tiktok.ts

@@ -197,7 +197,8 @@ export const tiktok = (options: TiktokOptions) => {
 				user: {
 					email: profile.data.user.email || profile.data.user.username,
 					id: profile.data.user.open_id,
-					name: profile.data.user.display_name || profile.data.user.username,
+					name:
+						profile.data.user.display_name || profile.data.user.username || "",
 					image: profile.data.user.avatar_large_url,
 					emailVerified: false,
 				},

package/src/social-providers/vercel.ts

@@ -73,7 +73,7 @@ export const vercel = (options: VercelOptions) => {
 			return {
 				user: {
 					id: profile.sub,
-					name: profile.name ?? profile.preferred_username,
+					name: profile.name ?? profile.preferred_username ?? "",
 					email: profile.email,
 					image: profile.picture,
 					emailVerified: profile.email_verified ?? false,

package/src/social-providers/zoom.ts

@@ -96,11 +96,6 @@ export interface ZoomProfile extends Record<string, any> {
 	login_types: LoginType[];
 	/** User's personal meeting URL (Example: "example.com") */
 	personal_meeting_url: string;
-	/** This field has been deprecated and will not be supported in the future.
-	 * Use the phone_numbers field instead of this field.
-	 * The user's phone number (Example: "+1 800000000") */
-	// @deprecated true
-	phone_number?: string | undefined;
 	/** The URL for user's profile picture (Example: "example.com") */
 	pic_url: string;
 	/** Personal Meeting ID (PMI) (Example: 3542471135) */
@@ -131,9 +126,6 @@ export interface ZoomProfile extends Record<string, any> {
 	employee_unique_id?: string | undefined;
 	/** The manager for the user (Example: "thill@example.com") */
 	manager?: string | undefined;
-	/** The user's country for the company phone number (Example: "US")
-	 * @deprecated true */
-	phone_country?: string | undefined;
 	/** The phone number's ISO country code (Example: "+1") */
 	phone_numbers?: PhoneNumber[] | undefined;
 	/** The user's plan type (Example: "1") */

package/src/types/context.ts

@@ -12,29 +12,66 @@ import type { DBAdapter, Where } from "../db/adapter";
 import type { createLogger } from "../env";
 import type { OAuthProvider } from "../oauth2";
 import type { BetterAuthCookie, BetterAuthCookies } from "./cookie";
-import type { LiteralString } from "./helper";
+import type { Awaitable, LiteralString } from "./helper";
 import type {
 	BetterAuthOptions,
 	BetterAuthRateLimitOptions,
 } from "./init-options";
 import type { BetterAuthPlugin } from "./plugin";
+import type { SecretConfig } from "./secret";
+
+/**
+ * @internal
+ */
+type InferPluginID<O extends BetterAuthOptions> =
+	O["plugins"] extends Array<infer P>
+		? P extends BetterAuthPlugin
+			? P["id"]
+			: never
+		: never;
+
+/**
+ * @internal
+ */
+type InferPluginOptions<
+	O extends BetterAuthOptions,
+	ID extends BetterAuthPluginRegistryIdentifier | LiteralString,
+> =
+	O["plugins"] extends Array<infer P>
+		? P extends BetterAuthPlugin
+			? P["id"] extends ID
+				? P extends { options: infer O }
+					? O
+					: never
+				: never
+			: never
+		: never;
 
 /**
  * Mutators are defined in each plugin
  *
  * @example
  * ```ts
+ * interface MyPluginOptions {
+ *   useFeature: boolean
+ * }
+ *
+ * const createMyPlugin = <Options extends MyPluginOptions>(options?: Options) => ({
+ *   id: 'my-plugin',
+ *   options,
+ * } satisfies BetterAuthPlugin);
+ *
  * declare module "@better-auth/core" {
- *  interface BetterAuthPluginRegistry<Auth, Context> {
- *    'jwt': {
- *      creator: typeof jwt
+ *  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+ *    'my-plugin': {
+ *      creator: Options extends MyPluginOptions ? typeof createMyPlugin<Options>: typeof createMyPlugin
  *    }
  *  }
  * }
  * ```
  */
 // biome-ignore lint/correctness/noUnusedVariables: Auth and Context is used in the declaration merging
-export interface BetterAuthPluginRegistry<Auth, Context> {}
+export interface BetterAuthPluginRegistry<AuthOptions, Options> {}
 export type BetterAuthPluginRegistryIdentifier = keyof BetterAuthPluginRegistry<
 	unknown,
 	unknown
@@ -67,7 +104,10 @@ export interface InternalAdapter<
 			T,
 	): Promise<T & Account>;
 
-	listSessions(userId: string): Promise<Session[]>;
+	listSessions(
+		userId: string,
+		options?: { onlyActiveSessions?: boolean | undefined } | undefined,
+	): Promise<Session[]>;
 
 	listUsers(
 		limit?: number | undefined,
@@ -94,6 +134,11 @@ export interface InternalAdapter<
 
 	findSessions(
 		sessionTokens: string[],
+		options?:
+			| {
+					onlyActiveSessions?: boolean | undefined;
+			  }
+			| undefined,
 	): Promise<{ session: Session; user: User }[]>;
 
 	updateSession(
@@ -113,7 +158,11 @@ export interface InternalAdapter<
 		email: string,
 		accountId: string,
 		providerId: string,
-	): Promise<{ user: User; accounts: Account[] } | null>;
+	): Promise<{
+		user: User;
+		linkedAccount: Account | null;
+		accounts: Account[];
+	} | null>;
 
 	findUserByEmail(
 		email: string,
@@ -179,12 +228,21 @@ type CheckPasswordFn<Options extends BetterAuthOptions = BetterAuthOptions> = (
 	ctx: GenericEndpointContext<Options>,
 ) => Promise<boolean>;
 
-export type PluginContext = {
-	getPlugin: <ID extends BetterAuthPluginRegistryIdentifier | LiteralString>(
+export type PluginContext<Options extends BetterAuthOptions> = {
+	getPlugin: <
+		ID extends BetterAuthPluginRegistryIdentifier | LiteralString,
+		PluginOptions extends InferPluginOptions<Options, ID>,
+	>(
 		pluginId: ID,
 	) =>
 		| (ID extends BetterAuthPluginRegistryIdentifier
-				? ReturnType<BetterAuthPluginRegistry<unknown, unknown>[ID]["creator"]>
+				? BetterAuthPluginRegistry<Options, PluginOptions>[ID] extends {
+						creator: infer C;
+					}
+					? C extends (...args: any[]) => infer R
+						? R
+						: never
+					: never
 				: BetterAuthPlugin)
 		| null;
 	/**
@@ -202,7 +260,7 @@ export type PluginContext = {
 	 */
 	hasPlugin: <ID extends BetterAuthPluginRegistryIdentifier | LiteralString>(
 		pluginId: ID,
-	) => boolean;
+	) => ID extends InferPluginID<Options> ? true : boolean;
 };
 
 export type InfoContext = {
@@ -212,10 +270,15 @@ export type InfoContext = {
 };
 
 export type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> =
-	PluginContext &
+	PluginContext<Options> &
 		InfoContext & {
 			options: Options;
 			trustedOrigins: string[];
+			/**
+			 * Resolved list of trusted providers for account linking.
+			 * Populated from "account.accountLinking.trustedProviders" (supports static array or async function).
+			 */
+			trustedProviders: string[];
 			/**
 			 * Verifies whether url is a trusted origin according to the "trustedOrigins" configuration
 			 * @param url The url to verify against the "trustedOrigins" configuration
@@ -277,6 +340,7 @@ export type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> =
 			internalAdapter: InternalAdapter<Options>;
 			createAuthCookie: CreateCookieGetterFn;
 			secret: string;
+			secretConfig: string | SecretConfig;
 			sessionConfig: {
 				updateAge: number;
 				expiresIn: number;
@@ -337,7 +401,7 @@ export type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> =
 			 * This is inferred from the `options.advanced?.backgroundTasks?.handler` option.
 			 * Defaults to a no-op that just runs the promise.
 			 */
-			runInBackground: (promise: Promise<void>) => void;
+			runInBackground: (promise: Promise<unknown>) => void;
 			/**
 			 * Runs a task in the background if `runInBackground` is configured,
 			 * otherwise awaits the task directly.
@@ -347,6 +411,6 @@ export type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> =
 			 * mitigation), but still ensure the operation completes.
 			 */
 			runInBackgroundOrAwait: (
-				promise: Promise<unknown> | Promise<void> | void | unknown,
-			) => Promise<unknown>;
+				promise: Promise<unknown> | void,
+			) => Awaitable<unknown>;
 		};

package/src/types/helper.ts

@@ -8,6 +8,7 @@ export type Primitive =
 	| undefined;
 
 export type Awaitable<T> = T | Promise<T>;
+export type AwaitableFunction<T> = T | (() => Awaitable<T>);
 export type LiteralString = "" | (string & Record<never, never>);
 export type LiteralUnion<LiteralType, BaseType extends Primitive> =
 	| LiteralType
@@ -16,3 +17,11 @@ export type LiteralUnion<LiteralType, BaseType extends Primitive> =
 export type Prettify<T> = {
 	[K in keyof T]: T[K];
 } & {};
+
+export type UnionToIntersection<U> = (
+	U extends any
+		? (k: U) => void
+		: never
+) extends (k: infer I) => void
+	? I
+	: never;

package/src/types/index.ts

@@ -8,17 +8,28 @@ export type {
 	InternalAdapter,
 	PluginContext,
 } from "./context";
-export type { BetterAuthCookie, BetterAuthCookies } from "./cookie";
+export type {
+	BetterAuthCookie,
+	BetterAuthCookies,
+} from "./cookie";
 export type * from "./helper";
 export type {
+	BaseURLConfig,
 	BetterAuthAdvancedOptions,
+	BetterAuthDBOptions,
 	BetterAuthOptions,
 	BetterAuthRateLimitOptions,
 	BetterAuthRateLimitRule,
 	BetterAuthRateLimitStorage,
+	DynamicBaseURLConfig,
 	GenerateIdFn,
+	StoreIdentifierOption,
 } from "./init-options";
-export type { BetterAuthPlugin, HookEndpointContext } from "./plugin";
+export type {
+	BetterAuthPlugin,
+	BetterAuthPluginErrorCodePart,
+	HookEndpointContext,
+} from "./plugin";
 export type {
 	BetterAuthClientOptions,
 	BetterAuthClientPlugin,
@@ -26,3 +37,4 @@ export type {
 	ClientFetchOption,
 	ClientStore,
 } from "./plugin-client";
+export type { SecretConfig } from "./secret";