@better-auth/core 1.6.7 → 1.6.8

package/dist/context/global.mjs

@@ -2,7 +2,7 @@
 const symbol = Symbol.for("better-auth:global");
 let bind = null;
 const __context = {};
-const __betterAuthVersion = "1.6.7";
+const __betterAuthVersion = "1.6.8";
 /**
 * We store context instance in the globalThis.
 *

package/dist/instrumentation/tracer.mjs

@@ -2,7 +2,7 @@ import { ATTR_HTTP_RESPONSE_STATUS_CODE } from "./attributes.mjs";
 import { getOpenTelemetryAPI } from "./api.mjs";
 //#region src/instrumentation/tracer.ts
 const INSTRUMENTATION_SCOPE = "better-auth";
-const INSTRUMENTATION_VERSION = "1.6.7";
+const INSTRUMENTATION_VERSION = "1.6.8";
 /**
 * Better-auth uses `throw ctx.redirect(url)` for flow control (e.g. OAuth
 * callbacks). These are APIErrors with 3xx status codes and should not be

package/dist/social-providers/apple.d.mts

@@ -12,7 +12,7 @@ interface AppleProfile {
    * The email address is either the user's real email address or the proxy
    * address, depending on their status private email relay service.
    */
-  email: string;
+  email?: string;
   /**
    * A string or Boolean value that indicates whether the service verifies
    * the email. The value can either be a string ("true" or "false") or a
@@ -93,7 +93,14 @@ declare const apple: (options: AppleOptions) => {
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
     user?: {
-      name?
+      name /**
+            * An Integer value that indicates whether the user appears to be a real
+            * person. Use the value of this claim to mitigate fraud. The possible
+            * values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal). For
+            * more information, see ASUserDetectionStatus. This claim is present only
+            * in iOS 14 and later, macOS 11 and later, watchOS 7 and later, tvOS 14
+            * and later. The claim isn’t present or supported for web-based apps.
+            */?
       /**
       * An Integer value that indicates whether the user appears to be a real
       * person. Use the value of this claim to mitigate fraud. The possible

package/dist/social-providers/discord.d.mts

@@ -38,7 +38,7 @@ interface DiscordProfile extends Record<string, any> {
   /** whether the email on this account has been verified */
   verified: boolean;
   /** the user's email */
-  email: string;
+  email?: string | null;
   /**
    * the flags on a user's account:
    * https://discord.com/developers/docs/resources/user#user-object-user-flags

package/dist/social-providers/facebook.d.mts

@@ -3,8 +3,8 @@ import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
 interface FacebookProfile {
   id: string;
   name: string;
-  email: string;
-  email_verified: boolean;
+  email?: string;
+  email_verified?: boolean;
   picture: {
     data: {
       height: number;

package/dist/social-providers/facebook.mjs

@@ -111,7 +111,7 @@ const facebook = (options) => {
 					name: profile.name,
 					email: profile.email,
 					image: profile.picture.data.url,
-					emailVerified: profile.email_verified,
+					emailVerified: profile.email_verified ?? false,
 					...userMap
 				},
 				data: profile

package/dist/social-providers/github.d.mts

@@ -23,7 +23,7 @@ interface GithubProfile {
   company: string;
   blog: string;
   location: string;
-  email: string;
+  email: string | null;
   hireable: boolean;
   bio: string;
   twitter_username: string;

package/dist/social-providers/linkedin.d.mts

@@ -10,8 +10,8 @@ interface LinkedInProfile {
     country: string;
     language: string;
   };
-  email: string;
-  email_verified: boolean;
+  email?: string;
+  email_verified?: boolean;
 }
 interface LinkedInOptions extends ProviderOptions<LinkedInProfile> {
   clientId: string;

package/dist/social-providers/linkedin.mjs

@@ -59,7 +59,7 @@ const linkedin = (options) => {
 					id: profile.sub,
 					name: profile.name,
 					email: profile.email,
-					emailVerified: profile.email_verified || false,
+					emailVerified: profile.email_verified ?? false,
 					image: profile.picture,
 					...userMap
 				},

package/dist/social-providers/microsoft-entra-id.d.mts

@@ -25,7 +25,7 @@ interface MicrosoftEntraIDProfile extends Record<string, any> {
   /** The primary username that represents the user */
   preferred_username: string;
   /** User's email address */
-  email: string;
+  email?: string;
   /** Human-readable value that identifies the subject of the token */
   name: string;
   /** Matches the parameter included in the original authorize request */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/core",
-  "version": "1.6.7",
+  "version": "1.6.8",
   "description": "The most comprehensive authentication framework for TypeScript.",
   "type": "module",
   "license": "MIT",

package/src/db/get-tables.ts

@@ -162,6 +162,8 @@ export const getAuthTables = (
 				},
 				email: {
 					type: "string",
+					// TODO(#9124): drop required+unique in v2; use a partial unique
+					// index where email is not null (see schema/user.ts).
 					unique: true,
 					required: true,
 					fieldName: options.user?.fields?.email || "email",

package/src/db/schema/user.ts

@@ -7,6 +7,9 @@ import type {
 import { coreSchema } from "./shared";
 
 export const userSchema = coreSchema.extend({
+	// TODO(#9124): widen to nullish in v2. OAuth providers (Discord phone-only,
+	// Apple subsequent sign-ins, etc.) can legitimately omit email; identity
+	// must key on (providerId, accountId) per OpenID Connect Core §5.7.
 	email: z.string().transform((val) => val.toLowerCase()),
 	emailVerified: z.boolean().default(false),
 	name: z.string(),

package/src/social-providers/apple.ts

@@ -22,7 +22,7 @@ export interface AppleProfile {
 	 * The email address is either the user's real email address or the proxy
 	 * address, depending on their status private email relay service.
 	 */
-	email: string;
+	email?: string;
 	/**
 	 * A string or Boolean value that indicates whether the service verifies
 	 * the email. The value can either be a string ("true" or "false") or a

package/src/social-providers/discord.ts

@@ -41,7 +41,7 @@ export interface DiscordProfile extends Record<string, any> {
 	/** whether the email on this account has been verified */
 	verified: boolean;
 	/** the user's email */
-	email: string;
+	email?: string | null;
 	/**
 	 * the flags on a user's account:
 	 * https://discord.com/developers/docs/resources/user#user-object-user-flags

package/src/social-providers/facebook.ts

@@ -12,8 +12,8 @@ import {
 export interface FacebookProfile {
 	id: string;
 	name: string;
-	email: string;
-	email_verified: boolean;
+	email?: string;
+	email_verified?: boolean;
 	picture: {
 		data: {
 			height: number;
@@ -204,7 +204,7 @@ export const facebook = (options: FacebookOptions) => {
 					name: profile.name,
 					email: profile.email,
 					image: profile.picture.data.url,
-					emailVerified: profile.email_verified,
+					emailVerified: profile.email_verified ?? false,
 					...userMap,
 				},
 				data: profile,

package/src/social-providers/github.ts

@@ -31,7 +31,7 @@ export interface GithubProfile {
 	company: string;
 	blog: string;
 	location: string;
-	email: string;
+	email: string | null;
 	hireable: boolean;
 	bio: string;
 	twitter_username: string;

package/src/social-providers/linkedin.ts

@@ -16,8 +16,8 @@ export interface LinkedInProfile {
 		country: string;
 		language: string;
 	};
-	email: string;
-	email_verified: boolean;
+	email?: string;
+	email_verified?: boolean;
 }
 
 export interface LinkedInOptions extends ProviderOptions<LinkedInProfile> {
@@ -98,7 +98,7 @@ export const linkedin = (options: LinkedInOptions) => {
 					id: profile.sub,
 					name: profile.name,
 					email: profile.email,
-					emailVerified: profile.email_verified || false,
+					emailVerified: profile.email_verified ?? false,
 					image: profile.picture,
 					...userMap,
 				},

package/src/social-providers/microsoft-entra-id.ts

@@ -36,7 +36,7 @@ export interface MicrosoftEntraIDProfile extends Record<string, any> {
 	/** The primary username that represents the user */
 	preferred_username: string;
 	/** User's email address */
-	email: string;
+	email?: string;
 	/** Human-readable value that identifies the subject of the token */
 	name: string;
 	/** Matches the parameter included in the original authorize request */