@better-auth/expo 1.4.12 → 1.4.13

package/dist/client.d.mts

@@ -133,6 +133,7 @@ declare const expoClient: (opts: ExpoClientOptions) => {
         authorization: "Bearer" | "Basic";
       })) | undefined;
       redirect?: RequestRedirect | undefined;
+      window?: null | undefined;
       cache?: RequestCache | undefined;
       credentials?: RequestCredentials | undefined;
       integrity?: string | undefined;
@@ -142,7 +143,6 @@ declare const expoClient: (opts: ExpoClientOptions) => {
       referrer?: string | undefined;
       referrerPolicy?: ReferrerPolicy | undefined;
       signal?: (AbortSignal | null) | undefined;
-      window?: null | undefined;
       onRequest?: (<T extends Record<string, any>>(context: _better_fetch_fetch0.RequestContext<T>) => Promise<_better_fetch_fetch0.RequestContext | void> | _better_fetch_fetch0.RequestContext | void) | undefined;
       onResponse?: ((context: _better_fetch_fetch0.ResponseContext) => Promise<Response | void | _better_fetch_fetch0.ResponseContext> | Response | _better_fetch_fetch0.ResponseContext | void) | undefined;
       onSuccess?: ((context: _better_fetch_fetch0.SuccessContext<any>) => Promise<void> | void) | undefined;

package/dist/client.mjs

@@ -1,3 +1,5 @@
+import { safeJSONParse } from "@better-auth/core/utils";
+import { SECURE_COOKIE_PREFIX, stripSecureCookiePrefix } from "better-auth/cookies";
 import Constants from "expo-constants";
 import * as Linking from "expo-linking";
 import { AppState, Platform } from "react-native";
@@ -149,6 +151,20 @@ function getCookie(cookie) {
 		return `${acc}; ${key}=${value.value}`;
 	}, "");
 }
+function getOAuthStateValue(cookieJson, cookiePrefix) {
+	if (!cookieJson) return null;
+	const parsed = safeJSONParse(cookieJson);
+	if (!parsed) return null;
+	const prefixes = Array.isArray(cookiePrefix) ? cookiePrefix : [cookiePrefix];
+	for (const prefix of prefixes) {
+		const candidates = [`${SECURE_COOKIE_PREFIX}${prefix}.oauth_state`, `${prefix}.oauth_state`];
+		for (const name of candidates) {
+			const value = parsed?.[name]?.value;
+			if (value) return value;
+		}
+	}
+	return null;
+}
 function getOrigin(scheme) {
 	return Linking.createURL("", { scheme });
 }
@@ -198,7 +214,7 @@ function hasBetterAuthCookies(setCookieHeader, cookiePrefix) {
 	const cookieSuffixes = ["session_token", "session_data"];
 	const prefixes = Array.isArray(cookiePrefix) ? cookiePrefix : [cookiePrefix];
 	for (const name of cookies.keys()) {
-		const nameWithoutSecure = name.startsWith("__Secure-") ? name.slice(9) : name;
+		const nameWithoutSecure = stripSecureCookiePrefix(name);
 		for (const prefix of prefixes) if (prefix) {
 			if (nameWithoutSecure.startsWith(prefix)) return true;
 		} else for (const suffix of cookieSuffixes) if (nameWithoutSecure.endsWith(suffix)) return true;
@@ -278,7 +294,10 @@ const expoClient = (opts) => {
 					if (Platform.OS === "android") try {
 						Browser.dismissAuthSession();
 					} catch {}
-					const proxyURL = `${context.request.baseURL}/expo-authorization-proxy?authorizationURL=${encodeURIComponent(signInURL)}`;
+					const oauthStateValue = getOAuthStateValue(await storage.getItem(cookieName), cookiePrefix);
+					const params = new URLSearchParams({ authorizationURL: signInURL });
+					if (oauthStateValue) params.append("oauthState", oauthStateValue);
+					const proxyURL = `${context.request.baseURL}/expo-authorization-proxy?${params.toString()}`;
 					const result = await Browser.openAuthSessionAsync(proxyURL, to, opts?.webBrowserOptions);
 					if (result.type !== "success") return;
 					const url = new URL(result.url);

package/dist/index.d.mts

@@ -31,6 +31,7 @@ declare const expo: (options?: ExpoOptions | undefined) => {
       method: "GET";
       query: zod0.ZodObject<{
         authorizationURL: zod0.ZodString;
+        oauthState: zod0.ZodOptional<zod0.ZodString>;
       }, better_auth0.$strip>;
       metadata: {
         readonly scope: "server";

package/dist/index.mjs

@@ -6,9 +6,18 @@ import * as z from "zod";
 //#region src/routes.ts
 const expoAuthorizationProxy = createAuthEndpoint("/expo-authorization-proxy", {
 	method: "GET",
-	query: z.object({ authorizationURL: z.string() }),
+	query: z.object({
+		authorizationURL: z.string(),
+		oauthState: z.string().optional()
+	}),
 	metadata: HIDE_METADATA
 }, async (ctx) => {
+	const { oauthState } = ctx.query;
+	if (oauthState) {
+		const oauthStateCookie = ctx.context.createAuthCookie("oauth_state", { maxAge: 600 * 1e3 });
+		ctx.setCookie(oauthStateCookie.name, oauthState, oauthStateCookie.attributes);
+		return ctx.redirect(ctx.query.authorizationURL);
+	}
 	const { authorizationURL } = ctx.query;
 	const state = new URL(authorizationURL).searchParams.get("state");
 	if (!state) throw new APIError("BAD_REQUEST", { message: "Unexpected error" });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/expo",
-  "version": "1.4.12",
+  "version": "1.4.13",
   "type": "module",
   "description": "Better Auth integration for Expo and React Native applications.",
   "main": "dist/index.mjs",
@@ -61,16 +61,16 @@
     "expo-web-browser": "~14.2.0",
     "react-native": "~0.80.2",
     "tsdown": "^0.17.2",
-    "@better-auth/core": "1.4.12",
-    "better-auth": "1.4.12"
+    "@better-auth/core": "1.4.13",
+    "better-auth": "1.4.13"
   },
   "peerDependencies": {
     "expo-constants": ">=17.0.0",
     "expo-linking": ">=7.0.0",
     "expo-network": "^8.0.7",
     "expo-web-browser": ">=14.0.0",
-    "@better-auth/core": "1.4.12",
-    "better-auth": "1.4.12"
+    "better-auth": "1.4.13",
+    "@better-auth/core": "1.4.13"
   },
   "peerDependenciesMeta": {
     "expo-constants": {