@better-auth/oauth-provider 1.6.1 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/client-resource.mjs +2 -2
  2. package/dist/client.d.mts +1 -1
  3. package/dist/client.mjs +1 -1
  4. package/dist/index.d.mts +1 -1
  5. package/dist/index.mjs +9 -9
  6. package/dist/{oauth-CYgzO8Am.d.mts → oauth-CetEXi_Z.d.mts} +1 -1
  7. package/dist/{utils-sQ4gYeh3.mjs → utils-B9Pj9EPf.mjs} +14 -2
  8. package/dist/{version-xqVKoocI.mjs → version-Usf6Oz_M.mjs} +1 -1
  9. package/package.json +5 -5
package/dist/client-resource.mjs CHANGED
@@ -1,5 +1,5 @@
1
- import { a as getJwtPlugin, o as getOAuthProviderPlugin, v as handleMcpErrors } from "./utils-sQ4gYeh3.mjs";
2
- import { t as PACKAGE_VERSION } from "./version-xqVKoocI.mjs";
1
+ import { a as getJwtPlugin, o as getOAuthProviderPlugin, y as handleMcpErrors } from "./utils-B9Pj9EPf.mjs";
2
+ import { t as PACKAGE_VERSION } from "./version-Usf6Oz_M.mjs";
3
3
  import { verifyAccessToken } from "better-auth/oauth2";
4
4
  import { APIError } from "better-call";
5
5
  import { logger } from "@better-auth/core/env";
package/dist/client.d.mts CHANGED
@@ -1,4 +1,4 @@
1
- import { n as oauthProvider } from "./oauth-CYgzO8Am.mjs";
1
+ import { n as oauthProvider } from "./oauth-CetEXi_Z.mjs";
2
2
  import * as _better_fetch_fetch0 from "@better-fetch/fetch";
3
3
 
4
4
  //#region src/client.d.ts
package/dist/client.mjs CHANGED
@@ -1,4 +1,4 @@
1
- import { t as PACKAGE_VERSION } from "./version-xqVKoocI.mjs";
1
+ import { t as PACKAGE_VERSION } from "./version-Usf6Oz_M.mjs";
2
2
  import { safeJSONParse } from "@better-auth/core/utils/json";
3
3
  //#region src/client.ts
4
4
  function parseSignedQuery(search) {
package/dist/index.d.mts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { _ as Awaitable, a as ResourceServerMetadata, c as OAuthConsent, d as OAuthRefreshToken, f as Prompt, g as VerificationValue, h as StoreTokenType, i as OIDCMetadata, l as OAuthOpaqueAccessToken, m as Scope, n as GrantType, o as AuthorizePrompt, p as SchemaClient, r as OAuthClient, s as OAuthAuthorizationQuery, t as AuthServerMetadata, u as OAuthOptions } from "./oauth-Cc0nzj5Q.mjs";
2
- import { n as oauthProvider, t as getOAuthProviderState } from "./oauth-CYgzO8Am.mjs";
2
+ import { n as oauthProvider, t as getOAuthProviderState } from "./oauth-CetEXi_Z.mjs";
3
3
  import { verifyAccessToken } from "better-auth/oauth2";
4
4
  import { JWSAlgorithms, JwtOptions } from "better-auth/plugins";
5
5
  import { JWTPayload } from "jose";
package/dist/index.mjs CHANGED
@@ -1,5 +1,5 @@
1
- import { _ as verifyOAuthQueryParams, a as getJwtPlugin, c as isPKCERequired, d as parsePrompt, f as resolveSessionAuthTime, g as validateClientCredentials, h as storeToken, i as getClient, l as normalizeTimestampValue, m as storeClientSecret, n as decryptStoredClientSecret, p as resolveSubjectIdentifier, r as deleteFromPrompt, s as getStoredToken, t as basicToClientCredentials, u as parseClientMetadata, y as mcpHandler } from "./utils-sQ4gYeh3.mjs";
2
- import { t as PACKAGE_VERSION } from "./version-xqVKoocI.mjs";
1
+ import { _ as validateClientCredentials, a as getJwtPlugin, b as mcpHandler, c as isPKCERequired, d as parsePrompt, f as resolveSessionAuthTime, g as storeToken, h as storeClientSecret, i as getClient, l as normalizeTimestampValue, m as searchParamsToQuery, n as decryptStoredClientSecret, p as resolveSubjectIdentifier, r as deleteFromPrompt, s as getStoredToken, t as basicToClientCredentials, u as parseClientMetadata, v as verifyOAuthQueryParams } from "./utils-B9Pj9EPf.mjs";
2
+ import { t as PACKAGE_VERSION } from "./version-Usf6Oz_M.mjs";
3
3
  import { APIError, createAuthEndpoint, createAuthMiddleware, getOAuthState, getSessionFromCtx, sessionMiddleware } from "better-auth/api";
4
4
  import { generateCodeChallenge, getJwks, verifyJwsAccessToken } from "better-auth/oauth2";
5
5
  import { APIError as APIError$1 } from "better-call";
@@ -145,7 +145,7 @@ async function postLogin(ctx, opts) {
145
145
  });
146
146
  const query = new URLSearchParams(_query);
147
147
  ctx.headers?.set("accept", "application/json");
148
- ctx.query = Object.fromEntries(query);
148
+ ctx.query = searchParamsToQuery(query);
149
149
  const { url } = await authorizeEndpoint(ctx, opts, { postLogin: true });
150
150
  return {
151
151
  redirect: true,
@@ -1172,10 +1172,6 @@ async function checkOAuthClient(client, opts, settings) {
1172
1172
  error: "invalid_client_metadata",
1173
1173
  error_description: `pkce is required for registered clients.`
1174
1174
  });
1175
- if (settings?.isRegister && client.skip_consent) throw new APIError("BAD_REQUEST", {
1176
- error: "invalid_client_metadata",
1177
- error_description: "skip_consent cannot be set during dynamic client registration"
1178
- });
1179
1175
  }
1180
1176
  async function createOAuthClientEndpoint(ctx, opts, settings) {
1181
1177
  const body = ctx.body;
@@ -3449,7 +3445,7 @@ const oauthProvider = (options) => {
3449
3445
  "user-agent-based"
3450
3446
  ]).optional(),
3451
3447
  subject_type: z.enum(["public", "pairwise"]).optional(),
3452
- skip_consent: z.boolean().optional()
3448
+ skip_consent: z.never({ error: "skip_consent cannot be set during dynamic client registration" }).optional()
3453
3449
  }),
3454
3450
  metadata: { openapi: {
3455
3451
  description: "Register an OAuth2 application",
@@ -3850,7 +3846,11 @@ async function authorizeEndpoint(ctx, opts, settings) {
3850
3846
  }
3851
3847
  function serializeAuthorizationQuery(query) {
3852
3848
  const params = new URLSearchParams();
3853
- for (const [key, value] of Object.entries(query)) if (value != null) params.set(key, String(value));
3849
+ for (const [key, value] of Object.entries(query)) {
3850
+ if (value == null) continue;
3851
+ if (Array.isArray(value)) for (const v of value) params.append(key, String(v));
3852
+ else params.set(key, String(value));
3853
+ }
3854
3854
  return params;
3855
3855
  }
3856
3856
  async function redirectWithAuthorizationCode(ctx, opts, verificationValue) {
package/dist/{oauth-CYgzO8Am.d.mts → oauth-CetEXi_Z.d.mts} RENAMED
@@ -849,7 +849,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
849
849
  public: "public";
850
850
  pairwise: "pairwise";
851
851
  }>>;
852
- skip_consent: z.ZodOptional<z.ZodBoolean>;
852
+ skip_consent: z.ZodOptional<z.ZodNever>;
853
853
  }, z.core.$strip>;
854
854
  metadata: {
855
855
  openapi: {
package/dist/{utils-sQ4gYeh3.mjs → utils-B9Pj9EPf.mjs} RENAMED
@@ -358,6 +358,18 @@ async function resolveSubjectIdentifier(userId, client, opts) {
358
358
  return userId;
359
359
  }
360
360
  /**
361
+ * Converts URLSearchParams to a plain object, preserving
362
+ * multi-valued keys as arrays instead of discarding duplicates.
363
+ */
364
+ function searchParamsToQuery(params) {
365
+ const result = Object.create(null);
366
+ for (const key of new Set(params.keys())) {
367
+ const values = params.getAll(key);
368
+ result[key] = values.length === 1 ? values[0] : values;
369
+ }
370
+ return result;
371
+ }
372
+ /**
361
373
  * Deletes a prompt value
362
374
  *
363
375
  * @param ctx
@@ -370,7 +382,7 @@ function deleteFromPrompt(query, prompt) {
370
382
  prompts?.splice(foundPrompt, 1);
371
383
  prompts?.length ? query.set("prompt", prompts.join(" ")) : query.delete("prompt");
372
384
  }
373
- return Object.fromEntries(query);
385
+ return searchParamsToQuery(query);
374
386
  }
375
387
  var PKCERequirementErrors = /* @__PURE__ */ function(PKCERequirementErrors) {
376
388
  PKCERequirementErrors["PUBLIC_CLIENT"] = "pkce is required for public clients";
@@ -399,4 +411,4 @@ function isPKCERequired(client, requestedScopes) {
399
411
  return false;
400
412
  }
401
413
  //#endregion
402
- export { verifyOAuthQueryParams as _, getJwtPlugin as a, isPKCERequired as c, parsePrompt as d, resolveSessionAuthTime as f, validateClientCredentials as g, storeToken as h, getClient as i, normalizeTimestampValue as l, storeClientSecret as m, decryptStoredClientSecret as n, getOAuthProviderPlugin as o, resolveSubjectIdentifier as p, deleteFromPrompt as r, getStoredToken as s, basicToClientCredentials as t, parseClientMetadata as u, handleMcpErrors as v, mcpHandler as y };
414
+ export { validateClientCredentials as _, getJwtPlugin as a, mcpHandler as b, isPKCERequired as c, parsePrompt as d, resolveSessionAuthTime as f, storeToken as g, storeClientSecret as h, getClient as i, normalizeTimestampValue as l, searchParamsToQuery as m, decryptStoredClientSecret as n, getOAuthProviderPlugin as o, resolveSubjectIdentifier as p, deleteFromPrompt as r, getStoredToken as s, basicToClientCredentials as t, parseClientMetadata as u, verifyOAuthQueryParams as v, handleMcpErrors as y };
package/dist/{version-xqVKoocI.mjs → version-Usf6Oz_M.mjs} RENAMED
@@ -1,5 +1,5 @@
1
1
  //#endregion
2
2
  //#region src/version.ts
3
- const PACKAGE_VERSION = "1.6.1";
3
+ const PACKAGE_VERSION = "1.6.2";
4
4
  //#endregion
5
5
  export { PACKAGE_VERSION as t };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@better-auth/oauth-provider",
3
- "version": "1.6.1",
3
+ "version": "1.6.2",
4
4
  "description": "An oauth provider plugin for Better Auth",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -64,15 +64,15 @@
64
64
  "@modelcontextprotocol/sdk": "^1.27.1",
65
65
  "listhen": "^1.9.0",
66
66
  "tsdown": "0.21.1",
67
- "better-auth": "1.6.1",
68
- "@better-auth/core": "1.6.1"
67
+ "@better-auth/core": "1.6.2",
68
+ "better-auth": "1.6.2"
69
69
  },
70
70
  "peerDependencies": {
71
71
  "@better-auth/utils": "0.4.0",
72
72
  "@better-fetch/fetch": "1.1.21",
73
73
  "better-call": "1.3.5",
74
- "@better-auth/core": "^1.6.1",
75
- "better-auth": "^1.6.1"
74
+ "@better-auth/core": "^1.6.2",
75
+ "better-auth": "^1.6.2"
76
76
  },
77
77
  "scripts": {
78
78
  "build": "tsdown",