@better-auth/stripe 1.4.10-beta.1 → 1.5.0-beta.2

package/src/stripe.test.ts

@@ -769,11 +769,24 @@ describe("stripe", () => {
 		}
 	});
 
-	it("should execute subscription event handlers", async () => {
+	it("should handle customer.subscription.created webhook event", async () => {
+		const stripeForTest = {
+			...stripeOptions.stripeClient,
+			webhooks: {
+				constructEventAsync: vi.fn(),
+			},
+		};
+
+		const testOptions = {
+			...stripeOptions,
+			stripeClient: stripeForTest as unknown as Stripe,
+			stripeWebhookSecret: "test_secret",
+		};
+
 		const { auth: testAuth } = await getTestInstance(
 			{
 				database: memory,
-				plugins: [stripe(stripeOptions)],
+				plugins: [stripe(testOptions)],
 			},
 			{
 				disableTestUser: true,
@@ -781,293 +794,277 @@ describe("stripe", () => {
 		);
 		const testCtx = await testAuth.$context;
 
-		const { id: userId } = await testCtx.adapter.create({
+		// Create a user with stripeCustomerId
+		const userWithCustomerId = await testCtx.adapter.create({
 			model: "user",
 			data: {
-				email: "event-handler-test@email.com",
+				email: "dashboard-user@test.com",
+				name: "Dashboard User",
+				emailVerified: true,
+				stripeCustomerId: "cus_dashboard_test",
 			},
 		});
 
-		const onSubscriptionComplete = vi.fn();
-		const onSubscriptionUpdate = vi.fn();
-		const onSubscriptionCancel = vi.fn();
-		const onSubscriptionDeleted = vi.fn();
-
-		const testOptions = {
-			...stripeOptions,
-			subscription: {
-				...stripeOptions.subscription,
-				onSubscriptionComplete,
-				onSubscriptionUpdate,
-				onSubscriptionCancel,
-				onSubscriptionDeleted,
-			},
-			stripeWebhookSecret: "test_secret",
-		} as unknown as StripeOptions;
-
-		// Test subscription complete handler
-		const completeEvent = {
-			type: "checkout.session.completed",
+		const mockEvent = {
+			type: "customer.subscription.created",
 			data: {
 				object: {
-					mode: "subscription",
-					subscription: "sub_123",
-					metadata: {
-						referenceId: "user_123",
-						subscriptionId: "sub_123",
+					id: "sub_dashboard_created",
+					customer: "cus_dashboard_test",
+					status: "active",
+					items: {
+						data: [
+							{
+								price: { id: process.env.STRIPE_PRICE_ID_1 },
+								quantity: 1,
+								current_period_start: Math.floor(Date.now() / 1000),
+								current_period_end:
+									Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+							},
+						],
 					},
+					cancel_at_period_end: false,
 				},
 			},
 		};
 
-		const mockSubscription = {
-			status: "active",
-			items: {
-				data: [{ price: { id: process.env.STRIPE_PRICE_ID_1 } }],
-			},
-			current_period_start: Math.floor(Date.now() / 1000),
-			current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
-		};
+		(stripeForTest.webhooks.constructEventAsync as any).mockResolvedValue(
+			mockEvent,
+		);
 
-		const mockStripeForEvents = {
-			...testOptions.stripeClient,
-			subscriptions: {
-				retrieve: vi.fn().mockResolvedValue(mockSubscription),
+		const mockRequest = new Request(
+			"http://localhost:3000/api/auth/stripe/webhook",
+			{
+				method: "POST",
+				headers: {
+					"stripe-signature": "test_signature",
+				},
+				body: JSON.stringify(mockEvent),
 			},
+		);
+
+		const response = await testAuth.handler(mockRequest);
+		expect(response.status).toBe(200);
+
+		// Verify subscription was created in database
+		const subscription = await testCtx.adapter.findOne<Subscription>({
+			model: "subscription",
+			where: [
+				{ field: "stripeSubscriptionId", value: "sub_dashboard_created" },
+			],
+		});
+
+		expect(subscription).toBeDefined();
+		expect(subscription?.referenceId).toBe(userWithCustomerId.id);
+		expect(subscription?.stripeCustomerId).toBe("cus_dashboard_test");
+		expect(subscription?.status).toBe("active");
+		expect(subscription?.plan).toBe("starter");
+		expect(subscription?.seats).toBe(1);
+	});
+
+	it("should not create duplicate subscription if already exists", async () => {
+		const onSubscriptionCreatedCallback = vi.fn();
+
+		const stripeForTest = {
+			...stripeOptions.stripeClient,
 			webhooks: {
-				constructEventAsync: vi.fn().mockResolvedValue(completeEvent),
+				constructEventAsync: vi.fn(),
 			},
 		};
 
-		const eventTestOptions = {
-			...testOptions,
-			stripeClient: mockStripeForEvents as unknown as Stripe,
-		};
+		const testOptions = {
+			...stripeOptions,
+			stripeClient: stripeForTest as unknown as Stripe,
+			stripeWebhookSecret: "test_secret",
+			subscription: {
+				...stripeOptions.subscription,
+				onSubscriptionCreated: onSubscriptionCreatedCallback,
+			},
+		} as StripeOptions;
 
-		const { auth: eventTestAuth } = await getTestInstance(
+		const { auth: testAuth } = await getTestInstance(
 			{
 				database: memory,
-				plugins: [stripe(eventTestOptions)],
+				plugins: [stripe(testOptions)],
 			},
 			{
 				disableTestUser: true,
 			},
 		);
+		const testCtx = await testAuth.$context;
 
-		const eventTestCtx = await eventTestAuth.$context;
+		// Create user
+		const user = await testCtx.adapter.create({
+			model: "user",
+			data: {
+				email: "duplicate-sub@test.com",
+				name: "Duplicate Test",
+				emailVerified: true,
+				stripeCustomerId: "cus_duplicate_test",
+			},
+		});
 
-		const { id: testSubscriptionId } = await eventTestCtx.adapter.create({
+		// Create existing subscription
+		await testCtx.adapter.create({
 			model: "subscription",
 			data: {
-				referenceId: userId,
-				stripeCustomerId: "cus_123",
-				stripeSubscriptionId: "sub_123",
-				status: "incomplete",
+				referenceId: user.id,
+				stripeCustomerId: "cus_duplicate_test",
+				stripeSubscriptionId: "sub_already_exists",
+				status: "active",
 				plan: "starter",
 			},
 		});
 
-		const webhookRequest = new Request(
-			"http://localhost:3000/api/auth/stripe/webhook",
-			{
-				method: "POST",
-				headers: {
-					"stripe-signature": "test_signature",
-				},
-				body: JSON.stringify(completeEvent),
-			},
-		);
-
-		await eventTestAuth.handler(webhookRequest);
-
-		expect(onSubscriptionComplete).toHaveBeenCalledWith(
-			expect.objectContaining({
-				event: expect.any(Object),
-				subscription: expect.any(Object),
-				stripeSubscription: expect.any(Object),
-				plan: expect.any(Object),
-			}),
-			expect.objectContaining({
-				context: expect.any(Object),
-				_flag: expect.any(String),
-			}),
-		);
-
-		const updateEvent = {
-			type: "customer.subscription.updated",
+		const mockEvent = {
+			type: "customer.subscription.created",
 			data: {
 				object: {
-					id: testSubscriptionId,
-					customer: "cus_123",
+					id: "sub_already_exists",
+					customer: "cus_duplicate_test",
 					status: "active",
 					items: {
-						data: [{ price: { id: process.env.STRIPE_PRICE_ID_1 } }],
+						data: [
+							{
+								price: { id: process.env.STRIPE_PRICE_ID_1 },
+								quantity: 1,
+								current_period_start: Math.floor(Date.now() / 1000),
+								current_period_end:
+									Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+							},
+						],
 					},
-					current_period_start: Math.floor(Date.now() / 1000),
-					current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+					cancel_at_period_end: false,
 				},
 			},
 		};
 
-		const updateRequest = new Request(
+		(stripeForTest.webhooks.constructEventAsync as any).mockResolvedValue(
+			mockEvent,
+		);
+
+		const mockRequest = new Request(
 			"http://localhost:3000/api/auth/stripe/webhook",
 			{
 				method: "POST",
 				headers: {
 					"stripe-signature": "test_signature",
 				},
-				body: JSON.stringify(updateEvent),
+				body: JSON.stringify(mockEvent),
 			},
 		);
 
-		mockStripeForEvents.webhooks.constructEventAsync.mockReturnValue(
-			updateEvent,
-		);
-		await eventTestAuth.handler(updateRequest);
-		expect(onSubscriptionUpdate).toHaveBeenCalledWith(
-			expect.objectContaining({
-				event: expect.any(Object),
-				subscription: expect.any(Object),
-			}),
-		);
+		const response = await testAuth.handler(mockRequest);
+		expect(response.status).toBe(200);
 
-		const userCancelEvent = {
-			type: "customer.subscription.updated",
-			data: {
-				object: {
-					id: testSubscriptionId,
-					customer: "cus_123",
-					status: "active",
-					cancel_at_period_end: true,
-					cancellation_details: {
-						reason: "cancellation_requested",
-						comment: "Customer canceled subscription",
-					},
-					items: {
-						data: [{ price: { id: process.env.STRIPE_PRICE_ID_1 } }],
-					},
-					current_period_start: Math.floor(Date.now() / 1000),
-					current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+		// Verify only one subscription exists (no duplicate)
+		const subscriptions = await testCtx.adapter.findMany<Subscription>({
+			model: "subscription",
+			where: [
+				{
+					field: "stripeSubscriptionId",
+					value: "sub_already_exists",
 				},
+			],
+		});
+
+		expect(subscriptions.length).toBe(1);
+
+		// Verify callback was NOT called (early return due to existing subscription)
+		expect(onSubscriptionCreatedCallback).not.toHaveBeenCalled();
+	});
+
+	it("should skip subscription creation when user not found", async () => {
+		const onSubscriptionCreatedCallback = vi.fn();
+
+		const stripeForTest = {
+			...stripeOptions.stripeClient,
+			webhooks: {
+				constructEventAsync: vi.fn(),
 			},
 		};
 
-		const userCancelRequest = new Request(
-			"http://localhost:3000/api/auth/stripe/webhook",
+		const testOptions = {
+			...stripeOptions,
+			stripeClient: stripeForTest as unknown as Stripe,
+			stripeWebhookSecret: "test_secret",
+			subscription: {
+				...stripeOptions.subscription,
+				onSubscriptionCreated: onSubscriptionCreatedCallback,
+			},
+		} as StripeOptions;
+
+		const { auth: testAuth } = await getTestInstance(
 			{
-				method: "POST",
-				headers: {
-					"stripe-signature": "test_signature",
-				},
-				body: JSON.stringify(userCancelEvent),
+				database: memory,
+				plugins: [stripe(testOptions)],
+			},
+			{
+				disableTestUser: true,
 			},
 		);
+		const testCtx = await testAuth.$context;
 
-		mockStripeForEvents.webhooks.constructEventAsync.mockReturnValue(
-			userCancelEvent,
-		);
-		await eventTestAuth.handler(userCancelRequest);
-		const cancelEvent = {
-			type: "customer.subscription.updated",
+		const mockEvent = {
+			type: "customer.subscription.created",
 			data: {
 				object: {
-					id: testSubscriptionId,
-					customer: "cus_123",
+					id: "sub_no_user",
+					customer: "cus_nonexistent",
 					status: "active",
-					cancel_at_period_end: true,
 					items: {
-						data: [{ price: { id: process.env.STRIPE_PRICE_ID_1 } }],
+						data: [
+							{
+								price: { id: process.env.STRIPE_PRICE_ID_1 },
+								quantity: 1,
+								current_period_start: Math.floor(Date.now() / 1000),
+								current_period_end:
+									Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+							},
+						],
 					},
-					current_period_start: Math.floor(Date.now() / 1000),
-					current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+					cancel_at_period_end: false,
 				},
 			},
 		};
 
-		const cancelRequest = new Request(
+		(stripeForTest.webhooks.constructEventAsync as any).mockResolvedValue(
+			mockEvent,
+		);
+
+		const mockRequest = new Request(
 			"http://localhost:3000/api/auth/stripe/webhook",
 			{
 				method: "POST",
 				headers: {
 					"stripe-signature": "test_signature",
 				},
-				body: JSON.stringify(cancelEvent),
+				body: JSON.stringify(mockEvent),
 			},
 		);
 
-		mockStripeForEvents.webhooks.constructEventAsync.mockReturnValue(
-			cancelEvent,
-		);
-		await eventTestAuth.handler(cancelRequest);
-
-		expect(onSubscriptionCancel).toHaveBeenCalled();
-
-		const deleteEvent = {
-			type: "customer.subscription.deleted",
-			data: {
-				object: {
-					id: testSubscriptionId,
-					customer: "cus_123",
-					status: "canceled",
-					metadata: {
-						referenceId: userId,
-						subscriptionId: testSubscriptionId,
-					},
-				},
-			},
-		};
+		const response = await testAuth.handler(mockRequest);
+		expect(response.status).toBe(200);
 
-		const deleteRequest = new Request(
-			"http://localhost:3000/api/auth/stripe/webhook",
-			{
-				method: "POST",
-				headers: {
-					"stripe-signature": "test_signature",
-				},
-				body: JSON.stringify(deleteEvent),
-			},
-		);
+		// Verify subscription was NOT created
+		const subscription = await testCtx.adapter.findOne<Subscription>({
+			model: "subscription",
+			where: [{ field: "stripeSubscriptionId", value: "sub_no_user" }],
+		});
 
-		mockStripeForEvents.webhooks.constructEventAsync.mockReturnValue(
-			deleteEvent,
-		);
-		await eventTestAuth.handler(deleteRequest);
+		expect(subscription).toBeNull();
 
-		expect(onSubscriptionDeleted).toHaveBeenCalled();
+		// Verify callback was NOT called (early return due to user not found)
+		expect(onSubscriptionCreatedCallback).not.toHaveBeenCalled();
 	});
 
-	it("should return updated subscription in onSubscriptionUpdate callback", async () => {
-		const onSubscriptionUpdate = vi.fn();
-
-		// Simulate subscription update event (e.g., seat change from 1 to 5)
-		const updateEvent = {
-			type: "customer.subscription.updated",
-			data: {
-				object: {
-					id: "sub_update_test",
-					customer: "cus_update_test",
-					status: "active",
-					items: {
-						data: [
-							{
-								price: { id: process.env.STRIPE_PRICE_ID_1 },
-								quantity: 5, // Updated from 1 to 5
-								current_period_start: Math.floor(Date.now() / 1000),
-								current_period_end:
-									Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
-							},
-						],
-					},
-					current_period_start: Math.floor(Date.now() / 1000),
-					current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
-				},
-			},
-		};
+	it("should skip subscription creation when plan not found", async () => {
+		const onSubscriptionCreatedCallback = vi.fn();
 
 		const stripeForTest = {
 			...stripeOptions.stripeClient,
 			webhooks: {
-				constructEventAsync: vi.fn().mockResolvedValue(updateEvent),
+				constructEventAsync: vi.fn(),
 			},
 		};
 
@@ -1077,9 +1074,9 @@ describe("stripe", () => {
 			stripeWebhookSecret: "test_secret",
 			subscription: {
 				...stripeOptions.subscription,
-				onSubscriptionUpdate,
+				onSubscriptionCreated: onSubscriptionCreatedCallback,
 			},
-		} as unknown as StripeOptions;
+		} as StripeOptions;
 
 		const { auth: testAuth } = await getTestInstance(
 			{
@@ -1090,27 +1087,45 @@ describe("stripe", () => {
 				disableTestUser: true,
 			},
 		);
+		const testCtx = await testAuth.$context;
 
-		const ctx = await testAuth.$context;
-
-		const { id: testReferenceId } = await ctx.adapter.create({
+		// Create user
+		await testCtx.adapter.create({
 			model: "user",
 			data: {
-				email: "update-callback@email.com",
+				email: "no-plan@test.com",
+				name: "No Plan User",
+				emailVerified: true,
+				stripeCustomerId: "cus_no_plan",
 			},
 		});
 
-		const { id: testSubscriptionId } = await ctx.adapter.create({
-			model: "subscription",
+		const mockEvent = {
+			type: "customer.subscription.created",
 			data: {
-				referenceId: testReferenceId,
-				stripeCustomerId: "cus_update_test",
-				stripeSubscriptionId: "sub_update_test",
-				status: "active",
-				plan: "starter",
-				seats: 1,
+				object: {
+					id: "sub_no_plan",
+					customer: "cus_no_plan",
+					status: "active",
+					items: {
+						data: [
+							{
+								price: { id: "price_unknown" }, // Unknown price
+								quantity: 1,
+								current_period_start: Math.floor(Date.now() / 1000),
+								current_period_end:
+									Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+							},
+						],
+					},
+					cancel_at_period_end: false,
+				},
 			},
-		});
+		};
+
+		(stripeForTest.webhooks.constructEventAsync as any).mockResolvedValue(
+			mockEvent,
+		);
 
 		const mockRequest = new Request(
 			"http://localhost:3000/api/auth/stripe/webhook",
@@ -1119,367 +1134,403 @@ describe("stripe", () => {
 				headers: {
 					"stripe-signature": "test_signature",
 				},
-				body: JSON.stringify(updateEvent),
+				body: JSON.stringify(mockEvent),
 			},
 		);
 
-		await testAuth.handler(mockRequest);
-
-		// Verify that onSubscriptionUpdate was called
-		expect(onSubscriptionUpdate).toHaveBeenCalledTimes(1);
-
-		// Verify that the callback received the UPDATED subscription (seats: 5, not 1)
-		const callbackArg = onSubscriptionUpdate.mock.calls[0]?.[0];
-		expect(callbackArg).toBeDefined();
-		expect(callbackArg.subscription).toMatchObject({
-			id: testSubscriptionId,
-			seats: 5, // Should be the NEW value, not the old value (1)
-			status: "active",
-			plan: "starter",
-		});
+		const response = await testAuth.handler(mockRequest);
+		expect(response.status).toBe(200);
 
-		// Also verify the subscription was actually updated in the database
-		const updatedSub = await ctx.adapter.findOne<Subscription>({
+		// Verify subscription was NOT created (no matching plan)
+		const subscription = await testCtx.adapter.findOne<Subscription>({
 			model: "subscription",
-			where: [{ field: "id", value: testSubscriptionId }],
+			where: [{ field: "stripeSubscriptionId", value: "sub_no_plan" }],
 		});
-		expect(updatedSub?.seats).toBe(5);
+
+		expect(subscription).toBeNull();
+
+		// Verify callback was NOT called (early return due to plan not found)
+		expect(onSubscriptionCreatedCallback).not.toHaveBeenCalled();
 	});
 
-	it("should allow seat upgrades for the same plan", async () => {
-		const { client, auth, sessionSetter } = await getTestInstance(
+	it("should execute subscription event handlers", async () => {
+		const { auth: testAuth } = await getTestInstance(
 			{
 				database: memory,
 				plugins: [stripe(stripeOptions)],
 			},
 			{
 				disableTestUser: true,
-				clientOptions: {
-					plugins: [stripeClient({ subscription: true })],
-				},
 			},
 		);
-		const ctx = await auth.$context;
+		const testCtx = await testAuth.$context;
 
-		const userRes = await client.signUp.email(
-			{
-				...testUser,
-				email: "seat-upgrade@email.com",
-			},
-			{
-				throw: true,
+		const { id: userId } = await testCtx.adapter.create({
+			model: "user",
+			data: {
+				email: "event-handler-test@email.com",
 			},
-		);
+		});
 
-		const headers = new Headers();
-		await client.signIn.email(
-			{
-				...testUser,
-				email: "seat-upgrade@email.com",
-			},
-			{
-				throw: true,
-				onSuccess: sessionSetter(headers),
+		const onSubscriptionComplete = vi.fn();
+		const onSubscriptionUpdate = vi.fn();
+		const onSubscriptionCancel = vi.fn();
+		const onSubscriptionDeleted = vi.fn();
+
+		const testOptions = {
+			...stripeOptions,
+			subscription: {
+				...stripeOptions.subscription,
+				onSubscriptionComplete,
+				onSubscriptionUpdate,
+				onSubscriptionCancel,
+				onSubscriptionDeleted,
 			},
-		);
+			stripeWebhookSecret: "test_secret",
+		} as unknown as StripeOptions;
 
-		await client.subscription.upgrade({
-			plan: "starter",
-			seats: 1,
-			fetchOptions: {
-				headers,
+		// Test subscription complete handler
+		const completeEvent = {
+			type: "checkout.session.completed",
+			data: {
+				object: {
+					mode: "subscription",
+					subscription: "sub_123",
+					metadata: {
+						referenceId: "user_123",
+						subscriptionId: "sub_123",
+					},
+				},
 			},
-		});
+		};
 
-		await ctx.adapter.update({
-			model: "subscription",
-			update: {
-				status: "active",
+		const mockSubscription = {
+			status: "active",
+			items: {
+				data: [{ price: { id: process.env.STRIPE_PRICE_ID_1 } }],
 			},
-			where: [
-				{
-					field: "referenceId",
-					value: userRes.user.id,
-				},
-			],
-		});
+			current_period_start: Math.floor(Date.now() / 1000),
+			current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+		};
 
-		const upgradeRes = await client.subscription.upgrade({
-			plan: "starter",
-			seats: 5,
-			fetchOptions: {
-				headers,
+		const mockStripeForEvents = {
+			...testOptions.stripeClient,
+			subscriptions: {
+				retrieve: vi.fn().mockResolvedValue(mockSubscription),
 			},
-		});
+			webhooks: {
+				constructEventAsync: vi.fn().mockResolvedValue(completeEvent),
+			},
+		};
 
-		expect(upgradeRes.data?.url).toBeDefined();
-	});
+		const eventTestOptions = {
+			...testOptions,
+			stripeClient: mockStripeForEvents as unknown as Stripe,
+		};
 
-	it("should prevent duplicate subscriptions with same plan and same seats", async () => {
-		const { client, auth, sessionSetter } = await getTestInstance(
+		const { auth: eventTestAuth } = await getTestInstance(
 			{
 				database: memory,
-				plugins: [stripe(stripeOptions)],
+				plugins: [stripe(eventTestOptions)],
 			},
 			{
 				disableTestUser: true,
-				clientOptions: {
-					plugins: [stripeClient({ subscription: true })],
-				},
 			},
 		);
-		const ctx = await auth.$context;
 
-		const userRes = await client.signUp.email(
-			{
-				...testUser,
-				email: "duplicate-prevention@email.com",
-			},
-			{
-				throw: true,
+		const eventTestCtx = await eventTestAuth.$context;
+
+		const { id: testSubscriptionId } = await eventTestCtx.adapter.create({
+			model: "subscription",
+			data: {
+				referenceId: userId,
+				stripeCustomerId: "cus_123",
+				stripeSubscriptionId: "sub_123",
+				status: "incomplete",
+				plan: "starter",
 			},
-		);
+		});
 
-		const headers = new Headers();
-		await client.signIn.email(
-			{
-				...testUser,
-				email: "duplicate-prevention@email.com",
-			},
+		const webhookRequest = new Request(
+			"http://localhost:3000/api/auth/stripe/webhook",
 			{
-				throw: true,
-				onSuccess: sessionSetter(headers),
+				method: "POST",
+				headers: {
+					"stripe-signature": "test_signature",
+				},
+				body: JSON.stringify(completeEvent),
 			},
 		);
 
-		await client.subscription.upgrade({
-			plan: "starter",
-			seats: 3,
-			fetchOptions: {
-				headers,
-			},
-		});
+		await eventTestAuth.handler(webhookRequest);
 
-		await ctx.adapter.update({
-			model: "subscription",
-			update: {
-				status: "active",
-				seats: 3,
-			},
-			where: [
-				{
-					field: "referenceId",
-					value: userRes.user.id,
-				},
-			],
-		});
+		expect(onSubscriptionComplete).toHaveBeenCalledWith(
+			expect.objectContaining({
+				event: expect.any(Object),
+				subscription: expect.any(Object),
+				stripeSubscription: expect.any(Object),
+				plan: expect.any(Object),
+			}),
+			expect.objectContaining({
+				context: expect.any(Object),
+				_flag: expect.any(String),
+			}),
+		);
 
-		const upgradeRes = await client.subscription.upgrade({
-			plan: "starter",
-			seats: 3,
-			fetchOptions: {
-				headers,
+		const updateEvent = {
+			type: "customer.subscription.updated",
+			data: {
+				object: {
+					id: testSubscriptionId,
+					customer: "cus_123",
+					status: "active",
+					items: {
+						data: [{ price: { id: process.env.STRIPE_PRICE_ID_1 } }],
+					},
+					current_period_start: Math.floor(Date.now() / 1000),
+					current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+				},
 			},
-		});
-
-		expect(upgradeRes.error).toBeDefined();
-		expect(upgradeRes.error?.message).toContain("already subscribed");
-	});
+		};
 
-	it("should only call Stripe customers.create once for signup and upgrade", async () => {
-		const { client, sessionSetter } = await getTestInstance(
-			{
-				database: memory,
-				plugins: [stripe(stripeOptions)],
-			},
+		const updateRequest = new Request(
+			"http://localhost:3000/api/auth/stripe/webhook",
 			{
-				disableTestUser: true,
-				clientOptions: {
-					plugins: [stripeClient({ subscription: true })],
+				method: "POST",
+				headers: {
+					"stripe-signature": "test_signature",
 				},
+				body: JSON.stringify(updateEvent),
 			},
 		);
 
-		await client.signUp.email(
-			{ ...testUser, email: "single-create@email.com" },
-			{ throw: true },
+		mockStripeForEvents.webhooks.constructEventAsync.mockReturnValue(
+			updateEvent,
 		);
-
-		const headers = new Headers();
-		await client.signIn.email(
-			{ ...testUser, email: "single-create@email.com" },
-			{
-				throw: true,
-				onSuccess: sessionSetter(headers),
-			},
+		await eventTestAuth.handler(updateRequest);
+		expect(onSubscriptionUpdate).toHaveBeenCalledWith(
+			expect.objectContaining({
+				event: expect.any(Object),
+				subscription: expect.any(Object),
+			}),
 		);
 
-		await client.subscription.upgrade({
-			plan: "starter",
-			fetchOptions: { headers },
-		});
-
-		expect(mockStripe.customers.create).toHaveBeenCalledTimes(1);
-	});
-
-	it("should create billing portal session", async () => {
-		const { client, sessionSetter } = await getTestInstance(
-			{
-				database: memory,
-				plugins: [stripe(stripeOptions)],
+		const userCancelEvent = {
+			type: "customer.subscription.updated",
+			data: {
+				object: {
+					id: testSubscriptionId,
+					customer: "cus_123",
+					status: "active",
+					cancel_at_period_end: true,
+					cancellation_details: {
+						reason: "cancellation_requested",
+						comment: "Customer canceled subscription",
+					},
+					items: {
+						data: [{ price: { id: process.env.STRIPE_PRICE_ID_1 } }],
+					},
+					current_period_start: Math.floor(Date.now() / 1000),
+					current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+				},
 			},
+		};
+
+		const userCancelRequest = new Request(
+			"http://localhost:3000/api/auth/stripe/webhook",
 			{
-				disableTestUser: true,
-				clientOptions: {
-					plugins: [stripeClient({ subscription: true })],
+				method: "POST",
+				headers: {
+					"stripe-signature": "test_signature",
 				},
+				body: JSON.stringify(userCancelEvent),
 			},
 		);
 
-		await client.signUp.email(
-			{
-				...testUser,
-				email: "billing-portal@email.com",
+		mockStripeForEvents.webhooks.constructEventAsync.mockReturnValue(
+			userCancelEvent,
+		);
+		await eventTestAuth.handler(userCancelRequest);
+		const cancelEvent = {
+			type: "customer.subscription.updated",
+			data: {
+				object: {
+					id: testSubscriptionId,
+					customer: "cus_123",
+					status: "active",
+					cancel_at_period_end: true,
+					items: {
+						data: [{ price: { id: process.env.STRIPE_PRICE_ID_1 } }],
+					},
+					current_period_start: Math.floor(Date.now() / 1000),
+					current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+				},
 			},
+		};
+
+		const cancelRequest = new Request(
+			"http://localhost:3000/api/auth/stripe/webhook",
 			{
-				throw: true,
+				method: "POST",
+				headers: {
+					"stripe-signature": "test_signature",
+				},
+				body: JSON.stringify(cancelEvent),
 			},
 		);
 
-		const headers = new Headers();
-		await client.signIn.email(
-			{
-				...testUser,
-				email: "billing-portal@email.com",
-			},
-			{
-				throw: true,
-				onSuccess: sessionSetter(headers),
-			},
+		mockStripeForEvents.webhooks.constructEventAsync.mockReturnValue(
+			cancelEvent,
 		);
-		const billingPortalRes = await client.subscription.billingPortal({
-			returnUrl: "/dashboard",
-			fetchOptions: {
-				headers,
-			},
-		});
-		expect(billingPortalRes.data?.url).toBe("https://billing.stripe.com/mock");
-		expect(billingPortalRes.data?.redirect).toBe(true);
-		expect(mockStripe.billingPortal.sessions.create).toHaveBeenCalledWith({
-			customer: expect.any(String),
-			return_url: "http://localhost:3000/dashboard",
-		});
-	});
+		await eventTestAuth.handler(cancelRequest);
 
-	it("should not update personal subscription when upgrading with an org referenceId", async () => {
-		/* cspell:disable-next-line */
-		const orgId = "org_b67GF32Cljh7u588AuEblmLVobclDRcP";
+		expect(onSubscriptionCancel).toHaveBeenCalled();
 
-		const testOptions = {
-			...stripeOptions,
-			stripeClient: _stripe,
-			subscription: {
-				...stripeOptions.subscription,
-				authorizeReference: async () => true,
+		const deleteEvent = {
+			type: "customer.subscription.deleted",
+			data: {
+				object: {
+					id: testSubscriptionId,
+					customer: "cus_123",
+					status: "canceled",
+					metadata: {
+						referenceId: userId,
+						subscriptionId: testSubscriptionId,
+					},
+				},
 			},
-		} as unknown as StripeOptions;
+		};
 
-		const {
-			auth: testAuth,
-			client: testClient,
-			sessionSetter: testSessionSetter,
-		} = await getTestInstance(
-			{
-				database: memory,
-				plugins: [stripe(testOptions)],
-			},
+		const deleteRequest = new Request(
+			"http://localhost:3000/api/auth/stripe/webhook",
 			{
-				disableTestUser: true,
-				clientOptions: {
-					plugins: [stripeClient({ subscription: true })],
+				method: "POST",
+				headers: {
+					"stripe-signature": "test_signature",
 				},
+				body: JSON.stringify(deleteEvent),
 			},
 		);
-		const testCtx = await testAuth.$context;
 
-		// Sign up and sign in the user
-		const userRes = await testClient.signUp.email(
-			{ ...testUser, email: "org-ref@email.com" },
-			{ throw: true },
+		mockStripeForEvents.webhooks.constructEventAsync.mockReturnValue(
+			deleteEvent,
 		);
-		const headers = new Headers();
-		await testClient.signIn.email(
-			{ ...testUser, email: "org-ref@email.com" },
-			{ throw: true, onSuccess: testSessionSetter(headers) },
-		);
-
-		// Create a personal subscription (referenceId = user id)
-		await testClient.subscription.upgrade({
-			plan: "starter",
-			fetchOptions: { headers },
-		});
+		await eventTestAuth.handler(deleteRequest);
 
-		const personalSub = await testCtx.adapter.findOne<Subscription>({
-			model: "subscription",
-			where: [{ field: "referenceId", value: userRes.user.id }],
-		});
-		expect(personalSub).toBeTruthy();
+		expect(onSubscriptionDeleted).toHaveBeenCalled();
+	});
 
-		await testCtx.adapter.update({
-			model: "subscription",
-			update: {
-				status: "active",
-				stripeSubscriptionId: "sub_personal_active_123",
-			},
-			where: [{ field: "id", value: personalSub!.id }],
-		});
+	it("should return updated subscription in onSubscriptionUpdate callback", async () => {
+		const onSubscriptionUpdate = vi.fn();
 
-		mockStripe.subscriptions.list.mockResolvedValue({
-			data: [
-				{
-					id: "sub_personal_active_123",
+		// Simulate subscription update event (e.g., seat change from 1 to 5)
+		const updateEvent = {
+			type: "customer.subscription.updated",
+			data: {
+				object: {
+					id: "sub_update_test",
+					customer: "cus_update_test",
 					status: "active",
 					items: {
 						data: [
 							{
-								id: "si_1",
 								price: { id: process.env.STRIPE_PRICE_ID_1 },
-								quantity: 1,
+								quantity: 5, // Updated from 1 to 5
+								current_period_start: Math.floor(Date.now() / 1000),
+								current_period_end:
+									Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
 							},
 						],
 					},
+					current_period_start: Math.floor(Date.now() / 1000),
+					current_period_end: Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
 				},
-			],
-		});
+			},
+		};
 
-		// Attempt to upgrade using an org referenceId
-		const upgradeRes = await testClient.subscription.upgrade({
-			plan: "starter",
-			referenceId: orgId,
-			fetchOptions: { headers },
+		const stripeForTest = {
+			...stripeOptions.stripeClient,
+			webhooks: {
+				constructEventAsync: vi.fn().mockResolvedValue(updateEvent),
+			},
+		};
+
+		const testOptions = {
+			...stripeOptions,
+			stripeClient: stripeForTest as unknown as Stripe,
+			stripeWebhookSecret: "test_secret",
+			subscription: {
+				...stripeOptions.subscription,
+				onSubscriptionUpdate,
+			},
+		} as unknown as StripeOptions;
+
+		const { auth: testAuth } = await getTestInstance(
+			{
+				database: memory,
+				plugins: [stripe(testOptions)],
+			},
+			{
+				disableTestUser: true,
+			},
+		);
+
+		const ctx = await testAuth.$context;
+
+		const { id: testReferenceId } = await ctx.adapter.create({
+			model: "user",
+			data: {
+				email: "update-callback@email.com",
+			},
 		});
-		// It should NOT go through billing portal (which would update the personal sub)
-		expect(mockStripe.billingPortal.sessions.create).not.toHaveBeenCalled();
-		expect(upgradeRes.data?.url).toBeDefined();
 
-		const orgSub = await testCtx.adapter.findOne<Subscription>({
+		const { id: testSubscriptionId } = await ctx.adapter.create({
 			model: "subscription",
-			where: [{ field: "referenceId", value: orgId }],
+			data: {
+				referenceId: testReferenceId,
+				stripeCustomerId: "cus_update_test",
+				stripeSubscriptionId: "sub_update_test",
+				status: "active",
+				plan: "starter",
+				seats: 1,
+			},
 		});
-		expect(orgSub).toMatchObject({
-			referenceId: orgId,
-			status: "incomplete",
+
+		const mockRequest = new Request(
+			"http://localhost:3000/api/auth/stripe/webhook",
+			{
+				method: "POST",
+				headers: {
+					"stripe-signature": "test_signature",
+				},
+				body: JSON.stringify(updateEvent),
+			},
+		);
+
+		await testAuth.handler(mockRequest);
+
+		// Verify that onSubscriptionUpdate was called
+		expect(onSubscriptionUpdate).toHaveBeenCalledTimes(1);
+
+		// Verify that the callback received the UPDATED subscription (seats: 5, not 1)
+		const callbackArg = onSubscriptionUpdate.mock.calls[0]?.[0];
+		expect(callbackArg).toBeDefined();
+		expect(callbackArg.subscription).toMatchObject({
+			id: testSubscriptionId,
+			seats: 5, // Should be the NEW value, not the old value (1)
+			status: "active",
 			plan: "starter",
 		});
 
-		const personalAfter = await testCtx.adapter.findOne<Subscription>({
+		// Also verify the subscription was actually updated in the database
+		const updatedSub = await ctx.adapter.findOne<Subscription>({
 			model: "subscription",
-			where: [{ field: "id", value: personalSub!.id }],
+			where: [{ field: "id", value: testSubscriptionId }],
 		});
-		expect(personalAfter?.status).toBe("active");
+		expect(updatedSub?.seats).toBe(5);
 	});
 
-	it("should prevent multiple free trials for the same user", async () => {
+	it("should allow seat upgrades for the same plan", async () => {
 		const { client, auth, sessionSetter } = await getTestInstance(
 			{
 				database: memory,
@@ -1494,50 +1545,40 @@ describe("stripe", () => {
 		);
 		const ctx = await auth.$context;
 
-		// Create a user
 		const userRes = await client.signUp.email(
-			{ ...testUser, email: "trial-prevention@email.com" },
-			{ throw: true },
+			{
+				...testUser,
+				email: "seat-upgrade@email.com",
+			},
+			{
+				throw: true,
+			},
 		);
 
 		const headers = new Headers();
 		await client.signIn.email(
-			{ ...testUser, email: "trial-prevention@email.com" },
+			{
+				...testUser,
+				email: "seat-upgrade@email.com",
+			},
 			{
 				throw: true,
 				onSuccess: sessionSetter(headers),
 			},
 		);
 
-		// First subscription with trial
-		const firstUpgradeRes = await client.subscription.upgrade({
+		await client.subscription.upgrade({
 			plan: "starter",
-			fetchOptions: { headers },
-		});
-
-		expect(firstUpgradeRes.data?.url).toBeDefined();
-
-		// Simulate the subscription being created with trial data
-		await ctx.adapter.update({
-			model: "subscription",
-			update: {
-				status: "trialing",
-				trialStart: new Date(),
-				trialEnd: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000), // 7 days from now
+			seats: 1,
+			fetchOptions: {
+				headers,
 			},
-			where: [
-				{
-					field: "referenceId",
-					value: userRes.user.id,
-				},
-			],
 		});
 
-		// Cancel the subscription
 		await ctx.adapter.update({
 			model: "subscription",
 			update: {
-				status: "canceled",
+				status: "active",
 			},
 			where: [
 				{
@@ -1547,41 +1588,18 @@ describe("stripe", () => {
 			],
 		});
 
-		// Try to subscribe again - should NOT get a trial
-		const secondUpgradeRes = await client.subscription.upgrade({
+		const upgradeRes = await client.subscription.upgrade({
 			plan: "starter",
-			fetchOptions: { headers },
+			seats: 5,
+			fetchOptions: {
+				headers,
+			},
 		});
 
-		expect(secondUpgradeRes.data?.url).toBeDefined();
-
-		// Verify that the checkout session was created without trial_period_days
-		// We can't directly test the Stripe session, but we can verify the logic
-		// by checking that the user has trial history
-		const subscriptions = (await ctx.adapter.findMany({
-			model: "subscription",
-			where: [
-				{
-					field: "referenceId",
-					value: userRes.user.id,
-				},
-			],
-		})) as Subscription[];
-
-		// Should have 2 subscriptions (first canceled, second new)
-		expect(subscriptions).toHaveLength(2);
-
-		// At least one should have trial data
-		const hasTrialData = subscriptions.some(
-			(s: Subscription) => s.trialStart || s.trialEnd,
-		);
-		expect(hasTrialData).toBe(true);
+		expect(upgradeRes.data?.url).toBeDefined();
 	});
 
-	it("should upgrade existing subscription instead of creating new one", async () => {
-		// Reset mocks for this test
-		vi.clearAllMocks();
-
+	it("should prevent duplicate subscriptions with same plan and same seats", async () => {
 		const { client, auth, sessionSetter } = await getTestInstance(
 			{
 				database: memory,
@@ -1596,35 +1614,42 @@ describe("stripe", () => {
 		);
 		const ctx = await auth.$context;
 
-		// Create a user
 		const userRes = await client.signUp.email(
-			{ ...testUser, email: "upgrade-existing@email.com" },
-			{ throw: true },
+			{
+				...testUser,
+				email: "duplicate-prevention@email.com",
+			},
+			{
+				throw: true,
+			},
 		);
 
 		const headers = new Headers();
 		await client.signIn.email(
-			{ ...testUser, email: "upgrade-existing@email.com" },
+			{
+				...testUser,
+				email: "duplicate-prevention@email.com",
+			},
 			{
 				throw: true,
 				onSuccess: sessionSetter(headers),
 			},
 		);
 
-		// Mock customers.list to find existing customer
-		mockStripe.customers.list.mockResolvedValueOnce({
-			data: [{ id: "cus_test_123" }],
-		});
-
-		// First create a starter subscription
 		await client.subscription.upgrade({
 			plan: "starter",
-			fetchOptions: { headers },
+			seats: 3,
+			fetchOptions: {
+				headers,
+			},
 		});
 
-		// Simulate the subscription being active
-		const starterSub = await ctx.adapter.findOne<Subscription>({
+		await ctx.adapter.update({
 			model: "subscription",
+			update: {
+				status: "active",
+				seats: 3,
+			},
 			where: [
 				{
 					field: "referenceId",
@@ -1633,50 +1658,177 @@ describe("stripe", () => {
 			],
 		});
 
-		await ctx.adapter.update({
-			model: "subscription",
-			update: {
-				status: "active",
-				stripeSubscriptionId: "sub_active_test_123",
-				stripeCustomerId: "cus_mock123", // Use the same customer ID as the mock
-			},
-			where: [
-				{
-					field: "id",
-					value: starterSub!.id,
+		const upgradeRes = await client.subscription.upgrade({
+			plan: "starter",
+			seats: 3,
+			fetchOptions: {
+				headers,
+			},
+		});
+
+		expect(upgradeRes.error).toBeDefined();
+		expect(upgradeRes.error?.message).toContain("already subscribed");
+	});
+
+	it("should only call Stripe customers.create once for signup and upgrade", async () => {
+		const { client, sessionSetter } = await getTestInstance(
+			{
+				database: memory,
+				plugins: [stripe(stripeOptions)],
+			},
+			{
+				disableTestUser: true,
+				clientOptions: {
+					plugins: [stripeClient({ subscription: true })],
 				},
-			],
+			},
+		);
+
+		await client.signUp.email(
+			{ ...testUser, email: "single-create@email.com" },
+			{ throw: true },
+		);
+
+		const headers = new Headers();
+		await client.signIn.email(
+			{ ...testUser, email: "single-create@email.com" },
+			{
+				throw: true,
+				onSuccess: sessionSetter(headers),
+			},
+		);
+
+		await client.subscription.upgrade({
+			plan: "starter",
+			fetchOptions: { headers },
 		});
 
-		// Also update the user with the Stripe customer ID
-		await ctx.adapter.update({
-			model: "user",
-			update: {
-				stripeCustomerId: "cus_mock123",
+		expect(mockStripe.customers.create).toHaveBeenCalledTimes(1);
+	});
+
+	it("should create billing portal session", async () => {
+		const { client, sessionSetter } = await getTestInstance(
+			{
+				database: memory,
+				plugins: [stripe(stripeOptions)],
 			},
-			where: [
-				{
-					field: "id",
-					value: userRes.user.id,
+			{
+				disableTestUser: true,
+				clientOptions: {
+					plugins: [stripeClient({ subscription: true })],
 				},
-			],
+			},
+		);
+
+		await client.signUp.email(
+			{
+				...testUser,
+				email: "billing-portal@email.com",
+			},
+			{
+				throw: true,
+			},
+		);
+
+		const headers = new Headers();
+		await client.signIn.email(
+			{
+				...testUser,
+				email: "billing-portal@email.com",
+			},
+			{
+				throw: true,
+				onSuccess: sessionSetter(headers),
+			},
+		);
+		const billingPortalRes = await client.subscription.billingPortal({
+			returnUrl: "/dashboard",
+			fetchOptions: {
+				headers,
+			},
+		});
+		expect(billingPortalRes.data?.url).toBe("https://billing.stripe.com/mock");
+		expect(billingPortalRes.data?.redirect).toBe(true);
+		expect(mockStripe.billingPortal.sessions.create).toHaveBeenCalledWith({
+			customer: expect.any(String),
+			return_url: "http://localhost:3000/dashboard",
 		});
+	});
 
-		// Mock Stripe subscriptions.list to return the active subscription
-		mockStripe.subscriptions.list.mockResolvedValueOnce({
+	it("should not update personal subscription when upgrading with an org referenceId", async () => {
+		/* cspell:disable-next-line */
+		const orgId = "org_b67GF32Cljh7u588AuEblmLVobclDRcP";
+
+		const testOptions = {
+			...stripeOptions,
+			stripeClient: _stripe,
+			subscription: {
+				...stripeOptions.subscription,
+				authorizeReference: async () => true,
+			},
+		} as unknown as StripeOptions;
+
+		const {
+			auth: testAuth,
+			client: testClient,
+			sessionSetter: testSessionSetter,
+		} = await getTestInstance(
+			{
+				database: memory,
+				plugins: [stripe(testOptions)],
+			},
+			{
+				disableTestUser: true,
+				clientOptions: {
+					plugins: [stripeClient({ subscription: true })],
+				},
+			},
+		);
+		const testCtx = await testAuth.$context;
+
+		// Sign up and sign in the user
+		const userRes = await testClient.signUp.email(
+			{ ...testUser, email: "org-ref@email.com" },
+			{ throw: true },
+		);
+		const headers = new Headers();
+		await testClient.signIn.email(
+			{ ...testUser, email: "org-ref@email.com" },
+			{ throw: true, onSuccess: testSessionSetter(headers) },
+		);
+
+		// Create a personal subscription (referenceId = user id)
+		await testClient.subscription.upgrade({
+			plan: "starter",
+			fetchOptions: { headers },
+		});
+
+		const personalSub = await testCtx.adapter.findOne<Subscription>({
+			model: "subscription",
+			where: [{ field: "referenceId", value: userRes.user.id }],
+		});
+		expect(personalSub).toBeTruthy();
+
+		await testCtx.adapter.update({
+			model: "subscription",
+			update: {
+				status: "active",
+				stripeSubscriptionId: "sub_personal_active_123",
+			},
+			where: [{ field: "id", value: personalSub!.id }],
+		});
+
+		mockStripe.subscriptions.list.mockResolvedValue({
 			data: [
 				{
-					id: "sub_active_test_123",
+					id: "sub_personal_active_123",
 					status: "active",
 					items: {
 						data: [
 							{
-								id: "si_test_123",
+								id: "si_1",
 								price: { id: process.env.STRIPE_PRICE_ID_1 },
 								quantity: 1,
-								current_period_start: Math.floor(Date.now() / 1000),
-								current_period_end:
-									Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
 							},
 						],
 					},
@@ -1684,50 +1836,34 @@ describe("stripe", () => {
 			],
 		});
 
-		// Clear mock calls before the upgrade
-		mockStripe.checkout.sessions.create.mockClear();
-		mockStripe.billingPortal.sessions.create.mockClear();
-
-		// Now upgrade to premium plan - should use billing portal to update existing subscription
-		const upgradeRes = await client.subscription.upgrade({
-			plan: "premium",
+		// Attempt to upgrade using an org referenceId
+		const upgradeRes = await testClient.subscription.upgrade({
+			plan: "starter",
+			referenceId: orgId,
 			fetchOptions: { headers },
 		});
+		// It should NOT go through billing portal (which would update the personal sub)
+		expect(mockStripe.billingPortal.sessions.create).not.toHaveBeenCalled();
+		expect(upgradeRes.data?.url).toBeDefined();
 
-		// Verify that billing portal was called (indicating update, not new subscription)
-		expect(mockStripe.billingPortal.sessions.create).toHaveBeenCalledWith(
-			expect.objectContaining({
-				customer: "cus_mock123",
-				flow_data: expect.objectContaining({
-					type: "subscription_update_confirm",
-					subscription_update_confirm: expect.objectContaining({
-						subscription: "sub_active_test_123",
-					}),
-				}),
-			}),
-		);
-
-		// Should not create a new checkout session
-		expect(mockStripe.checkout.sessions.create).not.toHaveBeenCalled();
-
-		// Verify the response has a redirect URL
-		expect(upgradeRes.data?.url).toBe("https://billing.stripe.com/mock");
-		expect(upgradeRes.data?.redirect).toBe(true);
+		const orgSub = await testCtx.adapter.findOne<Subscription>({
+			model: "subscription",
+			where: [{ field: "referenceId", value: orgId }],
+		});
+		expect(orgSub).toMatchObject({
+			referenceId: orgId,
+			status: "incomplete",
+			plan: "starter",
+		});
 
-		// Verify no new subscription was created in the database
-		const allSubs = await ctx.adapter.findMany<Subscription>({
+		const personalAfter = await testCtx.adapter.findOne<Subscription>({
 			model: "subscription",
-			where: [
-				{
-					field: "referenceId",
-					value: userRes.user.id,
-				},
-			],
+			where: [{ field: "id", value: personalSub!.id }],
 		});
-		expect(allSubs).toHaveLength(1); // Should still have only one subscription
+		expect(personalAfter?.status).toBe("active");
 	});
 
-	it("should prevent multiple free trials across different plans", async () => {
+	it("should prevent multiple free trials for the same user", async () => {
 		const { client, auth, sessionSetter } = await getTestInstance(
 			{
 				database: memory,
@@ -1744,20 +1880,20 @@ describe("stripe", () => {
 
 		// Create a user
 		const userRes = await client.signUp.email(
-			{ ...testUser, email: "cross-plan-trial@email.com" },
+			{ ...testUser, email: "trial-prevention@email.com" },
 			{ throw: true },
 		);
 
 		const headers = new Headers();
 		await client.signIn.email(
-			{ ...testUser, email: "cross-plan-trial@email.com" },
+			{ ...testUser, email: "trial-prevention@email.com" },
 			{
 				throw: true,
 				onSuccess: sessionSetter(headers),
 			},
 		);
 
-		// First subscription with trial on starter plan
+		// First subscription with trial
 		const firstUpgradeRes = await client.subscription.upgrade({
 			plan: "starter",
 			fetchOptions: { headers },
@@ -1771,7 +1907,7 @@ describe("stripe", () => {
 			update: {
 				status: "trialing",
 				trialStart: new Date(),
-				trialEnd: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+				trialEnd: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000), // 7 days from now
 			},
 			where: [
 				{
@@ -1795,15 +1931,17 @@ describe("stripe", () => {
 			],
 		});
 
-		// Try to subscribe to a different plan - should NOT get a trial
+		// Try to subscribe again - should NOT get a trial
 		const secondUpgradeRes = await client.subscription.upgrade({
-			plan: "premium",
+			plan: "starter",
 			fetchOptions: { headers },
 		});
 
 		expect(secondUpgradeRes.data?.url).toBeDefined();
 
-		// Verify that the user has trial history from the first plan
+		// Verify that the checkout session was created without trial_period_days
+		// We can't directly test the Stripe session, but we can verify the logic
+		// by checking that the user has trial history
 		const subscriptions = (await ctx.adapter.findMany({
 			model: "subscription",
 			where: [
@@ -1814,31 +1952,32 @@ describe("stripe", () => {
 			],
 		})) as Subscription[];
 
-		// Should have at least 1 subscription (the starter with trial data)
-		expect(subscriptions.length).toBeGreaterThanOrEqual(1);
+		// Should have 2 subscriptions (first canceled, second new)
+		expect(subscriptions).toHaveLength(2);
 
-		// The starter subscription should have trial data
-		const starterSub = subscriptions.find(
-			(s: Subscription) => s.plan === "starter",
-		) as Subscription | undefined;
-		expect(starterSub?.trialStart).toBeDefined();
-		expect(starterSub?.trialEnd).toBeDefined();
-
-		// Verify that the trial eligibility logic is working by checking
-		// that the user has ever had a trial (which should prevent future trials)
-		const hasEverTrialed = subscriptions.some((s: Subscription) => {
-			const hadTrial =
-				!!(s.trialStart || s.trialEnd) || s.status === "trialing";
-			return hadTrial;
-		});
-		expect(hasEverTrialed).toBe(true);
+		// At least one should have trial data
+		const hasTrialData = subscriptions.some(
+			(s: Subscription) => s.trialStart || s.trialEnd,
+		);
+		expect(hasTrialData).toBe(true);
 	});
 
-	it("should update stripe customer email when user email changes", async () => {
-		const { client, auth } = await getTestInstance(
+	it("should prevent trial abuse when processing incomplete subscription with past trial history", async () => {
+		const { client, auth, sessionSetter } = await getTestInstance(
 			{
 				database: memory,
-				plugins: [stripe(stripeOptions)],
+				plugins: [
+					stripe({
+						...stripeOptions,
+						subscription: {
+							...stripeOptions.subscription,
+							plans: stripeOptions.subscription.plans.map((plan) => ({
+								...plan,
+								freeTrial: { days: 7 },
+							})),
+						},
+					}),
+				],
 			},
 			{
 				disableTestUser: true,
@@ -1849,198 +1988,396 @@ describe("stripe", () => {
 		);
 		const ctx = await auth.$context;
 
-		// Setup mock for customer retrieve and update
-		mockStripe.customers.retrieve = vi.fn().mockResolvedValue({
-			id: "cus_mock123",
-			email: "test@email.com",
-			deleted: false,
+		const userRes = await client.signUp.email(
+			{ ...testUser, email: "trial-findone-test@email.com" },
+			{ throw: true },
+		);
+
+		const headers = new Headers();
+		await client.signIn.email(
+			{ ...testUser, email: "trial-findone-test@email.com" },
+			{ throw: true, onSuccess: sessionSetter(headers) },
+		);
+
+		// Create a canceled subscription with trial history first
+		await ctx.adapter.create({
+			model: "subscription",
+			data: {
+				referenceId: userRes.user.id,
+				stripeCustomerId: "cus_old_customer",
+				status: "canceled",
+				plan: "starter",
+				stripeSubscriptionId: "sub_canceled_with_trial",
+				trialStart: new Date(Date.now() - 1000000),
+				trialEnd: new Date(Date.now() - 500000),
+			},
 		});
-		mockStripe.customers.update = vi.fn().mockResolvedValue({
-			id: "cus_mock123",
-			email: "newemail@example.com",
+
+		// Create an new incomplete subscription (without trial info)
+		const incompleteSubId = "sub_incomplete_new";
+		await ctx.adapter.create({
+			model: "subscription",
+			data: {
+				referenceId: userRes.user.id,
+				stripeCustomerId: "cus_old_customer",
+				status: "incomplete",
+				plan: "premium",
+				stripeSubscriptionId: incompleteSubId,
+			},
 		});
 
-		// Sign up a user
-		const userRes = await client.signUp.email(testUser, {
-			throw: true,
+		// When upgrading with a specific subscriptionId pointing to the incomplete one,
+		// the system should still check ALL subscriptions for trial history
+		const upgradeRes = await client.subscription.upgrade({
+			plan: "premium",
+			subscriptionId: incompleteSubId,
+			fetchOptions: { headers },
 		});
 
-		expect(userRes.user).toBeDefined();
+		expect(upgradeRes.data?.url).toBeDefined();
 
-		// Verify customer was created during signup
-		expect(mockStripe.customers.create).toHaveBeenCalledWith({
-			email: testUser.email,
-			name: testUser.name,
-			metadata: {
-				userId: userRes.user.id,
-			},
-		});
+		// Verify that NO trial was granted despite processing the incomplete subscription
+		const callArgs = mockStripe.checkout.sessions.create.mock.lastCall?.[0];
+		expect(callArgs?.subscription_data?.trial_period_days).toBeUndefined();
+	});
 
-		// Clear mocks to track the update
+	it("should upgrade existing subscription instead of creating new one", async () => {
+		// Reset mocks for this test
 		vi.clearAllMocks();
 
-		// Re-setup the retrieve mock for the update flow
-		mockStripe.customers.retrieve = vi.fn().mockResolvedValue({
-			id: "cus_mock123",
-			email: "test@email.com",
-			deleted: false,
-		});
-		mockStripe.customers.update = vi.fn().mockResolvedValue({
-			id: "cus_mock123",
-			email: "newemail@example.com",
-		});
-
-		// Update the user's email using internal adapter (which triggers hooks)
-		await runWithEndpointContext(
+		const { client, auth, sessionSetter } = await getTestInstance(
 			{
-				context: ctx,
+				database: memory,
+				plugins: [stripe(stripeOptions)],
+			},
+			{
+				disableTestUser: true,
+				clientOptions: {
+					plugins: [stripeClient({ subscription: true })],
+				},
 			},
-			() =>
-				ctx.internalAdapter.updateUserByEmail(testUser.email, {
-					email: "newemail@example.com",
-				}),
 		);
+		const ctx = await auth.$context;
 
-		// Verify that Stripe customer.retrieve was called
-		expect(mockStripe.customers.retrieve).toHaveBeenCalledWith("cus_mock123");
+		// Create a user
+		const userRes = await client.signUp.email(
+			{ ...testUser, email: "upgrade-existing@email.com" },
+			{ throw: true },
+		);
 
-		// Verify that Stripe customer.update was called with the new email
-		expect(mockStripe.customers.update).toHaveBeenCalledWith("cus_mock123", {
-			email: "newemail@example.com",
-		});
-	});
+		const headers = new Headers();
+		await client.signIn.email(
+			{ ...testUser, email: "upgrade-existing@email.com" },
+			{
+				throw: true,
+				onSuccess: sessionSetter(headers),
+			},
+		);
 
-	describe("getCustomerCreateParams", () => {
-		it("should call getCustomerCreateParams and merge with default params", async () => {
-			const getCustomerCreateParamsMock = vi
-				.fn()
-				.mockResolvedValue({ metadata: { customField: "customValue" } });
+		// Mock customers.list to find existing customer
+		mockStripe.customers.list.mockResolvedValueOnce({
+			data: [{ id: "cus_test_123" }],
+		});
 
-			const testOptions = {
-				...stripeOptions,
-				createCustomerOnSignUp: true,
-				getCustomerCreateParams: getCustomerCreateParamsMock,
-			} satisfies StripeOptions;
+		// First create a starter subscription
+		await client.subscription.upgrade({
+			plan: "starter",
+			fetchOptions: { headers },
+		});
 
-			const { client: testClient } = await getTestInstance(
+		// Simulate the subscription being active
+		const starterSub = await ctx.adapter.findOne<Subscription>({
+			model: "subscription",
+			where: [
 				{
-					database: memory,
-					plugins: [stripe(testOptions)],
+					field: "referenceId",
+					value: userRes.user.id,
 				},
+			],
+		});
+
+		await ctx.adapter.update({
+			model: "subscription",
+			update: {
+				status: "active",
+				stripeSubscriptionId: "sub_active_test_123",
+				stripeCustomerId: "cus_mock123", // Use the same customer ID as the mock
+			},
+			where: [
 				{
-					disableTestUser: true,
-					clientOptions: {
-						plugins: [stripeClient({ subscription: true })],
-					},
+					field: "id",
+					value: starterSub!.id,
 				},
-			);
+			],
+		});
 
-			// Sign up a user
-			const userRes = await testClient.signUp.email(
+		// Also update the user with the Stripe customer ID
+		await ctx.adapter.update({
+			model: "user",
+			update: {
+				stripeCustomerId: "cus_mock123",
+			},
+			where: [
 				{
-					email: "custom-params@email.com",
-					password: "password",
-					name: "Custom User",
+					field: "id",
+					value: userRes.user.id,
 				},
+			],
+		});
+
+		// Mock Stripe subscriptions.list to return the active subscription
+		mockStripe.subscriptions.list.mockResolvedValueOnce({
+			data: [
 				{
-					throw: true,
+					id: "sub_active_test_123",
+					status: "active",
+					items: {
+						data: [
+							{
+								id: "si_test_123",
+								price: { id: process.env.STRIPE_PRICE_ID_1 },
+								quantity: 1,
+								current_period_start: Math.floor(Date.now() / 1000),
+								current_period_end:
+									Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+							},
+						],
+					},
 				},
-			);
+			],
+		});
 
-			// Verify getCustomerCreateParams was called
-			expect(getCustomerCreateParamsMock).toHaveBeenCalledWith(
-				expect.objectContaining({
-					id: userRes.user.id,
-					email: "custom-params@email.com",
-					name: "Custom User",
-				}),
-				expect.objectContaining({
-					context: expect.any(Object),
-				}),
-			);
+		// Clear mock calls before the upgrade
+		mockStripe.checkout.sessions.create.mockClear();
+		mockStripe.billingPortal.sessions.create.mockClear();
 
-			// Verify customer was created with merged params
-			expect(mockStripe.customers.create).toHaveBeenCalledWith(
-				expect.objectContaining({
-					email: "custom-params@email.com",
-					name: "Custom User",
-					metadata: expect.objectContaining({
-						userId: userRes.user.id,
-						customField: "customValue",
+		// Now upgrade to premium plan - should use billing portal to update existing subscription
+		const upgradeRes = await client.subscription.upgrade({
+			plan: "premium",
+			fetchOptions: { headers },
+		});
+
+		// Verify that billing portal was called (indicating update, not new subscription)
+		expect(mockStripe.billingPortal.sessions.create).toHaveBeenCalledWith(
+			expect.objectContaining({
+				customer: "cus_mock123",
+				flow_data: expect.objectContaining({
+					type: "subscription_update_confirm",
+					subscription_update_confirm: expect.objectContaining({
+						subscription: "sub_active_test_123",
 					}),
 				}),
-			);
-		});
+			}),
+		);
 
-		it("should use getCustomerCreateParams to add custom address", async () => {
-			const getCustomerCreateParamsMock = vi.fn().mockResolvedValue({
-				address: {
-					line1: "123 Main St",
-					city: "San Francisco",
-					state: "CA",
-					postal_code: "94111",
-					country: "US",
-				},
-			});
+		// Should not create a new checkout session
+		expect(mockStripe.checkout.sessions.create).not.toHaveBeenCalled();
 
-			const testOptions = {
-				...stripeOptions,
-				createCustomerOnSignUp: true,
-				getCustomerCreateParams: getCustomerCreateParamsMock,
-			} satisfies StripeOptions;
+		// Verify the response has a redirect URL
+		expect(upgradeRes.data?.url).toBe("https://billing.stripe.com/mock");
+		expect(upgradeRes.data?.redirect).toBe(true);
 
-			const { client: testAuthClient } = await getTestInstance(
+		// Verify no new subscription was created in the database
+		const allSubs = await ctx.adapter.findMany<Subscription>({
+			model: "subscription",
+			where: [
 				{
-					database: memory,
-					plugins: [stripe(testOptions)],
+					field: "referenceId",
+					value: userRes.user.id,
+				},
+			],
+		});
+		expect(allSubs).toHaveLength(1); // Should still have only one subscription
+	});
+
+	it("should prevent multiple free trials across different plans", async () => {
+		const { client, auth, sessionSetter } = await getTestInstance(
+			{
+				database: memory,
+				plugins: [stripe(stripeOptions)],
+			},
+			{
+				disableTestUser: true,
+				clientOptions: {
+					plugins: [stripeClient({ subscription: true })],
 				},
+			},
+		);
+		const ctx = await auth.$context;
+
+		// Create a user
+		const userRes = await client.signUp.email(
+			{ ...testUser, email: "cross-plan-trial@email.com" },
+			{ throw: true },
+		);
+
+		const headers = new Headers();
+		await client.signIn.email(
+			{ ...testUser, email: "cross-plan-trial@email.com" },
+			{
+				throw: true,
+				onSuccess: sessionSetter(headers),
+			},
+		);
+
+		// First subscription with trial on starter plan
+		const firstUpgradeRes = await client.subscription.upgrade({
+			plan: "starter",
+			fetchOptions: { headers },
+		});
+
+		expect(firstUpgradeRes.data?.url).toBeDefined();
+
+		// Simulate the subscription being created with trial data
+		await ctx.adapter.update({
+			model: "subscription",
+			update: {
+				status: "trialing",
+				trialStart: new Date(),
+				trialEnd: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+			},
+			where: [
 				{
-					disableTestUser: true,
-					clientOptions: {
-						plugins: [stripeClient({ subscription: true })],
-					},
+					field: "referenceId",
+					value: userRes.user.id,
 				},
-			);
+			],
+		});
 
-			// Sign up a user
-			await testAuthClient.signUp.email(
+		// Cancel the subscription
+		await ctx.adapter.update({
+			model: "subscription",
+			update: {
+				status: "canceled",
+			},
+			where: [
 				{
-					email: "address-user@email.com",
-					password: "password",
-					name: "Address User",
+					field: "referenceId",
+					value: userRes.user.id,
 				},
+			],
+		});
+
+		// Try to subscribe to a different plan - should NOT get a trial
+		const secondUpgradeRes = await client.subscription.upgrade({
+			plan: "premium",
+			fetchOptions: { headers },
+		});
+
+		expect(secondUpgradeRes.data?.url).toBeDefined();
+
+		// Verify that the user has trial history from the first plan
+		const subscriptions = (await ctx.adapter.findMany({
+			model: "subscription",
+			where: [
 				{
-					throw: true,
+					field: "referenceId",
+					value: userRes.user.id,
 				},
-			);
+			],
+		})) as Subscription[];
 
-			// Verify customer was created with address
-			expect(mockStripe.customers.create).toHaveBeenCalledWith(
-				expect.objectContaining({
-					email: "address-user@email.com",
-					name: "Address User",
-					address: {
-						line1: "123 Main St",
-						city: "San Francisco",
-						state: "CA",
-						postal_code: "94111",
-						country: "US",
-					},
-					metadata: expect.objectContaining({
-						userId: expect.any(String),
-					}),
-				}),
-			);
+		// Should have at least 1 subscription (the starter with trial data)
+		expect(subscriptions.length).toBeGreaterThanOrEqual(1);
+
+		// The starter subscription should have trial data
+		const starterSub = subscriptions.find(
+			(s: Subscription) => s.plan === "starter",
+		) as Subscription | undefined;
+		expect(starterSub?.trialStart).toBeDefined();
+		expect(starterSub?.trialEnd).toBeDefined();
+
+		// Verify that the trial eligibility logic is working by checking
+		// that the user has ever had a trial (which should prevent future trials)
+		const hasEverTrialed = subscriptions.some((s: Subscription) => {
+			const hadTrial =
+				!!(s.trialStart || s.trialEnd) || s.status === "trialing";
+			return hadTrial;
 		});
+		expect(hasEverTrialed).toBe(true);
+	});
 
-		it("should properly merge nested objects using defu", async () => {
-			const getCustomerCreateParamsMock = vi.fn().mockResolvedValue({
-				metadata: {
-					customField: "customValue",
-					anotherField: "anotherValue",
+	it("should update stripe customer email when user email changes", async () => {
+		const { client, auth } = await getTestInstance(
+			{
+				database: memory,
+				plugins: [stripe(stripeOptions)],
+			},
+			{
+				disableTestUser: true,
+				clientOptions: {
+					plugins: [stripeClient({ subscription: true })],
 				},
-				phone: "+1234567890",
-			});
+			},
+		);
+		const ctx = await auth.$context;
+
+		// Setup mock for customer retrieve and update
+		mockStripe.customers.retrieve = vi.fn().mockResolvedValue({
+			id: "cus_mock123",
+			email: "test@email.com",
+			deleted: false,
+		});
+		mockStripe.customers.update = vi.fn().mockResolvedValue({
+			id: "cus_mock123",
+			email: "newemail@example.com",
+		});
+
+		// Sign up a user
+		const userRes = await client.signUp.email(testUser, {
+			throw: true,
+		});
+
+		expect(userRes.user).toBeDefined();
+
+		// Verify customer was created during signup
+		expect(mockStripe.customers.create).toHaveBeenCalledWith({
+			email: testUser.email,
+			name: testUser.name,
+			metadata: {
+				userId: userRes.user.id,
+			},
+		});
+
+		// Clear mocks to track the update
+		vi.clearAllMocks();
+
+		// Re-setup the retrieve mock for the update flow
+		mockStripe.customers.retrieve = vi.fn().mockResolvedValue({
+			id: "cus_mock123",
+			email: "test@email.com",
+			deleted: false,
+		});
+		mockStripe.customers.update = vi.fn().mockResolvedValue({
+			id: "cus_mock123",
+			email: "newemail@example.com",
+		});
+
+		// Update the user's email using internal adapter (which triggers hooks)
+		await runWithEndpointContext(
+			{
+				context: ctx,
+			},
+			() =>
+				ctx.internalAdapter.updateUserByEmail(testUser.email, {
+					email: "newemail@example.com",
+				}),
+		);
+
+		// Verify that Stripe customer.retrieve was called
+		expect(mockStripe.customers.retrieve).toHaveBeenCalledWith("cus_mock123");
+
+		// Verify that Stripe customer.update was called with the new email
+		expect(mockStripe.customers.update).toHaveBeenCalledWith("cus_mock123", {
+			email: "newemail@example.com",
+		});
+	});
+
+	describe("getCustomerCreateParams", () => {
+		it("should call getCustomerCreateParams and merge with default params", async () => {
+			const getCustomerCreateParamsMock = vi
+				.fn()
+				.mockResolvedValue({ metadata: { customField: "customValue" } });
 
 			const testOptions = {
 				...stripeOptions,
@@ -2048,7 +2385,7 @@ describe("stripe", () => {
 				getCustomerCreateParams: getCustomerCreateParamsMock,
 			} satisfies StripeOptions;
 
-			const { client: testAuthClient } = await getTestInstance(
+			const { client: testClient } = await getTestInstance(
 				{
 					database: memory,
 					plugins: [stripe(testOptions)],
@@ -2062,45 +2399,779 @@ describe("stripe", () => {
 			);
 
 			// Sign up a user
-			const userRes = await testAuthClient.signUp.email(
+			const userRes = await testClient.signUp.email(
 				{
-					email: "merge-test@email.com",
+					email: "custom-params@email.com",
 					password: "password",
-					name: "Merge User",
+					name: "Custom User",
 				},
 				{
 					throw: true,
 				},
 			);
 
-			// Verify customer was created with properly merged params
-			// defu merges objects and preserves all fields
-			expect(mockStripe.customers.create).toHaveBeenCalledWith(
+			// Verify getCustomerCreateParams was called
+			expect(getCustomerCreateParamsMock).toHaveBeenCalledWith(
 				expect.objectContaining({
-					email: "merge-test@email.com",
-					name: "Merge User",
-					phone: "+1234567890",
+					id: userRes.user.id,
+					email: "custom-params@email.com",
+					name: "Custom User",
+				}),
+				expect.objectContaining({
+					context: expect.any(Object),
+				}),
+			);
+
+			// Verify customer was created with merged params
+			expect(mockStripe.customers.create).toHaveBeenCalledWith(
+				expect.objectContaining({
+					email: "custom-params@email.com",
+					name: "Custom User",
+					metadata: expect.objectContaining({
+						userId: userRes.user.id,
+						customField: "customValue",
+					}),
+				}),
+			);
+		});
+
+		it("should use getCustomerCreateParams to add custom address", async () => {
+			const getCustomerCreateParamsMock = vi.fn().mockResolvedValue({
+				address: {
+					line1: "123 Main St",
+					city: "San Francisco",
+					state: "CA",
+					postal_code: "94111",
+					country: "US",
+				},
+			});
+
+			const testOptions = {
+				...stripeOptions,
+				createCustomerOnSignUp: true,
+				getCustomerCreateParams: getCustomerCreateParamsMock,
+			} satisfies StripeOptions;
+
+			const { client: testAuthClient } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions)],
+				},
+				{
+					disableTestUser: true,
+					clientOptions: {
+						plugins: [stripeClient({ subscription: true })],
+					},
+				},
+			);
+
+			// Sign up a user
+			await testAuthClient.signUp.email(
+				{
+					email: "address-user@email.com",
+					password: "password",
+					name: "Address User",
+				},
+				{
+					throw: true,
+				},
+			);
+
+			// Verify customer was created with address
+			expect(mockStripe.customers.create).toHaveBeenCalledWith(
+				expect.objectContaining({
+					email: "address-user@email.com",
+					name: "Address User",
+					address: {
+						line1: "123 Main St",
+						city: "San Francisco",
+						state: "CA",
+						postal_code: "94111",
+						country: "US",
+					},
+					metadata: expect.objectContaining({
+						userId: expect.any(String),
+					}),
+				}),
+			);
+		});
+
+		it("should properly merge nested objects using defu", async () => {
+			const getCustomerCreateParamsMock = vi.fn().mockResolvedValue({
+				metadata: {
+					customField: "customValue",
+					anotherField: "anotherValue",
+				},
+				phone: "+1234567890",
+			});
+
+			const testOptions = {
+				...stripeOptions,
+				createCustomerOnSignUp: true,
+				getCustomerCreateParams: getCustomerCreateParamsMock,
+			} satisfies StripeOptions;
+
+			const { client: testAuthClient } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions)],
+				},
+				{
+					disableTestUser: true,
+					clientOptions: {
+						plugins: [stripeClient({ subscription: true })],
+					},
+				},
+			);
+
+			// Sign up a user
+			const userRes = await testAuthClient.signUp.email(
+				{
+					email: "merge-test@email.com",
+					password: "password",
+					name: "Merge User",
+				},
+				{
+					throw: true,
+				},
+			);
+
+			// Verify customer was created with properly merged params
+			// defu merges objects and preserves all fields
+			expect(mockStripe.customers.create).toHaveBeenCalledWith(
+				expect.objectContaining({
+					email: "merge-test@email.com",
+					name: "Merge User",
+					phone: "+1234567890",
 					metadata: {
 						userId: userRes.user.id,
 						customField: "customValue",
 						anotherField: "anotherValue",
 					},
-				}),
-			);
-		});
+				}),
+			);
+		});
+
+		it("should work without getCustomerCreateParams", async () => {
+			// This test ensures backward compatibility
+			const testOptions = {
+				...stripeOptions,
+				createCustomerOnSignUp: true,
+				// No getCustomerCreateParams provided
+			} satisfies StripeOptions;
+
+			const { client: testAuthClient } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions)],
+				},
+				{
+					disableTestUser: true,
+					clientOptions: {
+						plugins: [stripeClient({ subscription: true })],
+					},
+				},
+			);
+
+			// Sign up a user
+			const userRes = await testAuthClient.signUp.email(
+				{
+					email: "no-custom-params@email.com",
+					password: "password",
+					name: "Default User",
+				},
+				{
+					throw: true,
+				},
+			);
+
+			// Verify customer was created with default params only
+			expect(mockStripe.customers.create).toHaveBeenCalledWith({
+				email: "no-custom-params@email.com",
+				name: "Default User",
+				metadata: {
+					userId: userRes.user.id,
+				},
+			});
+		});
+	});
+
+	describe("Webhook Error Handling (Stripe v19)", () => {
+		it("should handle invalid webhook signature with constructEventAsync", async () => {
+			const mockError = new Error("Invalid signature");
+			const stripeWithError = {
+				...stripeOptions.stripeClient,
+				webhooks: {
+					constructEventAsync: vi.fn().mockRejectedValue(mockError),
+				},
+			};
+
+			const testOptions = {
+				...stripeOptions,
+				stripeClient: stripeWithError as unknown as Stripe,
+				stripeWebhookSecret: "test_secret",
+			};
+
+			const { auth: testAuth } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions)],
+				},
+				{
+					disableTestUser: true,
+				},
+			);
+
+			const mockRequest = new Request(
+				"http://localhost:3000/api/auth/stripe/webhook",
+				{
+					method: "POST",
+					headers: {
+						"stripe-signature": "invalid_signature",
+					},
+					body: JSON.stringify({ type: "test.event" }),
+				},
+			);
+
+			const response = await testAuth.handler(mockRequest);
+			expect(response.status).toBe(400);
+			const data = await response.json();
+			expect(data.message).toContain("Webhook Error");
+		});
+
+		it("should reject webhook request without stripe-signature header", async () => {
+			const { auth: testAuth } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(stripeOptions)],
+				},
+				{
+					disableTestUser: true,
+				},
+			);
+
+			const mockRequest = new Request(
+				"http://localhost:3000/api/auth/stripe/webhook",
+				{
+					method: "POST",
+					headers: {
+						"content-type": "application/json",
+					},
+					body: JSON.stringify({ type: "test.event" }),
+				},
+			);
+
+			const response = await testAuth.handler(mockRequest);
+			expect(response.status).toBe(400);
+			const data = await response.json();
+			expect(data.message).toContain("Stripe webhook secret not found");
+		});
+
+		it("should handle constructEventAsync returning null/undefined", async () => {
+			const stripeWithNull = {
+				...stripeOptions.stripeClient,
+				webhooks: {
+					constructEventAsync: vi.fn().mockResolvedValue(null),
+				},
+			};
+
+			const testOptions = {
+				...stripeOptions,
+				stripeClient: stripeWithNull as unknown as Stripe,
+				stripeWebhookSecret: "test_secret",
+			};
+
+			const { auth: testAuth } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions)],
+				},
+				{
+					disableTestUser: true,
+				},
+			);
+
+			const mockRequest = new Request(
+				"http://localhost:3000/api/auth/stripe/webhook",
+				{
+					method: "POST",
+					headers: {
+						"stripe-signature": "test_signature",
+					},
+					body: JSON.stringify({ type: "test.event" }),
+				},
+			);
+
+			const response = await testAuth.handler(mockRequest);
+			expect(response.status).toBe(400);
+			const data = await response.json();
+			expect(data.message).toContain("Failed to construct event");
+		});
+
+		it("should handle async errors in webhook event processing", async () => {
+			const errorThrowingHandler = vi
+				.fn()
+				.mockRejectedValue(new Error("Event processing failed"));
+
+			const mockEvent = {
+				type: "checkout.session.completed",
+				data: {
+					object: {
+						mode: "subscription",
+						subscription: "sub_123",
+						metadata: {
+							referenceId: "user_123",
+							subscriptionId: "sub_123",
+						},
+					},
+				},
+			};
+
+			const stripeForTest = {
+				...stripeOptions.stripeClient,
+				subscriptions: {
+					retrieve: vi.fn().mockRejectedValue(new Error("Stripe API error")),
+				},
+				webhooks: {
+					constructEventAsync: vi.fn().mockResolvedValue(mockEvent),
+				},
+			};
+
+			const testOptions = {
+				...stripeOptions,
+				stripeClient: stripeForTest as unknown as Stripe,
+				stripeWebhookSecret: "test_secret",
+				subscription: {
+					...stripeOptions.subscription,
+					onSubscriptionComplete: errorThrowingHandler,
+				},
+			};
+
+			const { auth: testAuth } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions as StripeOptions)],
+				},
+				{
+					disableTestUser: true,
+				},
+			);
+			const testCtx = await testAuth.$context;
+
+			await testCtx.adapter.create({
+				model: "subscription",
+				data: {
+					referenceId: "user_123",
+					stripeCustomerId: "cus_123",
+					status: "incomplete",
+					plan: "starter",
+					id: "sub_123",
+				},
+			});
+
+			const mockRequest = new Request(
+				"http://localhost:3000/api/auth/stripe/webhook",
+				{
+					method: "POST",
+					headers: {
+						"stripe-signature": "test_signature",
+					},
+					body: JSON.stringify(mockEvent),
+				},
+			);
+
+			const response = await testAuth.handler(mockRequest);
+			// Errors inside event handlers are caught and logged but don't fail the webhook
+			// This prevents Stripe from retrying and is the expected behavior
+			expect(response.status).toBe(200);
+			const data = await response.json();
+			expect(data).toEqual({ success: true });
+			// Verify the error was logged (via the stripeClient.subscriptions.retrieve rejection)
+			expect(stripeForTest.subscriptions.retrieve).toHaveBeenCalled();
+		});
+
+		it("should successfully process webhook with valid async signature verification", async () => {
+			const mockEvent = {
+				type: "customer.subscription.updated",
+				data: {
+					object: {
+						id: "sub_test_async",
+						customer: "cus_test_async",
+						status: "active",
+						items: {
+							data: [
+								{
+									price: { id: process.env.STRIPE_PRICE_ID_1 },
+									quantity: 1,
+									current_period_start: Math.floor(Date.now() / 1000),
+									current_period_end:
+										Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+								},
+							],
+						},
+						current_period_start: Math.floor(Date.now() / 1000),
+						current_period_end:
+							Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+					},
+				},
+			};
+
+			const stripeForTest = {
+				...stripeOptions.stripeClient,
+				webhooks: {
+					// Simulate async verification success
+					constructEventAsync: vi.fn().mockResolvedValue(mockEvent),
+				},
+			};
+
+			const testOptions = {
+				...stripeOptions,
+				stripeClient: stripeForTest as unknown as Stripe,
+				stripeWebhookSecret: "test_secret_async",
+			};
+
+			const { auth: testAuth } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions)],
+				},
+				{
+					disableTestUser: true,
+				},
+			);
+			const testCtx = await testAuth.$context;
+
+			const { id: testUserId } = await testCtx.adapter.create({
+				model: "user",
+				data: {
+					email: "async-test@email.com",
+				},
+			});
+
+			await testCtx.adapter.create({
+				model: "subscription",
+				data: {
+					referenceId: testUserId,
+					stripeCustomerId: "cus_test_async",
+					stripeSubscriptionId: "sub_test_async",
+					status: "incomplete",
+					plan: "starter",
+				},
+			});
+
+			const mockRequest = new Request(
+				"http://localhost:3000/api/auth/stripe/webhook",
+				{
+					method: "POST",
+					headers: {
+						"stripe-signature": "valid_async_signature",
+					},
+					body: JSON.stringify(mockEvent),
+				},
+			);
+
+			const response = await testAuth.handler(mockRequest);
+			expect(response.status).toBe(200);
+			expect(stripeForTest.webhooks.constructEventAsync).toHaveBeenCalledWith(
+				expect.any(String),
+				"valid_async_signature",
+				"test_secret_async",
+			);
+
+			const data = await response.json();
+			expect(data).toEqual({ success: true });
+		});
+
+		it("should call constructEventAsync with exactly 3 required parameters", async () => {
+			const mockEvent = {
+				type: "customer.subscription.created",
+				data: {
+					object: {
+						id: "sub_test_params",
+						customer: "cus_test_params",
+						status: "active",
+					},
+				},
+			};
+
+			const stripeForTest = {
+				...stripeOptions.stripeClient,
+				webhooks: {
+					constructEventAsync: vi.fn().mockResolvedValue(mockEvent),
+				},
+			};
+
+			const testOptions = {
+				...stripeOptions,
+				stripeClient: stripeForTest as unknown as Stripe,
+				stripeWebhookSecret: "test_secret_params",
+			};
+
+			const { auth: testAuth } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions)],
+				},
+				{
+					disableTestUser: true,
+				},
+			);
+
+			const mockRequest = new Request(
+				"http://localhost:3000/api/auth/stripe/webhook",
+				{
+					method: "POST",
+					headers: {
+						"stripe-signature": "test_signature_params",
+					},
+					body: JSON.stringify(mockEvent),
+				},
+			);
+
+			await testAuth.handler(mockRequest);
+
+			// Verify that constructEventAsync is called with exactly 3 required parameters
+			// (payload, signature, secret) and no optional parameters
+			expect(stripeForTest.webhooks.constructEventAsync).toHaveBeenCalledWith(
+				expect.any(String), // payload
+				"test_signature_params", // signature
+				"test_secret_params", // secret
+			);
+
+			// Verify it was called exactly once
+			expect(stripeForTest.webhooks.constructEventAsync).toHaveBeenCalledTimes(
+				1,
+			);
+		});
+
+		it("should support Stripe v18 with sync constructEvent method", async () => {
+			const mockEvent = {
+				type: "customer.subscription.updated",
+				data: {
+					object: {
+						id: "sub_test_v18",
+						customer: "cus_test_v18",
+						status: "active",
+						items: {
+							data: [
+								{
+									price: { id: process.env.STRIPE_PRICE_ID_1 },
+									quantity: 1,
+									current_period_start: Math.floor(Date.now() / 1000),
+									current_period_end:
+										Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+								},
+							],
+						},
+						current_period_start: Math.floor(Date.now() / 1000),
+						current_period_end:
+							Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+					},
+				},
+			};
+
+			// Simulate Stripe v18 - only has sync constructEvent, no constructEventAsync
+			const stripeV18 = {
+				...stripeOptions.stripeClient,
+				webhooks: {
+					constructEvent: vi.fn().mockReturnValue(mockEvent),
+					// v18 doesn't have constructEventAsync
+					constructEventAsync: undefined,
+				},
+			};
+
+			const testOptions = {
+				...stripeOptions,
+				stripeClient: stripeV18 as unknown as Stripe,
+				stripeWebhookSecret: "test_secret_v18",
+			};
+
+			const { auth: testAuth } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions)],
+				},
+				{
+					disableTestUser: true,
+				},
+			);
+			const testCtx = await testAuth.$context;
+
+			const { id: testUserId } = await testCtx.adapter.create({
+				model: "user",
+				data: {
+					email: "v18-test@email.com",
+				},
+			});
+
+			await testCtx.adapter.create({
+				model: "subscription",
+				data: {
+					referenceId: testUserId,
+					stripeCustomerId: "cus_test_v18",
+					stripeSubscriptionId: "sub_test_v18",
+					status: "incomplete",
+					plan: "starter",
+				},
+			});
+
+			const mockRequest = new Request(
+				"http://localhost:3000/api/auth/stripe/webhook",
+				{
+					method: "POST",
+					headers: {
+						"stripe-signature": "test_signature_v18",
+					},
+					body: JSON.stringify(mockEvent),
+				},
+			);
+
+			const response = await testAuth.handler(mockRequest);
+			expect(response.status).toBe(200);
+
+			// Verify that constructEvent (sync) was called instead of constructEventAsync
+			expect(stripeV18.webhooks.constructEvent).toHaveBeenCalledWith(
+				expect.any(String),
+				"test_signature_v18",
+				"test_secret_v18",
+			);
+			expect(stripeV18.webhooks.constructEvent).toHaveBeenCalledTimes(1);
+
+			const data = await response.json();
+			expect(data).toEqual({ success: true });
+		});
+	});
+
+	it("should support flexible limits types", async () => {
+		const flexiblePlans = [
+			{
+				name: "flexible",
+				priceId: "price_flexible",
+				limits: {
+					// Numbers
+					maxUsers: 100,
+					maxProjects: 10,
+					// Arrays
+					features: ["analytics", "api", "webhooks"],
+					supportedMethods: ["GET", "POST", "PUT", "DELETE"],
+					// Objects
+					rateLimit: { requests: 1000, window: 3600 },
+					permissions: { admin: true, read: true, write: false },
+					// Mixed
+					quotas: {
+						storage: 50,
+						bandwidth: [100, "GB"],
+					},
+				},
+			},
+		];
+
+		const {
+			client: testClient,
+			auth: testAuth,
+			sessionSetter: testSessionSetter,
+		} = await getTestInstance(
+			{
+				database: memory,
+				plugins: [
+					stripe({
+						...stripeOptions,
+						subscription: {
+							enabled: true,
+							plans: flexiblePlans,
+						},
+					}),
+				],
+			},
+			{
+				disableTestUser: true,
+				clientOptions: {
+					plugins: [stripeClient({ subscription: true })],
+				},
+			},
+		);
+		const testCtx = await testAuth.$context;
+
+		// Create user and sign in
+		const headers = new Headers();
+		const userRes = await testClient.signUp.email(
+			{ email: "limits@test.com", password: "password", name: "Test" },
+			{ throw: true },
+		);
+		const limitUserId = userRes.user.id;
+
+		await testClient.signIn.email(
+			{ email: "limits@test.com", password: "password" },
+			{ throw: true, onSuccess: testSessionSetter(headers) },
+		);
+
+		// Create subscription
+		await testCtx.adapter.create({
+			model: "subscription",
+			data: {
+				referenceId: limitUserId,
+				stripeCustomerId: "cus_limits_test",
+				stripeSubscriptionId: "sub_limits_test",
+				status: "active",
+				plan: "flexible",
+			},
+		});
+
+		// List subscriptions and verify limits structure
+		const result = await testClient.subscription.list({
+			fetchOptions: { headers, throw: true },
+		});
+
+		expect(result.length).toBe(1);
+		const limits = result[0]?.limits;
+
+		// Verify different types are preserved
+		expect(limits).toBeDefined();
+
+		// Type-safe access with unknown (cast once for test convenience)
+		const typedLimits = limits as Record<string, unknown>;
+		expect(typedLimits.maxUsers).toBe(100);
+		expect(typedLimits.maxProjects).toBe(10);
+		expect(typeof typedLimits.rateLimit).toBe("object");
+		expect(typedLimits.features).toEqual(["analytics", "api", "webhooks"]);
+		expect(Array.isArray(typedLimits.features)).toBe(true);
+		expect(Array.isArray(typedLimits.supportedMethods)).toBe(true);
+		expect((typedLimits.quotas as Record<string, unknown>).storage).toBe(50);
+		expect((typedLimits.rateLimit as Record<string, unknown>).requests).toBe(
+			1000,
+		);
+		expect((typedLimits.permissions as Record<string, unknown>).admin).toBe(
+			true,
+		);
+		expect(
+			Array.isArray((typedLimits.quotas as Record<string, unknown>).bandwidth),
+		).toBe(true);
+	});
+
+	describe("Duplicate customer prevention on signup", () => {
+		it("should NOT create duplicate customer when email already exists in Stripe", async () => {
+			const existingEmail = "duplicate-email@example.com";
+			const existingCustomerId = "cus_stripe_existing_456";
+
+			mockStripe.customers.list.mockResolvedValueOnce({
+				data: [
+					{
+						id: existingCustomerId,
+						email: existingEmail,
+						name: "Existing Stripe Customer",
+					},
+				],
+			});
 
-		it("should work without getCustomerCreateParams", async () => {
-			// This test ensures backward compatibility
-			const testOptions = {
+			const testOptionsWithHook = {
 				...stripeOptions,
 				createCustomerOnSignUp: true,
-				// No getCustomerCreateParams provided
 			} satisfies StripeOptions;
 
-			const { client: testAuthClient } = await getTestInstance(
+			const { client: testAuthClient, auth: testAuth } = await getTestInstance(
 				{
 					database: memory,
-					plugins: [stripe(testOptions)],
+					plugins: [stripe(testOptionsWithHook)],
 				},
 				{
 					disableTestUser: true,
@@ -2109,246 +3180,170 @@ describe("stripe", () => {
 					},
 				},
 			);
+			const testCtx = await testAuth.$context;
 
-			// Sign up a user
+			vi.clearAllMocks();
+
+			// Sign up with email that exists in Stripe
 			const userRes = await testAuthClient.signUp.email(
 				{
-					email: "no-custom-params@email.com",
+					email: existingEmail,
 					password: "password",
-					name: "Default User",
-				},
-				{
-					throw: true,
+					name: "Duplicate Email User",
 				},
+				{ throw: true },
 			);
 
-			// Verify customer was created with default params only
-			expect(mockStripe.customers.create).toHaveBeenCalledWith({
-				email: "no-custom-params@email.com",
-				name: "Default User",
-				metadata: {
-					userId: userRes.user.id,
-				},
+			// Should check for existing customer by email
+			expect(mockStripe.customers.list).toHaveBeenCalledWith({
+				email: existingEmail,
+				limit: 1,
 			});
-		});
-	});
-
-	describe("Webhook Error Handling (Stripe v19)", () => {
-		it("should handle invalid webhook signature with constructEventAsync", async () => {
-			const mockError = new Error("Invalid signature");
-			const stripeWithError = {
-				...stripeOptions.stripeClient,
-				webhooks: {
-					constructEventAsync: vi.fn().mockRejectedValue(mockError),
-				},
-			};
-
-			const testOptions = {
-				...stripeOptions,
-				stripeClient: stripeWithError as unknown as Stripe,
-				stripeWebhookSecret: "test_secret",
-			};
-
-			const { auth: testAuth } = await getTestInstance(
-				{
-					database: memory,
-					plugins: [stripe(testOptions)],
-				},
-				{
-					disableTestUser: true,
-				},
-			);
 
-			const mockRequest = new Request(
-				"http://localhost:3000/api/auth/stripe/webhook",
-				{
-					method: "POST",
-					headers: {
-						"stripe-signature": "invalid_signature",
-					},
-					body: JSON.stringify({ type: "test.event" }),
-				},
-			);
+			// Should NOT create duplicate customer
+			expect(mockStripe.customers.create).not.toHaveBeenCalled();
 
-			const response = await testAuth.handler(mockRequest);
-			expect(response.status).toBe(400);
-			const data = await response.json();
-			expect(data.message).toContain("Webhook Error");
+			// Verify user has the EXISTING Stripe customer ID (not new duplicate)
+			const user = await testCtx.adapter.findOne<
+				User & { stripeCustomerId?: string }
+			>({
+				model: "user",
+				where: [{ field: "id", value: userRes.user.id }],
+			});
+			expect(user?.stripeCustomerId).toBe(existingCustomerId); // Should use existing ID
 		});
 
-		it("should reject webhook request without stripe-signature header", async () => {
-			const { auth: testAuth } = await getTestInstance(
-				{
-					database: memory,
-					plugins: [stripe(stripeOptions)],
-				},
-				{
-					disableTestUser: true,
-				},
-			);
-
-			const mockRequest = new Request(
-				"http://localhost:3000/api/auth/stripe/webhook",
-				{
-					method: "POST",
-					headers: {
-						"content-type": "application/json",
-					},
-					body: JSON.stringify({ type: "test.event" }),
-				},
-			);
+		it("should CREATE customer only when user has no stripeCustomerId and none exists in Stripe", async () => {
+			const newEmail = "brand-new@example.com";
 
-			const response = await testAuth.handler(mockRequest);
-			expect(response.status).toBe(400);
-			const data = await response.json();
-			expect(data.message).toContain("Stripe webhook secret not found");
-		});
+			mockStripe.customers.list.mockResolvedValueOnce({
+				data: [],
+			});
 
-		it("should handle constructEventAsync returning null/undefined", async () => {
-			const stripeWithNull = {
-				...stripeOptions.stripeClient,
-				webhooks: {
-					constructEventAsync: vi.fn().mockResolvedValue(null),
-				},
-			};
+			mockStripe.customers.create.mockResolvedValueOnce({
+				id: "cus_new_created_789",
+				email: newEmail,
+			});
 
-			const testOptions = {
+			const testOptionsWithHook = {
 				...stripeOptions,
-				stripeClient: stripeWithNull as unknown as Stripe,
-				stripeWebhookSecret: "test_secret",
-			};
+				createCustomerOnSignUp: true,
+			} satisfies StripeOptions;
 
-			const { auth: testAuth } = await getTestInstance(
+			const { client: testAuthClient, auth: testAuth } = await getTestInstance(
 				{
 					database: memory,
-					plugins: [stripe(testOptions)],
+					plugins: [stripe(testOptionsWithHook)],
 				},
 				{
 					disableTestUser: true,
+					clientOptions: {
+						plugins: [stripeClient({ subscription: true })],
+					},
 				},
 			);
+			const testCtx = await testAuth.$context;
 
-			const mockRequest = new Request(
-				"http://localhost:3000/api/auth/stripe/webhook",
+			vi.clearAllMocks();
+
+			// Sign up with brand new email
+			const userRes = await testAuthClient.signUp.email(
 				{
-					method: "POST",
-					headers: {
-						"stripe-signature": "test_signature",
-					},
-					body: JSON.stringify({ type: "test.event" }),
+					email: newEmail,
+					password: "password",
+					name: "Brand New User",
 				},
+				{ throw: true },
 			);
 
-			const response = await testAuth.handler(mockRequest);
-			expect(response.status).toBe(400);
-			const data = await response.json();
-			expect(data.message).toContain("Failed to construct event");
-		});
-
-		it("should handle async errors in webhook event processing", async () => {
-			const errorThrowingHandler = vi
-				.fn()
-				.mockRejectedValue(new Error("Event processing failed"));
-
-			const mockEvent = {
-				type: "checkout.session.completed",
-				data: {
-					object: {
-						mode: "subscription",
-						subscription: "sub_123",
-						metadata: {
-							referenceId: "user_123",
-							subscriptionId: "sub_123",
-						},
-					},
-				},
-			};
+			// Should check for existing customer first
+			expect(mockStripe.customers.list).toHaveBeenCalledWith({
+				email: newEmail,
+				limit: 1,
+			});
 
-			const stripeForTest = {
-				...stripeOptions.stripeClient,
-				subscriptions: {
-					retrieve: vi.fn().mockRejectedValue(new Error("Stripe API error")),
-				},
-				webhooks: {
-					constructEventAsync: vi.fn().mockResolvedValue(mockEvent),
+			// Should create new customer (this is correct behavior)
+			expect(mockStripe.customers.create).toHaveBeenCalledTimes(1);
+			expect(mockStripe.customers.create).toHaveBeenCalledWith({
+				email: newEmail,
+				name: "Brand New User",
+				metadata: {
+					userId: userRes.user.id,
 				},
-			};
+			});
 
-			const testOptions = {
-				...stripeOptions,
-				stripeClient: stripeForTest as unknown as Stripe,
-				stripeWebhookSecret: "test_secret",
-				subscription: {
-					...stripeOptions.subscription,
-					onSubscriptionComplete: errorThrowingHandler,
-				},
-			};
+			// Verify user has the new Stripe customer ID
+			const user = await testCtx.adapter.findOne<
+				User & { stripeCustomerId?: string }
+			>({
+				model: "user",
+				where: [{ field: "id", value: userRes.user.id }],
+			});
+			expect(user?.stripeCustomerId).toBeDefined();
+		});
+	});
 
-			const { auth: testAuth } = await getTestInstance(
+	describe("webhook: cancel_at_period_end cancellation", () => {
+		it("should sync cancelAtPeriodEnd and canceledAt when user cancels via Billing Portal (at_period_end mode)", async () => {
+			const { auth } = await getTestInstance(
 				{
 					database: memory,
-					plugins: [stripe(testOptions as StripeOptions)],
-				},
-				{
-					disableTestUser: true,
+					plugins: [stripe(stripeOptions)],
 				},
+				{ disableTestUser: true },
 			);
-			const testCtx = await testAuth.$context;
+			const ctx = await auth.$context;
 
-			await testCtx.adapter.create({
-				model: "subscription",
-				data: {
-					referenceId: "user_123",
-					stripeCustomerId: "cus_123",
-					status: "incomplete",
-					plan: "starter",
-					id: "sub_123",
-				},
+			// Setup: Create user and active subscription
+			const { id: userId } = await ctx.adapter.create({
+				model: "user",
+				data: { email: "cancel-period-end@test.com" },
 			});
 
-			const mockRequest = new Request(
-				"http://localhost:3000/api/auth/stripe/webhook",
-				{
-					method: "POST",
-					headers: {
-						"stripe-signature": "test_signature",
-					},
-					body: JSON.stringify(mockEvent),
+			const now = Math.floor(Date.now() / 1000);
+			const periodEnd = now + 30 * 24 * 60 * 60;
+			const canceledAt = now;
+
+			const { id: subscriptionId } = await ctx.adapter.create({
+				model: "subscription",
+				data: {
+					referenceId: userId,
+					stripeCustomerId: "cus_cancel_test",
+					stripeSubscriptionId: "sub_cancel_period_end",
+					status: "active",
+					plan: "starter",
+					cancelAtPeriodEnd: false,
+					cancelAt: null,
+					canceledAt: null,
 				},
-			);
-
-			const response = await testAuth.handler(mockRequest);
-			// Errors inside event handlers are caught and logged but don't fail the webhook
-			// This prevents Stripe from retrying and is the expected behavior
-			expect(response.status).toBe(200);
-			const data = await response.json();
-			expect(data).toEqual({ success: true });
-			// Verify the error was logged (via the stripeClient.subscriptions.retrieve rejection)
-			expect(stripeForTest.subscriptions.retrieve).toHaveBeenCalled();
-		});
+			});
 
-		it("should successfully process webhook with valid async signature verification", async () => {
-			const mockEvent = {
+			// Simulate: Stripe webhook for cancel_at_period_end
+			const webhookEvent = {
 				type: "customer.subscription.updated",
 				data: {
 					object: {
-						id: "sub_test_async",
-						customer: "cus_test_async",
+						id: "sub_cancel_period_end",
+						customer: "cus_cancel_test",
 						status: "active",
+						cancel_at_period_end: true,
+						cancel_at: null,
+						canceled_at: canceledAt,
+						ended_at: null,
 						items: {
 							data: [
 								{
-									price: { id: process.env.STRIPE_PRICE_ID_1 },
+									price: { id: "price_starter_123", lookup_key: null },
 									quantity: 1,
-									current_period_start: Math.floor(Date.now() / 1000),
-									current_period_end:
-										Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+									current_period_start: now,
+									current_period_end: periodEnd,
 								},
 							],
 						},
-						current_period_start: Math.floor(Date.now() / 1000),
-						current_period_end:
-							Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+						cancellation_details: {
+							reason: "cancellation_requested",
+							comment: "User requested cancellation",
+						},
 					},
 				},
 			};
@@ -2356,77 +3351,104 @@ describe("stripe", () => {
 			const stripeForTest = {
 				...stripeOptions.stripeClient,
 				webhooks: {
-					// Simulate async verification success
-					constructEventAsync: vi.fn().mockResolvedValue(mockEvent),
+					constructEventAsync: vi.fn().mockResolvedValue(webhookEvent),
 				},
 			};
 
 			const testOptions = {
 				...stripeOptions,
 				stripeClient: stripeForTest as unknown as Stripe,
-				stripeWebhookSecret: "test_secret_async",
+				stripeWebhookSecret: "test_secret",
 			};
 
-			const { auth: testAuth } = await getTestInstance(
+			const { auth: webhookAuth } = await getTestInstance(
 				{
 					database: memory,
 					plugins: [stripe(testOptions)],
 				},
+				{ disableTestUser: true },
+			);
+			const webhookCtx = await webhookAuth.$context;
+
+			const response = await webhookAuth.handler(
+				new Request("http://localhost:3000/api/auth/stripe/webhook", {
+					method: "POST",
+					headers: { "stripe-signature": "test_signature" },
+					body: JSON.stringify(webhookEvent),
+				}),
+			);
+
+			expect(response.status).toBe(200);
+
+			const updatedSub = await webhookCtx.adapter.findOne<Subscription>({
+				model: "subscription",
+				where: [{ field: "id", value: subscriptionId }],
+			});
+
+			expect(updatedSub).toMatchObject({
+				status: "active",
+				cancelAtPeriodEnd: true,
+				cancelAt: null,
+				canceledAt: expect.any(Date),
+				endedAt: null,
+			});
+		});
+
+		it("should sync cancelAt when subscription is scheduled to cancel at a specific date", async () => {
+			const { auth } = await getTestInstance(
 				{
-					disableTestUser: true,
+					database: memory,
+					plugins: [stripe(stripeOptions)],
 				},
+				{ disableTestUser: true },
 			);
-			const testCtx = await testAuth.$context;
+			const ctx = await auth.$context;
 
-			const { id: testUserId } = await testCtx.adapter.create({
+			const { id: userId } = await ctx.adapter.create({
 				model: "user",
-				data: {
-					email: "async-test@email.com",
-				},
+				data: { email: "cancel-at-date@test.com" },
 			});
 
-			await testCtx.adapter.create({
+			const now = Math.floor(Date.now() / 1000);
+			const cancelAt = now + 15 * 24 * 60 * 60; // Cancel in 15 days
+			const canceledAt = now;
+
+			const { id: subscriptionId } = await ctx.adapter.create({
 				model: "subscription",
 				data: {
-					referenceId: testUserId,
-					stripeCustomerId: "cus_test_async",
-					stripeSubscriptionId: "sub_test_async",
-					status: "incomplete",
+					referenceId: userId,
+					stripeCustomerId: "cus_cancel_at_test",
+					stripeSubscriptionId: "sub_cancel_at_date",
+					status: "active",
 					plan: "starter",
+					cancelAtPeriodEnd: false,
+					cancelAt: null,
+					canceledAt: null,
 				},
 			});
 
-			const mockRequest = new Request(
-				"http://localhost:3000/api/auth/stripe/webhook",
-				{
-					method: "POST",
-					headers: {
-						"stripe-signature": "valid_async_signature",
-					},
-					body: JSON.stringify(mockEvent),
-				},
-			);
-
-			const response = await testAuth.handler(mockRequest);
-			expect(response.status).toBe(200);
-			expect(stripeForTest.webhooks.constructEventAsync).toHaveBeenCalledWith(
-				expect.any(String),
-				"valid_async_signature",
-				"test_secret_async",
-			);
-
-			const data = await response.json();
-			expect(data).toEqual({ success: true });
-		});
-
-		it("should call constructEventAsync with exactly 3 required parameters", async () => {
-			const mockEvent = {
-				type: "customer.subscription.created",
+			// Simulate: Dashboard/API cancel with specific date (cancel_at)
+			const webhookEvent = {
+				type: "customer.subscription.updated",
 				data: {
 					object: {
-						id: "sub_test_params",
-						customer: "cus_test_params",
+						id: "sub_cancel_at_date",
+						customer: "cus_cancel_at_test",
 						status: "active",
+						cancel_at_period_end: false,
+						cancel_at: cancelAt,
+						canceled_at: canceledAt,
+						ended_at: null,
+						items: {
+							data: [
+								{
+									price: { id: "price_starter_123", lookup_key: null },
+									quantity: 1,
+									current_period_start: now,
+									current_period_end: now + 30 * 24 * 60 * 60,
+								},
+							],
+						},
 					},
 				},
 			};
@@ -2434,281 +3456,327 @@ describe("stripe", () => {
 			const stripeForTest = {
 				...stripeOptions.stripeClient,
 				webhooks: {
-					constructEventAsync: vi.fn().mockResolvedValue(mockEvent),
+					constructEventAsync: vi.fn().mockResolvedValue(webhookEvent),
 				},
 			};
 
 			const testOptions = {
 				...stripeOptions,
 				stripeClient: stripeForTest as unknown as Stripe,
-				stripeWebhookSecret: "test_secret_params",
+				stripeWebhookSecret: "test_secret",
 			};
 
-			const { auth: testAuth } = await getTestInstance(
+			const { auth: webhookAuth } = await getTestInstance(
 				{
 					database: memory,
 					plugins: [stripe(testOptions)],
 				},
-				{
-					disableTestUser: true,
-				},
+				{ disableTestUser: true },
 			);
+			const webhookCtx = await webhookAuth.$context;
 
-			const mockRequest = new Request(
-				"http://localhost:3000/api/auth/stripe/webhook",
-				{
+			const response = await webhookAuth.handler(
+				new Request("http://localhost:3000/api/auth/stripe/webhook", {
 					method: "POST",
-					headers: {
-						"stripe-signature": "test_signature_params",
-					},
-					body: JSON.stringify(mockEvent),
-				},
+					headers: { "stripe-signature": "test_signature" },
+					body: JSON.stringify(webhookEvent),
+				}),
 			);
 
-			await testAuth.handler(mockRequest);
+			expect(response.status).toBe(200);
 
-			// Verify that constructEventAsync is called with exactly 3 required parameters
-			// (payload, signature, secret) and no optional parameters
-			expect(stripeForTest.webhooks.constructEventAsync).toHaveBeenCalledWith(
-				expect.any(String), // payload
-				"test_signature_params", // signature
-				"test_secret_params", // secret
-			);
+			const updatedSub = await webhookCtx.adapter.findOne<Subscription>({
+				model: "subscription",
+				where: [{ field: "id", value: subscriptionId }],
+			});
 
-			// Verify it was called exactly once
-			expect(stripeForTest.webhooks.constructEventAsync).toHaveBeenCalledTimes(
-				1,
-			);
+			expect(updatedSub).toMatchObject({
+				status: "active",
+				cancelAtPeriodEnd: false,
+				cancelAt: expect.any(Date),
+				canceledAt: expect.any(Date),
+				endedAt: null,
+			});
+
+			// Verify the cancelAt date is correct
+			expect(updatedSub!.cancelAt!.getTime()).toBe(cancelAt * 1000);
 		});
+	});
 
-		it("should support Stripe v18 with sync constructEvent method", async () => {
-			const mockEvent = {
-				type: "customer.subscription.updated",
+	describe("webhook: immediate cancellation (subscription deleted)", () => {
+		it("should set status=canceled and endedAt when subscription is immediately canceled", async () => {
+			const { auth } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(stripeOptions)],
+				},
+				{ disableTestUser: true },
+			);
+			const ctx = await auth.$context;
+
+			const { id: userId } = await ctx.adapter.create({
+				model: "user",
+				data: { email: "immediate-cancel@test.com" },
+			});
+
+			const now = Math.floor(Date.now() / 1000);
+
+			const { id: subscriptionId } = await ctx.adapter.create({
+				model: "subscription",
+				data: {
+					referenceId: userId,
+					stripeCustomerId: "cus_immediate_cancel",
+					stripeSubscriptionId: "sub_immediate_cancel",
+					status: "active",
+					plan: "starter",
+				},
+			});
+
+			// Simulate: Immediate cancellation via Billing Portal (mode: immediately) or API
+			const webhookEvent = {
+				type: "customer.subscription.deleted",
 				data: {
 					object: {
-						id: "sub_test_v18",
-						customer: "cus_test_v18",
-						status: "active",
-						items: {
-							data: [
-								{
-									price: { id: process.env.STRIPE_PRICE_ID_1 },
-									quantity: 1,
-									current_period_start: Math.floor(Date.now() / 1000),
-									current_period_end:
-										Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
-								},
-							],
-						},
-						current_period_start: Math.floor(Date.now() / 1000),
-						current_period_end:
-							Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60,
+						id: "sub_immediate_cancel",
+						customer: "cus_immediate_cancel",
+						status: "canceled",
+						cancel_at_period_end: false,
+						cancel_at: null,
+						canceled_at: now,
+						ended_at: now,
 					},
 				},
 			};
 
-			// Simulate Stripe v18 - only has sync constructEvent, no constructEventAsync
-			const stripeV18 = {
+			const stripeForTest = {
 				...stripeOptions.stripeClient,
 				webhooks: {
-					constructEvent: vi.fn().mockReturnValue(mockEvent),
-					// v18 doesn't have constructEventAsync
-					constructEventAsync: undefined,
+					constructEventAsync: vi.fn().mockResolvedValue(webhookEvent),
 				},
 			};
 
 			const testOptions = {
 				...stripeOptions,
-				stripeClient: stripeV18 as unknown as Stripe,
-				stripeWebhookSecret: "test_secret_v18",
+				stripeClient: stripeForTest as unknown as Stripe,
+				stripeWebhookSecret: "test_secret",
 			};
 
-			const { auth: testAuth } = await getTestInstance(
+			const { auth: webhookAuth } = await getTestInstance(
 				{
 					database: memory,
 					plugins: [stripe(testOptions)],
 				},
+				{ disableTestUser: true },
+			);
+			const webhookCtx = await webhookAuth.$context;
+
+			const response = await webhookAuth.handler(
+				new Request("http://localhost:3000/api/auth/stripe/webhook", {
+					method: "POST",
+					headers: { "stripe-signature": "test_signature" },
+					body: JSON.stringify(webhookEvent),
+				}),
+			);
+
+			expect(response.status).toBe(200);
+
+			const updatedSub = await webhookCtx.adapter.findOne<Subscription>({
+				model: "subscription",
+				where: [{ field: "id", value: subscriptionId }],
+			});
+
+			expect(updatedSub).not.toBeNull();
+			expect(updatedSub!.status).toBe("canceled");
+			expect(updatedSub!.endedAt).not.toBeNull();
+		});
+
+		it("should set endedAt when cancel_at_period_end subscription reaches period end", async () => {
+			const { auth } = await getTestInstance(
 				{
-					disableTestUser: true,
+					database: memory,
+					plugins: [stripe(stripeOptions)],
 				},
+				{ disableTestUser: true },
 			);
-			const testCtx = await testAuth.$context;
+			const ctx = await auth.$context;
 
-			const { id: testUserId } = await testCtx.adapter.create({
+			const { id: userId } = await ctx.adapter.create({
 				model: "user",
-				data: {
-					email: "v18-test@email.com",
-				},
+				data: { email: "period-end-reached@test.com" },
 			});
 
-			await testCtx.adapter.create({
+			const now = Math.floor(Date.now() / 1000);
+			const canceledAt = now - 30 * 24 * 60 * 60; // Canceled 30 days ago
+
+			const { id: subscriptionId } = await ctx.adapter.create({
 				model: "subscription",
 				data: {
-					referenceId: testUserId,
-					stripeCustomerId: "cus_test_v18",
-					stripeSubscriptionId: "sub_test_v18",
-					status: "incomplete",
+					referenceId: userId,
+					stripeCustomerId: "cus_period_end_reached",
+					stripeSubscriptionId: "sub_period_end_reached",
+					status: "active",
 					plan: "starter",
+					cancelAtPeriodEnd: true,
+					canceledAt: new Date(canceledAt * 1000),
 				},
 			});
 
-			const mockRequest = new Request(
-				"http://localhost:3000/api/auth/stripe/webhook",
-				{
-					method: "POST",
-					headers: {
-						"stripe-signature": "test_signature_v18",
+			// Simulate: Period ended, subscription is now deleted
+			const webhookEvent = {
+				type: "customer.subscription.deleted",
+				data: {
+					object: {
+						id: "sub_period_end_reached",
+						customer: "cus_period_end_reached",
+						status: "canceled",
+						cancel_at_period_end: true,
+						cancel_at: null,
+						canceled_at: canceledAt,
+						ended_at: now,
 					},
-					body: JSON.stringify(mockEvent),
 				},
-			);
-
-			const response = await testAuth.handler(mockRequest);
-			expect(response.status).toBe(200);
-
-			// Verify that constructEvent (sync) was called instead of constructEventAsync
-			expect(stripeV18.webhooks.constructEvent).toHaveBeenCalledWith(
-				expect.any(String),
-				"test_signature_v18",
-				"test_secret_v18",
-			);
-			expect(stripeV18.webhooks.constructEvent).toHaveBeenCalledTimes(1);
-
-			const data = await response.json();
-			expect(data).toEqual({ success: true });
-		});
-	});
+			};
 
-	it("should support flexible limits types", async () => {
-		const flexiblePlans = [
-			{
-				name: "flexible",
-				priceId: "price_flexible",
-				limits: {
-					// Numbers
-					maxUsers: 100,
-					maxProjects: 10,
-					// Arrays
-					features: ["analytics", "api", "webhooks"],
-					supportedMethods: ["GET", "POST", "PUT", "DELETE"],
-					// Objects
-					rateLimit: { requests: 1000, window: 3600 },
-					permissions: { admin: true, read: true, write: false },
-					// Mixed
-					quotas: {
-						storage: 50,
-						bandwidth: [100, "GB"],
-					},
+			const stripeForTest = {
+				...stripeOptions.stripeClient,
+				webhooks: {
+					constructEventAsync: vi.fn().mockResolvedValue(webhookEvent),
 				},
-			},
-		];
+			};
 
-		const {
-			client: testClient,
-			auth: testAuth,
-			sessionSetter: testSessionSetter,
-		} = await getTestInstance(
-			{
-				database: memory,
-				plugins: [
-					stripe({
-						...stripeOptions,
-						subscription: {
-							enabled: true,
-							plans: flexiblePlans,
-						},
-					}),
-				],
-			},
-			{
-				disableTestUser: true,
-				clientOptions: {
-					plugins: [stripeClient({ subscription: true })],
+			const testOptions = {
+				...stripeOptions,
+				stripeClient: stripeForTest as unknown as Stripe,
+				stripeWebhookSecret: "test_secret",
+			};
+
+			const { auth: webhookAuth } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(testOptions)],
 				},
-			},
-		);
-		const testCtx = await testAuth.$context;
+				{ disableTestUser: true },
+			);
+			const webhookCtx = await webhookAuth.$context;
 
-		// Create user and sign in
-		const headers = new Headers();
-		const userRes = await testClient.signUp.email(
-			{ email: "limits@test.com", password: "password", name: "Test" },
-			{ throw: true },
-		);
-		const limitUserId = userRes.user.id;
+			const response = await webhookAuth.handler(
+				new Request("http://localhost:3000/api/auth/stripe/webhook", {
+					method: "POST",
+					headers: { "stripe-signature": "test_signature" },
+					body: JSON.stringify(webhookEvent),
+				}),
+			);
 
-		await testClient.signIn.email(
-			{ email: "limits@test.com", password: "password" },
-			{ throw: true, onSuccess: testSessionSetter(headers) },
-		);
+			expect(response.status).toBe(200);
 
-		// Create subscription
-		await testCtx.adapter.create({
-			model: "subscription",
-			data: {
-				referenceId: limitUserId,
-				stripeCustomerId: "cus_limits_test",
-				stripeSubscriptionId: "sub_limits_test",
-				status: "active",
-				plan: "flexible",
-			},
-		});
+			const updatedSub = await webhookCtx.adapter.findOne<Subscription>({
+				model: "subscription",
+				where: [{ field: "id", value: subscriptionId }],
+			});
 
-		// List subscriptions and verify limits structure
-		const result = await testClient.subscription.list({
-			fetchOptions: { headers, throw: true },
+			expect(updatedSub).not.toBeNull();
+			expect(updatedSub!.status).toBe("canceled");
+			expect(updatedSub!.cancelAtPeriodEnd).toBe(true);
+			expect(updatedSub!.endedAt).not.toBeNull();
+
+			// endedAt should be the actual termination time (now), not the cancellation request time
+			expect(updatedSub!.endedAt!.getTime()).toBe(now * 1000);
 		});
+	});
 
-		expect(result.length).toBe(1);
-		const limits = result[0]?.limits;
+	describe("restore subscription", () => {
+		it("should clear cancelAtPeriodEnd when restoring a cancel_at_period_end subscription", async () => {
+			const { client, auth, sessionSetter } = await getTestInstance(
+				{
+					database: memory,
+					plugins: [stripe(stripeOptions)],
+				},
+				{
+					disableTestUser: true,
+					clientOptions: {
+						plugins: [stripeClient({ subscription: true })],
+					},
+				},
+			);
+			const ctx = await auth.$context;
 
-		// Verify different types are preserved
-		expect(limits).toBeDefined();
+			const userRes = await client.signUp.email(
+				{
+					email: "restore-period-end@test.com",
+					password: "password",
+					name: "Test",
+				},
+				{ throw: true },
+			);
 
-		// Type-safe access with unknown (cast once for test convenience)
-		const typedLimits = limits as Record<string, unknown>;
-		expect(typedLimits.maxUsers).toBe(100);
-		expect(typedLimits.maxProjects).toBe(10);
-		expect(typeof typedLimits.rateLimit).toBe("object");
-		expect(typedLimits.features).toEqual(["analytics", "api", "webhooks"]);
-		expect(Array.isArray(typedLimits.features)).toBe(true);
-		expect(Array.isArray(typedLimits.supportedMethods)).toBe(true);
-		expect((typedLimits.quotas as Record<string, unknown>).storage).toBe(50);
-		expect((typedLimits.rateLimit as Record<string, unknown>).requests).toBe(
-			1000,
-		);
-		expect((typedLimits.permissions as Record<string, unknown>).admin).toBe(
-			true,
-		);
-		expect(
-			Array.isArray((typedLimits.quotas as Record<string, unknown>).bandwidth),
-		).toBe(true);
-	});
+			const headers = new Headers();
+			await client.signIn.email(
+				{ email: "restore-period-end@test.com", password: "password" },
+				{ throw: true, onSuccess: sessionSetter(headers) },
+			);
 
-	describe("Duplicate customer prevention on signup", () => {
-		it("should NOT create duplicate customer when email already exists in Stripe", async () => {
-			const existingEmail = "duplicate-email@example.com";
-			const existingCustomerId = "cus_stripe_existing_456";
+			// Create subscription scheduled to cancel at period end
+			await ctx.adapter.create({
+				model: "subscription",
+				data: {
+					referenceId: userRes.user.id,
+					stripeCustomerId: "cus_restore_test",
+					stripeSubscriptionId: "sub_restore_period_end",
+					status: "active",
+					plan: "starter",
+					cancelAtPeriodEnd: true,
+					cancelAt: null,
+					canceledAt: new Date(),
+				},
+			});
 
-			mockStripe.customers.list.mockResolvedValueOnce({
+			mockStripe.subscriptions.list.mockResolvedValueOnce({
 				data: [
 					{
-						id: existingCustomerId,
-						email: existingEmail,
-						name: "Existing Stripe Customer",
+						id: "sub_restore_period_end",
+						status: "active",
+						cancel_at_period_end: true,
+						cancel_at: null,
 					},
 				],
 			});
 
-			const testOptionsWithHook = {
-				...stripeOptions,
-				createCustomerOnSignUp: true,
-			} satisfies StripeOptions;
+			mockStripe.subscriptions.update.mockResolvedValueOnce({
+				id: "sub_restore_period_end",
+				status: "active",
+				cancel_at_period_end: false,
+				cancel_at: null,
+			});
 
-			const { client: testAuthClient, auth: testAuth } = await getTestInstance(
+			const restoreRes = await client.subscription.restore({
+				fetchOptions: { headers },
+			});
+
+			expect(restoreRes.data).toBeDefined();
+
+			// Verify Stripe was called with correct params (cancel_at_period_end: false)
+			expect(mockStripe.subscriptions.update).toHaveBeenCalledWith(
+				"sub_restore_period_end",
+				{ cancel_at_period_end: false },
+			);
+
+			const updatedSub = await ctx.adapter.findOne<Subscription>({
+				model: "subscription",
+				where: [{ field: "referenceId", value: userRes.user.id }],
+			});
+
+			expect(updatedSub).toMatchObject({
+				cancelAtPeriodEnd: false,
+				cancelAt: null,
+				canceledAt: null,
+			});
+		});
+
+		it("should clear cancelAt when restoring a cancel_at (specific date) subscription", async () => {
+			const { client, auth, sessionSetter } = await getTestInstance(
 				{
 					database: memory,
-					plugins: [stripe(testOptionsWithHook)],
+					plugins: [stripe(stripeOptions)],
 				},
 				{
 					disableTestUser: true,
@@ -2717,60 +3785,89 @@ describe("stripe", () => {
 					},
 				},
 			);
-			const testCtx = await testAuth.$context;
+			const ctx = await auth.$context;
 
-			vi.clearAllMocks();
-
-			// Sign up with email that exists in Stripe
-			const userRes = await testAuthClient.signUp.email(
+			const userRes = await client.signUp.email(
 				{
-					email: existingEmail,
+					email: "restore-cancel-at@test.com",
 					password: "password",
-					name: "Duplicate Email User",
+					name: "Test",
 				},
 				{ throw: true },
 			);
 
-			// Should check for existing customer by email
-			expect(mockStripe.customers.list).toHaveBeenCalledWith({
-				email: existingEmail,
-				limit: 1,
-			});
+			const headers = new Headers();
+			await client.signIn.email(
+				{ email: "restore-cancel-at@test.com", password: "password" },
+				{ throw: true, onSuccess: sessionSetter(headers) },
+			);
 
-			// Should NOT create duplicate customer
-			expect(mockStripe.customers.create).not.toHaveBeenCalled();
+			const cancelAt = new Date(Date.now() + 15 * 24 * 60 * 60 * 1000);
 
-			// Verify user has the EXISTING Stripe customer ID (not new duplicate)
-			const user = await testCtx.adapter.findOne<
-				User & { stripeCustomerId?: string }
-			>({
-				model: "user",
-				where: [{ field: "id", value: userRes.user.id }],
+			// Create subscription scheduled to cancel at specific date
+			await ctx.adapter.create({
+				model: "subscription",
+				data: {
+					referenceId: userRes.user.id,
+					stripeCustomerId: "cus_restore_cancel_at",
+					stripeSubscriptionId: "sub_restore_cancel_at",
+					status: "active",
+					plan: "starter",
+					cancelAtPeriodEnd: false,
+					cancelAt: cancelAt,
+					canceledAt: new Date(),
+				},
 			});
-			expect(user?.stripeCustomerId).toBe(existingCustomerId); // Should use existing ID
-		});
 
-		it("should CREATE customer only when user has no stripeCustomerId and none exists in Stripe", async () => {
-			const newEmail = "brand-new@example.com";
+			mockStripe.subscriptions.list.mockResolvedValueOnce({
+				data: [
+					{
+						id: "sub_restore_cancel_at",
+						status: "active",
+						cancel_at_period_end: false,
+						cancel_at: Math.floor(cancelAt.getTime() / 1000),
+					},
+				],
+			});
 
-			mockStripe.customers.list.mockResolvedValueOnce({
-				data: [],
+			mockStripe.subscriptions.update.mockResolvedValueOnce({
+				id: "sub_restore_cancel_at",
+				status: "active",
+				cancel_at_period_end: false,
+				cancel_at: null,
 			});
 
-			mockStripe.customers.create.mockResolvedValueOnce({
-				id: "cus_new_created_789",
-				email: newEmail,
+			const restoreRes = await client.subscription.restore({
+				fetchOptions: { headers },
 			});
 
-			const testOptionsWithHook = {
-				...stripeOptions,
-				createCustomerOnSignUp: true,
-			} satisfies StripeOptions;
+			expect(restoreRes.data).toBeDefined();
 
-			const { client: testAuthClient, auth: testAuth } = await getTestInstance(
+			// Verify Stripe was called with correct params (cancel_at: "" to clear)
+			expect(mockStripe.subscriptions.update).toHaveBeenCalledWith(
+				"sub_restore_cancel_at",
+				{ cancel_at: "" },
+			);
+
+			const updatedSub = await ctx.adapter.findOne<Subscription>({
+				model: "subscription",
+				where: [{ field: "referenceId", value: userRes.user.id }],
+			});
+
+			expect(updatedSub).toMatchObject({
+				cancelAtPeriodEnd: false,
+				cancelAt: null,
+				canceledAt: null,
+			});
+		});
+	});
+
+	describe("cancel subscription fallback (missed webhook)", () => {
+		it("should sync from Stripe when cancel request fails because subscription is already canceled", async () => {
+			const { client, auth, sessionSetter } = await getTestInstance(
 				{
 					database: memory,
-					plugins: [stripe(testOptionsWithHook)],
+					plugins: [stripe(stripeOptions)],
 				},
 				{
 					disableTestUser: true,
@@ -2779,44 +3876,90 @@ describe("stripe", () => {
 					},
 				},
 			);
-			const testCtx = await testAuth.$context;
-
-			vi.clearAllMocks();
+			const ctx = await auth.$context;
 
-			// Sign up with brand new email
-			const userRes = await testAuthClient.signUp.email(
+			const userRes = await client.signUp.email(
 				{
-					email: newEmail,
+					email: "missed-webhook@test.com",
 					password: "password",
-					name: "Brand New User",
+					name: "Test",
 				},
 				{ throw: true },
 			);
 
-			// Should check for existing customer first
-			expect(mockStripe.customers.list).toHaveBeenCalledWith({
-				email: newEmail,
-				limit: 1,
-			});
+			const headers = new Headers();
+			await client.signIn.email(
+				{ email: "missed-webhook@test.com", password: "password" },
+				{ throw: true, onSuccess: sessionSetter(headers) },
+			);
 
-			// Should create new customer (this is correct behavior)
-			expect(mockStripe.customers.create).toHaveBeenCalledTimes(1);
-			expect(mockStripe.customers.create).toHaveBeenCalledWith({
-				email: newEmail,
-				name: "Brand New User",
-				metadata: {
-					userId: userRes.user.id,
+			const now = Math.floor(Date.now() / 1000);
+			const cancelAt = now + 15 * 24 * 60 * 60;
+
+			// Create subscription in DB (not synced - missed webhook)
+			const { id: subscriptionId } = await ctx.adapter.create({
+				model: "subscription",
+				data: {
+					referenceId: userRes.user.id,
+					stripeCustomerId: "cus_missed_webhook",
+					stripeSubscriptionId: "sub_missed_webhook",
+					status: "active",
+					plan: "starter",
+					cancelAtPeriodEnd: false, // DB thinks it's not canceling
+					cancelAt: null,
+					canceledAt: null,
 				},
 			});
 
-			// Verify user has the new Stripe customer ID
-			const user = await testCtx.adapter.findOne<
-				User & { stripeCustomerId?: string }
-			>({
-				model: "user",
-				where: [{ field: "id", value: userRes.user.id }],
+			// Stripe has the subscription already scheduled to cancel with cancel_at
+			mockStripe.subscriptions.list.mockResolvedValueOnce({
+				data: [
+					{
+						id: "sub_missed_webhook",
+						status: "active",
+						cancel_at_period_end: false,
+						cancel_at: cancelAt,
+					},
+				],
 			});
-			expect(user?.stripeCustomerId).toBeDefined();
+
+			// Billing portal returns error because subscription is already set to cancel
+			mockStripe.billingPortal.sessions.create.mockRejectedValueOnce(
+				new Error("This subscription is already set to be canceled"),
+			);
+
+			// When fallback kicks in, it retrieves from Stripe
+			mockStripe.subscriptions.retrieve.mockResolvedValueOnce({
+				id: "sub_missed_webhook",
+				status: "active",
+				cancel_at_period_end: false,
+				cancel_at: cancelAt,
+				canceled_at: now,
+			});
+
+			// Try to cancel - should fail but trigger sync
+			const cancelRes = await client.subscription.cancel({
+				returnUrl: "/account",
+				fetchOptions: { headers },
+			});
+
+			// Should have error because portal creation failed
+			expect(cancelRes.error).toBeDefined();
+
+			// But DB should now be synced with Stripe's actual state
+			const updatedSub = await ctx.adapter.findOne<Subscription>({
+				model: "subscription",
+				where: [{ field: "id", value: subscriptionId }],
+			});
+
+			expect(updatedSub).toMatchObject({
+				cancelAtPeriodEnd: false,
+				cancelAt: expect.any(Date),
+				canceledAt: expect.any(Date),
+			});
+
+			// Verify it's the correct cancel_at date from Stripe
+			expect(updatedSub!.cancelAt!.getTime()).toBe(cancelAt * 1000);
 		});
 	});
 });