@bigio/better-auth-electron 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +44 -22
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -2,16 +2,24 @@
2
2
 
3
3
  > **Work In Progress:** This library is actively being developed. Detailed documentation and architecture diagrams are coming soon.
4
4
 
5
- **A type-safe, IPC-based Better Auth integration for Electron.**
5
+ **A type-safe, IPC-Event based Better Auth integration for Electron.**
6
6
 
7
7
  Designed for production-grade applications, this library provides a secure, "batteries-included" solution to integrate [Better Auth](https://www.better-auth.com) into Electron apps without the headache of writing manual IPC bridges or handling complex OAuth window flows.
8
8
 
9
9
  ## Features
10
10
 
11
- - ** Strict Process Isolation:** Zero leakage of server secrets into the Renderer.
12
- - ** Type-Safe IPC:** Full type inference between Main and Renderer processes.
13
- - ** React 19 & Preact Compatible:** Solves "Invalid Hook Call" and duplicate instance issues.
14
- - ** Smart Session Handoff:** Seamlessly transfers authentication states from the web auth flow to the Electron app.
11
+ - ** Native Secure Context & Origin Fix:**
12
+ Leverages `protocol.registerSchemesAsPrivileged` to treat your custom scheme as a secure context. This solves the infamous `Origin` header mismatch and enables `SameSite` cookies to work natively without hacks.
13
+
14
+ - ** Secure PKCE Flow:**
15
+ Implements the standard **Proof Key for Code Exchange** protocol out-of-the-box. Ensures enterprise-grade security for your OAuth exchanges without exposing secrets.
16
+
17
+ - ** Preact SSR Ready:**
18
+ Includes a dedicated, lightweight Preact entry point optimized for Server-Side Rendering (SSR) in login windows.
19
+ _(React 19 supported. Vue/Svelte support coming soon!)_
20
+
21
+ - ** Zero-IPC Session Handoff:**
22
+ Uses secure custom protocol deep links to transfer authentication states. Full TypeScript inference via Better Auth plugins — **no fragile IPC bridges** or manual message handling required.
15
23
 
16
24
  ## Installation
17
25
 
@@ -68,8 +76,8 @@ const { windowInjection, whenReadyInjection } = mainInjection({
68
76
  PROVIDERS: ['github', 'google'],
69
77
  BETTER_AUTH_BASEURL: 'http://localhost:3002',
70
78
  FRONTEND_URL: 'http://localhost:3001/oauth',
71
- // Use the classic 'onBeforeRequest' filter approach for auth code capture
72
- OLD_SCHOOL_ONBEFORE_WAY: true,
79
+ // Use the classic 'onBeforeRequest' filter approach for auth code capture if true
80
+ OLD_SCHOOL_ONBEFORE_WAY: false,
73
81
  })
74
82
 
75
83
  function createWindow(): void {
@@ -77,12 +85,12 @@ function createWindow(): void {
77
85
  /* config */
78
86
  })
79
87
 
80
- // Inject IPC handlers into the specific window instance
88
+ // Inject ipcRenderer event into the specific window instance
81
89
  windowInjection(mainWindow)
82
90
  }
83
91
 
84
92
  app.whenReady().then(() => {
85
- // Register custom protocol schemes and deep link listeners
93
+ // Register custom protocol schemes
86
94
  whenReadyInjection()
87
95
  createWindow()
88
96
  })
@@ -142,7 +150,31 @@ const ElectronLoginButton = ({ provider }: { provider: string }) => {
142
150
  }
143
151
  ```
144
152
 
145
- ### 5. Web/App Component Usage (`src/web/components/user-session.tsx`)
153
+ ### 5. Electron Renderer/Web Client (`src/renderer/lib/auth-client.ts`)
154
+
155
+ This is the auth client running **inside your Electron app**. It listens for the custom protocol deep link to hydrate the session.
156
+
157
+ > **Suggestion:** set `credentials: 'include'` to ensure the session cookie generated by the secure protocol is correctly persisted.
158
+
159
+ ```typescript
160
+ import { createAuthClient } from 'better-auth/react'
161
+ import { electronRendererPlugin } from '@bigio/better-auth-electron/renderer'
162
+
163
+ export const authClient = createAuthClient({
164
+ baseURL: 'http://localhost:3002',
165
+ fetchOptions: {
166
+ // It ensures cookies are sent/received correctly in the custom scheme.
167
+ credentials: 'include',
168
+ },
169
+ plugins: [
170
+ electronRendererPlugin({
171
+ ELECTRON_SCHEME: 'bigio', // Must match Main process config
172
+ }),
173
+ ],
174
+ })
175
+ ```
176
+
177
+ ### 6. Web/App Component Usage (`src/web/components/user-session.tsx`)
146
178
 
147
179
  The `useElectronOAuthSession` hook is the heart of the "Handoff" experience. It listens for the deep link callback and automatically verifies the session.
148
180
 
@@ -151,23 +183,13 @@ import { authClient } from '@/web/client'
151
183
 
152
184
  export function UserSessionStatus() {
153
185
  const {
154
- // The validated session data (user, session token)
155
186
  data: useSessionData,
156
-
157
- // Any error that occurred during the deep link handoff
158
187
  error,
159
-
160
- // True when the initial check or handoff is in progress
161
188
  isPending,
162
-
163
- // True when explicitly refetching the session state
164
189
  isRefetching,
165
-
166
- // Function to manually re-trigger session validation
167
190
  refetch,
168
-
169
- // Real-time status messages from the main process
170
- // (e.g., "Verifying ticket...", "Session established")
191
+ // // The current status of the handoff process on the client side
192
+ // (e.g., 'idle' | 'succeed' | 'failed')
171
193
  oauthMessage
172
194
  } = authClient.bigio.useElectronOAuthSession()
173
195
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bigio/better-auth-electron",
3
- "version": "1.0.0",
3
+ "version": "1.0.1",
4
4
  "author": "bigmusic",
5
5
  "license": "MIT",
6
6
  "private": false,