@delmaredigital/payload-better-auth 0.3.6 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +48 -11
  2. package/dist/exports/client.d.ts +2356 -2
  3. package/dist/exports/client.d.ts.map +1 -1
  4. package/dist/exports/client.js +46 -5
  5. package/dist/exports/client.js.map +1 -1
  6. package/dist/plugin/index.d.ts +35 -2
  7. package/dist/plugin/index.d.ts.map +1 -1
  8. package/dist/plugin/index.js.map +1 -1
  9. package/package.json +1 -1
package/README.md CHANGED
@@ -209,7 +209,7 @@ export default buildConfig({
209
209
  })
210
210
  ```
211
211
 
212
- > **⚠️ Important:** Do NOT add a custom `beforeLogin` component to your admin config. The Better Auth plugin automatically injects its own login page, logout button, and redirect handling.
212
+ > **⚠️ Note:** The plugin automatically injects its own login page, logout button, and redirect handling. Don't add a custom `beforeLogin` in Payload's `admin.components` directly - use the plugin's options instead (see [Customization](#customization) for `disableLoginView`, `loginViewComponent`, etc.).
213
213
 
214
214
  ### Step 4: Client-Side Auth
215
215
 
@@ -228,12 +228,29 @@ export const { useSession, signIn, signUp, signOut, twoFactor, passkey } = authC
228
228
 
229
229
  **Note:** `createPayloadAuthClient()` automatically uses `window.location.origin` as the base URL, so it works seamlessly across local dev, Vercel previews, and production without any configuration.
230
230
 
231
- For full control, you can also use the raw `createAuthClient` from Better Auth:
231
+ **Adding custom plugins (e.g., Stripe):**
232
+
233
+ For custom plugins with full TypeScript support, use `createAuthClient` with `payloadAuthPlugins`:
232
234
 
233
235
  ```ts
234
- import { createAuthClient } from '@delmaredigital/payload-better-auth/client'
236
+ // src/lib/auth/client.ts
237
+ 'use client'
238
+
239
+ import { createAuthClient, payloadAuthPlugins } from '@delmaredigital/payload-better-auth/client'
240
+ import { stripeClient } from '@better-auth/stripe/client'
241
+
242
+ // Spread payloadAuthPlugins to include defaults (twoFactor, apiKey, passkey)
243
+ // Then add your custom plugins - full type safety!
244
+ export const authClient = createAuthClient({
245
+ plugins: [...payloadAuthPlugins, stripeClient({ subscription: true })],
246
+ })
247
+
248
+ // authClient.subscription is fully typed
249
+ export const { useSession, signIn, signUp, signOut, twoFactor, passkey, subscription } = authClient
235
250
  ```
236
251
 
252
+ This approach uses Better Auth's native `createAuthClient` with our default plugins, giving you full type inference for any custom plugins you add.
253
+
237
254
  ### Step 5: Server-Side Session Access
238
255
 
239
256
  ```ts
@@ -428,7 +445,7 @@ createBetterAuthPlugin({
428
445
  | `admin.login.afterLoginPath` | `string` | `'/admin'` | Redirect path after successful login |
429
446
  | `admin.login.requiredRole` | `string \| string[] \| null` | `'admin'` | Required role(s) for admin access. Array = any role matches (unless `requireAllRoles`). Set to `null` to disable. |
430
447
  | `admin.login.requireAllRoles` | `boolean` | `false` | When `requiredRole` is an array, require ALL roles (true) or ANY role (false). |
431
- | `admin.login.enablePasskey` | `boolean` | `false` | Enable passkey (WebAuthn) sign-in option |
448
+ | `admin.login.enablePasskey` | `boolean \| 'auto'` | `false` | Enable passkey (WebAuthn) sign-in option. `'auto'` detects if passkey plugin is available. |
432
449
  | `admin.login.enableSignUp` | `boolean \| 'auto'` | `'auto'` | Enable user registration. `'auto'` detects if sign-up endpoint is available. |
433
450
  | `admin.login.defaultSignUpRole` | `string` | `'user'` | Default role assigned to new users during registration |
434
451
  | `admin.login.enableForgotPassword` | `boolean \| 'auto'` | `'auto'` | Enable forgot password link. `'auto'` detects if endpoint is available. |
@@ -679,6 +696,17 @@ This is useful when you need:
679
696
  - Integration with external identity providers
680
697
  - Custom branding or UI requirements
681
698
 
699
+ **Frontend Login (outside admin panel):**
700
+
701
+ For user-facing login pages (not the Payload admin), you don't need to configure anything in the plugin. Just use the auth client directly in your own React components:
702
+
703
+ ```tsx
704
+ import { authClient } from '@/lib/auth/client'
705
+
706
+ // Use authClient.signIn.email(), authClient.signUp.email(), etc.
707
+ // See "Handling 2FA in Custom Login Forms" section below for a complete example
708
+ ```
709
+
682
710
  ### Custom Admin Components
683
711
 
684
712
  Override specific admin components while keeping others auto-injected:
@@ -1152,15 +1180,18 @@ export const auth = betterAuth({
1152
1180
 
1153
1181
  ### User Registration
1154
1182
 
1155
- The `LoginView` includes an optional "Create account" link that automatically detects if user registration is available. When enabled, users can register directly from the login page.
1183
+ The `LoginView` **automatically detects** if user registration is available by checking Better Auth's sign-up endpoint. If your Better Auth config has `emailAndPassword.enabled: true` (and not `disableSignUp: true`), the "Create account" link appears automatically.
1156
1184
 
1157
- **Configuration:**
1185
+ **No configuration needed** for most cases - it just works based on your Better Auth settings.
1186
+
1187
+ **Optional overrides** (only if you need to force show/hide):
1158
1188
  ```typescript
1159
1189
  createBetterAuthPlugin({
1160
1190
  createAuth,
1161
1191
  admin: {
1162
1192
  login: {
1163
- enableSignUp: true, // or 'auto' (default) to detect availability
1193
+ // These options override auto-detection (usually not needed)
1194
+ enableSignUp: 'auto', // 'auto' (default) | true | false
1164
1195
  defaultSignUpRole: 'user', // Role assigned to new users (default: 'user')
1165
1196
  },
1166
1197
  },
@@ -1168,22 +1199,28 @@ createBetterAuthPlugin({
1168
1199
  ```
1169
1200
 
1170
1201
  **Notes:**
1202
+ - `'auto'` (default): Detects availability from Better Auth's sign-up endpoint
1203
+ - `true`: Always show registration (even if Better Auth returns 404)
1204
+ - `false`: Never show registration
1171
1205
  - New users are assigned `defaultSignUpRole` (default: `'user'`)
1172
1206
  - If email verification is required, users see a success message to check their email
1173
1207
  - Role-based access control still applies - users without `requiredRole` see "Access Denied"
1174
1208
 
1175
1209
  ### Password Reset Flow
1176
1210
 
1177
- The `LoginView` includes an inline "Forgot password?" link that automatically detects if password reset is available. When clicked, users can request a reset link without leaving the login page.
1211
+ The `LoginView` **automatically detects** if password reset is available by checking Better Auth's reset endpoint. The "Forgot password?" link appears automatically when available.
1178
1212
 
1179
- **Configuration:**
1213
+ **No configuration needed** for most cases - it just works based on your Better Auth settings.
1214
+
1215
+ **Optional overrides** (only if you need to force show/hide or use a custom URL):
1180
1216
  ```typescript
1181
1217
  createBetterAuthPlugin({
1182
1218
  createAuth,
1183
1219
  admin: {
1184
1220
  login: {
1185
- enableForgotPassword: true, // or 'auto' (default) to detect availability
1186
- resetPasswordUrl: '/custom-reset', // Optional: redirect to custom page instead
1221
+ // These options override auto-detection (usually not needed)
1222
+ enableForgotPassword: 'auto', // 'auto' (default) | true | false
1223
+ resetPasswordUrl: '/custom-reset', // Optional: redirect to custom page instead of inline form
1187
1224
  },
1188
1225
  },
1189
1226
  })