@delmaredigital/payload-better-auth 0.4.3 → 0.5.0

package/dist/exports/client.js

@@ -2,11 +2,13 @@
  * Client-side auth utilities
  * Re-exports createAuthClient from better-auth/react and common plugins
  */ import { createAuthClient } from 'better-auth/react';
-import { twoFactorClient, apiKeyClient } from 'better-auth/client/plugins';
+import { twoFactorClient } from 'better-auth/client/plugins';
+import { apiKeyClient } from '@better-auth/api-key/client';
 import { passkeyClient } from '@better-auth/passkey/client';
 // Re-export createAuthClient and common plugins
 export { createAuthClient } from 'better-auth/react';
-export { twoFactorClient, apiKeyClient } from 'better-auth/client/plugins';
+export { twoFactorClient } from 'better-auth/client/plugins';
+export { apiKeyClient } from '@better-auth/api-key/client';
 export { passkeyClient } from '@better-auth/passkey/client';
 /**
  * Default plugins included with Payload Better Auth.

package/dist/generated-types.d.ts

@@ -79,11 +79,12 @@ export type BaseVerificationFields = {
 };
 export type Verification = BaseVerificationFields;
 export type ApikeyFields = {
+    configId: string;
     name?: string;
     start?: string;
+    referenceId: string;
     prefix?: string;
     key: string;
-    userId: string;
     refillInterval?: number;
     refillAmount?: number;
     lastRefillAt?: Date;
@@ -204,7 +205,7 @@ export type TwoFactor = TwoFactorFields;
 /**
  * Union of all supported plugin identifiers.
  */
-export type PluginId = "username" | "admin" | "api-key" | "passkey" | "bearer" | "email-otp" | "magic-link" | "phone-number" | "one-tap" | "anonymous" | "multi-session" | "one-time-token" | "oidc" | "generic-oauth" | "open-api" | "organization" | "jwt" | "two-factor";
+export type PluginId = "username" | "admin" | "api-key" | "passkey" | "bearer" | "email-otp" | "magic-link" | "phone-number" | "one-tap" | "anonymous" | "multi-session" | "one-time-token" | "oidc-provider" | "generic-oauth" | "open-api" | "organization" | "jwt" | "two-factor";
 /**
  * Complete schema mapping of all models to their types.
  */

package/dist/index.d.ts

@@ -26,4 +26,4 @@ export { getServerSession, getServerUser, createSessionHelpers } from './utils/s
 export type { Session, SessionHelperOptions } from './utils/session.js';
 export { firstUserAdminHooks } from './utils/firstUserAdmin.js';
 export type { FirstUserAdminOptions } from './utils/firstUserAdmin.js';
-export { withBetterAuthDefaults, apiKeyWithDefaults } from './utils/betterAuthDefaults.js';
+export { withBetterAuthDefaults } from './utils/betterAuthDefaults.js';

package/dist/index.js

@@ -24,4 +24,4 @@ export { getServerSession, getServerUser, createSessionHelpers } from './utils/s
 // First user admin hook utility
 export { firstUserAdminHooks } from './utils/firstUserAdmin.js';
 // Better Auth defaults utility
-export { withBetterAuthDefaults, apiKeyWithDefaults } from './utils/betterAuthDefaults.js';
+export { withBetterAuthDefaults } from './utils/betterAuthDefaults.js';

package/dist/plugin/index.js

@@ -83,7 +83,7 @@ let apiKeyScopesConfig = undefined;
             const isMetadataDisabled = errorMessage.toLowerCase().includes('metadata') && errorMessage.toLowerCase().includes('disabled');
             if (isMetadataDisabled && createOptions.body.metadata) {
                 // Retry without metadata - key will still work, just won't show scopes in UI
-                console.warn('[better-auth] Metadata disabled, creating API key without scope metadata. Enable metadata with apiKeyWithDefaults() for better UX.');
+                console.warn('[better-auth] Metadata disabled, creating API key without scope metadata. Enable metadata with apiKey({ enableMetadata: true }) for better UX.');
                 const optionsWithoutMetadata = {
                     body: {
                         ...createOptions.body,

package/dist/scripts/generate-types.js

@@ -5,9 +5,10 @@
  * and diffing plugin additions against the base schema.
  *
  * Run with: pnpm generate:types
- */ import { passkey } from '@better-auth/passkey';
+ */ import { apiKey } from '@better-auth/api-key';
+import { passkey } from '@better-auth/passkey';
 import { getSchema } from 'better-auth/db';
-import { admin, anonymous, apiKey, bearer, emailOTP, genericOAuth, jwt, magicLink, multiSession, oidcProvider, oneTap, oneTimeToken, openAPI, organization, phoneNumber, twoFactor, username } from 'better-auth/plugins';
+import { admin, anonymous, bearer, emailOTP, genericOAuth, jwt, magicLink, multiSession, oidcProvider, oneTap, oneTimeToken, openAPI, organization, phoneNumber, twoFactor, username } from 'better-auth/plugins';
 import fs from 'node:fs/promises';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';

package/dist/types/betterAuth.d.ts

@@ -4,50 +4,8 @@
  * Provides improved type inference for the Better Auth instance,
  * including session/user types, API methods, and error codes.
  */
-import type { AuthContext } from 'better-auth';
-import { router } from 'better-auth/api';
-import type { BetterAuthOptions, BetterAuthPlugin, InferAPI, InferPluginTypes, InferSession, InferUser } from 'better-auth/types';
+import type { Auth, BetterAuthOptions } from 'better-auth/types';
 import type { BasePayload, Endpoint, PayloadRequest } from 'payload';
-/**
- * Base error codes from Better Auth core.
- */
-type BaseErrorCodes = {
-    FAILED_TO_GET_USER_INFO: string;
-    USER_ALREADY_EXISTS: string;
-    INVALID_PASSWORD: string;
-    FAILED_TO_CREATE_USER: string;
-    FAILED_TO_CREATE_SESSION: string;
-    FAILED_TO_UPDATE_USER: string;
-    FAILED_TO_GET_SESSION: string;
-    INVALID_EMAIL_OR_PASSWORD: string;
-    SOCIAL_ACCOUNT_ALREADY_LINKED: string;
-    PROVIDER_NOT_FOUND: string;
-    INVALID_TOKEN: string;
-    ID_TOKEN_NOT_SUPPORTED: string;
-    FAILED_TO_GET_USER_INFO_OPENID: string;
-    UNEXPECTED_PROVIDER_RESPONSE: string;
-    TOKEN_REFRESH_FAILED: string;
-    FAILED_TO_UNLINK: string;
-    ACCOUNT_NOT_FOUND: string;
-    SESSION_EXPIRED: string;
-    INTERNAL_SERVER_ERROR: string;
-    VALIDATION_ERROR: string;
-};
-/**
- * Union to intersection utility type.
- */
-type UnionToIntersection<U> = (U extends unknown ? (k: U) => void : never) extends (k: infer I) => void ? I : never;
-/**
- * Deeply prettify a type for better IDE display.
- * Flattens intersections and preserves functions/arrays/dates.
- */
-type PrettifyDeep<T> = {
-    [K in keyof T]: T[K] extends (...args: unknown[]) => unknown ? T[K] : T[K] extends object ? T[K] extends Array<unknown> ? T[K] : T[K] extends Date ? T[K] : PrettifyDeep<T[K]> : T[K];
-} & {};
-/**
- * Infer error codes from enabled plugins.
- */
-type InferPluginErrorCodes<O extends BetterAuthOptions> = O['plugins'] extends Array<infer P> ? UnionToIntersection<P extends BetterAuthPlugin ? P['$ERROR_CODES'] extends Record<string, unknown> ? P['$ERROR_CODES'] : never : never> extends infer R ? [R] extends [never] ? object : R : object : object;
 /**
  * Role array type with configurable roles.
  */
@@ -55,11 +13,9 @@ export type RoleArray<O extends readonly string[] = readonly ['user']> = O[numbe
 /**
  * The return type of a Better Auth instance.
  *
- * This provides full type inference for:
- * - API endpoints and their return types
- * - Session/user types based on enabled plugins
- * - Error codes from all enabled plugins
- * - Auth context for advanced use cases
+ * Uses the official `Auth<O>` type from Better Auth 1.5, which provides
+ * full type inference for API endpoints, session/user types, error codes,
+ * and auth context.
  *
  * @template O - Better Auth options type for inference
  *
@@ -72,27 +28,7 @@ export type RoleArray<O extends readonly string[] = readonly ['user']> = O[numbe
  * const result = await payload.betterAuth.api.getSession({ headers })
  * ```
  */
-export type BetterAuthReturn<O extends BetterAuthOptions = BetterAuthOptions> = {
-    /** The request handler for auth endpoints */
-    handler: (request: Request) => Promise<Response>;
-    /** Type-safe API methods */
-    api: InferAPI<ReturnType<typeof router<O>>>['endpoints'];
-    /** The resolved options */
-    options: O;
-    /** All error codes from enabled plugins */
-    $ERROR_CODES: InferPluginErrorCodes<O> & BaseErrorCodes;
-    /** Auth context (async) for advanced use cases */
-    $context: Promise<AuthContext>;
-    /** Inferred types for Session and User */
-    $Infer: InferPluginTypes<O> extends {
-        Session: unknown;
-    } ? InferPluginTypes<O> : {
-        Session: {
-            session: PrettifyDeep<InferSession<O>>;
-            user: PrettifyDeep<InferUser<O>>;
-        };
-    } & InferPluginTypes<O>;
-};
+export type BetterAuthReturn<O extends BetterAuthOptions = BetterAuthOptions> = Auth<O>;
 /**
  * Payload instance with Better Auth attached.
  *
@@ -188,4 +124,3 @@ export type CollectionHookWithBetterAuth<O extends BetterAuthOptions, T extends
 export type EndpointWithBetterAuth<O extends BetterAuthOptions> = Omit<Endpoint, 'handler'> & {
     handler: (req: PayloadRequestWithBetterAuth<O>) => Promise<Response> | Response;
 };
-export {};

package/dist/utils/apiKeyAccess.d.ts

@@ -24,8 +24,10 @@ import type { Access, PayloadRequest } from 'payload';
 export type ApiKeyInfo = {
     /** The API key ID */
     id: string;
-    /** User ID who owns this key */
-    userId: string;
+    /** Reference ID (user or organization) who owns this key */
+    referenceId: string;
+    /** Reference type - whether key is owned by a user or organization */
+    referenceType: 'user' | 'organization';
     /** Array of granted scope strings */
     scopes: string[];
     /** The raw key (only first/last chars visible) */
@@ -163,7 +165,7 @@ export declare function allowSessionOrAnyScope(scopes: string[], config?: Omit<A
  * ```ts
  * const keyInfo = await validateApiKey(req)
  * if (keyInfo) {
- *   console.log('Valid API key for user:', keyInfo.userId)
+ *   console.log('Valid API key for:', keyInfo.referenceId, keyInfo.referenceType)
  *   console.log('Scopes:', keyInfo.scopes)
  * }
  * ```

package/dist/utils/apiKeyAccess.js

@@ -140,12 +140,20 @@
         } else if (Array.isArray(doc.scopes)) {
             scopes = doc.scopes;
         }
-        // Get user ID (handle both direct field and relationship)
-        let userId;
-        if (doc.userId) {
-            userId = String(doc.userId);
+        // Get reference ID and type (BA 1.5 uses referenceId/referenceType instead of userId)
+        let referenceId;
+        let referenceType = 'user';
+        if (doc.referenceId) {
+            referenceId = String(doc.referenceId);
+            if (doc.referenceType === 'organization') {
+                referenceType = 'organization';
+            }
+        } else if (doc.userId) {
+            // Fallback for pre-1.5 schema
+            referenceId = String(doc.userId);
         } else if (doc.user) {
-            userId = typeof doc.user === 'object' ? String(doc.user.id) : String(doc.user);
+            // Fallback for relationship field
+            referenceId = typeof doc.user === 'object' ? String(doc.user.id) : String(doc.user);
         } else {
             return null;
         }
@@ -171,7 +179,8 @@
         }
         return {
             id: String(doc.id),
-            userId,
+            referenceId,
+            referenceType,
             scopes,
             keyPrefix: doc.start,
             metadata
@@ -372,7 +381,7 @@
  * ```ts
  * const keyInfo = await validateApiKey(req)
  * if (keyInfo) {
- *   console.log('Valid API key for user:', keyInfo.userId)
+ *   console.log('Valid API key for:', keyInfo.referenceId, keyInfo.referenceType)
  *   console.log('Scopes:', keyInfo.scopes)
  * }
  * ```