@neondatabase/auth 0.1.0-beta.17 → 0.1.0-beta.19

package/README.md

@@ -23,6 +23,31 @@ This package is designed to work seamlessly with Neon's authentication infrastru
 - **Performance optimizations** - Session caching and request deduplication
 - **TypeScript support** - Fully typed with strict type checking
 
+## Why @neondatabase/auth?
+
+### vs. better-auth/client
+
+`@neondatabase/auth` is a wrapper around Better Auth that provides:
+
+**API Flexibility:**
+- Multiple adapters (Supabase-compatible, React hooks, vanilla)
+- Restricted options to match Neon Auth capabilities
+
+**Neon Auth Integration:**
+- Automatic `token_verifier` on OAuth callback
+- Pre-configured plugins for Neon Auth
+- Automatic JWT extraction from sessions
+- Popup-based OAuth flow for iframes
+
+**Built-in Enhancements:**
+- Session caching (60s TTL)
+- Request deduplication
+- Event system
+- Cross-tab sync
+- Token refresh detection
+
+If you're not using Neon Auth, you should probably use `better-auth/client` directly for more flexibility.
+
 ## Installation
 
 ```bash
@@ -244,32 +269,79 @@ For Next.js projects, this package provides built-in integration via `@neondatab
 - Using `authClient.useSession()` hook in client components
 - Server-side auth operations with `createAuthServer()` from `@neondatabase/auth/next/server`
 
-## CSS for UI Components
+## UI Components
 
-Styles for Neon Auth UI components are available from this package:
+Pre-built login forms and auth pages are included. No extra installation needed.
 
-| Export | Use Case |
-|--------|----------|
-| `@neondatabase/auth/ui/css` | Pre-built styles (~47KB) |
-| `@neondatabase/auth/ui/tailwind` | Tailwind-ready CSS |
+### 1. Import CSS
 
-```css
-/* Without Tailwind */
-@import '@neondatabase/auth/ui/css';
+**Without Tailwind CSS:**
+```typescript
+import '@neondatabase/auth/ui/css';
+```
 
-/* With Tailwind CSS v4 */
+**With Tailwind CSS v4:**
+```css
 @import 'tailwindcss';
 @import '@neondatabase/auth/ui/tailwind';
 ```
 
+### 2. Setup Provider
+
+```typescript
+"use client"
+
+import { NeonAuthUIProvider } from "@neondatabase/auth/react/ui"
+import { createAuthClient } from "@neondatabase/auth"
+import "@neondatabase/auth/ui/css"
+
+const authClient = createAuthClient('https://your-auth-url.com')
+
+export function AuthProvider({ children }) {
+  return (
+    <NeonAuthUIProvider authClient={authClient} redirectTo="/dashboard">
+      {children}
+    </NeonAuthUIProvider>
+  )
+}
+```
+
+### 3. Use Components
+
+**Option A: Full Auth Pages (Recommended)**
+
+Use `AuthView` to render complete auth flows based on the URL path:
+
+```typescript
+import { AuthView } from "@neondatabase/auth/react/ui"
+
+// Renders sign-in, sign-up, forgot-password, etc. based on path
+<AuthView path="sign-in" />
+```
+
+**Option B: Individual Components**
+
+```typescript
+import { SignInForm, UserButton } from "@neondatabase/auth/react/ui"
+
+<SignInForm />
+<UserButton />
+```
+
+Available components: `SignInForm`, `SignUpForm`, `UserButton`, `AuthView`, `AccountView`, `OrganizationView`
+
+For Next.js with dynamic routes, see the [Next.js Setup Guide](./NEXT-JS.md).
+
+For full documentation and theming, see [`@neondatabase/auth-ui`](../auth-ui).
+
 ## Related Packages
 
 - [`@neondatabase/neon-js`](../neon-js) - Full SDK with database and auth integration
-- [`@neondatabase/postgrest-js`](../postgrest-js) - PostgreSQL client without auth
+- [`@neondatabase/postgrest-js`](../postgrest-js) - PostgREST client without auth
 
 ## Resources
 
-- [Neon Auth Documentation](https://neon.tech/docs/neon-auth)
+- [Neon Auth Documentation](https://neon.com/docs/neon-auth)
 - [Better Auth Documentation](https://www.better-auth.com/docs)
 
 ## Support

package/dist/{adapter-core-Sx7jkLdB.d.mts → adapter-core-CiZ94eSH.d.mts}

@@ -1,19 +1,18 @@
 import { createAuthClient } from "better-auth/react";
 import * as better_auth_client23 from "better-auth/client";
 import { BetterAuthClientOptions, createAuthClient as createAuthClient$1 } from "better-auth/client";
-import * as better_auth_client_plugins11 from "better-auth/client/plugins";
 import * as zod0 from "zod";
 import * as jose1 from "jose";
 import * as better_auth303 from "better-auth";
 import * as _better_fetch_fetch177 from "@better-fetch/fetch";
 import { BetterFetchError as BetterFetchError$1 } from "@better-fetch/fetch";
+import * as better_auth_plugins11 from "better-auth/plugins";
 import * as nanostores1 from "nanostores";
 import * as better_call0 from "better-call";
-import * as better_auth_plugins_email_otp0 from "better-auth/plugins/email-otp";
-import { EmailOTPOptions } from "better-auth/plugins/email-otp";
 import { Invitation, InvitationInput, InvitationStatus, Member, MemberInput, Organization, OrganizationInput, OrganizationRole, Team, TeamInput, TeamMember, TeamMemberInput } from "better-auth/plugins/organization";
 import { JWKOptions, JWSAlgorithms, Jwk, JwtOptions } from "better-auth/plugins/jwt";
 import { AdminOptions, InferAdminRolesFromOption, SessionWithImpersonatedBy, UserWithRole } from "better-auth/plugins/admin";
+import { EmailOTPOptions } from "better-auth/plugins/email-otp";
 
 //#region src/types/index.d.ts
 type BetterAuthInstance = ReturnType<typeof createAuthClient$1<{
@@ -47,9 +46,9 @@ declare const supportedBetterAuthClientPlugins: ({
   };
 } | {
   id: "better-auth-client";
-  $InferServerPlugin: ReturnType<(options?: better_auth_client_plugins11.JwtOptions | undefined) => {
+  $InferServerPlugin: ReturnType<(options?: better_auth_plugins11.JwtOptions | undefined) => {
     id: "jwt";
-    options: better_auth_client_plugins11.JwtOptions | undefined;
+    options: better_auth_plugins11.JwtOptions | undefined;
     endpoints: {
       getJwks: better_call0.StrictEndpoint<string, {
         method: "GET";
@@ -191,7 +190,7 @@ declare const supportedBetterAuthClientPlugins: ({
           $Infer: {
             body: {
               payload: jose1.JWTPayload;
-              overrideOptions?: better_auth_client_plugins11.JwtOptions | undefined;
+              overrideOptions?: better_auth_plugins11.JwtOptions | undefined;
             };
           };
         };
@@ -328,7 +327,7 @@ declare const supportedBetterAuthClientPlugins: ({
     hooks: {
       after: {
         matcher(context: better_auth303.HookEndpointContext): boolean;
-        handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<better_auth_client_plugins11.SessionWithImpersonatedBy[] | undefined>;
+        handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<better_auth_plugins11.SessionWithImpersonatedBy[] | undefined>;
       }[];
     };
     endpoints: {
@@ -341,7 +340,7 @@ declare const supportedBetterAuthClientPlugins: ({
         requireHeaders: true;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -378,7 +377,7 @@ declare const supportedBetterAuthClientPlugins: ({
       } & {
         use: any[];
       }, {
-        user: better_auth_client_plugins11.UserWithRole;
+        user: better_auth_plugins11.UserWithRole;
       }>;
       getUser: better_call0.StrictEndpoint<"/admin/get-user", {
         method: "GET";
@@ -387,7 +386,7 @@ declare const supportedBetterAuthClientPlugins: ({
         }, better_auth303.$strip>;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -471,7 +470,7 @@ declare const supportedBetterAuthClientPlugins: ({
       } & {
         use: any[];
       }, {
-        user: better_auth_client_plugins11.UserWithRole;
+        user: better_auth_plugins11.UserWithRole;
       }>;
       adminUpdateUser: better_call0.StrictEndpoint<"/admin/update-user", {
         method: "POST";
@@ -481,7 +480,7 @@ declare const supportedBetterAuthClientPlugins: ({
         }, better_auth303.$strip>;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -511,12 +510,12 @@ declare const supportedBetterAuthClientPlugins: ({
         };
       } & {
         use: any[];
-      }, better_auth_client_plugins11.UserWithRole>;
+      }, better_auth_plugins11.UserWithRole>;
       listUsers: better_call0.StrictEndpoint<"/admin/list-users", {
         method: "GET";
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -590,7 +589,7 @@ declare const supportedBetterAuthClientPlugins: ({
       } & {
         use: any[];
       }, {
-        users: better_auth_client_plugins11.UserWithRole[];
+        users: better_auth_plugins11.UserWithRole[];
         total: number;
         limit: number | undefined;
         offset: number | undefined;
@@ -602,7 +601,7 @@ declare const supportedBetterAuthClientPlugins: ({
         method: "POST";
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -639,7 +638,7 @@ declare const supportedBetterAuthClientPlugins: ({
       } & {
         use: any[];
       }, {
-        sessions: better_auth_client_plugins11.SessionWithImpersonatedBy[];
+        sessions: better_auth_plugins11.SessionWithImpersonatedBy[];
       }>;
       unbanUser: better_call0.StrictEndpoint<"/admin/unban-user", {
         method: "POST";
@@ -648,7 +647,7 @@ declare const supportedBetterAuthClientPlugins: ({
         }, better_auth303.$strip>;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -698,7 +697,7 @@ declare const supportedBetterAuthClientPlugins: ({
         }, better_auth303.$strip>;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -746,7 +745,7 @@ declare const supportedBetterAuthClientPlugins: ({
         }, better_auth303.$strip>;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -790,7 +789,7 @@ declare const supportedBetterAuthClientPlugins: ({
           ipAddress?: string | null | undefined;
           userAgent?: string | null | undefined;
         };
-        user: better_auth_client_plugins11.UserWithRole;
+        user: better_auth_plugins11.UserWithRole;
       }>;
       stopImpersonating: better_call0.StrictEndpoint<"/admin/stop-impersonating", {
         method: "POST";
@@ -808,7 +807,7 @@ declare const supportedBetterAuthClientPlugins: ({
         }, better_auth303.$strip>;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -848,7 +847,7 @@ declare const supportedBetterAuthClientPlugins: ({
         }, better_auth303.$strip>;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -888,7 +887,7 @@ declare const supportedBetterAuthClientPlugins: ({
         }, better_auth303.$strip>;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -929,7 +928,7 @@ declare const supportedBetterAuthClientPlugins: ({
         }, better_auth303.$strip>;
         use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
           session: {
-            user: better_auth_client_plugins11.UserWithRole;
+            user: better_auth_plugins11.UserWithRole;
             session: better_auth303.Session;
           };
         }>)[];
@@ -1384,7 +1383,7 @@ declare const supportedBetterAuthClientPlugins: ({
   })[];
 } | {
   id: "email-otp";
-  $InferServerPlugin: ReturnType<(options: better_auth_plugins_email_otp0.EmailOTPOptions) => {
+  $InferServerPlugin: ReturnType<(options: better_auth_plugins11.EmailOTPOptions) => {
     id: "email-otp";
     init(ctx: better_auth303.AuthContext): {
       options: {

package/dist/{adapter-core-BQ6ga1zK.mjs → adapter-core-J65ZBFCQ.mjs}

@@ -440,7 +440,7 @@ const BETTER_AUTH_METHODS_HOOKS = {
 		}
 	},
 	signIn: {
-		beforeRequest: (input, init) => {
+		beforeFetch: (input, init) => {
 			if (!(typeof input === "string" ? input : input.toString()).includes("/sign-in/social") || !isIframe()) return null;
 			return handleSocialSignInViaPopup(input, init);
 		},
@@ -472,17 +472,24 @@ const BETTER_AUTH_METHODS_HOOKS = {
 	updateUser: {
 		onRequest: () => {},
 		onSuccess: (responseData) => {
-			if (isSessionResponseData(responseData)) emitAuthEvent({
-				type: "USER_UPDATE",
-				data: {
+			if (isSessionResponseData(responseData)) {
+				const sessionData = {
 					session: responseData.session,
 					user: responseData.user
-				}
-			});
+				};
+				BETTER_AUTH_METHODS_CACHE.setCachedSession(sessionData);
+				emitAuthEvent({
+					type: "USER_UPDATE",
+					data: sessionData
+				});
+			} else {
+				BETTER_AUTH_METHODS_CACHE.clearSessionCache();
+				emitAuthEvent({ type: "USER_UPDATE" });
+			}
 		}
 	},
 	getSession: {
-		beforeRequest: () => {
+		beforeFetch: () => {
 			const cachedData = BETTER_AUTH_METHODS_CACHE.getCachedSession();
 			if (!cachedData) return null;
 			return Response.json(cachedData, { status: 200 });
@@ -522,7 +529,7 @@ const BETTER_AUTH_METHODS_HOOKS = {
 		}
 	},
 	anonymousToken: {
-		beforeRequest: () => {
+		beforeFetch: () => {
 			const cachedResponse = BETTER_AUTH_ANONYMOUS_TOKEN_CACHE.getCachedResponse();
 			if (!cachedResponse) return null;
 			return Response.json(cachedResponse, { status: 200 });
@@ -651,9 +658,9 @@ var NeonAuthAdapterCore = class {
 					userOnRequest?.(request);
 				},
 				customFetchImpl: async (url, init) => {
-					if (init?.headers && FORCE_FETCH_HEADER in init.headers) {
-						const headers = { ...init.headers };
-						delete headers[FORCE_FETCH_HEADER];
+					const headers = new Headers(init?.headers);
+					if (headers.has(FORCE_FETCH_HEADER)) {
+						headers.delete(FORCE_FETCH_HEADER);
 						const response$1 = await fetch(url, {
 							...init,
 							headers
@@ -669,7 +676,7 @@ var NeonAuthAdapterCore = class {
 					}
 					const betterAuthMethod = deriveBetterAuthMethodFromUrl(url.toString());
 					if (betterAuthMethod) {
-						const response$1 = await BETTER_AUTH_METHODS_HOOKS[betterAuthMethod].beforeRequest?.(url, init);
+						const response$1 = await BETTER_AUTH_METHODS_HOOKS[betterAuthMethod].beforeFetch?.(url, init);
 						if (response$1) return response$1;
 					}
 					const key = `${init?.method || "GET"}:${url}:${init?.body || ""}`;

package/dist/{better-auth-react-adapter-BLKXYcWM.mjs → better-auth-react-adapter-D0YDUhsP.mjs}

@@ -1,4 +1,4 @@
-import { t as NeonAuthAdapterCore } from "./adapter-core-BQ6ga1zK.mjs";
+import { t as NeonAuthAdapterCore } from "./adapter-core-J65ZBFCQ.mjs";
 import { createAuthClient } from "better-auth/react";
 
 //#region src/adapters/better-auth-react/better-auth-react-adapter.ts

package/dist/{better-auth-react-adapter-BWH-XVdf.d.mts → better-auth-react-adapter-f7gIfbP8.d.mts}

@@ -1,9 +1,9 @@
-import { n as NeonAuthAdapterCoreAuthOptions, t as NeonAuthAdapterCore } from "./adapter-core-Sx7jkLdB.mjs";
+import { n as NeonAuthAdapterCoreAuthOptions, t as NeonAuthAdapterCore } from "./adapter-core-CiZ94eSH.mjs";
 import * as better_auth_client11 from "better-auth/client";
-import * as better_auth_client_plugins5 from "better-auth/client/plugins";
 import * as jose0 from "jose";
 import * as better_auth151 from "better-auth";
 import * as _better_fetch_fetch88 from "@better-fetch/fetch";
+import * as better_auth_plugins5 from "better-auth/plugins";
 import * as nanostores0 from "nanostores";
 
 //#region src/adapters/better-auth-react/better-auth-react-adapter.d.ts
@@ -118,7 +118,7 @@ declare class BetterAuthReactAdapterImpl extends NeonAuthAdapterCore {
       } & {
         fetchOptions?: FetchOptions | undefined;
       }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch88.BetterFetchResponse<{
-        user: better_auth_client_plugins5.UserWithRole;
+        user: better_auth_plugins5.UserWithRole;
       }, {
         code?: string | undefined;
         message?: string | undefined;
@@ -163,7 +163,7 @@ declare class BetterAuthReactAdapterImpl extends NeonAuthAdapterCore {
       } & {
         fetchOptions?: FetchOptions | undefined;
       }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch88.BetterFetchResponse<{
-        user: better_auth_client_plugins5.UserWithRole;
+        user: better_auth_plugins5.UserWithRole;
       }, {
         code?: string | undefined;
         message?: string | undefined;
@@ -179,7 +179,7 @@ declare class BetterAuthReactAdapterImpl extends NeonAuthAdapterCore {
         data: Record<any, any>;
       } & {
         fetchOptions?: FetchOptions | undefined;
-      }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch88.BetterFetchResponse<better_auth_client_plugins5.UserWithRole, {
+      }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch88.BetterFetchResponse<better_auth_plugins5.UserWithRole, {
         code?: string | undefined;
         message?: string | undefined;
       }, FetchOptions["throw"] extends true ? true : false>>;
@@ -212,7 +212,7 @@ declare class BetterAuthReactAdapterImpl extends NeonAuthAdapterCore {
         };
         fetchOptions?: FetchOptions | undefined;
       }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch88.BetterFetchResponse<NonNullable<{
-        users: better_auth_client_plugins5.UserWithRole[];
+        users: better_auth_plugins5.UserWithRole[];
         total: number;
         limit: number | undefined;
         offset: number | undefined;
@@ -233,7 +233,7 @@ declare class BetterAuthReactAdapterImpl extends NeonAuthAdapterCore {
       } & {
         fetchOptions?: FetchOptions | undefined;
       }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch88.BetterFetchResponse<{
-        sessions: better_auth_client_plugins5.SessionWithImpersonatedBy[];
+        sessions: better_auth_plugins5.SessionWithImpersonatedBy[];
       }, {
         code?: string | undefined;
         message?: string | undefined;
@@ -308,7 +308,7 @@ declare class BetterAuthReactAdapterImpl extends NeonAuthAdapterCore {
           ipAddress?: string | null | undefined;
           userAgent?: string | null | undefined;
         };
-        user: better_auth_client_plugins5.UserWithRole;
+        user: better_auth_plugins5.UserWithRole;
       }, {
         code?: string | undefined;
         message?: string | undefined;