@neondatabase/auth 0.1.0-beta.9 → 0.2.0-beta.1

package/dist/{better-auth-react-adapter-BbM3jLLv.mjs → better-auth-react-adapter-Dv-o6A6O.mjs}

@@ -1,4 +1,4 @@
-import { t as NeonAuthAdapterCore } from "./adapter-core-C_NEMs0b.mjs";
+import { t as NeonAuthAdapterCore } from "./adapter-core-CtmnMMJ7.mjs";
 import { createAuthClient } from "better-auth/react";
 
 //#region src/adapters/better-auth-react/better-auth-react-adapter.ts
@@ -14,11 +14,6 @@ var BetterAuthReactAdapterImpl = class extends NeonAuthAdapterCore {
 	getBetterAuthInstance() {
 		return this._betterAuth;
 	}
-	async getJWTToken() {
-		const session = await this._betterAuth.getSession();
-		if (session.error) throw session.error;
-		return session.data?.session?.token ?? null;
-	}
 };
 /**
 * Factory function that returns an adapter builder.
@@ -39,9 +34,16 @@ var BetterAuthReactAdapterImpl = class extends NeonAuthAdapterCore {
 * ```
 */
 function BetterAuthReactAdapter(options) {
-	return (url) => new BetterAuthReactAdapterImpl({
+	return (url, fetchOptions) => new BetterAuthReactAdapterImpl({
 		baseURL: url,
-		...options
+		...options,
+		fetchOptions: {
+			...options?.fetchOptions,
+			headers: {
+				...options?.fetchOptions?.headers,
+				...fetchOptions?.headers
+			}
+		}
 	});
 }
 

package/dist/{chunk-5DLVHPZS-Bxj7snpZ-DoVNlsyk.mjs → chunk-VCZJYX65-CLnrj1o7-D6ZQkcc_.mjs}

@@ -1,8 +1,8 @@
+import * as z$1 from "zod";
 import { clsx } from "clsx";
 import { twMerge } from "tailwind-merge";
-import * as z from "zod";
 
-//#region ../auth-ui/dist/chunk-5DLVHPZS-Bxj7snpZ.mjs
+//#region ../auth-ui/dist/chunk-VCZJYX65-CLnrj1o7.mjs
 function cn(...inputs) {
 	return twMerge(clsx(inputs));
 }
@@ -36,7 +36,7 @@ function getViewByPath(viewPaths, path) {
 	for (const key in viewPaths) if (viewPaths[key] === path) return key;
 }
 function getPasswordSchema(passwordValidation, localization) {
-	let schema = z.string().min(1, { message: localization == null ? void 0 : localization.PASSWORD_REQUIRED });
+	let schema = z$1.string().min(1, { message: localization == null ? void 0 : localization.PASSWORD_REQUIRED });
 	if (passwordValidation == null ? void 0 : passwordValidation.minLength) schema = schema.min(passwordValidation.minLength, { message: localization == null ? void 0 : localization.PASSWORD_TOO_SHORT });
 	if (passwordValidation == null ? void 0 : passwordValidation.maxLength) schema = schema.max(passwordValidation.maxLength, { message: localization == null ? void 0 : localization.PASSWORD_TOO_LONG });
 	if (passwordValidation == null ? void 0 : passwordValidation.regex) schema = schema.regex(passwordValidation.regex, { message: localization == null ? void 0 : localization.INVALID_PASSWORD });
@@ -264,6 +264,7 @@ var authLocalization = {
 	CURRENT_PASSWORD: "Current Password",
 	CURRENT_PASSWORD_PLACEHOLDER: "Current Password",
 	CURRENT_SESSION: "Current Session",
+	UPDATE: "Update",
 	DELETE: "Delete",
 	DELETE_AVATAR: "Delete Avatar",
 	DELETE_ACCOUNT: "Delete Account",
@@ -460,13 +461,20 @@ var authLocalization = {
 	SLUG_DOES_NOT_MATCH: "The slug does not match",
 	TEAM: "Team",
 	TEAMS: "Teams",
+	TEAM_ACTIVE: "Active",
+	TEAM_SET_ACTIVE: "Set Active",
 	CREATE_TEAM: "Create Team",
 	CREATE_TEAM_SUCCESS: "Team created successfully",
+	UPDATE_TEAM: "Update Team",
+	UPDATE_TEAM_DESCRIPTION: "Update the name for this team",
+	REMOVE_TEAM_CONFIRM: "Are you sure you want to remove this team from the organization?",
+	CREATE_TEAM_INSTRUCTIONS: "Add new team to your organization.",
 	TEAM_NAME: "Team Name",
 	TEAM_NAME_PLACEHOLDER: "Engineering Team",
 	TEAM_NAME_DESCRIPTION: "This is your team's visible name.",
 	TEAM_NAME_INSTRUCTIONS: "Please use 64 characters at maximum.",
 	TEAMS_DESCRIPTION: "Manage your teams within your organization.",
+	USER_TEAMS_DESCRIPTION: "You are a member of the following teams.",
 	DELETE_TEAM: "Delete Team",
 	DELETE_TEAM_DESCRIPTION: "Permanently remove this team and all of its contents.",
 	DELETE_TEAM_SUCCESS: "Team deleted successfully",
@@ -520,12 +528,14 @@ var authViewPaths = {
 var accountViewPaths = {
 	SETTINGS: "settings",
 	SECURITY: "security",
+	TEAMS: "teams",
 	API_KEYS: "api-keys",
 	ORGANIZATIONS: "organizations"
 };
 var organizationViewPaths = {
 	SETTINGS: "settings",
 	MEMBERS: "members",
+	TEAMS: "teams",
 	API_KEYS: "api-keys"
 };
 

package/dist/constants-Cupc_bln.mjs

@@ -0,0 +1,28 @@
+//#region src/core/constants.ts
+/**
+* Session caching configuration constants
+*
+* Uses industry-standard 60s cache TTL (common across auth providers).
+*
+* Note: Token refresh detection is now automatic via Better Auth's
+* fetchOptions.onSuccess callback. No polling is needed.
+*/
+/** Session cache TTL in milliseconds (60 seconds) */
+const SESSION_CACHE_TTL_MS = 6e4;
+/** Clock skew buffer for token expiration checks in milliseconds (10 seconds) */
+const CLOCK_SKEW_BUFFER_MS = 1e4;
+/** Default session expiry duration in milliseconds (1 hour) */
+const DEFAULT_SESSION_EXPIRY_MS = 36e5;
+/** Name of the session verifier parameter in the URL, used for the OAUTH flow */
+const NEON_AUTH_SESSION_VERIFIER_PARAM_NAME = "neon_auth_session_verifier";
+/** Name of the popup marker parameter in the URL, used for OAuth popup flow in iframes */
+const NEON_AUTH_POPUP_PARAM_NAME = "neon_popup";
+/** Name of the original callback URL parameter, used in OAuth popup flow */
+const NEON_AUTH_POPUP_CALLBACK_PARAM_NAME = "neon_popup_callback";
+/** The callback route used for OAuth popup completion (must be in middleware SKIP_ROUTES) */
+const NEON_AUTH_POPUP_CALLBACK_ROUTE = "/auth/callback";
+/** Message type for OAuth popup completion postMessage */
+const OAUTH_POPUP_MESSAGE_TYPE = "neon-auth:oauth-complete";
+
+//#endregion
+export { NEON_AUTH_POPUP_PARAM_NAME as a, SESSION_CACHE_TTL_MS as c, NEON_AUTH_POPUP_CALLBACK_ROUTE as i, DEFAULT_SESSION_EXPIRY_MS as n, NEON_AUTH_SESSION_VERIFIER_PARAM_NAME as o, NEON_AUTH_POPUP_CALLBACK_PARAM_NAME as r, OAUTH_POPUP_MESSAGE_TYPE as s, CLOCK_SKEW_BUFFER_MS as t };

package/dist/index.d.mts

@@ -1,99 +1,5 @@
-import { r as SupportedBetterAuthClientPlugins } from "./adapter-core-Bw9mn_AS.mjs";
-import { r as BetterAuthReactAdapterInstance } from "./better-auth-react-adapter-JoscqoDc.mjs";
-import { r as SupabaseAuthAdapterInstance, s as BetterAuthVanillaAdapterInstance } from "./supabase-adapter-Clxlqg1x.mjs";
-import { createAuthClient as createAuthClient$1 } from "better-auth/react";
-import { createAuthClient as createAuthClient$2 } from "better-auth/client";
-
-//#region src/neon-auth.d.ts
-
-/**
- * Type representing the Better Auth React client
- */
-type ReactBetterAuthClient = ReturnType<typeof createAuthClient$1<{
-  plugins: SupportedBetterAuthClientPlugins;
-}>>;
-/**`
- * Type representing the Better Auth Vanilla client
- */
-type VanillaBetterAuthClient = ReturnType<typeof createAuthClient$2<{
-  plugins: SupportedBetterAuthClientPlugins;
-}>>;
-/**
- * Union type of all supported auth adapter instances
- */
-type NeonAuthAdapter = BetterAuthVanillaAdapterInstance | BetterAuthReactAdapterInstance | SupabaseAuthAdapterInstance;
-/**
- * Configuration for createAuthClient
- */
-interface NeonAuthConfig<T extends NeonAuthAdapter> {
-  /** The adapter builder to use. Defaults to BetterAuthVanillaAdapter() if not specified. */
-  adapter?: (url: string) => T;
-}
-/**
- * Resolves the public API type for an adapter.
- * - SupabaseAuthAdapter: exposes its own methods directly (Supabase-compatible API)
- * - BetterAuth adapters: expose the Better Auth client directly
- */
-type NeonAuthPublicApi<T extends NeonAuthAdapter> = T extends BetterAuthVanillaAdapterInstance ? VanillaBetterAuthClient : T extends BetterAuthReactAdapterInstance ? ReactBetterAuthClient : T;
-/**
- * NeonAuth type - combines base functionality with the appropriate public API
- * This is the return type of createAuthClient()
- *
- * For SupabaseAuthAdapter: exposes Supabase-compatible methods (signInWithPassword, getSession, etc.)
- * For BetterAuth adapters: exposes the Better Auth client directly (signIn.email, signUp.email, etc.)
- */
-type NeonAuth<T extends NeonAuthAdapter> = {
-  adapter: NeonAuthPublicApi<T>;
-  getJWTToken: () => Promise<string | null>;
-};
-/**
- * Create a NeonAuth instance that exposes the appropriate API based on the adapter.
- *
- * @param url - The auth service URL (e.g., 'https://auth.example.com')
- * @param config - Configuration with adapter builder
- * @returns NeonAuth instance with the adapter's API exposed directly
- *
- * @example SupabaseAuthAdapter - Supabase-compatible API
- * ```typescript
- * import { createAuthClient, SupabaseAuthAdapter } from '@neondatabase/auth';
- *
- * const auth = createAuthClient('https://auth.example.com', {
- *   adapter: SupabaseAuthAdapter(),
- * });
- *
- * // Supabase-compatible methods
- * await auth.signInWithPassword({ email, password });
- * await auth.getSession();
- * ```
- *
- * @example BetterAuthVanillaAdapter - Direct Better Auth API
- * ```typescript
- * import { createAuthClient, BetterAuthVanillaAdapter } from '@neondatabase/auth';
- *
- * const auth = createAuthClient('https://auth.example.com', {
- *   adapter: BetterAuthVanillaAdapter(),
- * });
- *
- * // Direct Better Auth API access
- * await auth.signIn.email({ email, password });
- * await auth.signUp.email({ email, password, name: 'John' });
- * await auth.getSession();
- * ```
- *
- * @example BetterAuthReactAdapter - Better Auth with React hooks
- * ```typescript
- * import { createAuthClient, BetterAuthReactAdapter } from '@neondatabase/auth';
- *
- * const auth = createAuthClient('https://auth.example.com', {
- *   adapter: BetterAuthReactAdapter(),
- * });
- *
- * // Direct Better Auth API with React hooks
- * await auth.signIn.email({ email, password });
- * const session = auth.useSession(); // React hook
- * ```
- */
-declare function createInternalNeonAuth<T extends NeonAuthAdapter = BetterAuthVanillaAdapterInstance>(url: string, config?: NeonAuthConfig<T>): NeonAuth<T>;
-declare function createAuthClient<T extends NeonAuthAdapter = BetterAuthVanillaAdapterInstance>(url: string, config?: NeonAuthConfig<T>): NeonAuthPublicApi<T>;
-//#endregion
+import "./adapter-core-CnrOXh1T.mjs";
+import "./better-auth-react-adapter-DNi5PC5D.mjs";
+import "./supabase-adapter-DUqw2fw8.mjs";
+import { a as ReactBetterAuthClient, c as createInternalNeonAuth, i as NeonAuthPublicApi, n as NeonAuthAdapter, o as VanillaBetterAuthClient, r as NeonAuthConfig, s as createAuthClient, t as NeonAuth } from "./neon-auth-BEGCfAe6.mjs";
 export { type NeonAuth, type NeonAuthAdapter, type NeonAuthConfig, type NeonAuthPublicApi, type ReactBetterAuthClient, type VanillaBetterAuthClient, createAuthClient, createInternalNeonAuth };

package/dist/index.mjs

@@ -1,3 +1,4 @@
-import { n as createInternalNeonAuth, t as createAuthClient } from "./neon-auth-DdlToh7_.mjs";
+import "./adapter-core-CtmnMMJ7.mjs";
+import { n as createInternalNeonAuth, t as createAuthClient } from "./neon-auth-Cs2cWh1B.mjs";
 
 export { createAuthClient, createInternalNeonAuth };

package/dist/neon-auth-BEGCfAe6.d.mts

@@ -0,0 +1,107 @@
+import { r as SupportedBetterAuthClientPlugins } from "./adapter-core-CnrOXh1T.mjs";
+import { n as BetterAuthReactAdapterInstance } from "./better-auth-react-adapter-DNi5PC5D.mjs";
+import { r as SupabaseAuthAdapterInstance, s as BetterAuthVanillaAdapterInstance } from "./supabase-adapter-DUqw2fw8.mjs";
+import { createAuthClient } from "better-auth/react";
+import { createAuthClient as createAuthClient$1 } from "better-auth/client";
+
+//#region src/neon-auth.d.ts
+
+/**
+ * Type representing the Better Auth React client
+ */
+type ReactBetterAuthClient = ReturnType<typeof createAuthClient<{
+  plugins: SupportedBetterAuthClientPlugins;
+}>>;
+/**
+ * Type representing the Better Auth Vanilla client
+ */
+type VanillaBetterAuthClient = ReturnType<typeof createAuthClient$1<{
+  plugins: SupportedBetterAuthClientPlugins;
+}>>;
+/**
+ * Union type of all supported auth adapter instances
+ */
+type NeonAuthAdapter = BetterAuthVanillaAdapterInstance | BetterAuthReactAdapterInstance | SupabaseAuthAdapterInstance;
+/**
+ * Configuration for createAuthClient
+ */
+interface NeonAuthConfig<T extends NeonAuthAdapter> {
+  /** The adapter builder to use. Defaults to BetterAuthVanillaAdapter() if not specified. */
+  adapter?: (url: string, fetchOptions?: {
+    headers?: Record<string, string>;
+  }) => T;
+  /**
+   * When true, automatically uses an anonymous token when no user session exists.
+   * This enables RLS-based data access for users with the anonymous role.
+   * @default false
+   */
+  allowAnonymous?: boolean;
+}
+/**
+ * Resolves the public API type for an adapter.
+ * - SupabaseAuthAdapter: exposes its own methods directly (Supabase-compatible API)
+ * - BetterAuth adapters: expose the Better Auth client directly
+ */
+type NeonAuthPublicApi<T extends NeonAuthAdapter> = T extends BetterAuthVanillaAdapterInstance ? VanillaBetterAuthClient : T extends BetterAuthReactAdapterInstance ? ReactBetterAuthClient : T;
+/**
+ * NeonAuth type - combines base functionality with the appropriate public API
+ * This is the return type of createAuthClient()
+ *
+ * For SupabaseAuthAdapter: exposes Supabase-compatible methods (signInWithPassword, getSession, etc.)
+ * For BetterAuth adapters: exposes the Better Auth client directly (signIn.email, signUp.email, etc.)
+ */
+type NeonAuth<T extends NeonAuthAdapter> = {
+  adapter: NeonAuthPublicApi<T>;
+  getJWTToken: () => Promise<string | null>;
+};
+/**
+ * Create a NeonAuth instance that exposes the appropriate API based on the adapter.
+ *
+ * @param url - The auth service URL (e.g., 'https://auth.example.com')
+ * @param config - Configuration with adapter builder
+ * @returns NeonAuth instance with the adapter's API exposed directly
+ *
+ * @example SupabaseAuthAdapter - Supabase-compatible API
+ * ```typescript
+ * import { createAuthClient, SupabaseAuthAdapter } from '@neondatabase/auth';
+ *
+ * const auth = createAuthClient('https://auth.example.com', {
+ *   adapter: SupabaseAuthAdapter(),
+ * });
+ *
+ * // Supabase-compatible methods
+ * await auth.signInWithPassword({ email, password });
+ * await auth.getSession();
+ * ```
+ *
+ * @example BetterAuthVanillaAdapter - Direct Better Auth API
+ * ```typescript
+ * import { createAuthClient, BetterAuthVanillaAdapter } from '@neondatabase/auth';
+ *
+ * const auth = createAuthClient('https://auth.example.com', {
+ *   adapter: BetterAuthVanillaAdapter(),
+ * });
+ *
+ * // Direct Better Auth API access
+ * await auth.signIn.email({ email, password });
+ * await auth.signUp.email({ email, password, name: 'John' });
+ * await auth.getSession();
+ * ```
+ *
+ * @example BetterAuthReactAdapter - Better Auth with React hooks
+ * ```typescript
+ * import { createAuthClient, BetterAuthReactAdapter } from '@neondatabase/auth';
+ *
+ * const auth = createAuthClient('https://auth.example.com', {
+ *   adapter: BetterAuthReactAdapter(),
+ * });
+ *
+ * // Direct Better Auth API with React hooks
+ * await auth.signIn.email({ email, password });
+ * const session = auth.useSession(); // React hook
+ * ```
+ */
+declare function createInternalNeonAuth<T extends NeonAuthAdapter = BetterAuthVanillaAdapterInstance>(url: string, config?: NeonAuthConfigInternal<T>): NeonAuth<T>;
+declare function createAuthClient$2<T extends NeonAuthAdapter = BetterAuthVanillaAdapterInstance>(url: string, config?: NeonAuthConfig<T>): NeonAuthPublicApi<T>;
+//#endregion
+export { ReactBetterAuthClient as a, createInternalNeonAuth as c, NeonAuthPublicApi as i, NeonAuthAdapter as n, VanillaBetterAuthClient as o, NeonAuthConfig as r, createAuthClient$2 as s, NeonAuth as t };

package/dist/{neon-auth-DdlToh7_.mjs → neon-auth-Cs2cWh1B.mjs}

@@ -1,4 +1,4 @@
-import { n as BetterAuthVanillaAdapter } from "./supabase-adapter-CAqbpOC7.mjs";
+import { n as BetterAuthVanillaAdapter } from "./supabase-adapter-BlcGPyOf.mjs";
 
 //#region src/neon-auth.ts
 /**
@@ -49,13 +49,16 @@ import { n as BetterAuthVanillaAdapter } from "./supabase-adapter-CAqbpOC7.mjs";
 * ```
 */
 function createInternalNeonAuth(url, config) {
-	const adapter = (config?.adapter ?? BetterAuthVanillaAdapter())(url);
+	const adapterBuilder = config?.adapter ?? BetterAuthVanillaAdapter();
+	const { fetchOptions } = config ?? {};
+	const adapter = adapterBuilder(url, fetchOptions);
+	const allowAnonymous = config?.allowAnonymous ?? false;
 	if (!(typeof adapter.initialize === "function")) return {
-		getJWTToken: adapter.getJWTToken.bind(adapter),
+		getJWTToken: () => adapter.getJWTToken(allowAnonymous),
 		adapter: adapter.getBetterAuthInstance()
 	};
 	return {
-		getJWTToken: adapter.getJWTToken.bind(adapter),
+		getJWTToken: () => adapter.getJWTToken(allowAnonymous),
 		adapter
 	};
 }