@take-out/better-auth-utils 0.0.67 → 0.0.69

package/README.md

@@ -1,15 +1,6 @@
 # @take-out/better-auth-utils
 
-Better Auth utilities and helpers for React/React Native applications.
-
-## Features
-
-- JWT support for Zero, web and React Native
-- Session persistence in local storage
-- Token validation and refresh
-- State management with emitters
-- Automatic retry on authentication errors
-- TypeScript support with full type safety
+Auth utilities for better-auth with React/React Native support.
 
 ## Installation
 
@@ -17,120 +8,99 @@ Better Auth utilities and helpers for React/React Native applications.
 bun add @take-out/better-auth-utils
 ```
 
-## Usage
-
-### Basic Setup
+## Client Usage
 
 ```typescript
 import { createBetterAuthClient } from '@take-out/better-auth-utils'
-import { adminClient, magicLinkClient } from 'better-auth/client/plugins'
-
-const authClient = createBetterAuthClient({
-  baseURL: 'https://your-app.com',
-  plugins: [adminClient(), magicLinkClient()],
-  // Optional callbacks
-  onAuthStateChange: (state) => {
-    console.info('Auth state changed:', state)
-  },
-  onAuthError: (error) => {
-    console.error('Auth error:', error)
-  },
-})
 
-// Export for use throughout your app
-export const {
-  authClient,
-  useAuth,
-  getAuth,
-  setAuthClientToken,
-  clearAuthClientToken,
-} = authClient
-```
-
-### Using in React Components
+const auth = createBetterAuthClient({
+  baseURL: 'https://myapp.com',
+  plugins: [/* better-auth plugins */],
+  // transform user object with app-specific fields
+  createUser: (user) => ({ ...user, role: user.role as 'admin' | undefined }),
+  // optional callbacks
+  onAuthStateChange: (state) => console.log('Auth changed:', state),
+  onAuthError: (error) => console.error('Auth error:', error),
+})
 
-```tsx
-import { useAuth } from './auth'
+// React hook for auth state
+const { state, user, token } = auth.useAuth()
 
-function UserProfile() {
-  const { user, state } = useAuth()
+// get current auth state (non-reactive)
+const { loggedIn } = auth.getAuth()
 
-  if (state === 'loading') return <div>Loading...</div>
-  if (state === 'logged-out') return <div>Please log in</div>
+// clear all auth (localStorage + cookies)
+auth.clearAllAuth()
 
-  return <div>Welcome, {user?.name}!</div>
-}
+// clear just localStorage token
+auth.clearAuthClientToken()
 ```
 
-### Custom User Types
+### Client Options
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `baseURL` | `string` | required | Auth server URL |
+| `plugins` | `array` | `[]` | better-auth client plugins |
+| `createUser` | `function` | identity | Transform user object with app-specific typing |
+| `onAuthStateChange` | `function` | - | Callback when auth state changes |
+| `onAuthError` | `function` | - | Callback for auth errors |
+| `storagePrefix` | `string` | `'auth'` | localStorage key prefix |
+| `retryDelay` | `number` | `4000` | Retry delay after errors (ms) |
+| `tokenValidationEndpoint` | `string` | `'/api/auth/validateToken'` | JWT validation endpoint |
+| `authCookieNames` | `string[]` | `['better-auth.jwt', 'better-auth.session_token']` | Cookie names to clear on `clearAllAuth()` |
+
+### Client API
+
+- `useAuth()` - React hook returning `{ state, user, session, token }`
+- `getAuth()` - Get current auth state (non-reactive), includes `loggedIn` boolean
+- `setAuthClientToken({ token, session })` - Set auth token and session
+- `clearAuthClientToken()` - Clear localStorage token only
+- `clearAllAuth()` - Clear localStorage AND cookies
+- `clearState()` - Clear all auth state and storage
+- `getValidToken()` - Get valid JWT, refreshing if needed
+- `authState` - Emitter for subscribing to auth changes
+- `authClientVersion` - Emitter that updates when auth client recreates
+
+## Server Usage
 
 ```typescript
-import type { User } from '@take-out/better-auth-utils'
-
-interface MyUser extends User {
-  role?: 'admin' | 'user'
-  preferences?: {
-    theme: 'light' | 'dark'
+import {
+  validateToken,
+  isValidJWT,
+  InvalidTokenError,
+} from '@take-out/better-auth-utils/server'
+
+// validate JWT against JWKS endpoint
+try {
+  const payload = await validateToken(token, {
+    baseUrl: 'https://myapp.com',
+    forceIssuer: process.env.FORCE_ISSUER, // optional, for CI
+    jwksPath: '/api/auth/jwks', // optional, default
+  })
+  console.log('User ID:', payload.sub)
+} catch (err) {
+  if (err instanceof InvalidTokenError) {
+    // token invalid (malformed, expired, signature mismatch, etc)
+    return Response.json({ error: 'INVALID_TOKEN' }, { status: 401 })
   }
 }
 
-const authClient = createBetterAuthClient<any, MyUser>({
-  baseURL: 'https://your-app.com',
-})
+// simple boolean check
+const valid = await isValidJWT(token, { baseUrl: 'https://myapp.com' })
 ```
 
-### Configuration Options
-
-- `baseURL` - The base URL for your auth server
-- `plugins` - Array of better-auth plugins
-- `onAuthStateChange` - Callback when auth state changes
-- `onAuthError` - Callback for handling auth errors
-- `storagePrefix` - Prefix for local storage keys (default: 'auth')
-- `retryDelay` - Delay in ms after auth errors (default: 4000)
-- `tokenValidationEndpoint` - Custom token validation endpoint (default:
-  '/api/auth/validateToken')
-
-## API
-
-### `createBetterAuthClient(options)`
-
-Creates a new authentication client with the provided options.
+### Server Exports
 
-### `useAuth()`
+| Export | Description |
+|--------|-------------|
+| `validateToken(token, options)` | Validate JWT against JWKS, returns payload |
+| `isValidJWT(token, options)` | Boolean validation check |
+| `InvalidTokenError` | Error thrown for invalid tokens |
 
-React hook that returns the current authentication state.
+### JWKS Validation
 
-### `getAuth()`
-
-Gets the current authentication state (non-reactive).
-
-### `setAuthClientToken({ token, session })`
-
-Sets the authentication token and session.
-
-### `clearAuthClientToken()`
-
-Clears the stored authentication token.
-
-### `clearState()`
-
-Clears all authentication state and storage.
-
-## Development
-
-```bash
-# Install dependencies
-bun install
-
-# Build the package
-bun run build
-
-# Run in watch mode
-bun run watch
-
-# Lint the code
-bun run lint:fix
-```
+The server validates JWTs against the JWKS endpoint (`/api/auth/jwks` by default). A fresh JWKS is fetched for each validation to avoid stale key cache issues.
 
 ## License
 

package/dist/cjs/createAuthClient.cjs

@@ -32,7 +32,8 @@ function createBetterAuthClient(options) {
       createUser,
       storagePrefix = "auth",
       retryDelay = 4e3,
-      tokenValidationEndpoint = "/api/auth/validateToken",
+      useJWT = !1,
+      authCookieNames = ["better-auth.jwt", "better-auth.session_token"],
       ...authClientOptions
     } = options,
     empty = {
@@ -41,19 +42,25 @@ function createBetterAuthClient(options) {
       user: null,
       token: null
     },
+    keysStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-keys`),
+    stateStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-state`),
     createAuthClientWithSession = session => (0, import_client.createAuthClient)({
       ...authClientOptions,
       fetchOptions: {
-        headers: {
+        credentials: "include",
+        headers: useJWT ? {
           Authorization: `Bearer ${session}`
-        }
+        } : void 0
       }
-    }),
-    keysStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-keys`),
-    stateStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-state`);
+    });
   let authClient = (() => {
     const existingSession = keysStorage.get()?.session;
-    return existingSession ? createAuthClientWithSession(existingSession) : (0, import_client.createAuthClient)(authClientOptions);
+    return existingSession ? createAuthClientWithSession(existingSession) : (0, import_client.createAuthClient)({
+      ...authClientOptions,
+      fetchOptions: {
+        credentials: "include"
+      }
+    });
   })();
   const authState = (0, import_helpers.createEmitter)("authState", stateStorage.get() || empty, {
       comparator: import_helpers.isEqualDeepLite
@@ -67,6 +74,9 @@ function createBetterAuthClient(options) {
       stateStorage.set(next), authState.emit(next), next.token && next.session ? keysStorage.set({
         token: next.token,
         session: next.session.token
+      }) : next.session ? keysStorage.set({
+        token: "",
+        session: next.session.token
       }) : keysStorage.set({
         token: "",
         session: ""
@@ -97,15 +107,19 @@ function createBetterAuthClient(options) {
         sessionUpdate = nextState === "loading" ? {} : {
           session: data?.session ?? null,
           user: data?.user ? createUser ? createUser(data.user) : data.user : null
-        };
+        },
+        previousSession = authState.value?.session,
+        isNewSession = data?.session && (!previousSession || previousSession.id !== data.session.id || previousSession.userId !== data.session.userId);
       setState({
         state: nextState,
         ...sessionUpdate
-      }), data?.session && !authState.value.token && getValidToken().then(token => {
+      }), useJWT && data?.session && (isNewSession || !authState.value.token) && (isNewSession && authState.value.token && setState({
+        token: null
+      }), getValidToken().then(token => {
         token && setState({
           token
         });
-      });
+      }));
     });
   }
   function scheduleAuthRetry(delayMs) {
@@ -114,20 +128,6 @@ function createBetterAuthClient(options) {
     }, delayMs);
   }
   async function getValidToken() {
-    const existing = keysStorage.get()?.token;
-    if (existing) try {
-      if ((await fetch(tokenValidationEndpoint, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({
-          token: existing
-        })
-      }).then(res2 => res2.json()))?.valid) return existing;
-    } catch (error) {
-      console.error("Error validating token:", error);
-    }
     const res = await authClient.$fetch("/token");
     if (res.error) {
       console.error(`Error fetching token: ${res.error.statusText}`);
@@ -136,9 +136,19 @@ function createBetterAuthClient(options) {
     return res.data?.token;
   }
   const clearAuthClientToken = () => {
-      keysStorage.remove();
-    },
-    getAuth = () => {
+    keysStorage.remove();
+  };
+  function clearAuthCookies() {
+    if (!(typeof document > "u")) for (const cookieName of authCookieNames) {
+      document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/`;
+      const domain = window.location.hostname;
+      document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=${domain}`, domain.startsWith(".") && (document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=${domain.slice(1)}`);
+    }
+  }
+  function clearAllAuth() {
+    clearAuthCookies(), clearState();
+  }
+  const getAuth = () => {
       const state = authState?.value || empty;
       return {
         ...state,
@@ -169,6 +179,7 @@ function createBetterAuthClient(options) {
     authClient: proxiedAuthClient,
     setAuthClientToken,
     clearAuthClientToken,
+    clearAllAuth,
     useAuth,
     getAuth,
     getValidToken,

package/dist/cjs/createAuthClient.js

@@ -25,40 +25,41 @@ function createBetterAuthClient(options) {
     createUser,
     storagePrefix = "auth",
     retryDelay = 4e3,
-    tokenValidationEndpoint = "/api/auth/validateToken",
+    useJWT = !1,
+    authCookieNames = ["better-auth.jwt", "better-auth.session_token"],
     ...authClientOptions
   } = options, empty = {
     state: "logged-out",
     session: null,
     user: null,
     token: null
-  }, createAuthClientWithSession = (session) => (0, import_client.createAuthClient)({
+  }, keysStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-keys`), stateStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-state`), createAuthClientWithSession = (session) => (0, import_client.createAuthClient)({
     ...authClientOptions,
     fetchOptions: {
-      headers: {
-        Authorization: `Bearer ${session}`
-      }
+      credentials: "include",
+      headers: useJWT ? { Authorization: `Bearer ${session}` } : void 0
     }
-  }), keysStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-keys`), stateStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-state`);
+  });
   let authClient = (() => {
     const existingSession = keysStorage.get()?.session;
-    return existingSession ? createAuthClientWithSession(existingSession) : (0, import_client.createAuthClient)(authClientOptions);
+    return existingSession ? createAuthClientWithSession(existingSession) : (0, import_client.createAuthClient)({
+      ...authClientOptions,
+      fetchOptions: { credentials: "include" }
+    });
   })();
   const authState = (0, import_helpers.createEmitter)(
     "authState",
     stateStorage.get() || empty,
-    {
-      comparator: import_helpers.isEqualDeepLite
-    }
+    { comparator: import_helpers.isEqualDeepLite }
   ), authClientVersion = (0, import_helpers.createEmitter)("authClientVersion", 0), setState = (update) => {
     const next = { ...authState.value, ...update };
     stateStorage.set(next), authState.emit(next), next.token && next.session ? keysStorage.set({
       token: next.token,
       session: next.session.token
-    }) : keysStorage.set({
+    }) : next.session ? keysStorage.set({
       token: "",
-      session: ""
-    }), onAuthStateChange?.(next);
+      session: next.session.token
+    }) : keysStorage.set({ token: "", session: "" }), onAuthStateChange?.(next);
   }, setAuthClientToken = async (props) => {
     keysStorage.set(props), updateAuthClient(props.session);
   };
@@ -76,13 +77,13 @@ function createBetterAuthClient(options) {
       const data = dataGeneric, hasPersistedSession = !!keysStorage.get()?.session, nextState = isPending ? "loading" : data?.session ? "logged-in" : hasPersistedSession && data === void 0 ? "loading" : "logged-out", sessionUpdate = nextState === "loading" ? {} : {
         session: data?.session ?? null,
         user: data?.user ? createUser ? createUser(data.user) : data.user : null
-      };
+      }, previousSession = authState.value?.session, isNewSession = data?.session && (!previousSession || previousSession.id !== data.session.id || previousSession.userId !== data.session.userId);
       setState({
         state: nextState,
         ...sessionUpdate
-      }), data?.session && !authState.value.token && getValidToken().then((token) => {
+      }), useJWT && data?.session && (isNewSession || !authState.value.token) && (isNewSession && authState.value.token && setState({ token: null }), getValidToken().then((token) => {
         token && setState({ token });
-      });
+      }));
     });
   }
   function scheduleAuthRetry(delayMs) {
@@ -91,22 +92,6 @@ function createBetterAuthClient(options) {
     }, delayMs);
   }
   async function getValidToken() {
-    const existing = keysStorage.get()?.token;
-    if (existing)
-      try {
-        if ((await fetch(tokenValidationEndpoint, {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json"
-          },
-          body: JSON.stringify({
-            token: existing
-          })
-        }).then((res2) => res2.json()))?.valid)
-          return existing;
-      } catch (error) {
-        console.error("Error validating token:", error);
-      }
     const res = await authClient.$fetch("/token");
     if (res.error) {
       console.error(`Error fetching token: ${res.error.statusText}`);
@@ -116,12 +101,21 @@ function createBetterAuthClient(options) {
   }
   const clearAuthClientToken = () => {
     keysStorage.remove();
-  }, getAuth = () => {
+  };
+  function clearAuthCookies() {
+    if (!(typeof document > "u"))
+      for (const cookieName of authCookieNames) {
+        document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/`;
+        const domain = window.location.hostname;
+        document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=${domain}`, domain.startsWith(".") && (document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=${domain.slice(1)}`);
+      }
+  }
+  function clearAllAuth() {
+    clearAuthCookies(), clearState();
+  }
+  const getAuth = () => {
     const state = authState?.value || empty;
-    return {
-      ...state,
-      loggedIn: !!state.session
-    };
+    return { ...state, loggedIn: !!state.session };
   }, useAuth = () => (0, import_helpers.useEmitterValue)(authState) || empty;
   function clearState() {
     keysStorage.remove(), stateStorage.remove(), setState(empty);
@@ -146,6 +140,7 @@ function createBetterAuthClient(options) {
     authClient: proxiedAuthClient,
     setAuthClientToken,
     clearAuthClientToken,
+    clearAllAuth,
     useAuth,
     getAuth,
     getValidToken,

package/dist/cjs/createAuthClient.js.map

@@ -1,6 +1,6 @@
 {
   "version": 3,
   "sources": ["../../src/createAuthClient.ts"],
-  "mappings": ";;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAWA,qBAMO,8BACP,gBAA+D;AAqExD,SAAS,uBACd,SACoF;AAEpF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,IAChB,aAAa;AAAA,IACb,0BAA0B;AAAA,IAC1B,GAAG;AAAA,EACL,IAAI,SAEE,QAA0B;AAAA,IAC9B,OAAO;AAAA,IACP,SAAS;AAAA,IACT,MAAM;AAAA,IACN,OAAO;AAAA,EACT,GAEM,8BAA8B,CAAC,gBAC5B,gCAAiB;AAAA,IACtB,GAAG;AAAA,IACH,cAAc;AAAA,MACZ,SAAS;AAAA,QACP,eAAe,UAAU,OAAO;AAAA,MAClC;AAAA,IACF;AAAA,EACF,CAAC,GAGG,kBAAc,mCAAgC,GAAG,aAAa,OAAO,GACrE,mBAAe,mCAAqC,GAAG,aAAa,QAAQ;AAElF,MAAI,cAAc,MAAM;AACtB,UAAM,kBAAkB,YAAY,IAAI,GAAG;AAC3C,WAAO,kBACH,4BAA4B,eAAe,QAC3C,gCAAiB,iBAAyB;AAAA,EAChD,GAAG;AAEH,QAAM,gBAAY;AAAA,IAChB;AAAA,IACA,aAAa,IAAI,KAAK;AAAA,IACtB;AAAA,MACE,YAAY;AAAA,IACd;AAAA,EACF,GAEM,wBAAoB,8BAAsB,qBAAqB,CAAC,GAEhE,WAAW,CAAC,WAAsC;AAEtD,UAAM,OAAO,EAAE,GADC,UAAU,OACC,GAAG,OAAO;AACrC,iBAAa,IAAI,IAAI,GACrB,UAAU,KAAK,IAAI,GAGf,KAAK,SAAS,KAAK,UACrB,YAAY,IAAI;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,SAAS,KAAK,QAAQ;AAAA,IACxB,CAAC,IAED,YAAY,IAAI;AAAA,MACd,OAAO;AAAA,MACP,SAAS;AAAA,IACX,CAAC,GAIH,oBAAoB,IAAI;AAAA,EAC1B,GAEM,qBAAqB,OAAO,UAA8C;AAC9E,gBAAY,IAAI,KAAK,GACrB,iBAAiB,MAAM,OAAO;AAAA,EAChC;AAEA,WAAS,iBAAiB,SAAiB;AACzC,iBAAa,4BAA4B,OAAO,GAChD,kBAAkB,KAAK,KAAK,OAAO,CAAC,GACpC,sBAAsB;AAAA,EACxB;AAEA,MAAI,UAA2B,MAC3B,aAAmD;AAEvD,WAAS,wBAAwB;AAC/B,cAAU,GAEV,UAAU,WAAW,WAAW,UAAU,OAAO,UAAU;AACzD,YAAM,EAAE,MAAM,aAAa,WAAW,MAAM,IAAI;AAEhD,UAAI,OAAO;AACT,sBAAc,KAAK,GAEnB,kBAAkB,UAAU;AAC5B;AAAA,MACF;AAEA,YAAM,OAAO,aAUP,sBAAsB,CAAC,CAAC,YAAY,IAAI,GAAG,SAC3C,YAAY,YACd,YACA,MAAM,UACJ,cACA,uBAAuB,SAAS,SAC9B,YACA,cAIF,gBACJ,cAAc,YACV,CAAC,IACD;AAAA,QACE,SAAS,MAAM,WAAW;AAAA,QAC1B,MAAM,MAAM,OAAQ,aAAa,WAAW,KAAK,IAAI,IAAI,KAAK,OAAQ;AAAA,MACxE;AAEN,eAAS;AAAA,QACP,OAAO;AAAA,QACP,GAAG;AAAA,MACL,CAAC,GAGG,MAAM,WAAW,CAAC,UAAU,MAAM,SACpC,cAAc,EAAE,KAAK,CAAC,UAAU;AAC9B,QAAI,SACF,SAAS,EAAE,MAAM,CAAC;AAAA,MAEtB,CAAC;AAAA,IAEL,CAAC;AAAA,EACH;AAEA,WAAS,kBAAkB,SAAiB;AAC1C,IAAI,cACF,aAAa,UAAU,GAEzB,aAAa,WAAW,MAAM;AAC5B,mBAAa,MACb,sBAAsB;AAAA,IACxB,GAAG,OAAO;AAAA,EACZ;AAEA,iBAAe,gBAA6C;AAC1D,UAAM,WAAW,YAAY,IAAI,GAAG;AAEpC,QAAI;AACF,UAAI;AAWF,aAViB,MAAM,MAAM,yBAAyB;AAAA,UACpD,QAAQ;AAAA,UACR,SAAS;AAAA,YACP,gBAAgB;AAAA,UAClB;AAAA,UACA,MAAM,KAAK,UAAU;AAAA,YACnB,OAAO;AAAA,UACT,CAAC;AAAA,QACH,CAAC,EAAE,KAAK,CAACA,SAAQA,KAAI,KAAK,CAAC,IAEb;AACZ,iBAAO;AAAA,MAEX,SAAS,OAAO;AACd,gBAAQ,MAAM,2BAA2B,KAAK;AAAA,MAChD;AAGF,UAAM,MAAM,MAAM,WAAW,OAAO,QAAQ;AAC5C,QAAI,IAAI,OAAO;AACb,cAAQ,MAAM,yBAAyB,IAAI,MAAM,UAAU,EAAE;AAC7D;AAAA,IACF;AAEA,WADa,IAAI,MACJ;AAAA,EACf;AAEA,QAAM,uBAAuB,MAAM;AACjC,gBAAY,OAAO;AAAA,EACrB,GAEM,UAAU,MAAM;AACpB,UAAM,QAAQ,WAAW,SAAS;AAClC,WAAO;AAAA,MACL,GAAG;AAAA,MACH,UAAU,CAAC,CAAC,MAAM;AAAA,IACpB;AAAA,EACF,GAEM,UAAU,UACP,gCAAgB,SAAS,KAAK;AAGvC,WAAS,aAAa;AACpB,gBAAY,OAAO,GACnB,aAAa,OAAO,GACpB,SAAS,KAAK;AAAA,EAChB;AAMA,MAHA,sBAAsB,GAGlB,OAAO,SAAW,OAAe,OAAO,kBAAkB;AAC5D,UAAM,UAAU,MAAM;AACpB,gBAAU,GACN,cACF,aAAa,UAAU;AAAA,IAE3B;AACA,WAAO,iBAAiB,gBAAgB,OAAO;AAAA,EACjD;AAEA,QAAM,oBAAoB,IAAI,MAAM,YAAY;AAAA,IAC9C,IAAI,SAAS,KAAK;AAChB,aAAI,QAAQ,YACH,MAAM;AACX,mBAAW,GAKX,WAAW,UAAU,GAGjB,OAAO,SAAW,OACpB,OAAO,UAAU,SAAS;AAAA,MAE9B,IAGK,QAAQ,IAAI,YAAY,GAAG;AAAA,IACpC;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;",
-  "names": ["res"]
+  "mappings": ";;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAUA,qBAMO,8BACP,gBAA+D;AAmFxD,SAAS,uBACd,SACoF;AAEpF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,IAChB,aAAa;AAAA,IACb,SAAS;AAAA,IACT,kBAAkB,CAAC,mBAAmB,2BAA2B;AAAA,IACjE,GAAG;AAAA,EACL,IAAI,SAEE,QAA0B;AAAA,IAC9B,OAAO;AAAA,IACP,SAAS;AAAA,IACT,MAAM;AAAA,IACN,OAAO;AAAA,EACT,GAEM,kBAAc,mCAAgC,GAAG,aAAa,OAAO,GACrE,mBAAe,mCAAqC,GAAG,aAAa,QAAQ,GAE5E,8BAA8B,CAAC,gBAC5B,gCAAiB;AAAA,IACtB,GAAG;AAAA,IACH,cAAc;AAAA,MACZ,aAAa;AAAA,MACb,SAAS,SAAS,EAAE,eAAe,UAAU,OAAO,GAAG,IAAI;AAAA,IAC7D;AAAA,EACF,CAAC;AAGH,MAAI,cAAc,MAAM;AACtB,UAAM,kBAAkB,YAAY,IAAI,GAAG;AAC3C,WAAO,kBACH,4BAA4B,eAAe,QAC3C,gCAAiB;AAAA,MACf,GAAG;AAAA,MACH,cAAc,EAAE,aAAa,UAAU;AAAA,IACzC,CAAS;AAAA,EACf,GAAG;AAEH,QAAM,gBAAY;AAAA,IAChB;AAAA,IACA,aAAa,IAAI,KAAK;AAAA,IACtB,EAAE,YAAY,+BAAgB;AAAA,EAChC,GAEM,wBAAoB,8BAAsB,qBAAqB,CAAC,GAEhE,WAAW,CAAC,WAAsC;AAEtD,UAAM,OAAO,EAAE,GADC,UAAU,OACC,GAAG,OAAO;AACrC,iBAAa,IAAI,IAAI,GACrB,UAAU,KAAK,IAAI,GAGf,KAAK,SAAS,KAAK,UACrB,YAAY,IAAI;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,SAAS,KAAK,QAAQ;AAAA,IACxB,CAAC,IACQ,KAAK,UACd,YAAY,IAAI;AAAA,MACd,OAAO;AAAA,MACP,SAAS,KAAK,QAAQ;AAAA,IACxB,CAAC,IAED,YAAY,IAAI,EAAE,OAAO,IAAI,SAAS,GAAG,CAAC,GAG5C,oBAAoB,IAAI;AAAA,EAC1B,GAEM,qBAAqB,OAAO,UAA8C;AAC9E,gBAAY,IAAI,KAAK,GACrB,iBAAiB,MAAM,OAAO;AAAA,EAChC;AAEA,WAAS,iBAAiB,SAAiB;AACzC,iBAAa,4BAA4B,OAAO,GAChD,kBAAkB,KAAK,KAAK,OAAO,CAAC,GACpC,sBAAsB;AAAA,EACxB;AAEA,MAAI,UAA2B,MAC3B,aAAmD;AAEvD,WAAS,wBAAwB;AAC/B,cAAU,GAEV,UAAU,WAAW,WAAW,UAAU,OAAO,UAAU;AACzD,YAAM,EAAE,MAAM,aAAa,WAAW,MAAM,IAAI;AAEhD,UAAI,OAAO;AACT,sBAAc,KAAK,GACnB,kBAAkB,UAAU;AAC5B;AAAA,MACF;AAEA,YAAM,OAAO,aAQP,sBAAsB,CAAC,CAAC,YAAY,IAAI,GAAG,SAC3C,YAAY,YACd,YACA,MAAM,UACJ,cACA,uBAAuB,SAAS,SAC9B,YACA,cAGF,gBACJ,cAAc,YACV,CAAC,IACD;AAAA,QACE,SAAS,MAAM,WAAW;AAAA,QAC1B,MAAM,MAAM,OAAQ,aAAa,WAAW,KAAK,IAAI,IAAI,KAAK,OAAQ;AAAA,MACxE,GAGA,kBAAkB,UAAU,OAAO,SACnC,eACJ,MAAM,YACL,CAAC,mBACA,gBAAgB,OAAO,KAAK,QAAQ,MACpC,gBAAgB,WAAW,KAAK,QAAQ;AAE5C,eAAS;AAAA,QACP,OAAO;AAAA,QACP,GAAG;AAAA,MACL,CAAC,GAGG,UAAU,MAAM,YAAY,gBAAgB,CAAC,UAAU,MAAM,WAC3D,gBAAgB,UAAU,MAAM,SAClC,SAAS,EAAE,OAAO,KAAK,CAAC,GAG1B,cAAc,EAAE,KAAK,CAAC,UAAU;AAC9B,QAAI,SACF,SAAS,EAAE,MAAM,CAAC;AAAA,MAEtB,CAAC;AAAA,IAEL,CAAC;AAAA,EACH;AAEA,WAAS,kBAAkB,SAAiB;AAC1C,IAAI,cAAY,aAAa,UAAU,GACvC,aAAa,WAAW,MAAM;AAC5B,mBAAa,MACb,sBAAsB;AAAA,IACxB,GAAG,OAAO;AAAA,EACZ;AAEA,iBAAe,gBAA6C;AAC1D,UAAM,MAAM,MAAM,WAAW,OAAO,QAAQ;AAC5C,QAAI,IAAI,OAAO;AACb,cAAQ,MAAM,yBAAyB,IAAI,MAAM,UAAU,EAAE;AAC7D;AAAA,IACF;AACA,WAAQ,IAAI,MAAc;AAAA,EAC5B;AAEA,QAAM,uBAAuB,MAAM;AACjC,gBAAY,OAAO;AAAA,EACrB;AAEA,WAAS,mBAAmB;AAC1B,QAAI,SAAO,WAAa;AAExB,iBAAW,cAAc,iBAAiB;AACxC,iBAAS,SAAS,GAAG,UAAU;AAC/B,cAAM,SAAS,OAAO,SAAS;AAC/B,iBAAS,SAAS,GAAG,UAAU,4DAA4D,MAAM,IAC7F,OAAO,WAAW,GAAG,MACvB,SAAS,SAAS,GAAG,UAAU,4DAA4D,OAAO,MAAM,CAAC,CAAC;AAAA,MAE9G;AAAA,EACF;AAEA,WAAS,eAAe;AACtB,qBAAiB,GACjB,WAAW;AAAA,EACb;AAEA,QAAM,UAAU,MAAM;AACpB,UAAM,QAAQ,WAAW,SAAS;AAClC,WAAO,EAAE,GAAG,OAAO,UAAU,CAAC,CAAC,MAAM,QAAQ;AAAA,EAC/C,GAEM,UAAU,UACP,gCAAgB,SAAS,KAAK;AAGvC,WAAS,aAAa;AACpB,gBAAY,OAAO,GACnB,aAAa,OAAO,GACpB,SAAS,KAAK;AAAA,EAChB;AAIA,MAFA,sBAAsB,GAElB,OAAO,SAAW,OAAe,OAAO,kBAAkB;AAC5D,UAAM,UAAU,MAAM;AACpB,gBAAU,GACN,cAAY,aAAa,UAAU;AAAA,IACzC;AACA,WAAO,iBAAiB,gBAAgB,OAAO;AAAA,EACjD;AAEA,QAAM,oBAAoB,IAAI,MAAM,YAAY;AAAA,IAC9C,IAAI,SAAS,KAAK;AAChB,aAAI,QAAQ,YACH,MAAM;AACX,mBAAW,GAEX,WAAW,UAAU,GACjB,OAAO,SAAW,OACpB,OAAO,UAAU,SAAS;AAAA,MAE9B,IAEK,QAAQ,IAAI,YAAY,GAAG;AAAA,IACpC;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;",
+  "names": []
 }

package/dist/cjs/createAuthClient.native.js

@@ -34,7 +34,8 @@ function createBetterAuthClient(options) {
       createUser,
       storagePrefix = "auth",
       retryDelay = 4e3,
-      tokenValidationEndpoint = "/api/auth/validateToken",
+      useJWT = !1,
+      authCookieNames = ["better-auth.jwt", "better-auth.session_token"],
       ...authClientOptions
     } = options,
     empty = {
@@ -43,22 +44,28 @@ function createBetterAuthClient(options) {
       user: null,
       token: null
     },
+    keysStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-keys`),
+    stateStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-state`),
     createAuthClientWithSession = function (session) {
       return (0, import_client.createAuthClient)({
         ...authClientOptions,
         fetchOptions: {
-          headers: {
+          credentials: "include",
+          headers: useJWT ? {
             Authorization: `Bearer ${session}`
-          }
+          } : void 0
         }
       });
     },
-    keysStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-keys`),
-    stateStorage = (0, import_helpers.createStorageValue)(`${storagePrefix}-state`),
     authClient = function () {
       var _keysStorage_get,
         existingSession = (_keysStorage_get = keysStorage.get()) === null || _keysStorage_get === void 0 ? void 0 : _keysStorage_get.session;
-      return existingSession ? createAuthClientWithSession(existingSession) : (0, import_client.createAuthClient)(authClientOptions);
+      return existingSession ? createAuthClientWithSession(existingSession) : (0, import_client.createAuthClient)({
+        ...authClientOptions,
+        fetchOptions: {
+          credentials: "include"
+        }
+      });
     }(),
     authState = (0, import_helpers.createEmitter)("authState", stateStorage.get() || empty, {
       comparator: import_helpers.isEqualDeepLite
@@ -73,6 +80,9 @@ function createBetterAuthClient(options) {
       stateStorage.set(next), authState.emit(next), next.token && next.session ? keysStorage.set({
         token: next.token,
         session: next.session.token
+      }) : next.session ? keysStorage.set({
+        token: "",
+        session: next.session.token
       }) : keysStorage.set({
         token: "",
         session: ""
@@ -89,6 +99,7 @@ function createBetterAuthClient(options) {
   function subscribeToAuthEffect() {
     dispose?.(), dispose = authClient.useSession.subscribe(async function (props) {
       var _keysStorage_get,
+        _authState_value,
         {
           data: dataGeneric,
           isPending,
@@ -105,15 +116,19 @@ function createBetterAuthClient(options) {
         sessionUpdate = nextState === "loading" ? {} : {
           session: (_data_session = data?.session) !== null && _data_session !== void 0 ? _data_session : null,
           user: data?.user ? createUser ? createUser(data.user) : data.user : null
-        };
+        },
+        previousSession = (_authState_value = authState.value) === null || _authState_value === void 0 ? void 0 : _authState_value.session,
+        isNewSession = data?.session && (!previousSession || previousSession.id !== data.session.id || previousSession.userId !== data.session.userId);
       setState({
         state: nextState,
         ...sessionUpdate
-      }), data?.session && !authState.value.token && getValidToken().then(function (token) {
+      }), useJWT && data?.session && (isNewSession || !authState.value.token) && (isNewSession && authState.value.token && setState({
+        token: null
+      }), getValidToken().then(function (token) {
         token && setState({
           token
         });
-      });
+      }));
     });
   }
   function scheduleAuthRetry(delayMs) {
@@ -122,36 +137,44 @@ function createBetterAuthClient(options) {
     }, delayMs);
   }
   async function getValidToken() {
-    var _keysStorage_get,
-      existing = (_keysStorage_get = keysStorage.get()) === null || _keysStorage_get === void 0 ? void 0 : _keysStorage_get.token;
-    if (existing) try {
-      var response = await fetch(tokenValidationEndpoint, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({
-          token: existing
-        })
-      }).then(function (res2) {
-        return res2.json();
-      });
-      if (response?.valid) return existing;
-    } catch (error) {
-      console.error("Error validating token:", error);
-    }
-    var res = await authClient.$fetch("/token");
+    var _res_data,
+      res = await authClient.$fetch("/token");
     if (res.error) {
       console.error(`Error fetching token: ${res.error.statusText}`);
       return;
     }
-    var data = res.data;
-    return data?.token;
+    return (_res_data = res.data) === null || _res_data === void 0 ? void 0 : _res_data.token;
   }
   var clearAuthClientToken = function () {
-      keysStorage.remove();
-    },
-    getAuth = function () {
+    keysStorage.remove();
+  };
+  function clearAuthCookies() {
+    if (!(typeof document > "u")) {
+      var _iteratorNormalCompletion = !0,
+        _didIteratorError = !1,
+        _iteratorError = void 0;
+      try {
+        for (var _iterator = authCookieNames[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = !0) {
+          var cookieName = _step.value;
+          document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/`;
+          var domain = window.location.hostname;
+          document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=${domain}`, domain.startsWith(".") && (document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=${domain.slice(1)}`);
+        }
+      } catch (err) {
+        _didIteratorError = !0, _iteratorError = err;
+      } finally {
+        try {
+          !_iteratorNormalCompletion && _iterator.return != null && _iterator.return();
+        } finally {
+          if (_didIteratorError) throw _iteratorError;
+        }
+      }
+    }
+  }
+  function clearAllAuth() {
+    clearAuthCookies(), clearState();
+  }
+  var getAuth = function () {
       var state = authState?.value || empty;
       return {
         ...state,
@@ -188,6 +211,7 @@ function createBetterAuthClient(options) {
     authClient: proxiedAuthClient,
     setAuthClientToken,
     clearAuthClientToken,
+    clearAllAuth,
     useAuth,
     getAuth,
     getValidToken,