better-auth 0.3.5-beta.7 → 0.3.5-beta.8

package/dist/adapters/drizzle.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-hN0bCS_b.js';
+import { A as Adapter } from '../index-Bkb3x6r0.js';
 import 'zod';
 import 'kysely';
 import '../index-QaO4zgiz.js';

package/dist/adapters/mongodb.d.ts

@@ -1,5 +1,5 @@
 import { Db } from 'mongodb';
-import { W as Where } from '../index-hN0bCS_b.js';
+import { W as Where } from '../index-Bkb3x6r0.js';
 import 'zod';
 import 'kysely';
 import '../index-QaO4zgiz.js';

package/dist/adapters/prisma.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-hN0bCS_b.js';
+import { A as Adapter } from '../index-Bkb3x6r0.js';
 import 'zod';
 import 'kysely';
 import '../index-QaO4zgiz.js';

package/dist/api.d.ts

@@ -1,4 +1,4 @@
-export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-hN0bCS_b.js';
+export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-Bkb3x6r0.js';
 import './helper-DPDj8Nix.js';
 import 'zod';
 export { APIError } from 'better-call';

package/dist/api.js

@@ -68,6 +68,11 @@ var csrfMiddleware = createAuthMiddleware(
       return;
     }
     const csrfToken = ctx.body?.csrfToken;
+    if (!csrfToken) {
+      throw new APIError("UNAUTHORIZED", {
+        message: "CSRF Token is required"
+      });
+    }
     const csrfCookie = await ctx.getSignedCookie(
       ctx.context.authCookies.csrfToken.name,
       ctx.context.secret
@@ -804,7 +809,7 @@ var getDate = (span, unit = "ms") => {
   return new Date(date.getTime() + (unit === "sec" ? span * 1e3 : span));
 };
 
-// src/utils/cookies.ts
+// src/cookies/index.ts
 import { TimeSpan } from "oslo";
 async function setSessionCookie(ctx, sessionToken, dontRememberMe, overrides) {
   const options = ctx.context.authCookies.sessionToken.options;

package/dist/client/plugins.d.ts

@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
 import { A as AccessControl, S as StatementsPrimitive, R as Role } from '../statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { o as organization, f as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous } from '../index-BZV4xXJh.js';
-export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-BZV4xXJh.js';
+import { o as organization, f as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous } from '../index-JGsMiE1o.js';
+export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-JGsMiE1o.js';
 import { P as Prettify } from '../helper-DPDj8Nix.js';
-import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-hN0bCS_b.js';
+import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-Bkb3x6r0.js';
 import '../index-QaO4zgiz.js';
 import 'arctic';
 import 'zod';

package/dist/client.d.ts

@@ -6,7 +6,7 @@ import { BetterFetch, BetterFetchError, BetterFetchOption } from '@better-fetch/
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, InferSessionFromClient, InferUserFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 export { AtomListener, InferPluginsFromClient } from './types.js';
-import './index-hN0bCS_b.js';
+import './index-Bkb3x6r0.js';
 import 'kysely';
 import './index-QaO4zgiz.js';
 import 'arctic';

package/dist/client.js

@@ -78,7 +78,6 @@ var addCurrentURL = {
     }
   }
 };
-var cache = /* @__PURE__ */ new Map();
 var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
@@ -90,39 +89,36 @@ var csrfPlugin = {
     }
     if (options?.method !== "GET") {
       options = options || {};
-      const csrfToken = cache.get("CSRF_TOKEN");
-      if (!csrfToken) {
-        const { data, error } = await betterFetch("/csrf", {
-          body: void 0,
-          baseURL: options.baseURL,
-          plugins: [],
-          method: "GET",
-          credentials: "include",
-          customFetchImpl: options.customFetchImpl
-        });
-        if (error) {
-          if (error.status === 404) {
-            throw new BetterAuthError(
-              "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
-            );
-          }
-          if (error.status === 429) {
-            return new Response(
-              JSON.stringify({
-                message: "Too many requests. Please try again later."
-              }),
-              {
-                status: 429,
-                statusText: "Too Many Requests"
-              }
-            );
-          }
+      const { data, error } = await betterFetch("/csrf", {
+        body: void 0,
+        baseURL: options.baseURL,
+        plugins: [],
+        method: "GET",
+        credentials: "include",
+        customFetchImpl: options.customFetchImpl
+      });
+      if (error) {
+        if (error.status === 404) {
           throw new BetterAuthError(
-            "Failed to fetch CSRF token: " + error.message
+            "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
+          );
+        }
+        if (error.status === 429) {
+          return new Response(
+            JSON.stringify({
+              message: "Too many requests. Please try again later."
+            }),
+            {
+              status: 429,
+              statusText: "Too Many Requests"
+            }
           );
         }
-        cache.set("CSRF_TOKEN", data.csrfToken);
+        throw new BetterAuthError(
+          "Failed to fetch CSRF token: " + error.message
+        );
       }
+      const csrfToken = data?.csrfToken;
       options.body = {
         ...options?.body,
         csrfToken
@@ -141,7 +137,7 @@ var getClientConfig = (options) => {
     method: "GET",
     ...options?.fetchOptions,
     plugins: [
-      csrfPlugin,
+      ...!options?.disableCSRFTokenCheck ? [csrfPlugin] : [],
       redirectPlugin,
       addCurrentURL,
       ...options?.fetchOptions?.plugins?.filter((pl) => pl !== void 0) || [],

package/dist/{index-hN0bCS_b.d.ts → index-Bkb3x6r0.d.ts}

@@ -70,8 +70,9 @@ declare function getCookies(options: BetterAuthOptions): {
     sessionToken: {
         name: string;
         options: {
+            domain?: string | undefined;
             httpOnly: true;
-            sameSite: "lax";
+            sameSite: "none" | "lax";
             path: string;
             secure: boolean;
             maxAge: number;
@@ -80,8 +81,9 @@ declare function getCookies(options: BetterAuthOptions): {
     csrfToken: {
         name: string;
         options: {
+            domain?: string | undefined;
             httpOnly: true;
-            sameSite: "lax";
+            sameSite: "none" | "lax";
             path: string;
             secure: boolean;
             maxAge: number;
@@ -90,8 +92,9 @@ declare function getCookies(options: BetterAuthOptions): {
     state: {
         name: string;
         options: {
+            domain?: string | undefined;
             httpOnly: true;
-            sameSite: "lax";
+            sameSite: "none" | "lax";
             path: string;
             secure: boolean;
             maxAge: number;
@@ -110,7 +113,7 @@ declare function getCookies(options: BetterAuthOptions): {
         options: CookieOptions;
     };
 };
-declare function createCookieGetter(options: BetterAuthOptions): (cookieName: string, options?: CookieOptions) => {
+declare function createCookieGetter(options: BetterAuthOptions): (cookieName: string, opts?: CookieOptions) => {
     name: string;
     options: CookieOptions;
 };
@@ -737,8 +740,6 @@ type MysqlPool = Pool;
 
 type KyselyDatabaseType = "postgres" | "mysql" | "sqlite" | "mssql";
 
-type EligibleCookies = keyof BetterAuthCookies;
-
 type AdditionalUserFieldsInput<Options extends BetterAuthOptions> = InferFieldsFromOptions<Options, "user", "input">;
 type AdditionalUserFieldsOutput<Options extends BetterAuthOptions> = InferFieldsFromPlugins<Options, "user"> & InferFieldsFromOptions<Options, "user">;
 type AdditionalSessionFieldsInput<Options extends BetterAuthOptions> = InferFieldsFromPlugins<Options, "session", "input"> & InferFieldsFromOptions<Options, "session", "input">;
@@ -1055,12 +1056,9 @@ interface BetterAuthOptions {
              */
             enabled: boolean;
             /**
-             * List of cookies that should be shared across subdomains
-             *
-             * by default, only sessionToken, csrfToken and dontRememberToken
-             * cookies will be shared across subdomains
+             * Additional cookies to be shared across subdomains
              */
-            eligibleCookies?: EligibleCookies[];
+            additionalCookies?: string[];
             /**
              * The domain to use for the cookies
              *

package/dist/{index-BZV4xXJh.d.ts → index-JGsMiE1o.d.ts}

@@ -5,7 +5,7 @@ import { P as Prettify } from './helper-DPDj8Nix.js';
 import { A as AccessControl, R as Role, S as StatementsPrimitive, g as defaultRoles } from './statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetch, BetterFetchOption } from '@better-fetch/fetch';
-import { H as HookEndpointContext } from './index-hN0bCS_b.js';
+import { H as HookEndpointContext } from './index-Bkb3x6r0.js';
 import * as nanostores from 'nanostores';
 import { atom } from 'nanostores';
 import * as _simplewebauthn_types from '@simplewebauthn/types';

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { a as Auth, a0 as betterAuth } from './index-hN0bCS_b.js';
+export { a as Auth, a0 as betterAuth } from './index-Bkb3x6r0.js';
 import 'zod';
 import 'kysely';
 import './index-QaO4zgiz.js';

package/dist/index.js

@@ -68,6 +68,11 @@ var csrfMiddleware = createAuthMiddleware(
       return;
     }
     const csrfToken = ctx.body?.csrfToken;
+    if (!csrfToken) {
+      throw new APIError("UNAUTHORIZED", {
+        message: "CSRF Token is required"
+      });
+    }
     const csrfCookie = await ctx.getSignedCookie(
       ctx.context.authCookies.csrfToken.name,
       ctx.context.secret
@@ -804,75 +809,89 @@ var getDate = (span, unit = "ms") => {
   return new Date(date.getTime() + (unit === "sec" ? span * 1e3 : span));
 };
 
-// src/utils/cookies.ts
+// src/cookies/index.ts
 import { TimeSpan } from "oslo";
 function getCookies(options) {
   const secure = options.advanced?.useSecureCookies !== void 0 ? options.advanced?.useSecureCookies : options.baseURL?.startsWith("https://") || process.env.NODE_ENV === "production";
   const secureCookiePrefix = secure ? "__Secure-" : "";
   const cookiePrefix = "better-auth";
   const sessionMaxAge = new TimeSpan(7, "d").seconds();
+  const crossSubdomainEnabled = options.advanced?.crossSubDomainCookies?.enabled;
+  const domain = crossSubdomainEnabled ? options.advanced?.crossSubDomainCookies?.domain || (options.baseURL ? new URL(options.baseURL).hostname : void 0) : void 0;
+  if (crossSubdomainEnabled && !domain) {
+    throw new BetterAuthError(
+      "baseURL is required when crossSubdomainCookies are enabled"
+    );
+  }
+  const sameSite = crossSubdomainEnabled ? "none" : "lax";
   return {
     sessionToken: {
       name: `${secureCookiePrefix}${cookiePrefix}.session_token`,
       options: {
         httpOnly: true,
-        sameSite: "lax",
+        sameSite,
         path: "/",
         secure: !!secureCookiePrefix,
-        maxAge: sessionMaxAge
+        maxAge: sessionMaxAge,
+        ...crossSubdomainEnabled && { domain }
       }
     },
     csrfToken: {
-      name: `${secureCookiePrefix ? "__Host-" : ""}${cookiePrefix}.csrf_token`,
+      name: `${secureCookiePrefix}${cookiePrefix}.csrf_token`,
       options: {
         httpOnly: true,
-        sameSite: "lax",
+        sameSite,
         path: "/",
         secure: !!secureCookiePrefix,
-        maxAge: 60 * 60 * 24 * 7
+        maxAge: 60 * 60 * 24 * 7,
+        ...crossSubdomainEnabled && { domain }
       }
     },
     state: {
       name: `${secureCookiePrefix}${cookiePrefix}.state`,
       options: {
         httpOnly: true,
-        sameSite: "lax",
+        sameSite,
         path: "/",
         secure: !!secureCookiePrefix,
-        maxAge: 60 * 15
+        maxAge: 60 * 15,
         // 15 minutes in seconds
+        ...crossSubdomainEnabled && { domain }
       }
     },
     pkCodeVerifier: {
       name: `${secureCookiePrefix}${cookiePrefix}.pk_code_verifier`,
       options: {
         httpOnly: true,
-        sameSite: "lax",
+        sameSite,
         path: "/",
         secure: !!secureCookiePrefix,
-        maxAge: 60 * 15
+        maxAge: 60 * 15,
         // 15 minutes in seconds
+        ...crossSubdomainEnabled && { domain }
       }
     },
     dontRememberToken: {
       name: `${secureCookiePrefix}${cookiePrefix}.dont_remember`,
       options: {
         httpOnly: true,
-        sameSite: "lax",
+        sameSite,
         path: "/",
-        secure: !!secureCookiePrefix
+        secure: !!secureCookiePrefix,
         //no max age so it expires when the browser closes
+        ...crossSubdomainEnabled && { domain }
       }
     },
     nonce: {
       name: `${secureCookiePrefix}${cookiePrefix}.nonce`,
       options: {
         httpOnly: true,
-        sameSite: "lax",
+        sameSite,
         path: "/",
         secure: !!secureCookiePrefix,
-        maxAge: 60 * 15
+        maxAge: 60 * 15,
         // 15 minutes in seconds
+        ...crossSubdomainEnabled && { domain }
       }
     }
   };
@@ -881,7 +900,11 @@ function createCookieGetter(options) {
   const secure = !!options.advanced?.useSecureCookies || process.env.NODE_ENV === "production";
   const secureCookiePrefix = secure ? "__Secure-" : "";
   const cookiePrefix = "better-auth";
-  function getCookie(cookieName, options2) {
+  const domain = options.advanced?.crossSubDomainCookies?.domain || (options.baseURL ? new URL(options.baseURL).hostname : void 0);
+  function getCookie(cookieName, opts) {
+    const crossSubdomainEnabled = options.advanced?.crossSubDomainCookies?.enabled ? options.advanced.crossSubDomainCookies.additionalCookies?.includes(
+      cookieName
+    ) : void 0;
     return {
       name: process.env.NODE_ENV === "production" ? `${secureCookiePrefix}${cookiePrefix}.${cookieName}` : `${cookiePrefix}.${cookieName}`,
       options: {
@@ -890,7 +913,8 @@ function createCookieGetter(options) {
         path: "/",
         maxAge: 60 * 15,
         // 15 minutes in seconds
-        ...options2
+        ...opts,
+        ...crossSubdomainEnabled && { domain }
       }
     };
   }
@@ -3926,63 +3950,6 @@ import { defu } from "defu";
 // src/utils/constants.ts
 var DEFAULT_SECRET = "better-auth-secret-123456789";
 
-// src/internal-plugins/cross-subdomain/index.ts
-function getEligibleCookies(authCookies, eligibleCookies) {
-  const cookies = [];
-  for (const cookie of eligibleCookies || []) {
-    cookies.push(authCookies[cookie].name);
-  }
-  return cookies;
-}
-var crossSubdomainCookies = (options) => {
-  return {
-    id: "cross-subdomain-cookies",
-    async onResponse(response, ctx) {
-      const setCookie = response.headers.get("set-cookie");
-      if (!setCookie) return { response };
-      const baseURL = ctx.baseURL;
-      const domain = options?.domain || new URL(baseURL).hostname;
-      const authCookies = ctx.authCookies;
-      const eligibleCookies = options?.eligibleCookies ? getEligibleCookies(
-        authCookies,
-        options.eligibleCookies
-      ) : [
-        authCookies.sessionToken.name,
-        authCookies.csrfToken.name,
-        authCookies.dontRememberToken.name
-      ];
-      const updatedCookies = setCookie.split(",").map((cookie) => {
-        let [name] = cookie.trim().split("=");
-        if (!eligibleCookies.includes(name)) return cookie;
-        name = name.replace("__Host-", "");
-        const parts = cookie.split(";").map((part) => part.trim());
-        const domainIndex = parts.findIndex(
-          (part) => part.toLowerCase().startsWith("domain=")
-        );
-        if (domainIndex !== -1) {
-          parts[domainIndex] = `Domain=${domain}`;
-        } else {
-          parts.push(`Domain=${domain}`);
-        }
-        const sameSiteIndex = parts.findIndex(
-          (part) => part.toLowerCase().startsWith("samesite=")
-        );
-        if (sameSiteIndex !== -1) {
-          parts[sameSiteIndex] = "SameSite=None";
-        } else {
-          parts.push("SameSite=None");
-        }
-        if (!parts.includes("Secure")) {
-          parts.push("Secure");
-        }
-        return parts.join("; ");
-      }).join(", ");
-      response.headers.set("set-cookie", updatedCookies);
-      return { response };
-    }
-  };
-};
-
 // src/init.ts
 var init = async (opts) => {
   let { options, context, dbHooks } = runPluginInit(opts);
@@ -3991,6 +3958,9 @@ var init = async (opts) => {
   const adapter = await getAdapter(options);
   const { kysely: db } = await createKyselyAdapter(options);
   const baseURL = getBaseURL(options.baseURL, options.basePath) || "";
+  if (baseURL) {
+    options.trustedOrigins = [...options.trustedOrigins || [], baseURL];
+  }
   const secret = options.secret || process.env.BETTER_AUTH_SECRET || process.env.AUTH_SECRET || DEFAULT_SECRET;
   options = {
     ...options,
@@ -4085,12 +4055,6 @@ function runPluginInit(options) {
 function getInternalPlugins(options) {
   const plugins = [];
   if (options.advanced?.crossSubDomainCookies?.enabled) {
-    plugins.push(
-      crossSubdomainCookies({
-        eligibleCookies: options.advanced.crossSubDomainCookies.eligibleCookies,
-        domain: options.advanced.crossSubDomainCookies.domain
-      })
-    );
   }
   return plugins;
 }

package/dist/next-js.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth } from './index-hN0bCS_b.js';
+import { a as Auth } from './index-Bkb3x6r0.js';
 import { U as User, S as Session } from './index-QaO4zgiz.js';
 import { NextRequest } from 'next/server';
 import 'zod';

package/dist/node.d.ts

@@ -1,5 +1,5 @@
 import * as http from 'http';
-import { a as Auth } from './index-hN0bCS_b.js';
+import { a as Auth } from './index-Bkb3x6r0.js';
 import 'zod';
 import 'kysely';
 import './index-QaO4zgiz.js';

package/dist/plugins.d.ts

@@ -1,7 +1,7 @@
-export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, e as anonymous, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-BZV4xXJh.js';
+export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, e as anonymous, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-JGsMiE1o.js';
 export { i as ac } from './index-DfAHOgpj.js';
-import { H as HookEndpointContext } from './index-hN0bCS_b.js';
-export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-hN0bCS_b.js';
+import { H as HookEndpointContext } from './index-Bkb3x6r0.js';
+export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-Bkb3x6r0.js';
 import './index-QaO4zgiz.js';
 import 'arctic';
 import 'zod';

package/dist/plugins.js

@@ -749,7 +749,7 @@ var getDate = (span, unit = "ms") => {
   return new Date(date.getTime() + (unit === "sec" ? span * 1e3 : span));
 };
 
-// src/utils/cookies.ts
+// src/cookies/index.ts
 import { TimeSpan } from "oslo";
 async function setSessionCookie(ctx, sessionToken, dontRememberMe, overrides) {
   const options = ctx.context.authCookies.sessionToken.options;
@@ -2854,6 +2854,11 @@ var csrfMiddleware = createAuthMiddleware(
       return;
     }
     const csrfToken = ctx.body?.csrfToken;
+    if (!csrfToken) {
+      throw new APIError9("UNAUTHORIZED", {
+        message: "CSRF Token is required"
+      });
+    }
     const csrfCookie = await ctx.getSignedCookie(
       ctx.context.authCookies.csrfToken.name,
       ctx.context.secret

package/dist/react.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { useStore } from '@nanostores/react';
-import './index-hN0bCS_b.js';
+import './index-Bkb3x6r0.js';
 import 'kysely';
 import './index-QaO4zgiz.js';
 import 'arctic';

package/dist/react.js

@@ -81,7 +81,6 @@ var addCurrentURL = {
     }
   }
 };
-var cache = /* @__PURE__ */ new Map();
 var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
@@ -93,39 +92,36 @@ var csrfPlugin = {
     }
     if (options?.method !== "GET") {
       options = options || {};
-      const csrfToken = cache.get("CSRF_TOKEN");
-      if (!csrfToken) {
-        const { data, error } = await betterFetch("/csrf", {
-          body: void 0,
-          baseURL: options.baseURL,
-          plugins: [],
-          method: "GET",
-          credentials: "include",
-          customFetchImpl: options.customFetchImpl
-        });
-        if (error) {
-          if (error.status === 404) {
-            throw new BetterAuthError(
-              "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
-            );
-          }
-          if (error.status === 429) {
-            return new Response(
-              JSON.stringify({
-                message: "Too many requests. Please try again later."
-              }),
-              {
-                status: 429,
-                statusText: "Too Many Requests"
-              }
-            );
-          }
+      const { data, error } = await betterFetch("/csrf", {
+        body: void 0,
+        baseURL: options.baseURL,
+        plugins: [],
+        method: "GET",
+        credentials: "include",
+        customFetchImpl: options.customFetchImpl
+      });
+      if (error) {
+        if (error.status === 404) {
           throw new BetterAuthError(
-            "Failed to fetch CSRF token: " + error.message
+            "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
+          );
+        }
+        if (error.status === 429) {
+          return new Response(
+            JSON.stringify({
+              message: "Too many requests. Please try again later."
+            }),
+            {
+              status: 429,
+              statusText: "Too Many Requests"
+            }
           );
         }
-        cache.set("CSRF_TOKEN", data.csrfToken);
+        throw new BetterAuthError(
+          "Failed to fetch CSRF token: " + error.message
+        );
       }
+      const csrfToken = data?.csrfToken;
       options.body = {
         ...options?.body,
         csrfToken
@@ -144,7 +140,7 @@ var getClientConfig = (options) => {
     method: "GET",
     ...options?.fetchOptions,
     plugins: [
-      csrfPlugin,
+      ...!options?.disableCSRFTokenCheck ? [csrfPlugin] : [],
       redirectPlugin,
       addCurrentURL,
       ...options?.fetchOptions?.plugins?.filter((pl) => pl !== void 0) || [],

package/dist/solid-start.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth } from './index-hN0bCS_b.js';
+import { a as Auth } from './index-Bkb3x6r0.js';
 import 'zod';
 import 'kysely';
 import './index-QaO4zgiz.js';

package/dist/solid.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Accessor } from 'solid-js';
-import './index-hN0bCS_b.js';
+import './index-Bkb3x6r0.js';
 import 'kysely';
 import './index-QaO4zgiz.js';
 import 'arctic';

package/dist/solid.js

@@ -81,7 +81,6 @@ var addCurrentURL = {
     }
   }
 };
-var cache = /* @__PURE__ */ new Map();
 var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
@@ -93,39 +92,36 @@ var csrfPlugin = {
     }
     if (options?.method !== "GET") {
       options = options || {};
-      const csrfToken = cache.get("CSRF_TOKEN");
-      if (!csrfToken) {
-        const { data, error } = await betterFetch("/csrf", {
-          body: void 0,
-          baseURL: options.baseURL,
-          plugins: [],
-          method: "GET",
-          credentials: "include",
-          customFetchImpl: options.customFetchImpl
-        });
-        if (error) {
-          if (error.status === 404) {
-            throw new BetterAuthError(
-              "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
-            );
-          }
-          if (error.status === 429) {
-            return new Response(
-              JSON.stringify({
-                message: "Too many requests. Please try again later."
-              }),
-              {
-                status: 429,
-                statusText: "Too Many Requests"
-              }
-            );
-          }
+      const { data, error } = await betterFetch("/csrf", {
+        body: void 0,
+        baseURL: options.baseURL,
+        plugins: [],
+        method: "GET",
+        credentials: "include",
+        customFetchImpl: options.customFetchImpl
+      });
+      if (error) {
+        if (error.status === 404) {
           throw new BetterAuthError(
-            "Failed to fetch CSRF token: " + error.message
+            "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
+          );
+        }
+        if (error.status === 429) {
+          return new Response(
+            JSON.stringify({
+              message: "Too many requests. Please try again later."
+            }),
+            {
+              status: 429,
+              statusText: "Too Many Requests"
+            }
           );
         }
-        cache.set("CSRF_TOKEN", data.csrfToken);
+        throw new BetterAuthError(
+          "Failed to fetch CSRF token: " + error.message
+        );
       }
+      const csrfToken = data?.csrfToken;
       options.body = {
         ...options?.body,
         csrfToken
@@ -144,7 +140,7 @@ var getClientConfig = (options) => {
     method: "GET",
     ...options?.fetchOptions,
     plugins: [
-      csrfPlugin,
+      ...!options?.disableCSRFTokenCheck ? [csrfPlugin] : [],
       redirectPlugin,
       addCurrentURL,
       ...options?.fetchOptions?.plugins?.filter((pl) => pl !== void 0) || [],

package/dist/svelte-kit.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth, B as BetterAuthOptions } from './index-hN0bCS_b.js';
+import { a as Auth, B as BetterAuthOptions } from './index-Bkb3x6r0.js';
 import 'zod';
 import 'kysely';
 import './index-QaO4zgiz.js';

package/dist/svelte.d.ts

@@ -3,7 +3,7 @@ import * as nanostores from 'nanostores';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
-import './index-hN0bCS_b.js';
+import './index-Bkb3x6r0.js';
 import 'kysely';
 import './index-QaO4zgiz.js';
 import 'arctic';

package/dist/svelte.js

@@ -78,7 +78,6 @@ var addCurrentURL = {
     }
   }
 };
-var cache = /* @__PURE__ */ new Map();
 var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
@@ -90,39 +89,36 @@ var csrfPlugin = {
     }
     if (options?.method !== "GET") {
       options = options || {};
-      const csrfToken = cache.get("CSRF_TOKEN");
-      if (!csrfToken) {
-        const { data, error } = await betterFetch("/csrf", {
-          body: void 0,
-          baseURL: options.baseURL,
-          plugins: [],
-          method: "GET",
-          credentials: "include",
-          customFetchImpl: options.customFetchImpl
-        });
-        if (error) {
-          if (error.status === 404) {
-            throw new BetterAuthError(
-              "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
-            );
-          }
-          if (error.status === 429) {
-            return new Response(
-              JSON.stringify({
-                message: "Too many requests. Please try again later."
-              }),
-              {
-                status: 429,
-                statusText: "Too Many Requests"
-              }
-            );
-          }
+      const { data, error } = await betterFetch("/csrf", {
+        body: void 0,
+        baseURL: options.baseURL,
+        plugins: [],
+        method: "GET",
+        credentials: "include",
+        customFetchImpl: options.customFetchImpl
+      });
+      if (error) {
+        if (error.status === 404) {
           throw new BetterAuthError(
-            "Failed to fetch CSRF token: " + error.message
+            "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
+          );
+        }
+        if (error.status === 429) {
+          return new Response(
+            JSON.stringify({
+              message: "Too many requests. Please try again later."
+            }),
+            {
+              status: 429,
+              statusText: "Too Many Requests"
+            }
           );
         }
-        cache.set("CSRF_TOKEN", data.csrfToken);
+        throw new BetterAuthError(
+          "Failed to fetch CSRF token: " + error.message
+        );
       }
+      const csrfToken = data?.csrfToken;
       options.body = {
         ...options?.body,
         csrfToken
@@ -141,7 +137,7 @@ var getClientConfig = (options) => {
     method: "GET",
     ...options?.fetchOptions,
     plugins: [
-      csrfPlugin,
+      ...!options?.disableCSRFTokenCheck ? [csrfPlugin] : [],
       redirectPlugin,
       addCurrentURL,
       ...options?.fetchOptions?.plugins?.filter((pl) => pl !== void 0) || [],

package/dist/types.d.ts

@@ -1,5 +1,5 @@
-import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, g as InferFieldsOutput } from './index-hN0bCS_b.js';
-export { A as Adapter, j as AdditionalSessionFieldsInput, k as AdditionalSessionFieldsOutput, h as AdditionalUserFieldsInput, i as AdditionalUserFieldsOutput, q as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, n as InferPluginTypes, m as InferSession, l as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, p as init } from './index-hN0bCS_b.js';
+import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, g as InferFieldsOutput } from './index-Bkb3x6r0.js';
+export { A as Adapter, j as AdditionalSessionFieldsInput, k as AdditionalSessionFieldsOutput, h as AdditionalUserFieldsInput, i as AdditionalUserFieldsOutput, q as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, n as InferPluginTypes, m as InferSession, l as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, p as init } from './index-Bkb3x6r0.js';
 import { U as UnionToIntersection, H as HasRequiredKeys, P as Prettify, S as StripEmptyObjects, L as LiteralString } from './helper-DPDj8Nix.js';
 export { D as DeepPartial, a as LiteralUnion, R as RequiredKeysOf, W as WithoutEmpty } from './helper-DPDj8Nix.js';
 import { S as Session, U as User } from './index-QaO4zgiz.js';
@@ -102,6 +102,7 @@ interface ClientOptions {
     fetchOptions?: BetterFetchOption;
     plugins?: BetterAuthClientPlugin[];
     baseURL?: string;
+    disableCSRFTokenCheck?: boolean;
 }
 type InferClientAPI<O extends ClientOptions> = InferRoutes<O["plugins"] extends Array<any> ? (O["plugins"] extends Array<infer Pl> ? UnionToIntersection<Pl extends {
     $InferServerPlugin: infer Plug;

package/dist/vue.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Ref, DeepReadonly } from 'vue';
-import './index-hN0bCS_b.js';
+import './index-Bkb3x6r0.js';
 import 'kysely';
 import './index-QaO4zgiz.js';
 import 'arctic';

package/dist/vue.js

@@ -81,7 +81,6 @@ var addCurrentURL = {
     }
   }
 };
-var cache = /* @__PURE__ */ new Map();
 var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
@@ -93,39 +92,36 @@ var csrfPlugin = {
     }
     if (options?.method !== "GET") {
       options = options || {};
-      const csrfToken = cache.get("CSRF_TOKEN");
-      if (!csrfToken) {
-        const { data, error } = await betterFetch("/csrf", {
-          body: void 0,
-          baseURL: options.baseURL,
-          plugins: [],
-          method: "GET",
-          credentials: "include",
-          customFetchImpl: options.customFetchImpl
-        });
-        if (error) {
-          if (error.status === 404) {
-            throw new BetterAuthError(
-              "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
-            );
-          }
-          if (error.status === 429) {
-            return new Response(
-              JSON.stringify({
-                message: "Too many requests. Please try again later."
-              }),
-              {
-                status: 429,
-                statusText: "Too Many Requests"
-              }
-            );
-          }
+      const { data, error } = await betterFetch("/csrf", {
+        body: void 0,
+        baseURL: options.baseURL,
+        plugins: [],
+        method: "GET",
+        credentials: "include",
+        customFetchImpl: options.customFetchImpl
+      });
+      if (error) {
+        if (error.status === 404) {
           throw new BetterAuthError(
-            "Failed to fetch CSRF token: " + error.message
+            "CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
+          );
+        }
+        if (error.status === 429) {
+          return new Response(
+            JSON.stringify({
+              message: "Too many requests. Please try again later."
+            }),
+            {
+              status: 429,
+              statusText: "Too Many Requests"
+            }
           );
         }
-        cache.set("CSRF_TOKEN", data.csrfToken);
+        throw new BetterAuthError(
+          "Failed to fetch CSRF token: " + error.message
+        );
       }
+      const csrfToken = data?.csrfToken;
       options.body = {
         ...options?.body,
         csrfToken
@@ -144,7 +140,7 @@ var getClientConfig = (options) => {
     method: "GET",
     ...options?.fetchOptions,
     plugins: [
-      csrfPlugin,
+      ...!options?.disableCSRFTokenCheck ? [csrfPlugin] : [],
       redirectPlugin,
       addCurrentURL,
       ...options?.fetchOptions?.plugins?.filter((pl) => pl !== void 0) || [],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "better-auth",
-  "version": "0.3.5-beta.7",
+  "version": "0.3.5-beta.8",
   "description": "The most comprehensive authentication library for TypeScript.",
   "type": "module",
   "main": "./dist/index.js",
@@ -65,7 +65,6 @@
     "vue": "^3.5.0"
   },
   "dependencies": {
-    "@antfu/ni": "^0.23.0",
     "@babel/preset-react": "^7.24.7",
     "@babel/preset-typescript": "^7.24.7",
     "@better-fetch/fetch": "^1.1.9",
@@ -82,7 +81,7 @@
     "@simplewebauthn/browser": "^10.0.0",
     "@simplewebauthn/server": "^10.0.1",
     "arctic": "2.0.0-next.9",
-    "better-call": "0.2.5-beta.4",
+    "better-call": "0.2.5",
     "c12": "^1.11.2",
     "chalk": "^5.3.0",
     "commander": "^12.1.0",
@@ -91,12 +90,10 @@
     "dotenv": "^16.4.5",
     "execa": "^9.4.0",
     "jose": "^5.7.0",
-    "js-base64": "^3.7.7",
     "kysely": "^0.27.4",
     "nanoid": "^5.0.7",
     "nanoquery": "^1.3.0",
     "nanostores": "^0.11.2",
-    "oauth4webapi": "^2.12.0",
     "ora": "^8.0.1",
     "oslo": "^1.2.1",
     "prompts": "^2.4.2",
@@ -111,6 +108,7 @@
     "dev": "NODE_OPTIONS='--max-old-space-size=4000' tsup --watch --sourcemap",
     "dev:dts": "NODE_OPTIONS='--max-old-space-size=8192' tsup --watch --dts",
     "test": "pnpm prisma:push && pnpm typecheck && vitest",
+    "vitest": "vitest",
     "prisma:push": "prisma db push --schema src/adapters/prisma-adapter/test/schema.prisma",
     "test:adapters": "pnpm prisma:push && vitest adapters",
     "bump": "bumpp",