better-auth 0.3.5 → 0.4.0

package/dist/adapters/drizzle.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-Bh0h0nFa.js';
+import { A as Adapter } from '../index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import '../types-Bs23H3QM.js';

package/dist/adapters/mongodb.d.ts

@@ -1,5 +1,5 @@
 import { Db } from 'mongodb';
-import { W as Where } from '../index-Bh0h0nFa.js';
+import { W as Where } from '../index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import '../types-Bs23H3QM.js';

package/dist/adapters/prisma.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-Bh0h0nFa.js';
+import { A as Adapter } from '../index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import '../types-Bs23H3QM.js';

package/dist/api.d.ts

@@ -1,4 +1,4 @@
-export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-Bh0h0nFa.js';
+export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-C6jmDLjB.js';
 import './helper-DPDj8Nix.js';
 import 'zod';
 export { APIError } from 'better-call';

package/dist/api.js

@@ -198,7 +198,7 @@ function generateCodeChallenge(codeVerifier) {
     includePadding: false
   });
 }
-function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes) {
+function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes, disablePkce) {
   const url = new URL(authorizationEndpoint);
   url.searchParams.set("response_type", "code");
   url.searchParams.set("client_id", options.clientId);
@@ -208,9 +208,11 @@ function createAuthorizationURL(id, options, authorizationEndpoint, state, codeV
     "redirect_uri",
     options.redirectURI || getRedirectURI(id)
   );
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("code_challenge", codeChallenge);
+  if (!disablePkce) {
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("code_challenge", codeChallenge);
+  }
   return url;
 }
 
@@ -778,14 +780,12 @@ var oAuthProviderList = Object.keys(oAuthProviders);
 // src/utils/state.ts
 import { generateState as generateStateOAuth } from "oslo/oauth2";
 import { z as z2 } from "zod";
-function generateState(callbackURL, currentURL, dontRememberMe, additionalFields) {
+function generateState(callbackURL, currentURL) {
   const code = generateStateOAuth();
   const state = JSON.stringify({
     code,
     callbackURL,
-    currentURL,
-    dontRememberMe,
-    additionalFields
+    currentURL
   });
   return { state, code };
 }
@@ -793,9 +793,7 @@ function parseState(state) {
   const data = z2.object({
     code: z2.string(),
     callbackURL: z2.string().optional(),
-    currentURL: z2.string().optional(),
-    dontRememberMe: z2.boolean().optional(),
-    additionalFields: z2.record(z2.string()).optional()
+    currentURL: z2.string().optional()
   }).safeParse(JSON.parse(state));
   return data;
 }
@@ -1020,11 +1018,7 @@ var signInOAuth = createAuthEndpoint(
       /**
        * OAuth2 provider to use`
        */
-      provider: z4.enum(oAuthProviderList),
-      /**
-       * If this is true the session will only be valid for the current browser session
-       */
-      dontRememberMe: z4.boolean().default(false).optional()
+      provider: z4.enum(oAuthProviderList)
     })
   },
   async (c) => {
@@ -1049,37 +1043,33 @@ var signInOAuth = createAuthEndpoint(
       callbackURL || currentURL?.origin || c.context.baseURL,
       c.query?.currentURL
     );
-    try {
-      await c.setSignedCookie(
-        cookie.state.name,
-        state.code,
-        c.context.secret,
-        cookie.state.options
-      );
-      const codeVerifier = generateCodeVerifier();
-      await c.setSignedCookie(
-        cookie.pkCodeVerifier.name,
-        codeVerifier,
-        c.context.secret,
-        cookie.pkCodeVerifier.options
-      );
-      const url = provider.createAuthorizationURL({
-        state: state.state,
-        codeVerifier
-      });
-      url.searchParams.set(
-        "redirect_uri",
-        `${c.context.baseURL}/callback/${c.body.provider}`
-      );
-      return {
-        url: url.toString(),
-        state: state.state,
-        codeVerifier,
-        redirect: true
-      };
-    } catch (e) {
-      throw new APIError3("INTERNAL_SERVER_ERROR");
-    }
+    await c.setSignedCookie(
+      cookie.state.name,
+      state.code,
+      c.context.secret,
+      cookie.state.options
+    );
+    const codeVerifier = generateCodeVerifier();
+    await c.setSignedCookie(
+      cookie.pkCodeVerifier.name,
+      codeVerifier,
+      c.context.secret,
+      cookie.pkCodeVerifier.options
+    );
+    const url = provider.createAuthorizationURL({
+      state: state.state,
+      codeVerifier
+    });
+    url.searchParams.set(
+      "redirect_uri",
+      `${c.context.baseURL}/callback/${c.body.provider}`
+    );
+    return c.json({
+      url: url.toString(),
+      state: state.state,
+      codeVerifier,
+      redirect: true
+    });
   }
 );
 var signInEmail = createAuthEndpoint(
@@ -1365,6 +1355,26 @@ var callbackOAuth = createAuthEndpoint(
         `${c.context.baseURL}/error?error=oauth_provider_not_found`
       );
     }
+    const parsedState = parseState(c.query.state);
+    if (!parsedState.success) {
+      c.context.logger.error("Unable to parse state");
+      throw c.redirect(
+        `${c.context.baseURL}/error?error=please_restart_the_process`
+      );
+    }
+    const {
+      data: { callbackURL, currentURL, code: stateCode }
+    } = parsedState;
+    const storedState = await c.getSignedCookie(
+      c.context.authCookies.state.name,
+      c.context.secret
+    );
+    if (storedState !== stateCode) {
+      logger.error("OAuth state mismatch", storedState, stateCode);
+      throw c.redirect(
+        `${c.context.baseURL}/error?error=please_restart_the_process`
+      );
+    }
     const codeVerifier = await c.getSignedCookie(
       c.context.authCookies.pkCodeVerifier.name,
       c.context.secret
@@ -1379,7 +1389,7 @@ var callbackOAuth = createAuthEndpoint(
     } catch (e) {
       c.context.logger.error(e);
       throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_code_verification_failed`
+        `${c.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const user = await provider.getUserInfo(tokens).then((res) => res?.user);
@@ -1388,23 +1398,15 @@ var callbackOAuth = createAuthEndpoint(
       ...user,
       id
     });
-    const parsedState = parseState(c.query.state);
-    if (!parsedState.success) {
-      c.context.logger.error("Unable to parse state");
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=invalid_state_parameter`
-      );
-    }
-    const { callbackURL, currentURL, dontRememberMe } = parsedState.data;
     if (!user || data.success === false) {
       logger.error("Unable to get user info", data.error);
       throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_validation_failed`
+        `${c.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     if (!callbackURL) {
       throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_callback_url_not_found`
+        `${c.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const dbUser = await c.context.internalAdapter.findUserByEmail(user.email).catch((e) => {
@@ -1474,8 +1476,7 @@ var callbackOAuth = createAuthEndpoint(
     try {
       const session = await c.context.internalAdapter.createSession(
         userId || id,
-        c.request,
-        dontRememberMe
+        c.request
       );
       if (!session) {
         const url = new URL(currentURL || callbackURL);
@@ -1483,7 +1484,7 @@ var callbackOAuth = createAuthEndpoint(
         throw c.redirect(url.toString());
       }
       try {
-        await setSessionCookie(c, session.id, dontRememberMe);
+        await setSessionCookie(c, session.id);
       } catch (e) {
         c.context.logger.error("Unable to set session cookie", e);
         const url = new URL(currentURL || callbackURL);
@@ -1491,7 +1492,7 @@ var callbackOAuth = createAuthEndpoint(
         throw c.redirect(url.toString());
       }
     } catch {
-      const url = new URL(currentURL || callbackURL);
+      const url = new URL(currentURL || callbackURL || "");
       url.searchParams.set("error", "unable_to_create_session");
       throw c.redirect(url.toString());
     }

package/dist/client/plugins.d.ts

@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
 import { A as AccessControl, S as StatementsPrimitive, R as Role } from '../statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { o as organization, j as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin } from '../index-DI8FMfhr.js';
-export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-DI8FMfhr.js';
+import { o as organization, j as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin } from '../index-DCBFTxDp.js';
+export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-DCBFTxDp.js';
 import { P as Prettify } from '../helper-DPDj8Nix.js';
-import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-Bh0h0nFa.js';
+import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-C6jmDLjB.js';
 import '../types-Bs23H3QM.js';
 import 'zod';
 import 'arctic';

package/dist/client.d.ts

@@ -6,7 +6,7 @@ import { BetterFetch, BetterFetchError, BetterFetchOption } from '@better-fetch/
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, InferSessionFromClient, InferUserFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 export { AtomListener, InferPluginsFromClient } from './types.js';
-import './index-Bh0h0nFa.js';
+import './index-C6jmDLjB.js';
 import 'kysely';
 import './types-Bs23H3QM.js';
 import 'arctic';

package/dist/client.js

@@ -82,11 +82,6 @@ var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
   async init(url, options) {
-    if (!options?.baseURL) {
-      throw new BetterAuthError(
-        "API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`"
-      );
-    }
     if (options?.method !== "GET") {
       options = options || {};
       const { data, error } = await betterFetch("/csrf", {

package/dist/{index-Bh0h0nFa.d.ts → index-C6jmDLjB.d.ts}

@@ -262,6 +262,7 @@ type AuthEndpoint = Endpoint<(ctx: {
     options: BetterAuthOptions;
     body: any;
     query: any;
+    params: any;
     headers: Headers;
 }) => Promise<EndpointResponse>>;
 type AuthMiddleware = ReturnType<typeof createAuthMiddleware>;
@@ -1174,19 +1175,13 @@ declare const signInOAuth: {
             /**
              * OAuth2 provider to use`
              */
-            provider: z.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
-            /**
-             * If this is true the session will only be valid for the current browser session
-             */
-            dontRememberMe: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
+            provider: z.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
         }, "strip", z.ZodTypeAny, {
-            provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+            provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
             callbackURL?: string | undefined;
-            dontRememberMe?: boolean | undefined;
         }, {
-            provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+            provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
             callbackURL?: string | undefined;
-            dontRememberMe?: boolean | undefined;
         }>;
     }>]>(...ctx: C): Promise<C extends [{
         asResponse: true;
@@ -1219,19 +1214,13 @@ declare const signInOAuth: {
             /**
              * OAuth2 provider to use`
              */
-            provider: z.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
-            /**
-             * If this is true the session will only be valid for the current browser session
-             */
-            dontRememberMe: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
+            provider: z.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
         }, "strip", z.ZodTypeAny, {
-            provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+            provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
             callbackURL?: string | undefined;
-            dontRememberMe?: boolean | undefined;
         }, {
-            provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+            provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
             callbackURL?: string | undefined;
-            dontRememberMe?: boolean | undefined;
         }>;
     };
     method: better_call.Method | better_call.Method[];
@@ -2447,16 +2436,13 @@ declare function getEndpoints<C extends AuthContext, Option extends BetterAuthOp
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
-                    dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }>;
             }>]>(...ctx: C_1): Promise<C_1 extends [{
                 asResponse: true;
@@ -2479,16 +2465,13 @@ declare function getEndpoints<C extends AuthContext, Option extends BetterAuthOp
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
-                    dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }>;
             };
             method: better_call.Method | better_call.Method[];
@@ -3562,16 +3545,13 @@ declare const router: <C extends AuthContext, Option extends BetterAuthOptions>(
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
-                    dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }>;
             }>]>(...ctx: C_1): Promise<C_1 extends [{
                 asResponse: true;
@@ -3594,16 +3574,13 @@ declare const router: <C extends AuthContext, Option extends BetterAuthOptions>(
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
-                    dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }>;
             };
             method: better_call.Method | better_call.Method[];
@@ -4679,16 +4656,13 @@ declare const betterAuth: <O extends BetterAuthOptions>(options: O) => {
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
-                    dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }>;
             }>]>(...ctx: C): Promise<C extends [{
                 asResponse: true;
@@ -4711,16 +4685,13 @@ declare const betterAuth: <O extends BetterAuthOptions>(options: O) => {
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
-                    dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
-                    dontRememberMe?: boolean | undefined;
                 }>;
             };
             method: better_call.Method | better_call.Method[];

package/dist/{index-DI8FMfhr.d.ts → index-DCBFTxDp.d.ts}

@@ -5,7 +5,7 @@ import { P as Prettify } from './helper-DPDj8Nix.js';
 import { A as AccessControl, R as Role, S as StatementsPrimitive, g as defaultRoles } from './statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetch, BetterFetchOption } from '@better-fetch/fetch';
-import { H as HookEndpointContext, g as AuthContext } from './index-Bh0h0nFa.js';
+import { H as HookEndpointContext, g as AuthContext } from './index-C6jmDLjB.js';
 import * as nanostores from 'nanostores';
 import { atom } from 'nanostores';
 import * as _simplewebauthn_types from '@simplewebauthn/types';

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { a as Auth, a0 as betterAuth } from './index-Bh0h0nFa.js';
+export { a as Auth, a0 as betterAuth } from './index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import './types-Bs23H3QM.js';

package/dist/index.js

@@ -198,7 +198,7 @@ function generateCodeChallenge(codeVerifier) {
     includePadding: false
   });
 }
-function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes) {
+function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes, disablePkce) {
   const url = new URL(authorizationEndpoint);
   url.searchParams.set("response_type", "code");
   url.searchParams.set("client_id", options.clientId);
@@ -208,9 +208,11 @@ function createAuthorizationURL(id, options, authorizationEndpoint, state, codeV
     "redirect_uri",
     options.redirectURI || getRedirectURI(id)
   );
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("code_challenge", codeChallenge);
+  if (!disablePkce) {
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("code_challenge", codeChallenge);
+  }
   return url;
 }
 
@@ -778,14 +780,12 @@ var oAuthProviderList = Object.keys(oAuthProviders);
 // src/utils/state.ts
 import { generateState as generateStateOAuth } from "oslo/oauth2";
 import { z as z2 } from "zod";
-function generateState(callbackURL, currentURL, dontRememberMe, additionalFields) {
+function generateState(callbackURL, currentURL) {
   const code = generateStateOAuth();
   const state = JSON.stringify({
     code,
     callbackURL,
-    currentURL,
-    dontRememberMe,
-    additionalFields
+    currentURL
   });
   return { state, code };
 }
@@ -793,9 +793,7 @@ function parseState(state) {
   const data = z2.object({
     code: z2.string(),
     callbackURL: z2.string().optional(),
-    currentURL: z2.string().optional(),
-    dontRememberMe: z2.boolean().optional(),
-    additionalFields: z2.record(z2.string()).optional()
+    currentURL: z2.string().optional()
   }).safeParse(JSON.parse(state));
   return data;
 }
@@ -816,7 +814,7 @@ function getCookies(options) {
   const secureCookiePrefix = secure ? "__Secure-" : "";
   const cookiePrefix = "better-auth";
   const sessionMaxAge = new TimeSpan(7, "d").seconds();
-  const crossSubdomainEnabled = options.advanced?.crossSubDomainCookies?.enabled;
+  const crossSubdomainEnabled = !!options.advanced?.crossSubDomainCookies?.enabled;
   const domain = crossSubdomainEnabled ? options.advanced?.crossSubDomainCookies?.domain || (options.baseURL ? new URL(options.baseURL).hostname : void 0) : void 0;
   if (crossSubdomainEnabled && !domain) {
     throw new BetterAuthError(
@@ -833,7 +831,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: sessionMaxAge,
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     csrfToken: {
@@ -844,7 +842,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: 60 * 60 * 24 * 7,
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     state: {
@@ -855,8 +853,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: 60 * 15,
-        // 15 minutes in seconds
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     pkCodeVerifier: {
@@ -867,8 +864,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: 60 * 15,
-        // 15 minutes in seconds
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     dontRememberToken: {
@@ -879,7 +875,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         //no max age so it expires when the browser closes
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     nonce: {
@@ -890,14 +886,13 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: 60 * 15,
-        // 15 minutes in seconds
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     }
   };
 }
 function createCookieGetter(options) {
-  const secure = !!options.advanced?.useSecureCookies || process.env.NODE_ENV === "production";
+  const secure = options.advanced?.useSecureCookies !== void 0 ? options.advanced?.useSecureCookies : options.baseURL?.startsWith("https://") || process.env.NODE_ENV === "production";
   const secureCookiePrefix = secure ? "__Secure-" : "";
   const cookiePrefix = "better-auth";
   const domain = options.advanced?.crossSubDomainCookies?.domain || (options.baseURL ? new URL(options.baseURL).hostname : void 0);
@@ -914,7 +909,7 @@ function createCookieGetter(options) {
         maxAge: 60 * 15,
         // 15 minutes in seconds
         ...opts,
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     };
   }
@@ -1129,11 +1124,7 @@ var signInOAuth = createAuthEndpoint(
       /**
        * OAuth2 provider to use`
        */
-      provider: z4.enum(oAuthProviderList),
-      /**
-       * If this is true the session will only be valid for the current browser session
-       */
-      dontRememberMe: z4.boolean().default(false).optional()
+      provider: z4.enum(oAuthProviderList)
     })
   },
   async (c) => {
@@ -1158,37 +1149,33 @@ var signInOAuth = createAuthEndpoint(
       callbackURL || currentURL?.origin || c.context.baseURL,
       c.query?.currentURL
     );
-    try {
-      await c.setSignedCookie(
-        cookie.state.name,
-        state.code,
-        c.context.secret,
-        cookie.state.options
-      );
-      const codeVerifier = generateCodeVerifier();
-      await c.setSignedCookie(
-        cookie.pkCodeVerifier.name,
-        codeVerifier,
-        c.context.secret,
-        cookie.pkCodeVerifier.options
-      );
-      const url = provider.createAuthorizationURL({
-        state: state.state,
-        codeVerifier
-      });
-      url.searchParams.set(
-        "redirect_uri",
-        `${c.context.baseURL}/callback/${c.body.provider}`
-      );
-      return {
-        url: url.toString(),
-        state: state.state,
-        codeVerifier,
-        redirect: true
-      };
-    } catch (e) {
-      throw new APIError3("INTERNAL_SERVER_ERROR");
-    }
+    await c.setSignedCookie(
+      cookie.state.name,
+      state.code,
+      c.context.secret,
+      cookie.state.options
+    );
+    const codeVerifier = generateCodeVerifier();
+    await c.setSignedCookie(
+      cookie.pkCodeVerifier.name,
+      codeVerifier,
+      c.context.secret,
+      cookie.pkCodeVerifier.options
+    );
+    const url = provider.createAuthorizationURL({
+      state: state.state,
+      codeVerifier
+    });
+    url.searchParams.set(
+      "redirect_uri",
+      `${c.context.baseURL}/callback/${c.body.provider}`
+    );
+    return c.json({
+      url: url.toString(),
+      state: state.state,
+      codeVerifier,
+      redirect: true
+    });
   }
 );
 var signInEmail = createAuthEndpoint(
@@ -1474,6 +1461,26 @@ var callbackOAuth = createAuthEndpoint(
         `${c.context.baseURL}/error?error=oauth_provider_not_found`
       );
     }
+    const parsedState = parseState(c.query.state);
+    if (!parsedState.success) {
+      c.context.logger.error("Unable to parse state");
+      throw c.redirect(
+        `${c.context.baseURL}/error?error=please_restart_the_process`
+      );
+    }
+    const {
+      data: { callbackURL, currentURL, code: stateCode }
+    } = parsedState;
+    const storedState = await c.getSignedCookie(
+      c.context.authCookies.state.name,
+      c.context.secret
+    );
+    if (storedState !== stateCode) {
+      logger.error("OAuth state mismatch", storedState, stateCode);
+      throw c.redirect(
+        `${c.context.baseURL}/error?error=please_restart_the_process`
+      );
+    }
     const codeVerifier = await c.getSignedCookie(
       c.context.authCookies.pkCodeVerifier.name,
       c.context.secret
@@ -1488,7 +1495,7 @@ var callbackOAuth = createAuthEndpoint(
     } catch (e) {
       c.context.logger.error(e);
       throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_code_verification_failed`
+        `${c.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const user = await provider.getUserInfo(tokens).then((res) => res?.user);
@@ -1497,23 +1504,15 @@ var callbackOAuth = createAuthEndpoint(
       ...user,
       id
     });
-    const parsedState = parseState(c.query.state);
-    if (!parsedState.success) {
-      c.context.logger.error("Unable to parse state");
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=invalid_state_parameter`
-      );
-    }
-    const { callbackURL, currentURL, dontRememberMe } = parsedState.data;
     if (!user || data.success === false) {
       logger.error("Unable to get user info", data.error);
       throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_validation_failed`
+        `${c.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     if (!callbackURL) {
       throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_callback_url_not_found`
+        `${c.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const dbUser = await c.context.internalAdapter.findUserByEmail(user.email).catch((e) => {
@@ -1583,8 +1582,7 @@ var callbackOAuth = createAuthEndpoint(
     try {
       const session = await c.context.internalAdapter.createSession(
         userId || id,
-        c.request,
-        dontRememberMe
+        c.request
       );
       if (!session) {
         const url = new URL(currentURL || callbackURL);
@@ -1592,7 +1590,7 @@ var callbackOAuth = createAuthEndpoint(
         throw c.redirect(url.toString());
       }
       try {
-        await setSessionCookie(c, session.id, dontRememberMe);
+        await setSessionCookie(c, session.id);
       } catch (e) {
         c.context.logger.error("Unable to set session cookie", e);
         const url = new URL(currentURL || callbackURL);
@@ -1600,7 +1598,7 @@ var callbackOAuth = createAuthEndpoint(
         throw c.redirect(url.toString());
       }
     } catch {
-      const url = new URL(currentURL || callbackURL);
+      const url = new URL(currentURL || callbackURL || "");
       url.searchParams.set("error", "unable_to_create_session");
       throw c.redirect(url.toString());
     }

package/dist/next-js.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth } from './index-Bh0h0nFa.js';
+import { a as Auth } from './index-C6jmDLjB.js';
 import { U as User, S as Session } from './types-Bs23H3QM.js';
 import { NextRequest } from 'next/server';
 import 'zod';

package/dist/node.d.ts

@@ -1,5 +1,5 @@
 import * as http from 'http';
-import { a as Auth } from './index-Bh0h0nFa.js';
+import { a as Auth } from './index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import './types-Bs23H3QM.js';

package/dist/plugins.d.ts

@@ -1,7 +1,7 @@
-export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-DI8FMfhr.js';
+export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-DCBFTxDp.js';
 export { i as ac } from './index-DfAHOgpj.js';
-import { H as HookEndpointContext } from './index-Bh0h0nFa.js';
-export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-Bh0h0nFa.js';
+import { H as HookEndpointContext } from './index-C6jmDLjB.js';
+export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-C6jmDLjB.js';
 import './types-Bs23H3QM.js';
 import 'zod';
 import 'arctic';

package/dist/plugins.js

@@ -138,7 +138,7 @@ function generateCodeChallenge(codeVerifier) {
     includePadding: false
   });
 }
-function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes) {
+function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes, disablePkce) {
   const url = new URL(authorizationEndpoint);
   url.searchParams.set("response_type", "code");
   url.searchParams.set("client_id", options.clientId);
@@ -148,9 +148,11 @@ function createAuthorizationURL(id, options, authorizationEndpoint, state, codeV
     "redirect_uri",
     options.redirectURI || getRedirectURI(id)
   );
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("code_challenge", codeChallenge);
+  if (!disablePkce) {
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("code_challenge", codeChallenge);
+  }
   return url;
 }
 
@@ -718,14 +720,12 @@ var oAuthProviderList = Object.keys(oAuthProviders);
 // src/utils/state.ts
 import { generateState as generateStateOAuth } from "oslo/oauth2";
 import { z } from "zod";
-function generateState(callbackURL, currentURL, dontRememberMe, additionalFields) {
+function generateState(callbackURL, currentURL) {
   const code = generateStateOAuth();
   const state = JSON.stringify({
     code,
     callbackURL,
-    currentURL,
-    dontRememberMe,
-    additionalFields
+    currentURL
   });
   return { state, code };
 }
@@ -733,9 +733,7 @@ function parseState(state) {
   const data = z.object({
     code: z.string(),
     callbackURL: z.string().optional(),
-    currentURL: z.string().optional(),
-    dontRememberMe: z.boolean().optional(),
-    additionalFields: z.record(z.string()).optional()
+    currentURL: z.string().optional()
   }).safeParse(JSON.parse(state));
   return data;
 }
@@ -941,11 +939,7 @@ var signInOAuth = createAuthEndpoint(
       /**
        * OAuth2 provider to use`
        */
-      provider: z3.enum(oAuthProviderList),
-      /**
-       * If this is true the session will only be valid for the current browser session
-       */
-      dontRememberMe: z3.boolean().default(false).optional()
+      provider: z3.enum(oAuthProviderList)
     })
   },
   async (c) => {
@@ -970,37 +964,33 @@ var signInOAuth = createAuthEndpoint(
       callbackURL || currentURL?.origin || c.context.baseURL,
       c.query?.currentURL
     );
-    try {
-      await c.setSignedCookie(
-        cookie.state.name,
-        state.code,
-        c.context.secret,
-        cookie.state.options
-      );
-      const codeVerifier = generateCodeVerifier();
-      await c.setSignedCookie(
-        cookie.pkCodeVerifier.name,
-        codeVerifier,
-        c.context.secret,
-        cookie.pkCodeVerifier.options
-      );
-      const url = provider.createAuthorizationURL({
-        state: state.state,
-        codeVerifier
-      });
-      url.searchParams.set(
-        "redirect_uri",
-        `${c.context.baseURL}/callback/${c.body.provider}`
-      );
-      return {
-        url: url.toString(),
-        state: state.state,
-        codeVerifier,
-        redirect: true
-      };
-    } catch (e) {
-      throw new APIError2("INTERNAL_SERVER_ERROR");
-    }
+    await c.setSignedCookie(
+      cookie.state.name,
+      state.code,
+      c.context.secret,
+      cookie.state.options
+    );
+    const codeVerifier = generateCodeVerifier();
+    await c.setSignedCookie(
+      cookie.pkCodeVerifier.name,
+      codeVerifier,
+      c.context.secret,
+      cookie.pkCodeVerifier.options
+    );
+    const url = provider.createAuthorizationURL({
+      state: state.state,
+      codeVerifier
+    });
+    url.searchParams.set(
+      "redirect_uri",
+      `${c.context.baseURL}/callback/${c.body.provider}`
+    );
+    return c.json({
+      url: url.toString(),
+      state: state.state,
+      codeVerifier,
+      redirect: true
+    });
   }
 );
 var signInEmail = createAuthEndpoint(
@@ -1286,6 +1276,26 @@ var callbackOAuth = createAuthEndpoint(
         `${c.context.baseURL}/error?error=oauth_provider_not_found`
       );
     }
+    const parsedState = parseState(c.query.state);
+    if (!parsedState.success) {
+      c.context.logger.error("Unable to parse state");
+      throw c.redirect(
+        `${c.context.baseURL}/error?error=please_restart_the_process`
+      );
+    }
+    const {
+      data: { callbackURL, currentURL, code: stateCode }
+    } = parsedState;
+    const storedState = await c.getSignedCookie(
+      c.context.authCookies.state.name,
+      c.context.secret
+    );
+    if (storedState !== stateCode) {
+      logger.error("OAuth state mismatch", storedState, stateCode);
+      throw c.redirect(
+        `${c.context.baseURL}/error?error=please_restart_the_process`
+      );
+    }
     const codeVerifier = await c.getSignedCookie(
       c.context.authCookies.pkCodeVerifier.name,
       c.context.secret
@@ -1300,7 +1310,7 @@ var callbackOAuth = createAuthEndpoint(
     } catch (e) {
       c.context.logger.error(e);
       throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_code_verification_failed`
+        `${c.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const user = await provider.getUserInfo(tokens).then((res) => res?.user);
@@ -1309,23 +1319,15 @@ var callbackOAuth = createAuthEndpoint(
       ...user,
       id
     });
-    const parsedState = parseState(c.query.state);
-    if (!parsedState.success) {
-      c.context.logger.error("Unable to parse state");
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=invalid_state_parameter`
-      );
-    }
-    const { callbackURL, currentURL, dontRememberMe } = parsedState.data;
     if (!user || data.success === false) {
       logger.error("Unable to get user info", data.error);
       throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_validation_failed`
+        `${c.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     if (!callbackURL) {
       throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_callback_url_not_found`
+        `${c.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const dbUser = await c.context.internalAdapter.findUserByEmail(user.email).catch((e) => {
@@ -1395,8 +1397,7 @@ var callbackOAuth = createAuthEndpoint(
     try {
       const session = await c.context.internalAdapter.createSession(
         userId || id,
-        c.request,
-        dontRememberMe
+        c.request
       );
       if (!session) {
         const url = new URL(currentURL || callbackURL);
@@ -1404,7 +1405,7 @@ var callbackOAuth = createAuthEndpoint(
         throw c.redirect(url.toString());
       }
       try {
-        await setSessionCookie(c, session.id, dontRememberMe);
+        await setSessionCookie(c, session.id);
       } catch (e) {
         c.context.logger.error("Unable to set session cookie", e);
         const url = new URL(currentURL || callbackURL);
@@ -1412,7 +1413,7 @@ var callbackOAuth = createAuthEndpoint(
         throw c.redirect(url.toString());
       }
     } catch {
-      const url = new URL(currentURL || callbackURL);
+      const url = new URL(currentURL || callbackURL || "");
       url.searchParams.set("error", "unable_to_create_session");
       throw c.redirect(url.toString());
     }

package/dist/react.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { useStore } from '@nanostores/react';
-import './index-Bh0h0nFa.js';
+import './index-C6jmDLjB.js';
 import 'kysely';
 import './types-Bs23H3QM.js';
 import 'arctic';

package/dist/react.js

@@ -85,11 +85,6 @@ var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
   async init(url, options) {
-    if (!options?.baseURL) {
-      throw new BetterAuthError(
-        "API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`"
-      );
-    }
     if (options?.method !== "GET") {
       options = options || {};
       const { data, error } = await betterFetch("/csrf", {

package/dist/social.js

@@ -93,7 +93,7 @@ function generateCodeChallenge(codeVerifier) {
     includePadding: false
   });
 }
-function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes) {
+function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes, disablePkce) {
   const url = new URL(authorizationEndpoint);
   url.searchParams.set("response_type", "code");
   url.searchParams.set("client_id", options.clientId);
@@ -103,9 +103,11 @@ function createAuthorizationURL(id, options, authorizationEndpoint, state, codeV
     "redirect_uri",
     options.redirectURI || getRedirectURI(id)
   );
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("code_challenge", codeChallenge);
+  if (!disablePkce) {
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("code_challenge", codeChallenge);
+  }
   return url;
 }
 

package/dist/solid-start.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth } from './index-Bh0h0nFa.js';
+import { a as Auth } from './index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import './types-Bs23H3QM.js';

package/dist/solid.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Accessor } from 'solid-js';
-import './index-Bh0h0nFa.js';
+import './index-C6jmDLjB.js';
 import 'kysely';
 import './types-Bs23H3QM.js';
 import 'arctic';

package/dist/solid.js

@@ -85,11 +85,6 @@ var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
   async init(url, options) {
-    if (!options?.baseURL) {
-      throw new BetterAuthError(
-        "API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`"
-      );
-    }
     if (options?.method !== "GET") {
       options = options || {};
       const { data, error } = await betterFetch("/csrf", {

package/dist/svelte-kit.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth, B as BetterAuthOptions } from './index-Bh0h0nFa.js';
+import { a as Auth, B as BetterAuthOptions } from './index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import './types-Bs23H3QM.js';

package/dist/svelte.d.ts

@@ -3,7 +3,7 @@ import * as nanostores from 'nanostores';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
-import './index-Bh0h0nFa.js';
+import './index-C6jmDLjB.js';
 import 'kysely';
 import './types-Bs23H3QM.js';
 import 'arctic';

package/dist/svelte.js

@@ -82,11 +82,6 @@ var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
   async init(url, options) {
-    if (!options?.baseURL) {
-      throw new BetterAuthError(
-        "API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`"
-      );
-    }
     if (options?.method !== "GET") {
       options = options || {};
       const { data, error } = await betterFetch("/csrf", {

package/dist/types.d.ts

@@ -1,5 +1,5 @@
-import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, h as InferFieldsOutput } from './index-Bh0h0nFa.js';
-export { A as Adapter, k as AdditionalSessionFieldsInput, l as AdditionalSessionFieldsOutput, i as AdditionalUserFieldsInput, j as AdditionalUserFieldsOutput, g as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, p as InferPluginTypes, n as InferSession, m as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, q as init } from './index-Bh0h0nFa.js';
+import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, h as InferFieldsOutput } from './index-C6jmDLjB.js';
+export { A as Adapter, k as AdditionalSessionFieldsInput, l as AdditionalSessionFieldsOutput, i as AdditionalUserFieldsInput, j as AdditionalUserFieldsOutput, g as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, p as InferPluginTypes, n as InferSession, m as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, q as init } from './index-C6jmDLjB.js';
 import { U as UnionToIntersection, H as HasRequiredKeys, P as Prettify, S as StripEmptyObjects, L as LiteralString } from './helper-DPDj8Nix.js';
 export { D as DeepPartial, a as LiteralUnion, R as RequiredKeysOf, W as WithoutEmpty } from './helper-DPDj8Nix.js';
 import { S as Session, U as User } from './types-Bs23H3QM.js';

package/dist/vue.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Ref, DeepReadonly } from 'vue';
-import './index-Bh0h0nFa.js';
+import './index-C6jmDLjB.js';
 import 'kysely';
 import './types-Bs23H3QM.js';
 import 'arctic';

package/dist/vue.js

@@ -85,11 +85,6 @@ var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
   async init(url, options) {
-    if (!options?.baseURL) {
-      throw new BetterAuthError(
-        "API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`"
-      );
-    }
     if (options?.method !== "GET") {
       options = options || {};
       const { data, error } = await betterFetch("/csrf", {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "better-auth",
-  "version": "0.3.5",
+  "version": "0.4.0",
   "description": "The most comprehensive authentication library for TypeScript.",
   "type": "module",
   "main": "./dist/index.js",
@@ -55,6 +55,7 @@
     "mongodb": "^6.9.0",
     "mysql2": "^3.11.0",
     "next": "^14.2.8",
+    "oauth2-mock-server": "^7.1.2",
     "pg": "^8.12.0",
     "prisma": "^5.19.1",
     "react": "^18.3.1",
@@ -81,7 +82,7 @@
     "@simplewebauthn/browser": "^10.0.0",
     "@simplewebauthn/server": "^10.0.1",
     "arctic": "2.0.0-next.9",
-    "better-call": "0.2.5",
+    "better-call": "0.2.6",
     "c12": "^1.11.2",
     "chalk": "^5.3.0",
     "commander": "^12.1.0",