better-auth 0.3.6 → 0.4.1

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { a as Auth, a0 as betterAuth } from './index-Bh0h0nFa.js';
+export { a as Auth, a0 as betterAuth } from './index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import './types-Bs23H3QM.js';

package/dist/index.js

@@ -198,7 +198,7 @@ function generateCodeChallenge(codeVerifier) {
     includePadding: false
   });
 }
-function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes) {
+function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes, disablePkce) {
   const url = new URL(authorizationEndpoint);
   url.searchParams.set("response_type", "code");
   url.searchParams.set("client_id", options.clientId);
@@ -208,9 +208,11 @@ function createAuthorizationURL(id, options, authorizationEndpoint, state, codeV
     "redirect_uri",
     options.redirectURI || getRedirectURI(id)
   );
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("code_challenge", codeChallenge);
+  if (!disablePkce) {
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("code_challenge", codeChallenge);
+  }
   return url;
 }
 
@@ -778,14 +780,12 @@ var oAuthProviderList = Object.keys(oAuthProviders);
 // src/utils/state.ts
 import { generateState as generateStateOAuth } from "oslo/oauth2";
 import { z as z2 } from "zod";
-function generateState(callbackURL, currentURL, dontRememberMe, additionalFields) {
+function generateState(callbackURL, currentURL) {
   const code = generateStateOAuth();
   const state = JSON.stringify({
     code,
     callbackURL,
-    currentURL,
-    dontRememberMe,
-    additionalFields
+    currentURL
   });
   return { state, code };
 }
@@ -793,9 +793,7 @@ function parseState(state) {
   const data = z2.object({
     code: z2.string(),
     callbackURL: z2.string().optional(),
-    currentURL: z2.string().optional(),
-    dontRememberMe: z2.boolean().optional(),
-    additionalFields: z2.record(z2.string()).optional()
+    currentURL: z2.string().optional()
   }).safeParse(JSON.parse(state));
   return data;
 }
@@ -816,7 +814,7 @@ function getCookies(options) {
   const secureCookiePrefix = secure ? "__Secure-" : "";
   const cookiePrefix = "better-auth";
   const sessionMaxAge = new TimeSpan(7, "d").seconds();
-  const crossSubdomainEnabled = options.advanced?.crossSubDomainCookies?.enabled;
+  const crossSubdomainEnabled = !!options.advanced?.crossSubDomainCookies?.enabled;
   const domain = crossSubdomainEnabled ? options.advanced?.crossSubDomainCookies?.domain || (options.baseURL ? new URL(options.baseURL).hostname : void 0) : void 0;
   if (crossSubdomainEnabled && !domain) {
     throw new BetterAuthError(
@@ -833,7 +831,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: sessionMaxAge,
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     csrfToken: {
@@ -844,7 +842,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: 60 * 60 * 24 * 7,
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     state: {
@@ -855,8 +853,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: 60 * 15,
-        // 15 minutes in seconds
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     pkCodeVerifier: {
@@ -867,8 +864,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: 60 * 15,
-        // 15 minutes in seconds
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     dontRememberToken: {
@@ -879,7 +875,7 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         //no max age so it expires when the browser closes
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     },
     nonce: {
@@ -890,14 +886,13 @@ function getCookies(options) {
         path: "/",
         secure: !!secureCookiePrefix,
         maxAge: 60 * 15,
-        // 15 minutes in seconds
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     }
   };
 }
 function createCookieGetter(options) {
-  const secure = !!options.advanced?.useSecureCookies || process.env.NODE_ENV === "production";
+  const secure = options.advanced?.useSecureCookies !== void 0 ? options.advanced?.useSecureCookies : options.baseURL?.startsWith("https://") || process.env.NODE_ENV === "production";
   const secureCookiePrefix = secure ? "__Secure-" : "";
   const cookiePrefix = "better-auth";
   const domain = options.advanced?.crossSubDomainCookies?.domain || (options.baseURL ? new URL(options.baseURL).hostname : void 0);
@@ -914,7 +909,7 @@ function createCookieGetter(options) {
         maxAge: 60 * 15,
         // 15 minutes in seconds
         ...opts,
-        ...crossSubdomainEnabled && { domain }
+        ...crossSubdomainEnabled ? { domain } : {}
       }
     };
   }
@@ -1129,11 +1124,7 @@ var signInOAuth = createAuthEndpoint(
       /**
        * OAuth2 provider to use`
        */
-      provider: z4.enum(oAuthProviderList),
-      /**
-       * If this is true the session will only be valid for the current browser session
-       */
-      dontRememberMe: z4.boolean().default(false).optional()
+      provider: z4.enum(oAuthProviderList)
     })
   },
   async (c) => {
@@ -1158,37 +1149,33 @@ var signInOAuth = createAuthEndpoint(
       callbackURL || currentURL?.origin || c.context.baseURL,
       c.query?.currentURL
     );
-    try {
-      await c.setSignedCookie(
-        cookie.state.name,
-        state.code,
-        c.context.secret,
-        cookie.state.options
-      );
-      const codeVerifier = generateCodeVerifier();
-      await c.setSignedCookie(
-        cookie.pkCodeVerifier.name,
-        codeVerifier,
-        c.context.secret,
-        cookie.pkCodeVerifier.options
-      );
-      const url = provider.createAuthorizationURL({
-        state: state.state,
-        codeVerifier
-      });
-      url.searchParams.set(
-        "redirect_uri",
-        `${c.context.baseURL}/callback/${c.body.provider}`
-      );
-      return {
-        url: url.toString(),
-        state: state.state,
-        codeVerifier,
-        redirect: true
-      };
-    } catch (e) {
-      throw new APIError3("INTERNAL_SERVER_ERROR");
-    }
+    await c.setSignedCookie(
+      cookie.state.name,
+      state.code,
+      c.context.secret,
+      cookie.state.options
+    );
+    const codeVerifier = generateCodeVerifier();
+    await c.setSignedCookie(
+      cookie.pkCodeVerifier.name,
+      codeVerifier,
+      c.context.secret,
+      cookie.pkCodeVerifier.options
+    );
+    const url = provider.createAuthorizationURL({
+      state: state.state,
+      codeVerifier
+    });
+    url.searchParams.set(
+      "redirect_uri",
+      `${c.context.baseURL}/callback/${c.body.provider}`
+    );
+    return c.json({
+      url: url.toString(),
+      state: state.state,
+      codeVerifier,
+      redirect: true
+    });
   }
 );
 var signInEmail = createAuthEndpoint(
@@ -1482,14 +1469,14 @@ var callbackOAuth = createAuthEndpoint(
       );
     }
     const {
-      data: { callbackURL, currentURL, dontRememberMe, code }
+      data: { callbackURL, currentURL, code: stateCode }
     } = parsedState;
-    const storedCode = await c.getSignedCookie(
+    const storedState = await c.getSignedCookie(
       c.context.authCookies.state.name,
       c.context.secret
     );
-    if (storedCode !== code) {
-      logger.error("Oauth code mismatch", storedCode, code);
+    if (storedState !== stateCode) {
+      logger.error("OAuth state mismatch", storedState, stateCode);
       throw c.redirect(
         `${c.context.baseURL}/error?error=please_restart_the_process`
       );
@@ -1595,8 +1582,7 @@ var callbackOAuth = createAuthEndpoint(
     try {
       const session = await c.context.internalAdapter.createSession(
         userId || id,
-        c.request,
-        dontRememberMe
+        c.request
       );
       if (!session) {
         const url = new URL(currentURL || callbackURL);
@@ -1604,7 +1590,7 @@ var callbackOAuth = createAuthEndpoint(
         throw c.redirect(url.toString());
       }
       try {
-        await setSessionCookie(c, session.id, dontRememberMe);
+        await setSessionCookie(c, session.id);
       } catch (e) {
         c.context.logger.error("Unable to set session cookie", e);
         const url = new URL(currentURL || callbackURL);

package/dist/next-js.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth } from './index-Bh0h0nFa.js';
+import { a as Auth } from './index-C6jmDLjB.js';
 import { U as User, S as Session } from './types-Bs23H3QM.js';
 import { NextRequest } from 'next/server';
 import 'zod';

package/dist/node.d.ts

@@ -1,5 +1,5 @@
 import * as http from 'http';
-import { a as Auth } from './index-Bh0h0nFa.js';
+import { a as Auth } from './index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import './types-Bs23H3QM.js';

package/dist/plugins.d.ts

@@ -1,7 +1,7 @@
-export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-DI8FMfhr.js';
+export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-DCBFTxDp.js';
 export { i as ac } from './index-DfAHOgpj.js';
-import { H as HookEndpointContext } from './index-Bh0h0nFa.js';
-export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-Bh0h0nFa.js';
+import { H as HookEndpointContext } from './index-C6jmDLjB.js';
+export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-C6jmDLjB.js';
 import './types-Bs23H3QM.js';
 import 'zod';
 import 'arctic';

package/dist/plugins.js

@@ -138,7 +138,7 @@ function generateCodeChallenge(codeVerifier) {
     includePadding: false
   });
 }
-function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes) {
+function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes, disablePkce) {
   const url = new URL(authorizationEndpoint);
   url.searchParams.set("response_type", "code");
   url.searchParams.set("client_id", options.clientId);
@@ -148,9 +148,11 @@ function createAuthorizationURL(id, options, authorizationEndpoint, state, codeV
     "redirect_uri",
     options.redirectURI || getRedirectURI(id)
   );
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("code_challenge", codeChallenge);
+  if (!disablePkce) {
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("code_challenge", codeChallenge);
+  }
   return url;
 }
 
@@ -718,14 +720,12 @@ var oAuthProviderList = Object.keys(oAuthProviders);
 // src/utils/state.ts
 import { generateState as generateStateOAuth } from "oslo/oauth2";
 import { z } from "zod";
-function generateState(callbackURL, currentURL, dontRememberMe, additionalFields) {
+function generateState(callbackURL, currentURL) {
   const code = generateStateOAuth();
   const state = JSON.stringify({
     code,
     callbackURL,
-    currentURL,
-    dontRememberMe,
-    additionalFields
+    currentURL
   });
   return { state, code };
 }
@@ -733,9 +733,7 @@ function parseState(state) {
   const data = z.object({
     code: z.string(),
     callbackURL: z.string().optional(),
-    currentURL: z.string().optional(),
-    dontRememberMe: z.boolean().optional(),
-    additionalFields: z.record(z.string()).optional()
+    currentURL: z.string().optional()
   }).safeParse(JSON.parse(state));
   return data;
 }
@@ -941,11 +939,7 @@ var signInOAuth = createAuthEndpoint(
       /**
        * OAuth2 provider to use`
        */
-      provider: z3.enum(oAuthProviderList),
-      /**
-       * If this is true the session will only be valid for the current browser session
-       */
-      dontRememberMe: z3.boolean().default(false).optional()
+      provider: z3.enum(oAuthProviderList)
     })
   },
   async (c) => {
@@ -970,37 +964,33 @@ var signInOAuth = createAuthEndpoint(
       callbackURL || currentURL?.origin || c.context.baseURL,
       c.query?.currentURL
     );
-    try {
-      await c.setSignedCookie(
-        cookie.state.name,
-        state.code,
-        c.context.secret,
-        cookie.state.options
-      );
-      const codeVerifier = generateCodeVerifier();
-      await c.setSignedCookie(
-        cookie.pkCodeVerifier.name,
-        codeVerifier,
-        c.context.secret,
-        cookie.pkCodeVerifier.options
-      );
-      const url = provider.createAuthorizationURL({
-        state: state.state,
-        codeVerifier
-      });
-      url.searchParams.set(
-        "redirect_uri",
-        `${c.context.baseURL}/callback/${c.body.provider}`
-      );
-      return {
-        url: url.toString(),
-        state: state.state,
-        codeVerifier,
-        redirect: true
-      };
-    } catch (e) {
-      throw new APIError2("INTERNAL_SERVER_ERROR");
-    }
+    await c.setSignedCookie(
+      cookie.state.name,
+      state.code,
+      c.context.secret,
+      cookie.state.options
+    );
+    const codeVerifier = generateCodeVerifier();
+    await c.setSignedCookie(
+      cookie.pkCodeVerifier.name,
+      codeVerifier,
+      c.context.secret,
+      cookie.pkCodeVerifier.options
+    );
+    const url = provider.createAuthorizationURL({
+      state: state.state,
+      codeVerifier
+    });
+    url.searchParams.set(
+      "redirect_uri",
+      `${c.context.baseURL}/callback/${c.body.provider}`
+    );
+    return c.json({
+      url: url.toString(),
+      state: state.state,
+      codeVerifier,
+      redirect: true
+    });
   }
 );
 var signInEmail = createAuthEndpoint(
@@ -1294,14 +1284,14 @@ var callbackOAuth = createAuthEndpoint(
       );
     }
     const {
-      data: { callbackURL, currentURL, dontRememberMe, code }
+      data: { callbackURL, currentURL, code: stateCode }
     } = parsedState;
-    const storedCode = await c.getSignedCookie(
+    const storedState = await c.getSignedCookie(
       c.context.authCookies.state.name,
       c.context.secret
     );
-    if (storedCode !== code) {
-      logger.error("Oauth code mismatch", storedCode, code);
+    if (storedState !== stateCode) {
+      logger.error("OAuth state mismatch", storedState, stateCode);
       throw c.redirect(
         `${c.context.baseURL}/error?error=please_restart_the_process`
       );
@@ -1407,8 +1397,7 @@ var callbackOAuth = createAuthEndpoint(
     try {
       const session = await c.context.internalAdapter.createSession(
         userId || id,
-        c.request,
-        dontRememberMe
+        c.request
       );
       if (!session) {
         const url = new URL(currentURL || callbackURL);
@@ -1416,7 +1405,7 @@ var callbackOAuth = createAuthEndpoint(
         throw c.redirect(url.toString());
       }
       try {
-        await setSessionCookie(c, session.id, dontRememberMe);
+        await setSessionCookie(c, session.id);
       } catch (e) {
         c.context.logger.error("Unable to set session cookie", e);
         const url = new URL(currentURL || callbackURL);

package/dist/react.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { useStore } from '@nanostores/react';
-import './index-Bh0h0nFa.js';
+import './index-C6jmDLjB.js';
 import 'kysely';
 import './types-Bs23H3QM.js';
 import 'arctic';

package/dist/react.js

@@ -85,11 +85,6 @@ var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
   async init(url, options) {
-    if (!options?.baseURL) {
-      throw new BetterAuthError(
-        "API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`"
-      );
-    }
     if (options?.method !== "GET") {
       options = options || {};
       const { data, error } = await betterFetch("/csrf", {

package/dist/social.js

@@ -93,7 +93,7 @@ function generateCodeChallenge(codeVerifier) {
     includePadding: false
   });
 }
-function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes) {
+function createAuthorizationURL(id, options, authorizationEndpoint, state, codeVerifier, scopes, disablePkce) {
   const url = new URL(authorizationEndpoint);
   url.searchParams.set("response_type", "code");
   url.searchParams.set("client_id", options.clientId);
@@ -103,9 +103,11 @@ function createAuthorizationURL(id, options, authorizationEndpoint, state, codeV
     "redirect_uri",
     options.redirectURI || getRedirectURI(id)
   );
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("code_challenge", codeChallenge);
+  if (!disablePkce) {
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("code_challenge", codeChallenge);
+  }
   return url;
 }
 

package/dist/solid-start.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth } from './index-Bh0h0nFa.js';
+import { a as Auth } from './index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import './types-Bs23H3QM.js';

package/dist/solid.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Accessor } from 'solid-js';
-import './index-Bh0h0nFa.js';
+import './index-C6jmDLjB.js';
 import 'kysely';
 import './types-Bs23H3QM.js';
 import 'arctic';

package/dist/solid.js

@@ -85,11 +85,6 @@ var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
   async init(url, options) {
-    if (!options?.baseURL) {
-      throw new BetterAuthError(
-        "API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`"
-      );
-    }
     if (options?.method !== "GET") {
       options = options || {};
       const { data, error } = await betterFetch("/csrf", {

package/dist/svelte-kit.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth, B as BetterAuthOptions } from './index-Bh0h0nFa.js';
+import { a as Auth, B as BetterAuthOptions } from './index-C6jmDLjB.js';
 import 'zod';
 import 'kysely';
 import './types-Bs23H3QM.js';

package/dist/svelte.d.ts

@@ -3,7 +3,7 @@ import * as nanostores from 'nanostores';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
-import './index-Bh0h0nFa.js';
+import './index-C6jmDLjB.js';
 import 'kysely';
 import './types-Bs23H3QM.js';
 import 'arctic';

package/dist/svelte.js

@@ -82,11 +82,6 @@ var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
   async init(url, options) {
-    if (!options?.baseURL) {
-      throw new BetterAuthError(
-        "API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`"
-      );
-    }
     if (options?.method !== "GET") {
       options = options || {};
       const { data, error } = await betterFetch("/csrf", {

package/dist/types.d.ts

@@ -1,5 +1,5 @@
-import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, h as InferFieldsOutput } from './index-Bh0h0nFa.js';
-export { A as Adapter, k as AdditionalSessionFieldsInput, l as AdditionalSessionFieldsOutput, i as AdditionalUserFieldsInput, j as AdditionalUserFieldsOutput, g as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, p as InferPluginTypes, n as InferSession, m as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, q as init } from './index-Bh0h0nFa.js';
+import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, h as InferFieldsOutput } from './index-C6jmDLjB.js';
+export { A as Adapter, k as AdditionalSessionFieldsInput, l as AdditionalSessionFieldsOutput, i as AdditionalUserFieldsInput, j as AdditionalUserFieldsOutput, g as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, p as InferPluginTypes, n as InferSession, m as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, q as init } from './index-C6jmDLjB.js';
 import { U as UnionToIntersection, H as HasRequiredKeys, P as Prettify, S as StripEmptyObjects, L as LiteralString } from './helper-DPDj8Nix.js';
 export { D as DeepPartial, a as LiteralUnion, R as RequiredKeysOf, W as WithoutEmpty } from './helper-DPDj8Nix.js';
 import { S as Session, U as User } from './types-Bs23H3QM.js';

package/dist/vue.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Ref, DeepReadonly } from 'vue';
-import './index-Bh0h0nFa.js';
+import './index-C6jmDLjB.js';
 import 'kysely';
 import './types-Bs23H3QM.js';
 import 'arctic';

package/dist/vue.js

@@ -85,11 +85,6 @@ var csrfPlugin = {
   id: "csrf",
   name: "CSRF Check",
   async init(url, options) {
-    if (!options?.baseURL) {
-      throw new BetterAuthError(
-        "API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`"
-      );
-    }
     if (options?.method !== "GET") {
       options = options || {};
       const { data, error } = await betterFetch("/csrf", {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "better-auth",
-  "version": "0.3.6",
+  "version": "0.4.1",
   "description": "The most comprehensive authentication library for TypeScript.",
   "type": "module",
   "main": "./dist/index.js",
@@ -55,6 +55,7 @@
     "mongodb": "^6.9.0",
     "mysql2": "^3.11.0",
     "next": "^14.2.8",
+    "oauth2-mock-server": "^7.1.2",
     "pg": "^8.12.0",
     "prisma": "^5.19.1",
     "react": "^18.3.1",
@@ -81,7 +82,7 @@
     "@simplewebauthn/browser": "^10.0.0",
     "@simplewebauthn/server": "^10.0.1",
     "arctic": "2.0.0-next.9",
-    "better-call": "0.2.5",
+    "better-call": "0.2.6",
     "c12": "^1.11.2",
     "chalk": "^5.3.0",
     "commander": "^12.1.0",