better-auth 1.2.6-beta.7 → 1.2.7-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (273) hide show
  1. package/dist/adapters/drizzle-adapter/index.cjs +186 -249
  2. package/dist/adapters/drizzle-adapter/index.d.cts +11 -49
  3. package/dist/adapters/drizzle-adapter/index.d.mts +11 -49
  4. package/dist/adapters/drizzle-adapter/index.d.ts +11 -49
  5. package/dist/adapters/drizzle-adapter/index.mjs +186 -249
  6. package/dist/adapters/index.cjs +26 -0
  7. package/dist/adapters/index.d.cts +17 -0
  8. package/dist/adapters/index.d.mts +17 -0
  9. package/dist/adapters/index.d.ts +17 -0
  10. package/dist/adapters/index.mjs +20 -0
  11. package/dist/adapters/kysely-adapter/index.cjs +7 -7
  12. package/dist/adapters/kysely-adapter/index.d.cts +17 -49
  13. package/dist/adapters/kysely-adapter/index.d.mts +17 -49
  14. package/dist/adapters/kysely-adapter/index.d.ts +17 -49
  15. package/dist/adapters/kysely-adapter/index.mjs +8 -8
  16. package/dist/adapters/memory-adapter/index.cjs +7 -8
  17. package/dist/adapters/memory-adapter/index.d.cts +9 -49
  18. package/dist/adapters/memory-adapter/index.d.mts +9 -49
  19. package/dist/adapters/memory-adapter/index.d.ts +9 -49
  20. package/dist/adapters/memory-adapter/index.mjs +8 -9
  21. package/dist/adapters/mongodb-adapter/index.cjs +2 -2
  22. package/dist/adapters/mongodb-adapter/index.d.cts +4 -4
  23. package/dist/adapters/mongodb-adapter/index.d.mts +4 -4
  24. package/dist/adapters/mongodb-adapter/index.d.ts +4 -4
  25. package/dist/adapters/mongodb-adapter/index.mjs +3 -3
  26. package/dist/adapters/prisma-adapter/index.cjs +130 -203
  27. package/dist/adapters/prisma-adapter/index.d.cts +17 -49
  28. package/dist/adapters/prisma-adapter/index.d.mts +17 -49
  29. package/dist/adapters/prisma-adapter/index.d.ts +17 -49
  30. package/dist/adapters/prisma-adapter/index.mjs +131 -204
  31. package/dist/adapters/test.cjs +710 -377
  32. package/dist/adapters/test.d.cts +64 -5
  33. package/dist/adapters/test.d.mts +64 -5
  34. package/dist/adapters/test.d.ts +64 -5
  35. package/dist/adapters/test.mjs +712 -380
  36. package/dist/api/index.cjs +61 -25
  37. package/dist/api/index.d.cts +3 -3
  38. package/dist/api/index.d.mts +3 -3
  39. package/dist/api/index.d.ts +3 -3
  40. package/dist/api/index.mjs +63 -27
  41. package/dist/client/index.d.cts +3 -3
  42. package/dist/client/index.d.mts +3 -3
  43. package/dist/client/index.d.ts +3 -3
  44. package/dist/client/plugins/index.cjs +13 -15
  45. package/dist/client/plugins/index.d.cts +80 -19
  46. package/dist/client/plugins/index.d.mts +80 -19
  47. package/dist/client/plugins/index.d.ts +80 -19
  48. package/dist/client/plugins/index.mjs +13 -16
  49. package/dist/client/react/index.cjs +4 -4
  50. package/dist/client/react/index.d.cts +3 -3
  51. package/dist/client/react/index.d.mts +3 -3
  52. package/dist/client/react/index.d.ts +3 -3
  53. package/dist/client/solid/index.d.cts +3 -3
  54. package/dist/client/solid/index.d.mts +3 -3
  55. package/dist/client/solid/index.d.ts +3 -3
  56. package/dist/client/svelte/index.d.cts +3 -3
  57. package/dist/client/svelte/index.d.mts +3 -3
  58. package/dist/client/svelte/index.d.ts +3 -3
  59. package/dist/client/vue/index.d.cts +3 -3
  60. package/dist/client/vue/index.d.mts +3 -3
  61. package/dist/client/vue/index.d.ts +3 -3
  62. package/dist/cookies/index.cjs +13 -2
  63. package/dist/cookies/index.d.cts +3 -3
  64. package/dist/cookies/index.d.mts +3 -3
  65. package/dist/cookies/index.d.ts +3 -3
  66. package/dist/cookies/index.mjs +13 -2
  67. package/dist/db/index.cjs +6 -5
  68. package/dist/db/index.d.cts +4 -4
  69. package/dist/db/index.d.mts +4 -4
  70. package/dist/db/index.d.ts +4 -4
  71. package/dist/db/index.mjs +7 -6
  72. package/dist/index.cjs +11 -7
  73. package/dist/index.d.cts +4 -4
  74. package/dist/index.d.mts +4 -4
  75. package/dist/index.d.ts +4 -4
  76. package/dist/index.mjs +14 -10
  77. package/dist/integrations/next-js.cjs +4 -5
  78. package/dist/integrations/next-js.d.cts +3 -3
  79. package/dist/integrations/next-js.d.mts +3 -3
  80. package/dist/integrations/next-js.d.ts +3 -3
  81. package/dist/integrations/next-js.mjs +5 -6
  82. package/dist/integrations/node.d.cts +3 -3
  83. package/dist/integrations/node.d.mts +3 -3
  84. package/dist/integrations/node.d.ts +3 -3
  85. package/dist/integrations/react-start.cjs +5 -6
  86. package/dist/integrations/react-start.d.cts +3 -3
  87. package/dist/integrations/react-start.d.mts +3 -3
  88. package/dist/integrations/react-start.d.ts +3 -3
  89. package/dist/integrations/react-start.mjs +6 -7
  90. package/dist/integrations/svelte-kit.d.cts +3 -3
  91. package/dist/integrations/svelte-kit.d.mts +3 -3
  92. package/dist/integrations/svelte-kit.d.ts +3 -3
  93. package/dist/oauth2/index.d.cts +5 -5
  94. package/dist/oauth2/index.d.mts +5 -5
  95. package/dist/oauth2/index.d.ts +5 -5
  96. package/dist/plugins/access/index.d.cts +1 -1
  97. package/dist/plugins/access/index.d.mts +1 -1
  98. package/dist/plugins/access/index.d.ts +1 -1
  99. package/dist/plugins/admin/access/index.d.cts +1 -1
  100. package/dist/plugins/admin/access/index.d.mts +1 -1
  101. package/dist/plugins/admin/access/index.d.ts +1 -1
  102. package/dist/plugins/admin/index.cjs +4 -4
  103. package/dist/plugins/admin/index.d.cts +74 -14
  104. package/dist/plugins/admin/index.d.mts +74 -14
  105. package/dist/plugins/admin/index.d.ts +74 -14
  106. package/dist/plugins/admin/index.mjs +5 -5
  107. package/dist/plugins/anonymous/index.cjs +4 -5
  108. package/dist/plugins/anonymous/index.d.cts +3 -3
  109. package/dist/plugins/anonymous/index.d.mts +3 -3
  110. package/dist/plugins/anonymous/index.d.ts +3 -3
  111. package/dist/plugins/anonymous/index.mjs +5 -6
  112. package/dist/plugins/bearer/index.cjs +2 -2
  113. package/dist/plugins/bearer/index.d.cts +3 -3
  114. package/dist/plugins/bearer/index.d.mts +3 -3
  115. package/dist/plugins/bearer/index.d.ts +3 -3
  116. package/dist/plugins/bearer/index.mjs +3 -3
  117. package/dist/plugins/captcha/index.cjs +110 -45
  118. package/dist/plugins/captcha/index.d.cts +26 -6
  119. package/dist/plugins/captcha/index.d.mts +26 -6
  120. package/dist/plugins/captcha/index.d.ts +26 -6
  121. package/dist/plugins/captcha/index.mjs +110 -45
  122. package/dist/plugins/custom-session/index.cjs +24 -5
  123. package/dist/plugins/custom-session/index.d.cts +25 -6
  124. package/dist/plugins/custom-session/index.d.mts +25 -6
  125. package/dist/plugins/custom-session/index.d.ts +25 -6
  126. package/dist/plugins/custom-session/index.mjs +25 -6
  127. package/dist/plugins/email-otp/index.cjs +96 -30
  128. package/dist/plugins/email-otp/index.d.cts +33 -10
  129. package/dist/plugins/email-otp/index.d.mts +33 -10
  130. package/dist/plugins/email-otp/index.d.ts +33 -10
  131. package/dist/plugins/email-otp/index.mjs +97 -31
  132. package/dist/plugins/generic-oauth/index.cjs +81 -20
  133. package/dist/plugins/generic-oauth/index.d.cts +46 -3
  134. package/dist/plugins/generic-oauth/index.d.mts +46 -3
  135. package/dist/plugins/generic-oauth/index.d.ts +46 -3
  136. package/dist/plugins/generic-oauth/index.mjs +82 -21
  137. package/dist/plugins/haveibeenpwned/index.cjs +98 -0
  138. package/dist/plugins/haveibeenpwned/index.d.cts +36 -0
  139. package/dist/plugins/haveibeenpwned/index.d.mts +36 -0
  140. package/dist/plugins/haveibeenpwned/index.d.ts +36 -0
  141. package/dist/plugins/haveibeenpwned/index.mjs +96 -0
  142. package/dist/plugins/index.cjs +583 -19
  143. package/dist/plugins/index.d.cts +7 -5
  144. package/dist/plugins/index.d.mts +7 -5
  145. package/dist/plugins/index.d.ts +7 -5
  146. package/dist/plugins/index.mjs +583 -21
  147. package/dist/plugins/jwt/index.cjs +45 -21
  148. package/dist/plugins/jwt/index.d.cts +52 -6
  149. package/dist/plugins/jwt/index.d.mts +52 -6
  150. package/dist/plugins/jwt/index.d.ts +52 -6
  151. package/dist/plugins/jwt/index.mjs +46 -22
  152. package/dist/plugins/magic-link/index.cjs +3 -3
  153. package/dist/plugins/magic-link/index.mjs +4 -4
  154. package/dist/plugins/multi-session/index.cjs +3 -3
  155. package/dist/plugins/multi-session/index.d.cts +3 -3
  156. package/dist/plugins/multi-session/index.d.mts +3 -3
  157. package/dist/plugins/multi-session/index.d.ts +3 -3
  158. package/dist/plugins/multi-session/index.mjs +4 -4
  159. package/dist/plugins/oauth-proxy/index.cjs +4 -4
  160. package/dist/plugins/oauth-proxy/index.d.cts +3 -3
  161. package/dist/plugins/oauth-proxy/index.d.mts +3 -3
  162. package/dist/plugins/oauth-proxy/index.d.ts +3 -3
  163. package/dist/plugins/oauth-proxy/index.mjs +5 -5
  164. package/dist/plugins/oidc-provider/index.cjs +227 -8
  165. package/dist/plugins/oidc-provider/index.d.cts +215 -3
  166. package/dist/plugins/oidc-provider/index.d.mts +215 -3
  167. package/dist/plugins/oidc-provider/index.d.ts +215 -3
  168. package/dist/plugins/oidc-provider/index.mjs +228 -9
  169. package/dist/plugins/one-tap/index.cjs +5 -5
  170. package/dist/plugins/one-tap/index.mjs +6 -6
  171. package/dist/plugins/one-time-token/index.cjs +119 -0
  172. package/dist/plugins/one-time-token/index.d.cts +134 -0
  173. package/dist/plugins/one-time-token/index.d.mts +134 -0
  174. package/dist/plugins/one-time-token/index.d.ts +134 -0
  175. package/dist/plugins/one-time-token/index.mjs +117 -0
  176. package/dist/plugins/open-api/index.cjs +3 -3
  177. package/dist/plugins/open-api/index.d.cts +3 -3
  178. package/dist/plugins/open-api/index.d.mts +3 -3
  179. package/dist/plugins/open-api/index.d.ts +3 -3
  180. package/dist/plugins/open-api/index.mjs +4 -4
  181. package/dist/plugins/organization/access/index.d.cts +1 -1
  182. package/dist/plugins/organization/access/index.d.mts +1 -1
  183. package/dist/plugins/organization/access/index.d.ts +1 -1
  184. package/dist/plugins/organization/index.cjs +4 -4
  185. package/dist/plugins/organization/index.d.cts +708 -55
  186. package/dist/plugins/organization/index.d.mts +708 -55
  187. package/dist/plugins/organization/index.d.ts +708 -55
  188. package/dist/plugins/organization/index.mjs +5 -5
  189. package/dist/plugins/passkey/index.cjs +82 -8
  190. package/dist/plugins/passkey/index.d.cts +72 -3
  191. package/dist/plugins/passkey/index.d.mts +72 -3
  192. package/dist/plugins/passkey/index.d.ts +72 -3
  193. package/dist/plugins/passkey/index.mjs +83 -9
  194. package/dist/plugins/phone-number/index.cjs +194 -26
  195. package/dist/plugins/phone-number/index.d.cts +132 -8
  196. package/dist/plugins/phone-number/index.d.mts +132 -8
  197. package/dist/plugins/phone-number/index.d.ts +132 -8
  198. package/dist/plugins/phone-number/index.mjs +195 -27
  199. package/dist/plugins/sso/index.cjs +190 -7
  200. package/dist/plugins/sso/index.d.cts +181 -15
  201. package/dist/plugins/sso/index.d.mts +181 -15
  202. package/dist/plugins/sso/index.d.ts +181 -15
  203. package/dist/plugins/sso/index.mjs +191 -8
  204. package/dist/plugins/two-factor/index.cjs +443 -92
  205. package/dist/plugins/two-factor/index.d.cts +230 -396
  206. package/dist/plugins/two-factor/index.d.mts +230 -396
  207. package/dist/plugins/two-factor/index.d.ts +230 -396
  208. package/dist/plugins/two-factor/index.mjs +431 -80
  209. package/dist/plugins/username/index.cjs +34 -31
  210. package/dist/plugins/username/index.d.cts +15 -12
  211. package/dist/plugins/username/index.d.mts +15 -12
  212. package/dist/plugins/username/index.d.ts +15 -12
  213. package/dist/plugins/username/index.mjs +35 -32
  214. package/dist/shared/better-auth.1DR6suCQ.mjs +307 -0
  215. package/dist/shared/{better-auth.BSsp73pg.cjs → better-auth.B7cZ2juS.cjs} +15 -14
  216. package/dist/shared/{better-auth.bKwabe3I.d.mts → better-auth.B88xucNq.d.mts} +529 -39
  217. package/dist/shared/{better-auth.CApEjVDP.cjs → better-auth.BW8BpneG.cjs} +4 -1
  218. package/dist/shared/{better-auth.BiQsvaIP.d.cts → better-auth.BcU1Kjyq.d.cts} +2051 -518
  219. package/dist/shared/better-auth.BfG24BjZ.cjs +118 -0
  220. package/dist/shared/{better-auth.A3TjrU8G.mjs → better-auth.Bk5IMdhM.mjs} +32 -12
  221. package/dist/shared/{better-auth.D9VnBkRI.mjs → better-auth.Bm9HxIzE.mjs} +47 -24
  222. package/dist/shared/{better-auth.BRf6Iynu.d.ts → better-auth.Bwc-6kOr.d.ts} +1 -1
  223. package/dist/shared/{better-auth.D-oLmHIj.d.mts → better-auth.CA2hFK4N.d.ts} +2051 -518
  224. package/dist/shared/{better-auth.Dmhe30iW.d.mts → better-auth.CGukGrxT.d.cts} +1 -1
  225. package/dist/shared/{better-auth.CsSpq0zL.cjs → better-auth.CHUzBidy.cjs} +46 -23
  226. package/dist/shared/{better-auth.DWRligF8.d.cts → better-auth.CT9J6rD-.d.cts} +539 -7
  227. package/dist/shared/better-auth.CVCo5Z2T.cjs +310 -0
  228. package/dist/shared/{better-auth.D4jH-sJA.mjs → better-auth.CWwVo_61.mjs} +458 -118
  229. package/dist/shared/{better-auth.Bi8FQwDD.d.cts → better-auth.CYegVoq1.d.cts} +1 -1
  230. package/dist/shared/{better-auth.Bi8FQwDD.d.mts → better-auth.CYegVoq1.d.mts} +1 -1
  231. package/dist/shared/{better-auth.Bi8FQwDD.d.ts → better-auth.CYegVoq1.d.ts} +1 -1
  232. package/dist/shared/{better-auth.CepcSj5H.mjs → better-auth.Cc72UxUH.mjs} +1 -2
  233. package/dist/shared/{better-auth.BWp5dztg.d.ts → better-auth.CmN4mlPh.d.ts} +539 -7
  234. package/dist/shared/{better-auth.DH3YjMQH.mjs → better-auth.Cqykj82J.mjs} +1 -1
  235. package/dist/shared/{better-auth.wcdMj2cT.d.mts → better-auth.DIt2e3lu.d.mts} +539 -7
  236. package/dist/shared/{better-auth.BANAxdkL.d.ts → better-auth.DNTAFSt1.d.ts} +529 -39
  237. package/dist/shared/{better-auth.DU2QNVc_.d.ts → better-auth.DQ7OSJbI.d.mts} +2051 -518
  238. package/dist/shared/{better-auth.DLTzKoOS.cjs → better-auth.DSVbLSt7.cjs} +4 -1
  239. package/dist/shared/{better-auth.B2Fw1vhH.d.cts → better-auth.DTiSPWEk.d.cts} +529 -39
  240. package/dist/shared/better-auth.DURsStt9.mjs +116 -0
  241. package/dist/shared/{better-auth.BIjcZ_vt.cjs → better-auth.DYoLD99C.cjs} +31 -11
  242. package/dist/shared/{better-auth.CV1L7TPV.cjs → better-auth.D_ZIX1O8.cjs} +317 -47
  243. package/dist/shared/{better-auth.C5H9XEzZ.cjs → better-auth.DcWKCjjf.cjs} +1 -2
  244. package/dist/shared/{better-auth.BDYXUcLv.cjs → better-auth.Dg0siV5C.cjs} +457 -117
  245. package/dist/shared/better-auth.DjryM8pE.cjs +760 -0
  246. package/dist/shared/{better-auth.DPBQN9Fs.mjs → better-auth.Dn_Ms1Uf.mjs} +318 -48
  247. package/dist/shared/{better-auth.DiG4KL2x.mjs → better-auth.OuYYTHC7.mjs} +4 -1
  248. package/dist/shared/{better-auth.DtC8i3pf.d.cts → better-auth.S1jimRbX.d.mts} +1 -1
  249. package/dist/shared/better-auth.SPmq4a4z.d.mts +344 -0
  250. package/dist/shared/{better-auth.cOCrlspr.mjs → better-auth.bkwPl2G4.mjs} +4 -1
  251. package/dist/shared/better-auth.cp2rC2iM.d.ts +344 -0
  252. package/dist/shared/better-auth.eVy4DZvP.d.cts +344 -0
  253. package/dist/shared/{better-auth.BrOpzmqo.mjs → better-auth.iKoUsdFE.mjs} +15 -14
  254. package/dist/shared/better-auth.rSYJCd3o.mjs +758 -0
  255. package/dist/social-providers/index.cjs +75 -3
  256. package/dist/social-providers/index.d.cts +2 -2
  257. package/dist/social-providers/index.d.mts +2 -2
  258. package/dist/social-providers/index.d.ts +2 -2
  259. package/dist/social-providers/index.mjs +77 -6
  260. package/dist/types/index.d.cts +4 -4
  261. package/dist/types/index.d.mts +4 -4
  262. package/dist/types/index.d.ts +4 -4
  263. package/package.json +42 -5
  264. package/dist/chunks/server.cjs +0 -905
  265. package/dist/chunks/server.mjs +0 -895
  266. package/dist/shared/better-auth.BcoSd9tC.mjs +0 -10
  267. package/dist/shared/better-auth.BnRFp-t0.mjs +0 -405
  268. package/dist/shared/better-auth.C1-vpKly.cjs +0 -12
  269. package/dist/shared/better-auth.ClTSOgiD.mjs +0 -140
  270. package/dist/shared/better-auth.DC8JQbiE.mjs +0 -173
  271. package/dist/shared/better-auth.DWHWPllD.cjs +0 -175
  272. package/dist/shared/better-auth.DqLjzBlO.cjs +0 -408
  273. package/dist/shared/better-auth.m575EIBC.cjs +0 -144
@@ -1,8 +1,8 @@
1
1
  import * as better_call from 'better-call';
2
2
  import { z } from 'zod';
3
- import { U as User, j as AuthContext } from '../../shared/better-auth.BiQsvaIP.cjs';
4
- import { O as OAuth2Tokens, a as OAuthProvider } from '../../shared/better-auth.B2Fw1vhH.cjs';
5
- import '../../shared/better-auth.Bi8FQwDD.cjs';
3
+ import { U as User, l as AuthContext } from '../../shared/better-auth.BcU1Kjyq.cjs';
4
+ import { O as OAuth2Tokens, a as OAuthProvider } from '../../shared/better-auth.DTiSPWEk.cjs';
5
+ import '../../shared/better-auth.CYegVoq1.cjs';
6
6
  import 'kysely';
7
7
  import 'better-sqlite3';
8
8
  import 'jose';
@@ -116,6 +116,19 @@ interface GenericOAuthConfig {
116
116
  * @default "post"
117
117
  */
118
118
  authentication?: "basic" | "post";
119
+ /**
120
+ * Custom headers to include in the discovery request.
121
+ * Useful for providers like Epic that require specific headers (e.g., Epic-Client-ID).
122
+ */
123
+ discoveryHeaders?: Record<string, string>;
124
+ /**
125
+ * Override user info with the provider info.
126
+ *
127
+ * This will update the user info with the provider info,
128
+ * when the user signs in with the provider.
129
+ * @default false
130
+ */
131
+ overrideUserInfo?: boolean;
119
132
  }
120
133
  interface GenericOAuthOptions {
121
134
  /**
@@ -376,6 +389,36 @@ declare const genericOAuth: (options: GenericOAuthOptions) => {
376
389
  };
377
390
  };
378
391
  }>)[];
392
+ metadata: {
393
+ openapi: {
394
+ description: string;
395
+ responses: {
396
+ "200": {
397
+ description: string;
398
+ content: {
399
+ "application/json": {
400
+ schema: {
401
+ type: "object";
402
+ properties: {
403
+ url: {
404
+ type: string;
405
+ format: string;
406
+ description: string;
407
+ };
408
+ redirect: {
409
+ type: string;
410
+ description: string;
411
+ enum: boolean[];
412
+ };
413
+ };
414
+ required: string[];
415
+ };
416
+ };
417
+ };
418
+ };
419
+ };
420
+ };
421
+ };
379
422
  } & {
380
423
  use: any[];
381
424
  };
@@ -1,8 +1,8 @@
1
1
  import * as better_call from 'better-call';
2
2
  import { z } from 'zod';
3
- import { U as User, j as AuthContext } from '../../shared/better-auth.D-oLmHIj.mjs';
4
- import { O as OAuth2Tokens, a as OAuthProvider } from '../../shared/better-auth.bKwabe3I.mjs';
5
- import '../../shared/better-auth.Bi8FQwDD.mjs';
3
+ import { U as User, l as AuthContext } from '../../shared/better-auth.DQ7OSJbI.mjs';
4
+ import { O as OAuth2Tokens, a as OAuthProvider } from '../../shared/better-auth.B88xucNq.mjs';
5
+ import '../../shared/better-auth.CYegVoq1.mjs';
6
6
  import 'kysely';
7
7
  import 'better-sqlite3';
8
8
  import 'jose';
@@ -116,6 +116,19 @@ interface GenericOAuthConfig {
116
116
  * @default "post"
117
117
  */
118
118
  authentication?: "basic" | "post";
119
+ /**
120
+ * Custom headers to include in the discovery request.
121
+ * Useful for providers like Epic that require specific headers (e.g., Epic-Client-ID).
122
+ */
123
+ discoveryHeaders?: Record<string, string>;
124
+ /**
125
+ * Override user info with the provider info.
126
+ *
127
+ * This will update the user info with the provider info,
128
+ * when the user signs in with the provider.
129
+ * @default false
130
+ */
131
+ overrideUserInfo?: boolean;
119
132
  }
120
133
  interface GenericOAuthOptions {
121
134
  /**
@@ -376,6 +389,36 @@ declare const genericOAuth: (options: GenericOAuthOptions) => {
376
389
  };
377
390
  };
378
391
  }>)[];
392
+ metadata: {
393
+ openapi: {
394
+ description: string;
395
+ responses: {
396
+ "200": {
397
+ description: string;
398
+ content: {
399
+ "application/json": {
400
+ schema: {
401
+ type: "object";
402
+ properties: {
403
+ url: {
404
+ type: string;
405
+ format: string;
406
+ description: string;
407
+ };
408
+ redirect: {
409
+ type: string;
410
+ description: string;
411
+ enum: boolean[];
412
+ };
413
+ };
414
+ required: string[];
415
+ };
416
+ };
417
+ };
418
+ };
419
+ };
420
+ };
421
+ };
379
422
  } & {
380
423
  use: any[];
381
424
  };
@@ -1,8 +1,8 @@
1
1
  import * as better_call from 'better-call';
2
2
  import { z } from 'zod';
3
- import { U as User, j as AuthContext } from '../../shared/better-auth.DU2QNVc_.js';
4
- import { O as OAuth2Tokens, a as OAuthProvider } from '../../shared/better-auth.BANAxdkL.js';
5
- import '../../shared/better-auth.Bi8FQwDD.js';
3
+ import { U as User, l as AuthContext } from '../../shared/better-auth.CA2hFK4N.js';
4
+ import { O as OAuth2Tokens, a as OAuthProvider } from '../../shared/better-auth.DNTAFSt1.js';
5
+ import '../../shared/better-auth.CYegVoq1.js';
6
6
  import 'kysely';
7
7
  import 'better-sqlite3';
8
8
  import 'jose';
@@ -116,6 +116,19 @@ interface GenericOAuthConfig {
116
116
  * @default "post"
117
117
  */
118
118
  authentication?: "basic" | "post";
119
+ /**
120
+ * Custom headers to include in the discovery request.
121
+ * Useful for providers like Epic that require specific headers (e.g., Epic-Client-ID).
122
+ */
123
+ discoveryHeaders?: Record<string, string>;
124
+ /**
125
+ * Override user info with the provider info.
126
+ *
127
+ * This will update the user info with the provider info,
128
+ * when the user signs in with the provider.
129
+ * @default false
130
+ */
131
+ overrideUserInfo?: boolean;
119
132
  }
120
133
  interface GenericOAuthOptions {
121
134
  /**
@@ -376,6 +389,36 @@ declare const genericOAuth: (options: GenericOAuthOptions) => {
376
389
  };
377
390
  };
378
391
  }>)[];
392
+ metadata: {
393
+ openapi: {
394
+ description: string;
395
+ responses: {
396
+ "200": {
397
+ description: string;
398
+ content: {
399
+ "application/json": {
400
+ schema: {
401
+ type: "object";
402
+ properties: {
403
+ url: {
404
+ type: string;
405
+ format: string;
406
+ description: string;
407
+ };
408
+ redirect: {
409
+ type: string;
410
+ description: string;
411
+ enum: boolean[];
412
+ };
413
+ };
414
+ required: string[];
415
+ };
416
+ };
417
+ };
418
+ };
419
+ };
420
+ };
421
+ };
379
422
  } & {
380
423
  use: any[];
381
424
  };
@@ -1,11 +1,11 @@
1
1
  import { betterFetch } from '@better-fetch/fetch';
2
2
  import { APIError } from 'better-call';
3
3
  import { z } from 'zod';
4
- import { a as createAuthEndpoint, s as sessionMiddleware, B as BASE_ERROR_CODES, h as handleOAuthUserInfo } from '../../shared/better-auth.D4jH-sJA.mjs';
4
+ import { a as createAuthEndpoint, s as sessionMiddleware, B as BASE_ERROR_CODES, h as handleOAuthUserInfo } from '../../shared/better-auth.CWwVo_61.mjs';
5
5
  import { setSessionCookie } from '../../cookies/index.mjs';
6
- import '../../shared/better-auth.CepcSj5H.mjs';
6
+ import '../../shared/better-auth.Cc72UxUH.mjs';
7
7
  import '../../shared/better-auth.8zoxzg-F.mjs';
8
- import '../../shared/better-auth.DH3YjMQH.mjs';
8
+ import '../../shared/better-auth.Cqykj82J.mjs';
9
9
  import 'defu';
10
10
  import { c as createAuthorizationURL, v as validateAuthorizationCode, r as refreshAccessToken } from '../../shared/better-auth.DCVeP5-W.mjs';
11
11
  import '@better-auth/utils/hash';
@@ -23,13 +23,13 @@ import '@noble/hashes/utils';
23
23
  import '../../shared/better-auth.B4Qoxdgc.mjs';
24
24
  import '@better-auth/utils/random';
25
25
  import '../../shared/better-auth.DdzSJf-n.mjs';
26
+ import '../../shared/better-auth.tB5eU6EY.mjs';
26
27
  import '../../shared/better-auth.CW6D9eSx.mjs';
27
28
  import '../../shared/better-auth.BUPPRXfK.mjs';
28
29
  import '@better-auth/utils/hmac';
29
30
  import '../../shared/better-auth.DDEbWX-S.mjs';
30
31
  import '../../shared/better-auth.VTXNLFMT.mjs';
31
32
  import 'jose/errors';
32
- import '../../shared/better-auth.tB5eU6EY.mjs';
33
33
  import '@better-auth/utils/binary';
34
34
 
35
35
  async function getUserInfo(tokens, finalUserInfoUrl) {
@@ -95,7 +95,8 @@ const genericOAuth = (options) => {
95
95
  let finalTokenUrl = c.tokenUrl;
96
96
  if (c.discoveryUrl) {
97
97
  const discovery = await betterFetch(c.discoveryUrl, {
98
- method: "GET"
98
+ method: "GET",
99
+ headers: c.discoveryHeaders
99
100
  });
100
101
  if (discovery.data) {
101
102
  finalTokenUrl = discovery.data.token_endpoint;
@@ -123,7 +124,8 @@ const genericOAuth = (options) => {
123
124
  let finalTokenUrl = c.tokenUrl;
124
125
  if (c.discoveryUrl) {
125
126
  const discovery = await betterFetch(c.discoveryUrl, {
126
- method: "GET"
127
+ method: "GET",
128
+ headers: c.discoveryHeaders
127
129
  });
128
130
  if (discovery.data) {
129
131
  finalTokenUrl = discovery.data.token_endpoint;
@@ -140,6 +142,7 @@ const genericOAuth = (options) => {
140
142
  clientId: c.clientId,
141
143
  clientSecret: c.clientSecret
142
144
  },
145
+ authentication: c.authentication,
143
146
  tokenEndpoint: finalTokenUrl
144
147
  });
145
148
  },
@@ -255,6 +258,8 @@ const genericOAuth = (options) => {
255
258
  let finalTokenUrl = tokenUrl;
256
259
  if (discoveryUrl) {
257
260
  const discovery = await betterFetch(discoveryUrl, {
261
+ method: "GET",
262
+ headers: config.discoveryHeaders,
258
263
  onError(context) {
259
264
  ctx.context.logger.error(context.error.message, context.error, {
260
265
  discoveryUrl
@@ -379,7 +384,8 @@ const genericOAuth = (options) => {
379
384
  let finalUserInfoUrl = provider.userInfoUrl;
380
385
  if (provider.discoveryUrl) {
381
386
  const discovery = await betterFetch(provider.discoveryUrl, {
382
- method: "GET"
387
+ method: "GET",
388
+ headers: provider.discoveryHeaders
383
389
  });
384
390
  if (discovery.data) {
385
391
  finalTokenUrl = discovery.data.token_endpoint;
@@ -429,18 +435,40 @@ const genericOAuth = (options) => {
429
435
  if (ctx.context.options.account?.accountLinking?.allowDifferentEmails !== true && link.email !== mapUser.email.toLowerCase()) {
430
436
  return redirectOnError("email_doesn't_match");
431
437
  }
432
- const newAccount = await ctx.context.internalAdapter.createAccount({
433
- userId: link.userId,
434
- providerId: provider.providerId,
435
- accountId: userInfo.id,
436
- accessToken: tokens.accessToken,
437
- refreshToken: tokens.refreshToken,
438
- accessTokenExpiresAt: tokens.accessTokenExpiresAt,
439
- refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
440
- scope: tokens.scopes?.join(",")
441
- });
442
- if (!newAccount) {
443
- return redirectOnError("unable_to_link_account");
438
+ const existingAccount = await ctx.context.internalAdapter.findAccount(userInfo.id);
439
+ if (existingAccount) {
440
+ if (existingAccount.userId !== link.userId) {
441
+ return redirectOnError(
442
+ "account_already_linked_to_different_user"
443
+ );
444
+ }
445
+ const updateData = Object.fromEntries(
446
+ Object.entries({
447
+ accessToken: tokens.accessToken,
448
+ idToken: tokens.idToken,
449
+ refreshToken: tokens.refreshToken,
450
+ accessTokenExpiresAt: tokens.accessTokenExpiresAt,
451
+ refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
452
+ scope: tokens.scopes?.join(",")
453
+ }).filter(([_, value]) => value !== void 0)
454
+ );
455
+ await ctx.context.internalAdapter.updateAccount(
456
+ existingAccount.id,
457
+ updateData
458
+ );
459
+ } else {
460
+ const newAccount = await ctx.context.internalAdapter.createAccount({
461
+ userId: link.userId,
462
+ providerId: provider.providerId,
463
+ accountId: userInfo.id,
464
+ accessToken: tokens.accessToken,
465
+ accessTokenExpiresAt: tokens.accessTokenExpiresAt,
466
+ refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
467
+ scope: tokens.scopes?.join(",")
468
+ });
469
+ if (!newAccount) {
470
+ return redirectOnError("unable_to_link_account");
471
+ }
444
472
  }
445
473
  let toRedirectTo2;
446
474
  try {
@@ -462,7 +490,8 @@ const genericOAuth = (options) => {
462
490
  ...tokens,
463
491
  scope: tokens.scopes?.join(",")
464
492
  },
465
- disableSignUp: provider.disableImplicitSignUp && !requestSignUp || provider.disableSignUp
493
+ disableSignUp: provider.disableImplicitSignUp && !requestSignUp || provider.disableSignUp,
494
+ overrideUserInfo: provider.overrideUserInfo
466
495
  });
467
496
  if (result.error) {
468
497
  return redirectOnError(result.error.split(" ").join("_"));
@@ -490,7 +519,37 @@ const genericOAuth = (options) => {
490
519
  providerId: z.string(),
491
520
  callbackURL: z.string()
492
521
  }),
493
- use: [sessionMiddleware]
522
+ use: [sessionMiddleware],
523
+ metadata: {
524
+ openapi: {
525
+ description: "Link an OAuth2 account to the current user session",
526
+ responses: {
527
+ "200": {
528
+ description: "Authorization URL generated successfully for linking an OAuth2 account",
529
+ content: {
530
+ "application/json": {
531
+ schema: {
532
+ type: "object",
533
+ properties: {
534
+ url: {
535
+ type: "string",
536
+ format: "uri",
537
+ description: "The authorization URL to redirect the user to for linking the OAuth2 account"
538
+ },
539
+ redirect: {
540
+ type: "boolean",
541
+ description: "Indicates that the client should redirect to the provided URL",
542
+ enum: [true]
543
+ }
544
+ },
545
+ required: ["url", "redirect"]
546
+ }
547
+ }
548
+ }
549
+ }
550
+ }
551
+ }
552
+ }
494
553
  },
495
554
  async (c) => {
496
555
  const session = c.context.session;
@@ -534,6 +593,8 @@ const genericOAuth = (options) => {
534
593
  });
535
594
  }
536
595
  const discovery = await betterFetch(discoveryUrl, {
596
+ method: "GET",
597
+ headers: provider.discoveryHeaders,
537
598
  onError(context) {
538
599
  c.context.logger.error(context.error.message, context.error, {
539
600
  discoveryUrl
@@ -0,0 +1,98 @@
1
+ 'use strict';
2
+
3
+ const betterCall = require('better-call');
4
+ require('../../shared/better-auth.Dg0siV5C.cjs');
5
+ require('zod');
6
+ require('../../shared/better-auth.DiSjtgs9.cjs');
7
+ require('@better-auth/utils/base64');
8
+ require('@better-auth/utils/hmac');
9
+ require('../../shared/better-auth.DcWKCjjf.cjs');
10
+ require('../../shared/better-auth.GpOOav9x.cjs');
11
+ require('defu');
12
+ const hash = require('@better-auth/utils/hash');
13
+ const fetch = require('@better-fetch/fetch');
14
+ require('../../cookies/index.cjs');
15
+ require('../../shared/better-auth.ANpbi45u.cjs');
16
+ require('../../shared/better-auth.C1hdVENX.cjs');
17
+ require('../../shared/better-auth.D3mtHEZg.cjs');
18
+ require('../../shared/better-auth.C-R0J0n1.cjs');
19
+ require('../../social-providers/index.cjs');
20
+ require('jose');
21
+ require('../../shared/better-auth.Cm29ZKNJ.cjs');
22
+ require('@noble/ciphers/chacha');
23
+ require('@noble/ciphers/utils');
24
+ require('@noble/ciphers/webcrypto');
25
+ require('@noble/hashes/scrypt');
26
+ require('@better-auth/utils');
27
+ require('@better-auth/utils/hex');
28
+ require('@noble/hashes/utils');
29
+ require('../../shared/better-auth.CYeOI8C-.cjs');
30
+ require('@better-auth/utils/random');
31
+ require('../../shared/better-auth.QbbyHMYf.cjs');
32
+ require('../../shared/better-auth.Bg6iw3ig.cjs');
33
+ require('../../shared/better-auth.BMYo0QR-.cjs');
34
+ require('jose/errors');
35
+ require('@better-auth/utils/binary');
36
+
37
+ const ERROR_CODES = {
38
+ PASSWORD_COMPROMISED: "The password you entered has been compromised. Please choose a different password."
39
+ };
40
+ async function checkPasswordCompromise(password, customMessage) {
41
+ if (!password) return;
42
+ const sha1Hash = (await hash.createHash("SHA-1", "hex").digest(password)).toUpperCase();
43
+ const prefix = sha1Hash.substring(0, 5);
44
+ const suffix = sha1Hash.substring(5);
45
+ try {
46
+ const { data, error } = await fetch.betterFetch(
47
+ `https://api.pwnedpasswords.com/range/${prefix}`,
48
+ {
49
+ headers: {
50
+ "Add-Padding": "true",
51
+ "User-Agent": "BetterAuth Password Checker"
52
+ }
53
+ }
54
+ );
55
+ if (error) {
56
+ throw new betterCall.APIError("INTERNAL_SERVER_ERROR", {
57
+ message: `Failed to check password. Status: ${error.status}`
58
+ });
59
+ }
60
+ const lines = data.split("\n");
61
+ const found = lines.some(
62
+ (line) => line.split(":")[0].toUpperCase() === suffix.toUpperCase()
63
+ );
64
+ if (found) {
65
+ throw new betterCall.APIError("BAD_REQUEST", {
66
+ message: customMessage || ERROR_CODES.PASSWORD_COMPROMISED,
67
+ code: "PASSWORD_COMPROMISED"
68
+ });
69
+ }
70
+ } catch (error) {
71
+ if (error instanceof betterCall.APIError) throw error;
72
+ throw new betterCall.APIError("INTERNAL_SERVER_ERROR", {
73
+ message: "Failed to check password. Please try again later."
74
+ });
75
+ }
76
+ }
77
+ const haveIBeenPwned = (options) => ({
78
+ id: "haveIBeenPwned",
79
+ init(ctx) {
80
+ return {
81
+ context: {
82
+ password: {
83
+ ...ctx.password,
84
+ async hash(password) {
85
+ await checkPasswordCompromise(
86
+ password,
87
+ options?.customPasswordCompromisedMessage
88
+ );
89
+ return ctx.password.hash(password);
90
+ }
91
+ }
92
+ }
93
+ };
94
+ },
95
+ $ERROR_CODES: ERROR_CODES
96
+ });
97
+
98
+ exports.haveIBeenPwned = haveIBeenPwned;
@@ -0,0 +1,36 @@
1
+ import { l as AuthContext, p as checkPassword } from '../../shared/better-auth.BcU1Kjyq.cjs';
2
+ import '../../shared/better-auth.CYegVoq1.cjs';
3
+ import 'zod';
4
+ import '../../shared/better-auth.DTiSPWEk.cjs';
5
+ import 'jose';
6
+ import 'kysely';
7
+ import 'better-call';
8
+ import 'better-sqlite3';
9
+
10
+ interface HaveIBeenPwnedOptions {
11
+ customPasswordCompromisedMessage?: string;
12
+ }
13
+ declare const haveIBeenPwned: (options?: HaveIBeenPwnedOptions) => {
14
+ id: "haveIBeenPwned";
15
+ init(ctx: AuthContext): {
16
+ context: {
17
+ password: {
18
+ hash(password: string): Promise<string>;
19
+ verify: (data: {
20
+ password: string;
21
+ hash: string;
22
+ }) => Promise<boolean>;
23
+ config: {
24
+ minPasswordLength: number;
25
+ maxPasswordLength: number;
26
+ };
27
+ checkPassword: typeof checkPassword;
28
+ };
29
+ };
30
+ };
31
+ $ERROR_CODES: {
32
+ readonly PASSWORD_COMPROMISED: "The password you entered has been compromised. Please choose a different password.";
33
+ };
34
+ };
35
+
36
+ export { type HaveIBeenPwnedOptions, haveIBeenPwned };
@@ -0,0 +1,36 @@
1
+ import { l as AuthContext, p as checkPassword } from '../../shared/better-auth.DQ7OSJbI.mjs';
2
+ import '../../shared/better-auth.CYegVoq1.mjs';
3
+ import 'zod';
4
+ import '../../shared/better-auth.B88xucNq.mjs';
5
+ import 'jose';
6
+ import 'kysely';
7
+ import 'better-call';
8
+ import 'better-sqlite3';
9
+
10
+ interface HaveIBeenPwnedOptions {
11
+ customPasswordCompromisedMessage?: string;
12
+ }
13
+ declare const haveIBeenPwned: (options?: HaveIBeenPwnedOptions) => {
14
+ id: "haveIBeenPwned";
15
+ init(ctx: AuthContext): {
16
+ context: {
17
+ password: {
18
+ hash(password: string): Promise<string>;
19
+ verify: (data: {
20
+ password: string;
21
+ hash: string;
22
+ }) => Promise<boolean>;
23
+ config: {
24
+ minPasswordLength: number;
25
+ maxPasswordLength: number;
26
+ };
27
+ checkPassword: typeof checkPassword;
28
+ };
29
+ };
30
+ };
31
+ $ERROR_CODES: {
32
+ readonly PASSWORD_COMPROMISED: "The password you entered has been compromised. Please choose a different password.";
33
+ };
34
+ };
35
+
36
+ export { type HaveIBeenPwnedOptions, haveIBeenPwned };
@@ -0,0 +1,36 @@
1
+ import { l as AuthContext, p as checkPassword } from '../../shared/better-auth.CA2hFK4N.js';
2
+ import '../../shared/better-auth.CYegVoq1.js';
3
+ import 'zod';
4
+ import '../../shared/better-auth.DNTAFSt1.js';
5
+ import 'jose';
6
+ import 'kysely';
7
+ import 'better-call';
8
+ import 'better-sqlite3';
9
+
10
+ interface HaveIBeenPwnedOptions {
11
+ customPasswordCompromisedMessage?: string;
12
+ }
13
+ declare const haveIBeenPwned: (options?: HaveIBeenPwnedOptions) => {
14
+ id: "haveIBeenPwned";
15
+ init(ctx: AuthContext): {
16
+ context: {
17
+ password: {
18
+ hash(password: string): Promise<string>;
19
+ verify: (data: {
20
+ password: string;
21
+ hash: string;
22
+ }) => Promise<boolean>;
23
+ config: {
24
+ minPasswordLength: number;
25
+ maxPasswordLength: number;
26
+ };
27
+ checkPassword: typeof checkPassword;
28
+ };
29
+ };
30
+ };
31
+ $ERROR_CODES: {
32
+ readonly PASSWORD_COMPROMISED: "The password you entered has been compromised. Please choose a different password.";
33
+ };
34
+ };
35
+
36
+ export { type HaveIBeenPwnedOptions, haveIBeenPwned };