better-auth 1.2.6-beta.7 → 1.2.7-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (273) hide show
  1. package/dist/adapters/drizzle-adapter/index.cjs +186 -249
  2. package/dist/adapters/drizzle-adapter/index.d.cts +11 -49
  3. package/dist/adapters/drizzle-adapter/index.d.mts +11 -49
  4. package/dist/adapters/drizzle-adapter/index.d.ts +11 -49
  5. package/dist/adapters/drizzle-adapter/index.mjs +186 -249
  6. package/dist/adapters/index.cjs +26 -0
  7. package/dist/adapters/index.d.cts +17 -0
  8. package/dist/adapters/index.d.mts +17 -0
  9. package/dist/adapters/index.d.ts +17 -0
  10. package/dist/adapters/index.mjs +20 -0
  11. package/dist/adapters/kysely-adapter/index.cjs +7 -7
  12. package/dist/adapters/kysely-adapter/index.d.cts +17 -49
  13. package/dist/adapters/kysely-adapter/index.d.mts +17 -49
  14. package/dist/adapters/kysely-adapter/index.d.ts +17 -49
  15. package/dist/adapters/kysely-adapter/index.mjs +8 -8
  16. package/dist/adapters/memory-adapter/index.cjs +7 -8
  17. package/dist/adapters/memory-adapter/index.d.cts +9 -49
  18. package/dist/adapters/memory-adapter/index.d.mts +9 -49
  19. package/dist/adapters/memory-adapter/index.d.ts +9 -49
  20. package/dist/adapters/memory-adapter/index.mjs +8 -9
  21. package/dist/adapters/mongodb-adapter/index.cjs +2 -2
  22. package/dist/adapters/mongodb-adapter/index.d.cts +4 -4
  23. package/dist/adapters/mongodb-adapter/index.d.mts +4 -4
  24. package/dist/adapters/mongodb-adapter/index.d.ts +4 -4
  25. package/dist/adapters/mongodb-adapter/index.mjs +3 -3
  26. package/dist/adapters/prisma-adapter/index.cjs +130 -203
  27. package/dist/adapters/prisma-adapter/index.d.cts +17 -49
  28. package/dist/adapters/prisma-adapter/index.d.mts +17 -49
  29. package/dist/adapters/prisma-adapter/index.d.ts +17 -49
  30. package/dist/adapters/prisma-adapter/index.mjs +131 -204
  31. package/dist/adapters/test.cjs +710 -377
  32. package/dist/adapters/test.d.cts +64 -5
  33. package/dist/adapters/test.d.mts +64 -5
  34. package/dist/adapters/test.d.ts +64 -5
  35. package/dist/adapters/test.mjs +712 -380
  36. package/dist/api/index.cjs +61 -25
  37. package/dist/api/index.d.cts +3 -3
  38. package/dist/api/index.d.mts +3 -3
  39. package/dist/api/index.d.ts +3 -3
  40. package/dist/api/index.mjs +63 -27
  41. package/dist/client/index.d.cts +3 -3
  42. package/dist/client/index.d.mts +3 -3
  43. package/dist/client/index.d.ts +3 -3
  44. package/dist/client/plugins/index.cjs +13 -15
  45. package/dist/client/plugins/index.d.cts +80 -19
  46. package/dist/client/plugins/index.d.mts +80 -19
  47. package/dist/client/plugins/index.d.ts +80 -19
  48. package/dist/client/plugins/index.mjs +13 -16
  49. package/dist/client/react/index.cjs +4 -4
  50. package/dist/client/react/index.d.cts +3 -3
  51. package/dist/client/react/index.d.mts +3 -3
  52. package/dist/client/react/index.d.ts +3 -3
  53. package/dist/client/solid/index.d.cts +3 -3
  54. package/dist/client/solid/index.d.mts +3 -3
  55. package/dist/client/solid/index.d.ts +3 -3
  56. package/dist/client/svelte/index.d.cts +3 -3
  57. package/dist/client/svelte/index.d.mts +3 -3
  58. package/dist/client/svelte/index.d.ts +3 -3
  59. package/dist/client/vue/index.d.cts +3 -3
  60. package/dist/client/vue/index.d.mts +3 -3
  61. package/dist/client/vue/index.d.ts +3 -3
  62. package/dist/cookies/index.cjs +13 -2
  63. package/dist/cookies/index.d.cts +3 -3
  64. package/dist/cookies/index.d.mts +3 -3
  65. package/dist/cookies/index.d.ts +3 -3
  66. package/dist/cookies/index.mjs +13 -2
  67. package/dist/db/index.cjs +6 -5
  68. package/dist/db/index.d.cts +4 -4
  69. package/dist/db/index.d.mts +4 -4
  70. package/dist/db/index.d.ts +4 -4
  71. package/dist/db/index.mjs +7 -6
  72. package/dist/index.cjs +11 -7
  73. package/dist/index.d.cts +4 -4
  74. package/dist/index.d.mts +4 -4
  75. package/dist/index.d.ts +4 -4
  76. package/dist/index.mjs +14 -10
  77. package/dist/integrations/next-js.cjs +4 -5
  78. package/dist/integrations/next-js.d.cts +3 -3
  79. package/dist/integrations/next-js.d.mts +3 -3
  80. package/dist/integrations/next-js.d.ts +3 -3
  81. package/dist/integrations/next-js.mjs +5 -6
  82. package/dist/integrations/node.d.cts +3 -3
  83. package/dist/integrations/node.d.mts +3 -3
  84. package/dist/integrations/node.d.ts +3 -3
  85. package/dist/integrations/react-start.cjs +5 -6
  86. package/dist/integrations/react-start.d.cts +3 -3
  87. package/dist/integrations/react-start.d.mts +3 -3
  88. package/dist/integrations/react-start.d.ts +3 -3
  89. package/dist/integrations/react-start.mjs +6 -7
  90. package/dist/integrations/svelte-kit.d.cts +3 -3
  91. package/dist/integrations/svelte-kit.d.mts +3 -3
  92. package/dist/integrations/svelte-kit.d.ts +3 -3
  93. package/dist/oauth2/index.d.cts +5 -5
  94. package/dist/oauth2/index.d.mts +5 -5
  95. package/dist/oauth2/index.d.ts +5 -5
  96. package/dist/plugins/access/index.d.cts +1 -1
  97. package/dist/plugins/access/index.d.mts +1 -1
  98. package/dist/plugins/access/index.d.ts +1 -1
  99. package/dist/plugins/admin/access/index.d.cts +1 -1
  100. package/dist/plugins/admin/access/index.d.mts +1 -1
  101. package/dist/plugins/admin/access/index.d.ts +1 -1
  102. package/dist/plugins/admin/index.cjs +4 -4
  103. package/dist/plugins/admin/index.d.cts +74 -14
  104. package/dist/plugins/admin/index.d.mts +74 -14
  105. package/dist/plugins/admin/index.d.ts +74 -14
  106. package/dist/plugins/admin/index.mjs +5 -5
  107. package/dist/plugins/anonymous/index.cjs +4 -5
  108. package/dist/plugins/anonymous/index.d.cts +3 -3
  109. package/dist/plugins/anonymous/index.d.mts +3 -3
  110. package/dist/plugins/anonymous/index.d.ts +3 -3
  111. package/dist/plugins/anonymous/index.mjs +5 -6
  112. package/dist/plugins/bearer/index.cjs +2 -2
  113. package/dist/plugins/bearer/index.d.cts +3 -3
  114. package/dist/plugins/bearer/index.d.mts +3 -3
  115. package/dist/plugins/bearer/index.d.ts +3 -3
  116. package/dist/plugins/bearer/index.mjs +3 -3
  117. package/dist/plugins/captcha/index.cjs +110 -45
  118. package/dist/plugins/captcha/index.d.cts +26 -6
  119. package/dist/plugins/captcha/index.d.mts +26 -6
  120. package/dist/plugins/captcha/index.d.ts +26 -6
  121. package/dist/plugins/captcha/index.mjs +110 -45
  122. package/dist/plugins/custom-session/index.cjs +24 -5
  123. package/dist/plugins/custom-session/index.d.cts +25 -6
  124. package/dist/plugins/custom-session/index.d.mts +25 -6
  125. package/dist/plugins/custom-session/index.d.ts +25 -6
  126. package/dist/plugins/custom-session/index.mjs +25 -6
  127. package/dist/plugins/email-otp/index.cjs +96 -30
  128. package/dist/plugins/email-otp/index.d.cts +33 -10
  129. package/dist/plugins/email-otp/index.d.mts +33 -10
  130. package/dist/plugins/email-otp/index.d.ts +33 -10
  131. package/dist/plugins/email-otp/index.mjs +97 -31
  132. package/dist/plugins/generic-oauth/index.cjs +81 -20
  133. package/dist/plugins/generic-oauth/index.d.cts +46 -3
  134. package/dist/plugins/generic-oauth/index.d.mts +46 -3
  135. package/dist/plugins/generic-oauth/index.d.ts +46 -3
  136. package/dist/plugins/generic-oauth/index.mjs +82 -21
  137. package/dist/plugins/haveibeenpwned/index.cjs +98 -0
  138. package/dist/plugins/haveibeenpwned/index.d.cts +36 -0
  139. package/dist/plugins/haveibeenpwned/index.d.mts +36 -0
  140. package/dist/plugins/haveibeenpwned/index.d.ts +36 -0
  141. package/dist/plugins/haveibeenpwned/index.mjs +96 -0
  142. package/dist/plugins/index.cjs +583 -19
  143. package/dist/plugins/index.d.cts +7 -5
  144. package/dist/plugins/index.d.mts +7 -5
  145. package/dist/plugins/index.d.ts +7 -5
  146. package/dist/plugins/index.mjs +583 -21
  147. package/dist/plugins/jwt/index.cjs +45 -21
  148. package/dist/plugins/jwt/index.d.cts +52 -6
  149. package/dist/plugins/jwt/index.d.mts +52 -6
  150. package/dist/plugins/jwt/index.d.ts +52 -6
  151. package/dist/plugins/jwt/index.mjs +46 -22
  152. package/dist/plugins/magic-link/index.cjs +3 -3
  153. package/dist/plugins/magic-link/index.mjs +4 -4
  154. package/dist/plugins/multi-session/index.cjs +3 -3
  155. package/dist/plugins/multi-session/index.d.cts +3 -3
  156. package/dist/plugins/multi-session/index.d.mts +3 -3
  157. package/dist/plugins/multi-session/index.d.ts +3 -3
  158. package/dist/plugins/multi-session/index.mjs +4 -4
  159. package/dist/plugins/oauth-proxy/index.cjs +4 -4
  160. package/dist/plugins/oauth-proxy/index.d.cts +3 -3
  161. package/dist/plugins/oauth-proxy/index.d.mts +3 -3
  162. package/dist/plugins/oauth-proxy/index.d.ts +3 -3
  163. package/dist/plugins/oauth-proxy/index.mjs +5 -5
  164. package/dist/plugins/oidc-provider/index.cjs +227 -8
  165. package/dist/plugins/oidc-provider/index.d.cts +215 -3
  166. package/dist/plugins/oidc-provider/index.d.mts +215 -3
  167. package/dist/plugins/oidc-provider/index.d.ts +215 -3
  168. package/dist/plugins/oidc-provider/index.mjs +228 -9
  169. package/dist/plugins/one-tap/index.cjs +5 -5
  170. package/dist/plugins/one-tap/index.mjs +6 -6
  171. package/dist/plugins/one-time-token/index.cjs +119 -0
  172. package/dist/plugins/one-time-token/index.d.cts +134 -0
  173. package/dist/plugins/one-time-token/index.d.mts +134 -0
  174. package/dist/plugins/one-time-token/index.d.ts +134 -0
  175. package/dist/plugins/one-time-token/index.mjs +117 -0
  176. package/dist/plugins/open-api/index.cjs +3 -3
  177. package/dist/plugins/open-api/index.d.cts +3 -3
  178. package/dist/plugins/open-api/index.d.mts +3 -3
  179. package/dist/plugins/open-api/index.d.ts +3 -3
  180. package/dist/plugins/open-api/index.mjs +4 -4
  181. package/dist/plugins/organization/access/index.d.cts +1 -1
  182. package/dist/plugins/organization/access/index.d.mts +1 -1
  183. package/dist/plugins/organization/access/index.d.ts +1 -1
  184. package/dist/plugins/organization/index.cjs +4 -4
  185. package/dist/plugins/organization/index.d.cts +708 -55
  186. package/dist/plugins/organization/index.d.mts +708 -55
  187. package/dist/plugins/organization/index.d.ts +708 -55
  188. package/dist/plugins/organization/index.mjs +5 -5
  189. package/dist/plugins/passkey/index.cjs +82 -8
  190. package/dist/plugins/passkey/index.d.cts +72 -3
  191. package/dist/plugins/passkey/index.d.mts +72 -3
  192. package/dist/plugins/passkey/index.d.ts +72 -3
  193. package/dist/plugins/passkey/index.mjs +83 -9
  194. package/dist/plugins/phone-number/index.cjs +194 -26
  195. package/dist/plugins/phone-number/index.d.cts +132 -8
  196. package/dist/plugins/phone-number/index.d.mts +132 -8
  197. package/dist/plugins/phone-number/index.d.ts +132 -8
  198. package/dist/plugins/phone-number/index.mjs +195 -27
  199. package/dist/plugins/sso/index.cjs +190 -7
  200. package/dist/plugins/sso/index.d.cts +181 -15
  201. package/dist/plugins/sso/index.d.mts +181 -15
  202. package/dist/plugins/sso/index.d.ts +181 -15
  203. package/dist/plugins/sso/index.mjs +191 -8
  204. package/dist/plugins/two-factor/index.cjs +443 -92
  205. package/dist/plugins/two-factor/index.d.cts +230 -396
  206. package/dist/plugins/two-factor/index.d.mts +230 -396
  207. package/dist/plugins/two-factor/index.d.ts +230 -396
  208. package/dist/plugins/two-factor/index.mjs +431 -80
  209. package/dist/plugins/username/index.cjs +34 -31
  210. package/dist/plugins/username/index.d.cts +15 -12
  211. package/dist/plugins/username/index.d.mts +15 -12
  212. package/dist/plugins/username/index.d.ts +15 -12
  213. package/dist/plugins/username/index.mjs +35 -32
  214. package/dist/shared/better-auth.1DR6suCQ.mjs +307 -0
  215. package/dist/shared/{better-auth.BSsp73pg.cjs → better-auth.B7cZ2juS.cjs} +15 -14
  216. package/dist/shared/{better-auth.bKwabe3I.d.mts → better-auth.B88xucNq.d.mts} +529 -39
  217. package/dist/shared/{better-auth.CApEjVDP.cjs → better-auth.BW8BpneG.cjs} +4 -1
  218. package/dist/shared/{better-auth.BiQsvaIP.d.cts → better-auth.BcU1Kjyq.d.cts} +2051 -518
  219. package/dist/shared/better-auth.BfG24BjZ.cjs +118 -0
  220. package/dist/shared/{better-auth.A3TjrU8G.mjs → better-auth.Bk5IMdhM.mjs} +32 -12
  221. package/dist/shared/{better-auth.D9VnBkRI.mjs → better-auth.Bm9HxIzE.mjs} +47 -24
  222. package/dist/shared/{better-auth.BRf6Iynu.d.ts → better-auth.Bwc-6kOr.d.ts} +1 -1
  223. package/dist/shared/{better-auth.D-oLmHIj.d.mts → better-auth.CA2hFK4N.d.ts} +2051 -518
  224. package/dist/shared/{better-auth.Dmhe30iW.d.mts → better-auth.CGukGrxT.d.cts} +1 -1
  225. package/dist/shared/{better-auth.CsSpq0zL.cjs → better-auth.CHUzBidy.cjs} +46 -23
  226. package/dist/shared/{better-auth.DWRligF8.d.cts → better-auth.CT9J6rD-.d.cts} +539 -7
  227. package/dist/shared/better-auth.CVCo5Z2T.cjs +310 -0
  228. package/dist/shared/{better-auth.D4jH-sJA.mjs → better-auth.CWwVo_61.mjs} +458 -118
  229. package/dist/shared/{better-auth.Bi8FQwDD.d.cts → better-auth.CYegVoq1.d.cts} +1 -1
  230. package/dist/shared/{better-auth.Bi8FQwDD.d.mts → better-auth.CYegVoq1.d.mts} +1 -1
  231. package/dist/shared/{better-auth.Bi8FQwDD.d.ts → better-auth.CYegVoq1.d.ts} +1 -1
  232. package/dist/shared/{better-auth.CepcSj5H.mjs → better-auth.Cc72UxUH.mjs} +1 -2
  233. package/dist/shared/{better-auth.BWp5dztg.d.ts → better-auth.CmN4mlPh.d.ts} +539 -7
  234. package/dist/shared/{better-auth.DH3YjMQH.mjs → better-auth.Cqykj82J.mjs} +1 -1
  235. package/dist/shared/{better-auth.wcdMj2cT.d.mts → better-auth.DIt2e3lu.d.mts} +539 -7
  236. package/dist/shared/{better-auth.BANAxdkL.d.ts → better-auth.DNTAFSt1.d.ts} +529 -39
  237. package/dist/shared/{better-auth.DU2QNVc_.d.ts → better-auth.DQ7OSJbI.d.mts} +2051 -518
  238. package/dist/shared/{better-auth.DLTzKoOS.cjs → better-auth.DSVbLSt7.cjs} +4 -1
  239. package/dist/shared/{better-auth.B2Fw1vhH.d.cts → better-auth.DTiSPWEk.d.cts} +529 -39
  240. package/dist/shared/better-auth.DURsStt9.mjs +116 -0
  241. package/dist/shared/{better-auth.BIjcZ_vt.cjs → better-auth.DYoLD99C.cjs} +31 -11
  242. package/dist/shared/{better-auth.CV1L7TPV.cjs → better-auth.D_ZIX1O8.cjs} +317 -47
  243. package/dist/shared/{better-auth.C5H9XEzZ.cjs → better-auth.DcWKCjjf.cjs} +1 -2
  244. package/dist/shared/{better-auth.BDYXUcLv.cjs → better-auth.Dg0siV5C.cjs} +457 -117
  245. package/dist/shared/better-auth.DjryM8pE.cjs +760 -0
  246. package/dist/shared/{better-auth.DPBQN9Fs.mjs → better-auth.Dn_Ms1Uf.mjs} +318 -48
  247. package/dist/shared/{better-auth.DiG4KL2x.mjs → better-auth.OuYYTHC7.mjs} +4 -1
  248. package/dist/shared/{better-auth.DtC8i3pf.d.cts → better-auth.S1jimRbX.d.mts} +1 -1
  249. package/dist/shared/better-auth.SPmq4a4z.d.mts +344 -0
  250. package/dist/shared/{better-auth.cOCrlspr.mjs → better-auth.bkwPl2G4.mjs} +4 -1
  251. package/dist/shared/better-auth.cp2rC2iM.d.ts +344 -0
  252. package/dist/shared/better-auth.eVy4DZvP.d.cts +344 -0
  253. package/dist/shared/{better-auth.BrOpzmqo.mjs → better-auth.iKoUsdFE.mjs} +15 -14
  254. package/dist/shared/better-auth.rSYJCd3o.mjs +758 -0
  255. package/dist/social-providers/index.cjs +75 -3
  256. package/dist/social-providers/index.d.cts +2 -2
  257. package/dist/social-providers/index.d.mts +2 -2
  258. package/dist/social-providers/index.d.ts +2 -2
  259. package/dist/social-providers/index.mjs +77 -6
  260. package/dist/types/index.d.cts +4 -4
  261. package/dist/types/index.d.mts +4 -4
  262. package/dist/types/index.d.ts +4 -4
  263. package/package.json +42 -5
  264. package/dist/chunks/server.cjs +0 -905
  265. package/dist/chunks/server.mjs +0 -895
  266. package/dist/shared/better-auth.BcoSd9tC.mjs +0 -10
  267. package/dist/shared/better-auth.BnRFp-t0.mjs +0 -405
  268. package/dist/shared/better-auth.C1-vpKly.cjs +0 -12
  269. package/dist/shared/better-auth.ClTSOgiD.mjs +0 -140
  270. package/dist/shared/better-auth.DC8JQbiE.mjs +0 -173
  271. package/dist/shared/better-auth.DWHWPllD.cjs +0 -175
  272. package/dist/shared/better-auth.DqLjzBlO.cjs +0 -408
  273. package/dist/shared/better-auth.m575EIBC.cjs +0 -144
@@ -3,13 +3,13 @@
3
3
  const schema$1 = require('../../shared/better-auth.BG6vHVNT.cjs');
4
4
  const jose = require('jose');
5
5
  require('better-call');
6
- const refreshToken = require('../../shared/better-auth.BDYXUcLv.cjs');
6
+ const refreshToken = require('../../shared/better-auth.Dg0siV5C.cjs');
7
7
  require('zod');
8
8
  const index = require('../../shared/better-auth.ANpbi45u.cjs');
9
9
  require('../../shared/better-auth.DiSjtgs9.cjs');
10
10
  require('@better-auth/utils/base64');
11
11
  require('@better-auth/utils/hmac');
12
- const schema = require('../../shared/better-auth.C5H9XEzZ.cjs');
12
+ const schema = require('../../shared/better-auth.DcWKCjjf.cjs');
13
13
  require('../../shared/better-auth.GpOOav9x.cjs');
14
14
  require('defu');
15
15
  const crypto_index = require('../../crypto/index.cjs');
@@ -84,9 +84,6 @@ async function getJwtToken(ctx, options) {
84
84
  const privateWebKey2 = await jose.exportJWK(privateKey2);
85
85
  const stringifiedPrivateWebKey = JSON.stringify(privateWebKey2);
86
86
  let jwk = {
87
- id: ctx.context.generateId({
88
- model: "jwks"
89
- }),
90
87
  publicKey: JSON.stringify(publicWebKey),
91
88
  privateKey: privateKeyEncryptionEnabled ? JSON.stringify(
92
89
  await crypto_index.symmetricEncrypt({
@@ -114,7 +111,9 @@ async function getJwtToken(ctx, options) {
114
111
  const jwt2 = await new jose.SignJWT(payload).setProtectedHeader({
115
112
  alg: options?.jwks?.keyPairConfig?.alg ?? "EdDSA",
116
113
  kid: key.id
117
- }).setIssuedAt().setIssuer(options?.jwt?.issuer ?? ctx.context.options.baseURL).setAudience(options?.jwt?.audience ?? ctx.context.options.baseURL).setExpirationTime(options?.jwt?.expirationTime ?? "15m").setSubject(ctx.context.session.user.id).sign(privateKey);
114
+ }).setIssuedAt().setIssuer(options?.jwt?.issuer ?? ctx.context.options.baseURL).setAudience(options?.jwt?.audience ?? ctx.context.options.baseURL).setExpirationTime(options?.jwt?.expirationTime ?? "15m").setSubject(
115
+ await options?.jwt?.getSubject?.(ctx.context.session) ?? ctx.context.session.user.id
116
+ ).sign(privateKey);
118
117
  return jwt2;
119
118
  }
120
119
  const jwt = (options) => {
@@ -129,8 +128,8 @@ const jwt = (options) => {
129
128
  openapi: {
130
129
  description: "Get the JSON Web Key Set",
131
130
  responses: {
132
- 200: {
133
- description: "Success",
131
+ "200": {
132
+ description: "JSON Web Key Set retrieved successfully",
134
133
  content: {
135
134
  "application/json": {
136
135
  schema: {
@@ -138,31 +137,59 @@ const jwt = (options) => {
138
137
  properties: {
139
138
  keys: {
140
139
  type: "array",
140
+ description: "Array of public JSON Web Keys",
141
141
  items: {
142
142
  type: "object",
143
143
  properties: {
144
144
  kid: {
145
- type: "string"
145
+ type: "string",
146
+ description: "Key ID uniquely identifying the key, corresponds to the 'id' from the stored Jwk"
146
147
  },
147
148
  kty: {
148
- type: "string"
149
- },
150
- use: {
151
- type: "string"
149
+ type: "string",
150
+ description: "Key type (e.g., 'RSA', 'EC', 'OKP')"
152
151
  },
153
152
  alg: {
154
- type: "string"
153
+ type: "string",
154
+ description: "Algorithm intended for use with the key (e.g., 'EdDSA', 'RS256')"
155
+ },
156
+ use: {
157
+ type: "string",
158
+ description: "Intended use of the public key (e.g., 'sig' for signature)",
159
+ enum: ["sig"],
160
+ nullable: true
155
161
  },
156
162
  n: {
157
- type: "string"
163
+ type: "string",
164
+ description: "Modulus for RSA keys (base64url-encoded)",
165
+ nullable: true
158
166
  },
159
167
  e: {
160
- type: "string"
168
+ type: "string",
169
+ description: "Exponent for RSA keys (base64url-encoded)",
170
+ nullable: true
171
+ },
172
+ crv: {
173
+ type: "string",
174
+ description: "Curve name for elliptic curve keys (e.g., 'Ed25519', 'P-256')",
175
+ nullable: true
176
+ },
177
+ x: {
178
+ type: "string",
179
+ description: "X coordinate for elliptic curve keys (base64url-encoded)",
180
+ nullable: true
181
+ },
182
+ y: {
183
+ type: "string",
184
+ description: "Y coordinate for elliptic curve keys (base64url-encoded)",
185
+ nullable: true
161
186
  }
162
- }
187
+ },
188
+ required: ["kid", "kty", "alg"]
163
189
  }
164
190
  }
165
- }
191
+ },
192
+ required: ["keys"]
166
193
  }
167
194
  }
168
195
  }
@@ -188,9 +215,6 @@ const jwt = (options) => {
188
215
  const stringifiedPrivateWebKey = JSON.stringify(privateWebKey);
189
216
  const privateKeyEncryptionEnabled = !options?.jwks?.disablePrivateKeyEncryption;
190
217
  let jwk = {
191
- id: ctx.context.generateId({
192
- model: "jwks"
193
- }),
194
218
  publicKey: JSON.stringify({ alg, ...publicWebKey }),
195
219
  privateKey: privateKeyEncryptionEnabled ? JSON.stringify(
196
220
  await crypto_index.symmetricEncrypt({
@@ -1,8 +1,8 @@
1
1
  import * as better_call from 'better-call';
2
- import { U as User, S as Session, I as InferOptionSchema, H as HookEndpointContext, G as GenericEndpointContext } from '../../shared/better-auth.BiQsvaIP.cjs';
3
- import '../../shared/better-auth.Bi8FQwDD.cjs';
2
+ import { U as User, S as Session, I as InferOptionSchema, H as HookEndpointContext, G as GenericEndpointContext } from '../../shared/better-auth.BcU1Kjyq.cjs';
3
+ import '../../shared/better-auth.CYegVoq1.cjs';
4
4
  import 'zod';
5
- import '../../shared/better-auth.B2Fw1vhH.cjs';
5
+ import '../../shared/better-auth.DTiSPWEk.cjs';
6
6
  import 'jose';
7
7
  import 'kysely';
8
8
  import 'better-sqlite3';
@@ -65,7 +65,13 @@ interface JwtOptions {
65
65
  disablePrivateKeyEncryption?: boolean;
66
66
  };
67
67
  jwt?: {
68
+ /**
69
+ * The issuer of the JWT
70
+ */
68
71
  issuer?: string;
72
+ /**
73
+ * The audience of the JWT
74
+ */
69
75
  audience?: string;
70
76
  /**
71
77
  * Set the "exp" (Expiration Time) Claim.
@@ -91,10 +97,22 @@ interface JwtOptions {
91
97
  * @default 15m
92
98
  */
93
99
  expirationTime?: number | string | Date;
100
+ /**
101
+ * A function that is called to define the payload of the JWT
102
+ */
94
103
  definePayload?: (session: {
95
104
  user: User & Record<string, any>;
96
105
  session: Session & Record<string, any>;
97
106
  }) => Promise<Record<string, any>> | Record<string, any>;
107
+ /**
108
+ * A function that is called to get the subject of the JWT
109
+ *
110
+ * @default session.user.id
111
+ */
112
+ getSubject?: (session: {
113
+ user: User & Record<string, any>;
114
+ session: Session & Record<string, any>;
115
+ }) => Promise<string> | string;
98
116
  };
99
117
  /**
100
118
  * Custom schema for the admin plugin
@@ -140,7 +158,7 @@ declare const jwt: (options?: JwtOptions) => {
140
158
  openapi: {
141
159
  description: string;
142
160
  responses: {
143
- 200: {
161
+ "200": {
144
162
  description: string;
145
163
  content: {
146
164
  "application/json": {
@@ -149,31 +167,59 @@ declare const jwt: (options?: JwtOptions) => {
149
167
  properties: {
150
168
  keys: {
151
169
  type: string;
170
+ description: string;
152
171
  items: {
153
172
  type: string;
154
173
  properties: {
155
174
  kid: {
156
175
  type: string;
176
+ description: string;
157
177
  };
158
178
  kty: {
159
179
  type: string;
180
+ description: string;
160
181
  };
161
- use: {
182
+ alg: {
162
183
  type: string;
184
+ description: string;
163
185
  };
164
- alg: {
186
+ use: {
165
187
  type: string;
188
+ description: string;
189
+ enum: string[];
190
+ nullable: boolean;
166
191
  };
167
192
  n: {
168
193
  type: string;
194
+ description: string;
195
+ nullable: boolean;
169
196
  };
170
197
  e: {
171
198
  type: string;
199
+ description: string;
200
+ nullable: boolean;
201
+ };
202
+ crv: {
203
+ type: string;
204
+ description: string;
205
+ nullable: boolean;
206
+ };
207
+ x: {
208
+ type: string;
209
+ description: string;
210
+ nullable: boolean;
211
+ };
212
+ y: {
213
+ type: string;
214
+ description: string;
215
+ nullable: boolean;
172
216
  };
173
217
  };
218
+ required: string[];
174
219
  };
175
220
  };
176
221
  };
222
+ required: string[];
177
223
  };
178
224
  };
179
225
  };
@@ -1,8 +1,8 @@
1
1
  import * as better_call from 'better-call';
2
- import { U as User, S as Session, I as InferOptionSchema, H as HookEndpointContext, G as GenericEndpointContext } from '../../shared/better-auth.D-oLmHIj.mjs';
3
- import '../../shared/better-auth.Bi8FQwDD.mjs';
2
+ import { U as User, S as Session, I as InferOptionSchema, H as HookEndpointContext, G as GenericEndpointContext } from '../../shared/better-auth.DQ7OSJbI.mjs';
3
+ import '../../shared/better-auth.CYegVoq1.mjs';
4
4
  import 'zod';
5
- import '../../shared/better-auth.bKwabe3I.mjs';
5
+ import '../../shared/better-auth.B88xucNq.mjs';
6
6
  import 'jose';
7
7
  import 'kysely';
8
8
  import 'better-sqlite3';
@@ -65,7 +65,13 @@ interface JwtOptions {
65
65
  disablePrivateKeyEncryption?: boolean;
66
66
  };
67
67
  jwt?: {
68
+ /**
69
+ * The issuer of the JWT
70
+ */
68
71
  issuer?: string;
72
+ /**
73
+ * The audience of the JWT
74
+ */
69
75
  audience?: string;
70
76
  /**
71
77
  * Set the "exp" (Expiration Time) Claim.
@@ -91,10 +97,22 @@ interface JwtOptions {
91
97
  * @default 15m
92
98
  */
93
99
  expirationTime?: number | string | Date;
100
+ /**
101
+ * A function that is called to define the payload of the JWT
102
+ */
94
103
  definePayload?: (session: {
95
104
  user: User & Record<string, any>;
96
105
  session: Session & Record<string, any>;
97
106
  }) => Promise<Record<string, any>> | Record<string, any>;
107
+ /**
108
+ * A function that is called to get the subject of the JWT
109
+ *
110
+ * @default session.user.id
111
+ */
112
+ getSubject?: (session: {
113
+ user: User & Record<string, any>;
114
+ session: Session & Record<string, any>;
115
+ }) => Promise<string> | string;
98
116
  };
99
117
  /**
100
118
  * Custom schema for the admin plugin
@@ -140,7 +158,7 @@ declare const jwt: (options?: JwtOptions) => {
140
158
  openapi: {
141
159
  description: string;
142
160
  responses: {
143
- 200: {
161
+ "200": {
144
162
  description: string;
145
163
  content: {
146
164
  "application/json": {
@@ -149,31 +167,59 @@ declare const jwt: (options?: JwtOptions) => {
149
167
  properties: {
150
168
  keys: {
151
169
  type: string;
170
+ description: string;
152
171
  items: {
153
172
  type: string;
154
173
  properties: {
155
174
  kid: {
156
175
  type: string;
176
+ description: string;
157
177
  };
158
178
  kty: {
159
179
  type: string;
180
+ description: string;
160
181
  };
161
- use: {
182
+ alg: {
162
183
  type: string;
184
+ description: string;
163
185
  };
164
- alg: {
186
+ use: {
165
187
  type: string;
188
+ description: string;
189
+ enum: string[];
190
+ nullable: boolean;
166
191
  };
167
192
  n: {
168
193
  type: string;
194
+ description: string;
195
+ nullable: boolean;
169
196
  };
170
197
  e: {
171
198
  type: string;
199
+ description: string;
200
+ nullable: boolean;
201
+ };
202
+ crv: {
203
+ type: string;
204
+ description: string;
205
+ nullable: boolean;
206
+ };
207
+ x: {
208
+ type: string;
209
+ description: string;
210
+ nullable: boolean;
211
+ };
212
+ y: {
213
+ type: string;
214
+ description: string;
215
+ nullable: boolean;
172
216
  };
173
217
  };
218
+ required: string[];
174
219
  };
175
220
  };
176
221
  };
222
+ required: string[];
177
223
  };
178
224
  };
179
225
  };
@@ -1,8 +1,8 @@
1
1
  import * as better_call from 'better-call';
2
- import { U as User, S as Session, I as InferOptionSchema, H as HookEndpointContext, G as GenericEndpointContext } from '../../shared/better-auth.DU2QNVc_.js';
3
- import '../../shared/better-auth.Bi8FQwDD.js';
2
+ import { U as User, S as Session, I as InferOptionSchema, H as HookEndpointContext, G as GenericEndpointContext } from '../../shared/better-auth.CA2hFK4N.js';
3
+ import '../../shared/better-auth.CYegVoq1.js';
4
4
  import 'zod';
5
- import '../../shared/better-auth.BANAxdkL.js';
5
+ import '../../shared/better-auth.DNTAFSt1.js';
6
6
  import 'jose';
7
7
  import 'kysely';
8
8
  import 'better-sqlite3';
@@ -65,7 +65,13 @@ interface JwtOptions {
65
65
  disablePrivateKeyEncryption?: boolean;
66
66
  };
67
67
  jwt?: {
68
+ /**
69
+ * The issuer of the JWT
70
+ */
68
71
  issuer?: string;
72
+ /**
73
+ * The audience of the JWT
74
+ */
69
75
  audience?: string;
70
76
  /**
71
77
  * Set the "exp" (Expiration Time) Claim.
@@ -91,10 +97,22 @@ interface JwtOptions {
91
97
  * @default 15m
92
98
  */
93
99
  expirationTime?: number | string | Date;
100
+ /**
101
+ * A function that is called to define the payload of the JWT
102
+ */
94
103
  definePayload?: (session: {
95
104
  user: User & Record<string, any>;
96
105
  session: Session & Record<string, any>;
97
106
  }) => Promise<Record<string, any>> | Record<string, any>;
107
+ /**
108
+ * A function that is called to get the subject of the JWT
109
+ *
110
+ * @default session.user.id
111
+ */
112
+ getSubject?: (session: {
113
+ user: User & Record<string, any>;
114
+ session: Session & Record<string, any>;
115
+ }) => Promise<string> | string;
98
116
  };
99
117
  /**
100
118
  * Custom schema for the admin plugin
@@ -140,7 +158,7 @@ declare const jwt: (options?: JwtOptions) => {
140
158
  openapi: {
141
159
  description: string;
142
160
  responses: {
143
- 200: {
161
+ "200": {
144
162
  description: string;
145
163
  content: {
146
164
  "application/json": {
@@ -149,31 +167,59 @@ declare const jwt: (options?: JwtOptions) => {
149
167
  properties: {
150
168
  keys: {
151
169
  type: string;
170
+ description: string;
152
171
  items: {
153
172
  type: string;
154
173
  properties: {
155
174
  kid: {
156
175
  type: string;
176
+ description: string;
157
177
  };
158
178
  kty: {
159
179
  type: string;
180
+ description: string;
160
181
  };
161
- use: {
182
+ alg: {
162
183
  type: string;
184
+ description: string;
163
185
  };
164
- alg: {
186
+ use: {
165
187
  type: string;
188
+ description: string;
189
+ enum: string[];
190
+ nullable: boolean;
166
191
  };
167
192
  n: {
168
193
  type: string;
194
+ description: string;
195
+ nullable: boolean;
169
196
  };
170
197
  e: {
171
198
  type: string;
199
+ description: string;
200
+ nullable: boolean;
201
+ };
202
+ crv: {
203
+ type: string;
204
+ description: string;
205
+ nullable: boolean;
206
+ };
207
+ x: {
208
+ type: string;
209
+ description: string;
210
+ nullable: boolean;
211
+ };
212
+ y: {
213
+ type: string;
214
+ description: string;
215
+ nullable: boolean;
172
216
  };
173
217
  };
218
+ required: string[];
174
219
  };
175
220
  };
176
221
  };
222
+ required: string[];
177
223
  };
178
224
  };
179
225
  };
@@ -1,14 +1,14 @@
1
1
  import { s as schema } from '../../shared/better-auth.fsvwNeUx.mjs';
2
2
  import { generateKeyPair, exportJWK, importJWK, SignJWT } from 'jose';
3
3
  import 'better-call';
4
- import { c as createAuthMiddleware, a as createAuthEndpoint, s as sessionMiddleware } from '../../shared/better-auth.D4jH-sJA.mjs';
4
+ import { c as createAuthMiddleware, a as createAuthEndpoint, s as sessionMiddleware } from '../../shared/better-auth.CWwVo_61.mjs';
5
5
  import 'zod';
6
6
  import { B as BetterAuthError } from '../../shared/better-auth.DdzSJf-n.mjs';
7
7
  import '../../shared/better-auth.8zoxzg-F.mjs';
8
8
  import '@better-auth/utils/base64';
9
9
  import '@better-auth/utils/hmac';
10
- import { m as mergeSchema } from '../../shared/better-auth.CepcSj5H.mjs';
11
- import '../../shared/better-auth.DH3YjMQH.mjs';
10
+ import { m as mergeSchema } from '../../shared/better-auth.Cc72UxUH.mjs';
11
+ import '../../shared/better-auth.Cqykj82J.mjs';
12
12
  import 'defu';
13
13
  import { symmetricEncrypt, symmetricDecrypt } from '../../crypto/index.mjs';
14
14
  import '../../cookies/index.mjs';
@@ -82,9 +82,6 @@ async function getJwtToken(ctx, options) {
82
82
  const privateWebKey2 = await exportJWK(privateKey2);
83
83
  const stringifiedPrivateWebKey = JSON.stringify(privateWebKey2);
84
84
  let jwk = {
85
- id: ctx.context.generateId({
86
- model: "jwks"
87
- }),
88
85
  publicKey: JSON.stringify(publicWebKey),
89
86
  privateKey: privateKeyEncryptionEnabled ? JSON.stringify(
90
87
  await symmetricEncrypt({
@@ -112,7 +109,9 @@ async function getJwtToken(ctx, options) {
112
109
  const jwt2 = await new SignJWT(payload).setProtectedHeader({
113
110
  alg: options?.jwks?.keyPairConfig?.alg ?? "EdDSA",
114
111
  kid: key.id
115
- }).setIssuedAt().setIssuer(options?.jwt?.issuer ?? ctx.context.options.baseURL).setAudience(options?.jwt?.audience ?? ctx.context.options.baseURL).setExpirationTime(options?.jwt?.expirationTime ?? "15m").setSubject(ctx.context.session.user.id).sign(privateKey);
112
+ }).setIssuedAt().setIssuer(options?.jwt?.issuer ?? ctx.context.options.baseURL).setAudience(options?.jwt?.audience ?? ctx.context.options.baseURL).setExpirationTime(options?.jwt?.expirationTime ?? "15m").setSubject(
113
+ await options?.jwt?.getSubject?.(ctx.context.session) ?? ctx.context.session.user.id
114
+ ).sign(privateKey);
116
115
  return jwt2;
117
116
  }
118
117
  const jwt = (options) => {
@@ -127,8 +126,8 @@ const jwt = (options) => {
127
126
  openapi: {
128
127
  description: "Get the JSON Web Key Set",
129
128
  responses: {
130
- 200: {
131
- description: "Success",
129
+ "200": {
130
+ description: "JSON Web Key Set retrieved successfully",
132
131
  content: {
133
132
  "application/json": {
134
133
  schema: {
@@ -136,31 +135,59 @@ const jwt = (options) => {
136
135
  properties: {
137
136
  keys: {
138
137
  type: "array",
138
+ description: "Array of public JSON Web Keys",
139
139
  items: {
140
140
  type: "object",
141
141
  properties: {
142
142
  kid: {
143
- type: "string"
143
+ type: "string",
144
+ description: "Key ID uniquely identifying the key, corresponds to the 'id' from the stored Jwk"
144
145
  },
145
146
  kty: {
146
- type: "string"
147
- },
148
- use: {
149
- type: "string"
147
+ type: "string",
148
+ description: "Key type (e.g., 'RSA', 'EC', 'OKP')"
150
149
  },
151
150
  alg: {
152
- type: "string"
151
+ type: "string",
152
+ description: "Algorithm intended for use with the key (e.g., 'EdDSA', 'RS256')"
153
+ },
154
+ use: {
155
+ type: "string",
156
+ description: "Intended use of the public key (e.g., 'sig' for signature)",
157
+ enum: ["sig"],
158
+ nullable: true
153
159
  },
154
160
  n: {
155
- type: "string"
161
+ type: "string",
162
+ description: "Modulus for RSA keys (base64url-encoded)",
163
+ nullable: true
156
164
  },
157
165
  e: {
158
- type: "string"
166
+ type: "string",
167
+ description: "Exponent for RSA keys (base64url-encoded)",
168
+ nullable: true
169
+ },
170
+ crv: {
171
+ type: "string",
172
+ description: "Curve name for elliptic curve keys (e.g., 'Ed25519', 'P-256')",
173
+ nullable: true
174
+ },
175
+ x: {
176
+ type: "string",
177
+ description: "X coordinate for elliptic curve keys (base64url-encoded)",
178
+ nullable: true
179
+ },
180
+ y: {
181
+ type: "string",
182
+ description: "Y coordinate for elliptic curve keys (base64url-encoded)",
183
+ nullable: true
159
184
  }
160
- }
185
+ },
186
+ required: ["kid", "kty", "alg"]
161
187
  }
162
188
  }
163
- }
189
+ },
190
+ required: ["keys"]
164
191
  }
165
192
  }
166
193
  }
@@ -186,9 +213,6 @@ const jwt = (options) => {
186
213
  const stringifiedPrivateWebKey = JSON.stringify(privateWebKey);
187
214
  const privateKeyEncryptionEnabled = !options?.jwks?.disablePrivateKeyEncryption;
188
215
  let jwk = {
189
- id: ctx.context.generateId({
190
- model: "jwks"
191
- }),
192
216
  publicKey: JSON.stringify({ alg, ...publicWebKey }),
193
217
  privateKey: privateKeyEncryptionEnabled ? JSON.stringify(
194
218
  await symmetricEncrypt({
@@ -1,7 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  const zod = require('zod');
4
- const refreshToken = require('../../shared/better-auth.BDYXUcLv.cjs');
4
+ const refreshToken = require('../../shared/better-auth.Dg0siV5C.cjs');
5
5
  const betterCall = require('better-call');
6
6
  const cookies_index = require('../../cookies/index.cjs');
7
7
  require('@better-auth/utils/hash');
@@ -15,7 +15,7 @@ require('@better-auth/utils');
15
15
  require('@better-auth/utils/hex');
16
16
  require('@noble/hashes/utils');
17
17
  const random = require('../../shared/better-auth.CYeOI8C-.cjs');
18
- require('../../shared/better-auth.C5H9XEzZ.cjs');
18
+ require('../../shared/better-auth.DcWKCjjf.cjs');
19
19
  require('../../shared/better-auth.DiSjtgs9.cjs');
20
20
  require('../../shared/better-auth.GpOOav9x.cjs');
21
21
  require('defu');
@@ -26,12 +26,12 @@ require('../../shared/better-auth.C1hdVENX.cjs');
26
26
  require('../../shared/better-auth.ANpbi45u.cjs');
27
27
  require('@better-auth/utils/random');
28
28
  require('../../shared/better-auth.QbbyHMYf.cjs');
29
+ require('../../shared/better-auth.D3mtHEZg.cjs');
29
30
  require('../../shared/better-auth.Bg6iw3ig.cjs');
30
31
  require('@better-auth/utils/hmac');
31
32
  require('../../shared/better-auth.BMYo0QR-.cjs');
32
33
  require('../../shared/better-auth.C-R0J0n1.cjs');
33
34
  require('jose/errors');
34
- require('../../shared/better-auth.D3mtHEZg.cjs');
35
35
  require('@better-auth/utils/binary');
36
36
 
37
37
  const magicLink = (options) => {