better-auth 1.3.1 → 1.3.2

package/dist/shared/{better-auth.CE16lr3i.d.mts → better-auth.B1VHvePI.d.mts}

@@ -1,7 +1,7 @@
-import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.KpzJUkxw.mjs';
+import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.CePXeKag.mjs';
 import { Statements } from '../plugins/access/index.mjs';
 import * as zod_v4_core from 'zod/v4/core';
-import * as zod_v4 from 'zod/v4';
+import * as z from 'zod/v4';
 import * as better_call from 'better-call';
 
 declare const apiKeySchema: ({ timeWindow, rateLimitMax, }: {
@@ -662,19 +662,19 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    name: zod_v4.ZodOptional<zod_v4.ZodString>;
-                    expiresIn: zod_v4.ZodDefault<zod_v4.ZodNullable<zod_v4.ZodOptional<zod_v4.ZodNumber>>>;
-                    userId: zod_v4.ZodOptional<zod_v4.ZodCoercedString<unknown>>;
-                    prefix: zod_v4.ZodOptional<zod_v4.ZodString>;
-                    remaining: zod_v4.ZodDefault<zod_v4.ZodNullable<zod_v4.ZodOptional<zod_v4.ZodNumber>>>;
-                    metadata: zod_v4.ZodOptional<zod_v4.ZodAny>;
-                    refillAmount: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    refillInterval: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    rateLimitTimeWindow: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    rateLimitMax: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    rateLimitEnabled: zod_v4.ZodOptional<zod_v4.ZodBoolean>;
-                    permissions: zod_v4.ZodOptional<zod_v4.ZodRecord<zod_v4.ZodString, zod_v4.ZodArray<zod_v4.ZodString>>>;
+                body: z.ZodObject<{
+                    name: z.ZodOptional<z.ZodString>;
+                    expiresIn: z.ZodDefault<z.ZodNullable<z.ZodOptional<z.ZodNumber>>>;
+                    userId: z.ZodOptional<z.ZodCoercedString<unknown>>;
+                    prefix: z.ZodOptional<z.ZodString>;
+                    remaining: z.ZodDefault<z.ZodNullable<z.ZodOptional<z.ZodNumber>>>;
+                    metadata: z.ZodOptional<z.ZodAny>;
+                    refillAmount: z.ZodOptional<z.ZodNumber>;
+                    refillInterval: z.ZodOptional<z.ZodNumber>;
+                    rateLimitTimeWindow: z.ZodOptional<z.ZodNumber>;
+                    rateLimitMax: z.ZodOptional<z.ZodNumber>;
+                    rateLimitEnabled: z.ZodOptional<z.ZodBoolean>;
+                    permissions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>;
                 }, zod_v4_core.$strip>;
                 metadata: {
                     openapi: {
@@ -874,9 +874,9 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    key: zod_v4.ZodString;
-                    permissions: zod_v4.ZodOptional<zod_v4.ZodRecord<zod_v4.ZodString, zod_v4.ZodArray<zod_v4.ZodString>>>;
+                body: z.ZodObject<{
+                    key: z.ZodString;
+                    permissions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>;
                 }, zod_v4_core.$strip>;
                 metadata: {
                     SERVER_ONLY: true;
@@ -976,8 +976,8 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "GET";
-                query: zod_v4.ZodObject<{
-                    id: zod_v4.ZodString;
+                query: z.ZodObject<{
+                    id: z.ZodString;
                 }, zod_v4_core.$strip>;
                 use: ((inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<{
                     session: {
@@ -1229,20 +1229,20 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    keyId: zod_v4.ZodString;
-                    userId: zod_v4.ZodOptional<zod_v4.ZodCoercedString<unknown>>;
-                    name: zod_v4.ZodOptional<zod_v4.ZodString>;
-                    enabled: zod_v4.ZodOptional<zod_v4.ZodBoolean>;
-                    remaining: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    refillAmount: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    refillInterval: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    metadata: zod_v4.ZodOptional<zod_v4.ZodAny>;
-                    expiresIn: zod_v4.ZodNullable<zod_v4.ZodOptional<zod_v4.ZodNumber>>;
-                    rateLimitEnabled: zod_v4.ZodOptional<zod_v4.ZodBoolean>;
-                    rateLimitTimeWindow: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    rateLimitMax: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    permissions: zod_v4.ZodNullable<zod_v4.ZodOptional<zod_v4.ZodRecord<zod_v4.ZodString, zod_v4.ZodArray<zod_v4.ZodString>>>>;
+                body: z.ZodObject<{
+                    keyId: z.ZodString;
+                    userId: z.ZodOptional<z.ZodCoercedString<unknown>>;
+                    name: z.ZodOptional<z.ZodString>;
+                    enabled: z.ZodOptional<z.ZodBoolean>;
+                    remaining: z.ZodOptional<z.ZodNumber>;
+                    refillAmount: z.ZodOptional<z.ZodNumber>;
+                    refillInterval: z.ZodOptional<z.ZodNumber>;
+                    metadata: z.ZodOptional<z.ZodAny>;
+                    expiresIn: z.ZodNullable<z.ZodOptional<z.ZodNumber>>;
+                    rateLimitEnabled: z.ZodOptional<z.ZodBoolean>;
+                    rateLimitTimeWindow: z.ZodOptional<z.ZodNumber>;
+                    rateLimitMax: z.ZodOptional<z.ZodNumber>;
+                    permissions: z.ZodNullable<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>>;
                 }, zod_v4_core.$strip>;
                 metadata: {
                     openapi: {
@@ -1417,8 +1417,8 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    keyId: zod_v4.ZodString;
+                body: z.ZodObject<{
+                    keyId: z.ZodString;
                 }, zod_v4_core.$strip>;
                 use: ((inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<{
                     session: {

package/dist/shared/{better-auth.DoKaQIwy.d.mts → better-auth.BF0l18Af.d.mts}

@@ -1,4 +1,4 @@
-import { G as GenericEndpointContext } from './better-auth.KpzJUkxw.mjs';
+import { G as GenericEndpointContext } from './better-auth.CePXeKag.mjs';
 
 declare function generateState(c: GenericEndpointContext, link?: {
     email: string;

package/dist/shared/{better-auth.CNTpFj_S.cjs → better-auth.BXW4aAiQ.cjs}

@@ -3,7 +3,7 @@
 const z = require('zod/v4');
 const jose = require('jose');
 const betterCall = require('better-call');
-const socialProviders_index = require('./better-auth.DG2FJeYI.cjs');
+const socialProviders_index = require('./better-auth.CU2ZnFFo.cjs');
 require('./better-auth.DiSjtgs9.cjs');
 const base64 = require('@better-auth/utils/base64');
 require('@better-auth/utils/hmac');
@@ -22,7 +22,7 @@ require('@better-auth/utils');
 require('@better-auth/utils/hex');
 require('@noble/hashes/utils');
 const random = require('./better-auth.CYeOI8C-.cjs');
-const plugins_jwt_index = require('./better-auth.CtknPsTc.cjs');
+const plugins_jwt_index = require('./better-auth.johXc5IC.cjs');
 
 function _interopNamespaceCompat(e) {
 	if (e && typeof e === 'object' && 'default' in e) return e;

package/dist/shared/{better-auth.DdKZcMVt.d.ts → better-auth.B_G094Aj.d.ts}

@@ -1,4 +1,4 @@
-import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.2lcgvW_O.js';
+import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.Dj2HyOmw.js';
 import { BetterFetchOption, BetterFetchResponse, BetterFetch, BetterFetchPlugin } from '@better-fetch/fetch';
 import { WritableAtom, Atom } from 'nanostores';
 import { U as UnionToIntersection, H as HasRequiredKeys, a as Prettify, L as LiteralString, S as StripEmptyObjects } from './better-auth.ZSfSbnQT.js';

package/dist/shared/{better-auth.DQfCK4Nb.mjs → better-auth.Bqt8-7ls.mjs}

@@ -1,12 +1,12 @@
 import * as z from 'zod/v4';
 import { APIError } from 'better-call';
-import { j as createAuthEndpoint, k as getSessionFromCtx, l as sessionMiddleware, i as createAuthMiddleware } from './better-auth.BOumacvv.mjs';
+import { j as createAuthEndpoint, k as getSessionFromCtx, l as sessionMiddleware, i as createAuthMiddleware } from './better-auth.D4HhkCZJ.mjs';
 import './better-auth.8zoxzg-F.mjs';
 import { base64Url } from '@better-auth/utils/base64';
 import '@better-auth/utils/hmac';
 import '@better-auth/utils/binary';
 import { m as mergeSchema } from './better-auth.n2KFGwjY.mjs';
-import './better-auth._di0pH6c.mjs';
+import './better-auth.DGaVMVAI.mjs';
 import '../plugins/organization/access/index.mjs';
 import '@better-auth/utils/random';
 import { createHash } from '@better-auth/utils/hash';

package/dist/shared/{better-auth.DevRAmVV.d.ts → better-auth.Bwe61noi.d.ts}

@@ -1,4 +1,4 @@
-import { G as GenericEndpointContext } from './better-auth.2lcgvW_O.js';
+import { G as GenericEndpointContext } from './better-auth.Dj2HyOmw.js';
 
 declare function generateState(c: GenericEndpointContext, link?: {
     email: string;

package/dist/shared/{better-auth.B3K6UWYy.d.cts → better-auth.CF-FWRQL.d.cts}

@@ -1,4 +1,4 @@
-import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.Cgjn2thr.cjs';
+import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.CiGummYu.cjs';
 import { BetterFetchOption, BetterFetchResponse, BetterFetch, BetterFetchPlugin } from '@better-fetch/fetch';
 import { WritableAtom, Atom } from 'nanostores';
 import { U as UnionToIntersection, H as HasRequiredKeys, a as Prettify, L as LiteralString, S as StripEmptyObjects } from './better-auth.ZSfSbnQT.cjs';

package/dist/shared/{better-auth.D2QnAIyP.d.ts → better-auth.CHvHihjD.d.ts}

@@ -1,7 +1,7 @@
-import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.2lcgvW_O.js';
+import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.Dj2HyOmw.js';
 import { Statements } from '../plugins/access/index.js';
 import * as zod_v4_core from 'zod/v4/core';
-import * as zod_v4 from 'zod/v4';
+import * as z from 'zod/v4';
 import * as better_call from 'better-call';
 
 declare const apiKeySchema: ({ timeWindow, rateLimitMax, }: {
@@ -662,19 +662,19 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    name: zod_v4.ZodOptional<zod_v4.ZodString>;
-                    expiresIn: zod_v4.ZodDefault<zod_v4.ZodNullable<zod_v4.ZodOptional<zod_v4.ZodNumber>>>;
-                    userId: zod_v4.ZodOptional<zod_v4.ZodCoercedString<unknown>>;
-                    prefix: zod_v4.ZodOptional<zod_v4.ZodString>;
-                    remaining: zod_v4.ZodDefault<zod_v4.ZodNullable<zod_v4.ZodOptional<zod_v4.ZodNumber>>>;
-                    metadata: zod_v4.ZodOptional<zod_v4.ZodAny>;
-                    refillAmount: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    refillInterval: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    rateLimitTimeWindow: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    rateLimitMax: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    rateLimitEnabled: zod_v4.ZodOptional<zod_v4.ZodBoolean>;
-                    permissions: zod_v4.ZodOptional<zod_v4.ZodRecord<zod_v4.ZodString, zod_v4.ZodArray<zod_v4.ZodString>>>;
+                body: z.ZodObject<{
+                    name: z.ZodOptional<z.ZodString>;
+                    expiresIn: z.ZodDefault<z.ZodNullable<z.ZodOptional<z.ZodNumber>>>;
+                    userId: z.ZodOptional<z.ZodCoercedString<unknown>>;
+                    prefix: z.ZodOptional<z.ZodString>;
+                    remaining: z.ZodDefault<z.ZodNullable<z.ZodOptional<z.ZodNumber>>>;
+                    metadata: z.ZodOptional<z.ZodAny>;
+                    refillAmount: z.ZodOptional<z.ZodNumber>;
+                    refillInterval: z.ZodOptional<z.ZodNumber>;
+                    rateLimitTimeWindow: z.ZodOptional<z.ZodNumber>;
+                    rateLimitMax: z.ZodOptional<z.ZodNumber>;
+                    rateLimitEnabled: z.ZodOptional<z.ZodBoolean>;
+                    permissions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>;
                 }, zod_v4_core.$strip>;
                 metadata: {
                     openapi: {
@@ -874,9 +874,9 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    key: zod_v4.ZodString;
-                    permissions: zod_v4.ZodOptional<zod_v4.ZodRecord<zod_v4.ZodString, zod_v4.ZodArray<zod_v4.ZodString>>>;
+                body: z.ZodObject<{
+                    key: z.ZodString;
+                    permissions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>;
                 }, zod_v4_core.$strip>;
                 metadata: {
                     SERVER_ONLY: true;
@@ -976,8 +976,8 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "GET";
-                query: zod_v4.ZodObject<{
-                    id: zod_v4.ZodString;
+                query: z.ZodObject<{
+                    id: z.ZodString;
                 }, zod_v4_core.$strip>;
                 use: ((inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<{
                     session: {
@@ -1229,20 +1229,20 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    keyId: zod_v4.ZodString;
-                    userId: zod_v4.ZodOptional<zod_v4.ZodCoercedString<unknown>>;
-                    name: zod_v4.ZodOptional<zod_v4.ZodString>;
-                    enabled: zod_v4.ZodOptional<zod_v4.ZodBoolean>;
-                    remaining: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    refillAmount: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    refillInterval: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    metadata: zod_v4.ZodOptional<zod_v4.ZodAny>;
-                    expiresIn: zod_v4.ZodNullable<zod_v4.ZodOptional<zod_v4.ZodNumber>>;
-                    rateLimitEnabled: zod_v4.ZodOptional<zod_v4.ZodBoolean>;
-                    rateLimitTimeWindow: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    rateLimitMax: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-                    permissions: zod_v4.ZodNullable<zod_v4.ZodOptional<zod_v4.ZodRecord<zod_v4.ZodString, zod_v4.ZodArray<zod_v4.ZodString>>>>;
+                body: z.ZodObject<{
+                    keyId: z.ZodString;
+                    userId: z.ZodOptional<z.ZodCoercedString<unknown>>;
+                    name: z.ZodOptional<z.ZodString>;
+                    enabled: z.ZodOptional<z.ZodBoolean>;
+                    remaining: z.ZodOptional<z.ZodNumber>;
+                    refillAmount: z.ZodOptional<z.ZodNumber>;
+                    refillInterval: z.ZodOptional<z.ZodNumber>;
+                    metadata: z.ZodOptional<z.ZodAny>;
+                    expiresIn: z.ZodNullable<z.ZodOptional<z.ZodNumber>>;
+                    rateLimitEnabled: z.ZodOptional<z.ZodBoolean>;
+                    rateLimitTimeWindow: z.ZodOptional<z.ZodNumber>;
+                    rateLimitMax: z.ZodOptional<z.ZodNumber>;
+                    permissions: z.ZodNullable<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>>;
                 }, zod_v4_core.$strip>;
                 metadata: {
                     openapi: {
@@ -1417,8 +1417,8 @@ declare const apiKey: (options?: ApiKeyOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    keyId: zod_v4.ZodString;
+                body: z.ZodObject<{
+                    keyId: z.ZodString;
                 }, zod_v4_core.$strip>;
                 use: ((inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<{
                     session: {

package/dist/shared/{better-auth.pnE8EkZO.cjs → better-auth.COsDmM8f.cjs}

@@ -9,7 +9,7 @@ require('zod/v4');
 require('./better-auth.BIMq4RPW.cjs');
 const cookies_index = require('../cookies/index.cjs');
 const logger = require('./better-auth.CXhVNgXP.cjs');
-const socialProviders_index = require('./better-auth.DG2FJeYI.cjs');
+const socialProviders_index = require('./better-auth.CU2ZnFFo.cjs');
 require('better-call');
 require('@better-auth/utils/hash');
 require('@noble/ciphers/chacha');

package/dist/shared/{better-auth.B8mbk3HM.cjs → better-auth.CSftMZoM.cjs}

@@ -1,6 +1,6 @@
 'use strict';
 
-const socialProviders_index = require('./better-auth.DG2FJeYI.cjs');
+const socialProviders_index = require('./better-auth.CU2ZnFFo.cjs');
 require('better-call');
 const z = require('zod/v4');
 require('./better-auth.DiSjtgs9.cjs');

package/dist/shared/{better-auth.DG2FJeYI.cjs → better-auth.CU2ZnFFo.cjs}

@@ -1532,12 +1532,13 @@ async function validateAuthorizationCode({
   options.clientKey && body.set("client_key", options.clientKey);
   deviceId && body.set("device_id", deviceId);
   body.set("redirect_uri", options.redirectURI || redirectURI);
+  body.set("client_id", options.clientId);
   if (authentication === "basic") {
-    requestHeaders["authorization"] = base64.base64.encode(
+    const encodedCredentials = base64.base64.encode(
       `${options.clientId}:${options.clientSecret}`
     );
+    requestHeaders["authorization"] = `Basic ${encodedCredentials}`;
   } else {
-    body.set("client_id", options.clientId);
     body.set("client_secret", options.clientSecret);
   }
   for (const [key, value] of Object.entries(additionalParams)) {
@@ -2670,7 +2671,7 @@ const twitter = (options) => {
       return validateAuthorizationCode({
         code,
         codeVerifier,
-        authentication: "post",
+        authentication: "basic",
         redirectURI,
         options,
         tokenEndpoint: "https://api.x.com/2/oauth2/token"