better-auth 1.3.2 → 1.3.3

package/dist/plugins/organization/index.d.mts

@@ -1,5 +1,5 @@
 import * as z from 'zod/v4';
-import { U as User, S as Session, p as AuthContext, a4 as FieldAttribute, af as InferAdditionalFieldsFromPluginOptions, G as GenericEndpointContext } from '../../shared/better-auth.CePXeKag.mjs';
+import { U as User, S as Session, p as AuthContext, a4 as FieldAttribute, af as InferAdditionalFieldsFromPluginOptions, G as GenericEndpointContext } from '../../shared/better-auth.BFooP6d2.mjs';
 import { AccessControl, Role, Statements } from '../access/index.mjs';
 import * as better_call from 'better-call';
 import { Prettify } from 'better-call';
@@ -42,7 +42,7 @@ interface OrganizationOptions {
      */
     creatorRole?: string;
     /**
-     * The number of memberships a user can have in an organization.
+     * The maximum number of members allowed in an organization.
      *
      * @default 100
      */
@@ -1048,14 +1048,14 @@ declare const organization: <O extends OrganizationOptions>(options?: Organizati
                     organizationId: string;
                     createdAt: Date;
                     updatedAt?: Date | undefined;
-                }[] | null;
+                }[];
             } : {
                 id: string;
                 name: string;
                 organizationId: string;
                 createdAt: Date;
                 updatedAt?: Date | undefined;
-            }[] | null>;
+            }[]>;
             options: {
                 method: "GET";
                 query: z.ZodOptional<z.ZodObject<{
@@ -9154,9 +9154,10 @@ declare const organization: <O extends OrganizationOptions>(options?: Organizati
         readonly YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM: "You do not have an active team";
         readonly YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER: "You are not allowed to create a new member";
         readonly YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER: "You are not allowed to remove a team member";
+        readonly YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION: "You are not allowed to access this organization as an owner";
     };
     options: O;
 };
 
 export { defaultRoles, defaultRolesSchema, invitationSchema, invitationStatus, memberSchema, organization, organizationSchema, parseRoles, role, teamMemberSchema, teamSchema };
-export type { InferInvitation, InferMember, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferTeam, Invitation, InvitationInput, InvitationStatus, Member, MemberInput, Organization, OrganizationInput, Team, TeamInput, TeamMember, TeamMemberInput };
+export type { InferInvitation, InferMember, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferTeam, Invitation, InvitationInput, InvitationStatus, Member, MemberInput, Organization, OrganizationInput, OrganizationOptions, Team, TeamInput, TeamMember, TeamMemberInput };

package/dist/plugins/organization/index.d.ts

@@ -1,5 +1,5 @@
 import * as z from 'zod/v4';
-import { U as User, S as Session, p as AuthContext, a4 as FieldAttribute, af as InferAdditionalFieldsFromPluginOptions, G as GenericEndpointContext } from '../../shared/better-auth.Dj2HyOmw.js';
+import { U as User, S as Session, p as AuthContext, a4 as FieldAttribute, af as InferAdditionalFieldsFromPluginOptions, G as GenericEndpointContext } from '../../shared/better-auth.DdfarOau.js';
 import { AccessControl, Role, Statements } from '../access/index.js';
 import * as better_call from 'better-call';
 import { Prettify } from 'better-call';
@@ -42,7 +42,7 @@ interface OrganizationOptions {
      */
     creatorRole?: string;
     /**
-     * The number of memberships a user can have in an organization.
+     * The maximum number of members allowed in an organization.
      *
      * @default 100
      */
@@ -1048,14 +1048,14 @@ declare const organization: <O extends OrganizationOptions>(options?: Organizati
                     organizationId: string;
                     createdAt: Date;
                     updatedAt?: Date | undefined;
-                }[] | null;
+                }[];
             } : {
                 id: string;
                 name: string;
                 organizationId: string;
                 createdAt: Date;
                 updatedAt?: Date | undefined;
-            }[] | null>;
+            }[]>;
             options: {
                 method: "GET";
                 query: z.ZodOptional<z.ZodObject<{
@@ -9154,9 +9154,10 @@ declare const organization: <O extends OrganizationOptions>(options?: Organizati
         readonly YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM: "You do not have an active team";
         readonly YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER: "You are not allowed to create a new member";
         readonly YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER: "You are not allowed to remove a team member";
+        readonly YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION: "You are not allowed to access this organization as an owner";
     };
     options: O;
 };
 
 export { defaultRoles, defaultRolesSchema, invitationSchema, invitationStatus, memberSchema, organization, organizationSchema, parseRoles, role, teamMemberSchema, teamSchema };
-export type { InferInvitation, InferMember, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferTeam, Invitation, InvitationInput, InvitationStatus, Member, MemberInput, Organization, OrganizationInput, Team, TeamInput, TeamMember, TeamMemberInput };
+export type { InferInvitation, InferMember, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferTeam, Invitation, InvitationInput, InvitationStatus, Member, MemberInput, Organization, OrganizationInput, OrganizationOptions, Team, TeamInput, TeamMember, TeamMemberInput };

package/dist/plugins/organization/index.mjs

@@ -1,4 +1,4 @@
-export { o as organization, p as parseRoles } from '../../shared/better-auth.DR6QsC6j.mjs';
+export { o as organization, p as parseRoles } from '../../shared/better-auth.C1Ly154X.mjs';
 import 'better-call';
 import 'zod/v4';
 import '../../shared/better-auth.D4HhkCZJ.mjs';

package/dist/plugins/passkey/index.d.cts

@@ -2,7 +2,7 @@ import * as _simplewebauthn_server from '@simplewebauthn/server';
 import { CredentialDeviceType, PublicKeyCredentialCreationOptionsJSON, AuthenticationResponseJSON } from '@simplewebauthn/server';
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
-import { I as InferOptionSchema } from '../../shared/better-auth.CiGummYu.cjs';
+import { I as InferOptionSchema } from '../../shared/better-auth.84gXUliC.cjs';
 import 'kysely';
 import '../../shared/better-auth.ZSfSbnQT.cjs';
 import '../../shared/better-auth.npEvGVS_.cjs';

package/dist/plugins/passkey/index.d.mts

@@ -2,7 +2,7 @@ import * as _simplewebauthn_server from '@simplewebauthn/server';
 import { CredentialDeviceType, PublicKeyCredentialCreationOptionsJSON, AuthenticationResponseJSON } from '@simplewebauthn/server';
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
-import { I as InferOptionSchema } from '../../shared/better-auth.CePXeKag.mjs';
+import { I as InferOptionSchema } from '../../shared/better-auth.BFooP6d2.mjs';
 import 'kysely';
 import '../../shared/better-auth.ZSfSbnQT.mjs';
 import '../../shared/better-auth.IegS6fw_.mjs';

package/dist/plugins/passkey/index.d.ts

@@ -2,7 +2,7 @@ import * as _simplewebauthn_server from '@simplewebauthn/server';
 import { CredentialDeviceType, PublicKeyCredentialCreationOptionsJSON, AuthenticationResponseJSON } from '@simplewebauthn/server';
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
-import { I as InferOptionSchema } from '../../shared/better-auth.Dj2HyOmw.js';
+import { I as InferOptionSchema } from '../../shared/better-auth.DdfarOau.js';
 import 'kysely';
 import '../../shared/better-auth.ZSfSbnQT.js';
 import '../../shared/better-auth.DPa2nz5L.js';

package/dist/plugins/phone-number/index.d.cts

@@ -1,6 +1,6 @@
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
-import { U as User, I as InferOptionSchema } from '../../shared/better-auth.CiGummYu.cjs';
+import { U as User, I as InferOptionSchema } from '../../shared/better-auth.84gXUliC.cjs';
 import 'kysely';
 import '../../shared/better-auth.ZSfSbnQT.cjs';
 import '../../shared/better-auth.npEvGVS_.cjs';

package/dist/plugins/phone-number/index.d.mts

@@ -1,6 +1,6 @@
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
-import { U as User, I as InferOptionSchema } from '../../shared/better-auth.CePXeKag.mjs';
+import { U as User, I as InferOptionSchema } from '../../shared/better-auth.BFooP6d2.mjs';
 import 'kysely';
 import '../../shared/better-auth.ZSfSbnQT.mjs';
 import '../../shared/better-auth.IegS6fw_.mjs';

package/dist/plugins/phone-number/index.d.ts

@@ -1,6 +1,6 @@
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
-import { U as User, I as InferOptionSchema } from '../../shared/better-auth.Dj2HyOmw.js';
+import { U as User, I as InferOptionSchema } from '../../shared/better-auth.DdfarOau.js';
 import 'kysely';
 import '../../shared/better-auth.ZSfSbnQT.js';
 import '../../shared/better-auth.DPa2nz5L.js';

package/dist/plugins/sso/index.d.cts

@@ -1,7 +1,7 @@
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
 import { O as OAuth2Tokens } from '../../shared/better-auth.npEvGVS_.cjs';
-import { U as User } from '../../shared/better-auth.CiGummYu.cjs';
+import { U as User } from '../../shared/better-auth.84gXUliC.cjs';
 import '../../shared/better-auth.ZSfSbnQT.cjs';
 import 'jose';
 import 'kysely';
@@ -96,7 +96,7 @@ declare const sso: (options?: SSOOptions) => {
                     authorizationEndpoint?: string | undefined;
                     tokenEndpoint?: string | undefined;
                     userInfoEndpoint?: string | undefined;
-                    tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
+                    tokenEndpointAuthentication?: "client_secret_basic" | "client_secret_post" | undefined;
                     jwksEndpoint?: string | undefined;
                     discoveryEndpoint?: string | undefined;
                     scopes?: string[] | undefined;
@@ -152,8 +152,8 @@ declare const sso: (options?: SSOOptions) => {
                     tokenEndpoint: z.ZodOptional<z.ZodString>;
                     userInfoEndpoint: z.ZodOptional<z.ZodString>;
                     tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
-                        client_secret_post: "client_secret_post";
                         client_secret_basic: "client_secret_basic";
+                        client_secret_post: "client_secret_post";
                     }>>;
                     jwksEndpoint: z.ZodOptional<z.ZodString>;
                     discoveryEndpoint: z.ZodOptional<z.ZodString>;

package/dist/plugins/sso/index.d.mts

@@ -1,7 +1,7 @@
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
 import { O as OAuth2Tokens } from '../../shared/better-auth.IegS6fw_.mjs';
-import { U as User } from '../../shared/better-auth.CePXeKag.mjs';
+import { U as User } from '../../shared/better-auth.BFooP6d2.mjs';
 import '../../shared/better-auth.ZSfSbnQT.mjs';
 import 'jose';
 import 'kysely';
@@ -96,7 +96,7 @@ declare const sso: (options?: SSOOptions) => {
                     authorizationEndpoint?: string | undefined;
                     tokenEndpoint?: string | undefined;
                     userInfoEndpoint?: string | undefined;
-                    tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
+                    tokenEndpointAuthentication?: "client_secret_basic" | "client_secret_post" | undefined;
                     jwksEndpoint?: string | undefined;
                     discoveryEndpoint?: string | undefined;
                     scopes?: string[] | undefined;
@@ -152,8 +152,8 @@ declare const sso: (options?: SSOOptions) => {
                     tokenEndpoint: z.ZodOptional<z.ZodString>;
                     userInfoEndpoint: z.ZodOptional<z.ZodString>;
                     tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
-                        client_secret_post: "client_secret_post";
                         client_secret_basic: "client_secret_basic";
+                        client_secret_post: "client_secret_post";
                     }>>;
                     jwksEndpoint: z.ZodOptional<z.ZodString>;
                     discoveryEndpoint: z.ZodOptional<z.ZodString>;

package/dist/plugins/sso/index.d.ts

@@ -1,7 +1,7 @@
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
 import { O as OAuth2Tokens } from '../../shared/better-auth.DPa2nz5L.js';
-import { U as User } from '../../shared/better-auth.Dj2HyOmw.js';
+import { U as User } from '../../shared/better-auth.DdfarOau.js';
 import '../../shared/better-auth.ZSfSbnQT.js';
 import 'jose';
 import 'kysely';
@@ -96,7 +96,7 @@ declare const sso: (options?: SSOOptions) => {
                     authorizationEndpoint?: string | undefined;
                     tokenEndpoint?: string | undefined;
                     userInfoEndpoint?: string | undefined;
-                    tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
+                    tokenEndpointAuthentication?: "client_secret_basic" | "client_secret_post" | undefined;
                     jwksEndpoint?: string | undefined;
                     discoveryEndpoint?: string | undefined;
                     scopes?: string[] | undefined;
@@ -152,8 +152,8 @@ declare const sso: (options?: SSOOptions) => {
                     tokenEndpoint: z.ZodOptional<z.ZodString>;
                     userInfoEndpoint: z.ZodOptional<z.ZodString>;
                     tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
-                        client_secret_post: "client_secret_post";
                         client_secret_basic: "client_secret_basic";
+                        client_secret_post: "client_secret_post";
                     }>>;
                     jwksEndpoint: z.ZodOptional<z.ZodString>;
                     discoveryEndpoint: z.ZodOptional<z.ZodString>;

package/dist/plugins/two-factor/index.d.cts

@@ -1,6 +1,6 @@
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
-import { U as User, I as InferOptionSchema, l as AuthEndpoint, H as HookEndpointContext } from '../../shared/better-auth.CiGummYu.cjs';
+import { U as User, I as InferOptionSchema, l as AuthEndpoint, H as HookEndpointContext } from '../../shared/better-auth.84gXUliC.cjs';
 import { L as LiteralString } from '../../shared/better-auth.ZSfSbnQT.cjs';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import 'kysely';

package/dist/plugins/two-factor/index.d.mts

@@ -1,6 +1,6 @@
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
-import { U as User, I as InferOptionSchema, l as AuthEndpoint, H as HookEndpointContext } from '../../shared/better-auth.CePXeKag.mjs';
+import { U as User, I as InferOptionSchema, l as AuthEndpoint, H as HookEndpointContext } from '../../shared/better-auth.BFooP6d2.mjs';
 import { L as LiteralString } from '../../shared/better-auth.ZSfSbnQT.mjs';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import 'kysely';

package/dist/plugins/two-factor/index.d.ts

@@ -1,6 +1,6 @@
 import * as better_call from 'better-call';
 import * as z from 'zod/v4';
-import { U as User, I as InferOptionSchema, l as AuthEndpoint, H as HookEndpointContext } from '../../shared/better-auth.Dj2HyOmw.js';
+import { U as User, I as InferOptionSchema, l as AuthEndpoint, H as HookEndpointContext } from '../../shared/better-auth.DdfarOau.js';
 import { L as LiteralString } from '../../shared/better-auth.ZSfSbnQT.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import 'kysely';

package/dist/plugins/username/index.d.cts

@@ -1,4 +1,4 @@
-import { I as InferOptionSchema, H as HookEndpointContext } from '../../shared/better-auth.CiGummYu.cjs';
+import { I as InferOptionSchema, H as HookEndpointContext } from '../../shared/better-auth.84gXUliC.cjs';
 import * as z from 'zod/v4';
 import * as better_call from 'better-call';
 import 'kysely';

package/dist/plugins/username/index.d.mts

@@ -1,4 +1,4 @@
-import { I as InferOptionSchema, H as HookEndpointContext } from '../../shared/better-auth.CePXeKag.mjs';
+import { I as InferOptionSchema, H as HookEndpointContext } from '../../shared/better-auth.BFooP6d2.mjs';
 import * as z from 'zod/v4';
 import * as better_call from 'better-call';
 import 'kysely';

package/dist/plugins/username/index.d.ts

@@ -1,4 +1,4 @@
-import { I as InferOptionSchema, H as HookEndpointContext } from '../../shared/better-auth.Dj2HyOmw.js';
+import { I as InferOptionSchema, H as HookEndpointContext } from '../../shared/better-auth.DdfarOau.js';
 import * as z from 'zod/v4';
 import * as better_call from 'better-call';
 import 'kysely';

package/dist/shared/{better-auth.B1VHvePI.d.mts → better-auth.B36j7OCI.d.mts}

@@ -1,4 +1,4 @@
-import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.CePXeKag.mjs';
+import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.BFooP6d2.mjs';
 import { Statements } from '../plugins/access/index.mjs';
 import * as zod_v4_core from 'zod/v4/core';
 import * as z from 'zod/v4';

package/dist/shared/{better-auth.BXW4aAiQ.cjs → better-auth.B3p123j1.cjs}

@@ -22,7 +22,7 @@ require('@better-auth/utils');
 require('@better-auth/utils/hex');
 require('@noble/hashes/utils');
 const random = require('./better-auth.CYeOI8C-.cjs');
-const plugins_jwt_index = require('./better-auth.johXc5IC.cjs');
+const plugins_jwt_index = require('../plugins/jwt/index.cjs');
 
 function _interopNamespaceCompat(e) {
 	if (e && typeof e === 'object' && 'default' in e) return e;

package/dist/shared/{better-auth.CeY8lCIq.cjs → better-auth.BDsrc21Q.cjs}

@@ -814,7 +814,8 @@ const ORGANIZATION_ERROR_CODES = {
   YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM: "You are not allowed to list the members of this team",
   YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM: "You do not have an active team",
   YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER: "You are not allowed to create a new member",
-  YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER: "You are not allowed to remove a team member"
+  YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER: "You are not allowed to remove a team member",
+  YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION: "You are not allowed to access this organization as an owner"
 };
 
 const createInvitation = (option) => {
@@ -3021,22 +3022,21 @@ const listOrganizationTeams = (options) => socialProviders_index.createAuthEndpo
   },
   async (ctx) => {
     const session = ctx.context.session;
-    const organizationId = session.session.activeOrganizationId || ctx.query?.organizationId;
+    const organizationId = ctx.query?.organizationId || session?.session.activeOrganizationId;
     if (!organizationId) {
-      return ctx.json(null, {
-        status: 400,
-        body: {
-          message: ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION
-        }
+      throw ctx.error("BAD_REQUEST", {
+        message: ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION
       });
     }
     const adapter = getOrgAdapter(ctx.context, options);
     const member = await adapter.findMemberByOrgId({
-      userId: session?.user.id,
+      userId: session.user.id,
       organizationId: organizationId || ""
     });
     if (!member) {
-      throw new betterCall.APIError("FORBIDDEN");
+      throw new betterCall.APIError("FORBIDDEN", {
+        message: ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION
+      });
     }
     const teams = await adapter.listTeams(organizationId);
     return ctx.json(teams);
@@ -3171,9 +3171,9 @@ const listTeamMembers = (options) => socialProviders_index.createAuthEndpoint(
     method: "GET",
     query: z__namespace.optional(
       z__namespace.object({
-        teamId: z__namespace.string().optional()
-      }).meta({
-        description: "The team whose members we should return. If this is not provided the members of the current active team get returned."
+        teamId: z__namespace.string().optional().meta({
+          description: "The team whose members we should return. If this is not provided the members of the current active team get returned."
+        })
       })
     ),
     metadata: {
@@ -3223,34 +3223,15 @@ const listTeamMembers = (options) => socialProviders_index.createAuthEndpoint(
   async (ctx) => {
     const session = ctx.context.session;
     const adapter = getOrgAdapter(ctx.context, ctx.context.orgOptions);
-    if (!session.session.activeOrganizationId) {
+    let teamId = ctx.query?.teamId || session?.session.activeTeamId;
+    if (!teamId) {
       throw new betterCall.APIError("BAD_REQUEST", {
-        message: ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION
-      });
-    }
-    if (!ctx.query?.teamId) {
-      if (!session.session.activeTeamId) {
-        throw new betterCall.APIError("FORBIDDEN", {
-          message: ORGANIZATION_ERROR_CODES.YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM
-        });
-      }
-      const member2 = await adapter.findTeamMember({
-        userId: session.user.id,
-        teamId: session.session.activeTeamId
-      });
-      if (!member2) {
-        throw new betterCall.APIError("BAD_REQUEST", {
-          message: ORGANIZATION_ERROR_CODES.USER_IS_NOT_A_MEMBER_OF_THE_TEAM
-        });
-      }
-      const members2 = await adapter.listTeamMembers({
-        teamId: session.session.activeTeamId
+        message: ORGANIZATION_ERROR_CODES.YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM
       });
-      return ctx.json(members2);
     }
     const member = await adapter.findTeamMember({
       userId: session.user.id,
-      teamId: ctx.query.teamId
+      teamId
     });
     if (!member) {
       throw new betterCall.APIError("BAD_REQUEST", {
@@ -3258,7 +3239,7 @@ const listTeamMembers = (options) => socialProviders_index.createAuthEndpoint(
       });
     }
     const members = await adapter.listTeamMembers({
-      teamId: ctx.query.teamId
+      teamId
     });
     return ctx.json(members);
   }

package/dist/shared/{better-auth.CF-FWRQL.d.cts → better-auth.BQyjc_QW.d.cts}

@@ -1,4 +1,4 @@
-import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.CiGummYu.cjs';
+import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.84gXUliC.cjs';
 import { BetterFetchOption, BetterFetchResponse, BetterFetch, BetterFetchPlugin } from '@better-fetch/fetch';
 import { WritableAtom, Atom } from 'nanostores';
 import { U as UnionToIntersection, H as HasRequiredKeys, a as Prettify, L as LiteralString, S as StripEmptyObjects } from './better-auth.ZSfSbnQT.cjs';

package/dist/shared/{better-auth.DR6QsC6j.mjs → better-auth.C1Ly154X.mjs}

@@ -798,7 +798,8 @@ const ORGANIZATION_ERROR_CODES = {
   YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM: "You are not allowed to list the members of this team",
   YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM: "You do not have an active team",
   YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER: "You are not allowed to create a new member",
-  YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER: "You are not allowed to remove a team member"
+  YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER: "You are not allowed to remove a team member",
+  YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION: "You are not allowed to access this organization as an owner"
 };
 
 const createInvitation = (option) => {
@@ -3005,22 +3006,21 @@ const listOrganizationTeams = (options) => createAuthEndpoint(
   },
   async (ctx) => {
     const session = ctx.context.session;
-    const organizationId = session.session.activeOrganizationId || ctx.query?.organizationId;
+    const organizationId = ctx.query?.organizationId || session?.session.activeOrganizationId;
     if (!organizationId) {
-      return ctx.json(null, {
-        status: 400,
-        body: {
-          message: ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION
-        }
+      throw ctx.error("BAD_REQUEST", {
+        message: ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION
       });
     }
     const adapter = getOrgAdapter(ctx.context, options);
     const member = await adapter.findMemberByOrgId({
-      userId: session?.user.id,
+      userId: session.user.id,
       organizationId: organizationId || ""
     });
     if (!member) {
-      throw new APIError("FORBIDDEN");
+      throw new APIError("FORBIDDEN", {
+        message: ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION
+      });
     }
     const teams = await adapter.listTeams(organizationId);
     return ctx.json(teams);
@@ -3155,9 +3155,9 @@ const listTeamMembers = (options) => createAuthEndpoint(
     method: "GET",
     query: z.optional(
       z.object({
-        teamId: z.string().optional()
-      }).meta({
-        description: "The team whose members we should return. If this is not provided the members of the current active team get returned."
+        teamId: z.string().optional().meta({
+          description: "The team whose members we should return. If this is not provided the members of the current active team get returned."
+        })
       })
     ),
     metadata: {
@@ -3207,34 +3207,15 @@ const listTeamMembers = (options) => createAuthEndpoint(
   async (ctx) => {
     const session = ctx.context.session;
     const adapter = getOrgAdapter(ctx.context, ctx.context.orgOptions);
-    if (!session.session.activeOrganizationId) {
+    let teamId = ctx.query?.teamId || session?.session.activeTeamId;
+    if (!teamId) {
       throw new APIError("BAD_REQUEST", {
-        message: ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION
-      });
-    }
-    if (!ctx.query?.teamId) {
-      if (!session.session.activeTeamId) {
-        throw new APIError("FORBIDDEN", {
-          message: ORGANIZATION_ERROR_CODES.YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM
-        });
-      }
-      const member2 = await adapter.findTeamMember({
-        userId: session.user.id,
-        teamId: session.session.activeTeamId
-      });
-      if (!member2) {
-        throw new APIError("BAD_REQUEST", {
-          message: ORGANIZATION_ERROR_CODES.USER_IS_NOT_A_MEMBER_OF_THE_TEAM
-        });
-      }
-      const members2 = await adapter.listTeamMembers({
-        teamId: session.session.activeTeamId
+        message: ORGANIZATION_ERROR_CODES.YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM
       });
-      return ctx.json(members2);
     }
     const member = await adapter.findTeamMember({
       userId: session.user.id,
-      teamId: ctx.query.teamId
+      teamId
     });
     if (!member) {
       throw new APIError("BAD_REQUEST", {
@@ -3242,7 +3223,7 @@ const listTeamMembers = (options) => createAuthEndpoint(
       });
     }
     const members = await adapter.listTeamMembers({
-      teamId: ctx.query.teamId
+      teamId
     });
     return ctx.json(members);
   }

package/dist/shared/{better-auth.DEgvs2nh.d.cts → better-auth.C_oxxeck.d.mts}

@@ -1,4 +1,4 @@
-import { G as GenericEndpointContext } from './better-auth.CiGummYu.cjs';
+import { G as GenericEndpointContext } from './better-auth.BFooP6d2.mjs';
 
 declare function generateState(c: GenericEndpointContext, link?: {
     email: string;

package/dist/shared/{better-auth.B0e3ZzlM.d.cts → better-auth.Co08Vfmu.d.cts}

@@ -1,4 +1,4 @@
-import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.CiGummYu.cjs';
+import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.84gXUliC.cjs';
 import { Statements } from '../plugins/access/index.cjs';
 import * as zod_v4_core from 'zod/v4/core';
 import * as z from 'zod/v4';

package/dist/shared/{better-auth.Bwe61noi.d.ts → better-auth.CtrZTpKh.d.ts}

@@ -1,4 +1,4 @@
-import { G as GenericEndpointContext } from './better-auth.Dj2HyOmw.js';
+import { G as GenericEndpointContext } from './better-auth.DdfarOau.js';
 
 declare function generateState(c: GenericEndpointContext, link?: {
     email: string;

package/dist/shared/{better-auth.HDgvLN7B.mjs → better-auth.CvxACSRz.mjs}

@@ -20,7 +20,7 @@ import '@better-auth/utils';
 import '@better-auth/utils/hex';
 import '@noble/hashes/utils';
 import { g as generateRandomString } from './better-auth.B4Qoxdgc.mjs';
-import { a as getJwtToken } from './better-auth.D1SaVuxk.mjs';
+import { getJwtToken } from '../plugins/jwt/index.mjs';
 
 const schema = {
   oauthApplication: {

package/dist/shared/{better-auth.B_G094Aj.d.ts → better-auth.DM13Kwsw.d.ts}

@@ -1,4 +1,4 @@
-import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.Dj2HyOmw.js';
+import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.DdfarOau.js';
 import { BetterFetchOption, BetterFetchResponse, BetterFetch, BetterFetchPlugin } from '@better-fetch/fetch';
 import { WritableAtom, Atom } from 'nanostores';
 import { U as UnionToIntersection, H as HasRequiredKeys, a as Prettify, L as LiteralString, S as StripEmptyObjects } from './better-auth.ZSfSbnQT.js';

package/dist/shared/{better-auth.BF0l18Af.d.mts → better-auth.VRX5gxZv.d.cts}

@@ -1,4 +1,4 @@
-import { G as GenericEndpointContext } from './better-auth.CePXeKag.mjs';
+import { G as GenericEndpointContext } from './better-auth.84gXUliC.cjs';
 
 declare function generateState(c: GenericEndpointContext, link?: {
     email: string;

package/dist/shared/{better-auth.DbqVX6sp.d.mts → better-auth.f91UNEc0.d.mts}

@@ -1,4 +1,4 @@
-import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.CePXeKag.mjs';
+import { h as BetterAuthPlugin, B as BetterAuthOptions, ad as InferFieldsInputClient, ab as InferFieldsOutput, U as User, S as Session, n as Auth } from './better-auth.BFooP6d2.mjs';
 import { BetterFetchOption, BetterFetchResponse, BetterFetch, BetterFetchPlugin } from '@better-fetch/fetch';
 import { WritableAtom, Atom } from 'nanostores';
 import { U as UnionToIntersection, H as HasRequiredKeys, a as Prettify, L as LiteralString, S as StripEmptyObjects } from './better-auth.ZSfSbnQT.mjs';

package/dist/shared/{better-auth.CHvHihjD.d.ts → better-auth.xU7dIFql.d.ts}

@@ -1,4 +1,4 @@
-import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.Dj2HyOmw.js';
+import { G as GenericEndpointContext, I as InferOptionSchema, H as HookEndpointContext, p as AuthContext } from './better-auth.DdfarOau.js';
 import { Statements } from '../plugins/access/index.js';
 import * as zod_v4_core from 'zod/v4/core';
 import * as z from 'zod/v4';

package/dist/test-utils/index.d.cts

@@ -1,8 +1,8 @@
 import * as nanostores from 'nanostores';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { SuccessContext } from '@better-fetch/fetch';
-import { C as ClientOptions, B as BetterAuthClientPlugin, I as IsSignal, d as InferRoute, c as InferErrorCodes } from '../shared/better-auth.CF-FWRQL.cjs';
-import { B as BetterAuthOptions, U as User, t as InferAPI, a as Adapter, u as AdditionalSessionFieldsOutput, n as Auth, v as AdditionalUserFieldsOutput, w as InferFieldsFromPlugins, x as InferFieldsFromOptions, y as AdditionalUserFieldsInput, h as BetterAuthPlugin, p as AuthContext, z as InferPluginTypes, i as InferPluginErrorCodes, F as FilterActions, S as Session, D as setCookieToHeader } from '../shared/better-auth.CiGummYu.cjs';
+import { C as ClientOptions, B as BetterAuthClientPlugin, I as IsSignal, d as InferRoute, c as InferErrorCodes } from '../shared/better-auth.BQyjc_QW.cjs';
+import { B as BetterAuthOptions, U as User, t as InferAPI, a as Adapter, u as AdditionalSessionFieldsOutput, n as Auth, v as AdditionalUserFieldsOutput, w as InferFieldsFromPlugins, x as InferFieldsFromOptions, y as AdditionalUserFieldsInput, h as BetterAuthPlugin, p as AuthContext, z as InferPluginTypes, i as InferPluginErrorCodes, F as FilterActions, S as Session, D as setCookieToHeader } from '../shared/better-auth.84gXUliC.cjs';
 import * as better_call from 'better-call';
 import { U as UnionToIntersection, S as StripEmptyObjects, a as Prettify } from '../shared/better-auth.ZSfSbnQT.cjs';
 import { O as OAuth2Tokens } from '../shared/better-auth.npEvGVS_.cjs';

package/dist/test-utils/index.d.mts

@@ -1,8 +1,8 @@
 import * as nanostores from 'nanostores';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { SuccessContext } from '@better-fetch/fetch';
-import { C as ClientOptions, B as BetterAuthClientPlugin, I as IsSignal, d as InferRoute, c as InferErrorCodes } from '../shared/better-auth.DbqVX6sp.mjs';
-import { B as BetterAuthOptions, U as User, t as InferAPI, a as Adapter, u as AdditionalSessionFieldsOutput, n as Auth, v as AdditionalUserFieldsOutput, w as InferFieldsFromPlugins, x as InferFieldsFromOptions, y as AdditionalUserFieldsInput, h as BetterAuthPlugin, p as AuthContext, z as InferPluginTypes, i as InferPluginErrorCodes, F as FilterActions, S as Session, D as setCookieToHeader } from '../shared/better-auth.CePXeKag.mjs';
+import { C as ClientOptions, B as BetterAuthClientPlugin, I as IsSignal, d as InferRoute, c as InferErrorCodes } from '../shared/better-auth.f91UNEc0.mjs';
+import { B as BetterAuthOptions, U as User, t as InferAPI, a as Adapter, u as AdditionalSessionFieldsOutput, n as Auth, v as AdditionalUserFieldsOutput, w as InferFieldsFromPlugins, x as InferFieldsFromOptions, y as AdditionalUserFieldsInput, h as BetterAuthPlugin, p as AuthContext, z as InferPluginTypes, i as InferPluginErrorCodes, F as FilterActions, S as Session, D as setCookieToHeader } from '../shared/better-auth.BFooP6d2.mjs';
 import * as better_call from 'better-call';
 import { U as UnionToIntersection, S as StripEmptyObjects, a as Prettify } from '../shared/better-auth.ZSfSbnQT.mjs';
 import { O as OAuth2Tokens } from '../shared/better-auth.IegS6fw_.mjs';

package/dist/test-utils/index.d.ts

@@ -1,8 +1,8 @@
 import * as nanostores from 'nanostores';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { SuccessContext } from '@better-fetch/fetch';
-import { C as ClientOptions, B as BetterAuthClientPlugin, I as IsSignal, d as InferRoute, c as InferErrorCodes } from '../shared/better-auth.B_G094Aj.js';
-import { B as BetterAuthOptions, U as User, t as InferAPI, a as Adapter, u as AdditionalSessionFieldsOutput, n as Auth, v as AdditionalUserFieldsOutput, w as InferFieldsFromPlugins, x as InferFieldsFromOptions, y as AdditionalUserFieldsInput, h as BetterAuthPlugin, p as AuthContext, z as InferPluginTypes, i as InferPluginErrorCodes, F as FilterActions, S as Session, D as setCookieToHeader } from '../shared/better-auth.Dj2HyOmw.js';
+import { C as ClientOptions, B as BetterAuthClientPlugin, I as IsSignal, d as InferRoute, c as InferErrorCodes } from '../shared/better-auth.DM13Kwsw.js';
+import { B as BetterAuthOptions, U as User, t as InferAPI, a as Adapter, u as AdditionalSessionFieldsOutput, n as Auth, v as AdditionalUserFieldsOutput, w as InferFieldsFromPlugins, x as InferFieldsFromOptions, y as AdditionalUserFieldsInput, h as BetterAuthPlugin, p as AuthContext, z as InferPluginTypes, i as InferPluginErrorCodes, F as FilterActions, S as Session, D as setCookieToHeader } from '../shared/better-auth.DdfarOau.js';
 import * as better_call from 'better-call';
 import { U as UnionToIntersection, S as StripEmptyObjects, a as Prettify } from '../shared/better-auth.ZSfSbnQT.js';
 import { O as OAuth2Tokens } from '../shared/better-auth.DPa2nz5L.js';