better-auth 1.3.9-beta.2 → 1.3.9-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (272) hide show
  1. package/dist/adapters/drizzle-adapter/index.cjs +5 -6
  2. package/dist/adapters/drizzle-adapter/index.d.cts +2 -3
  3. package/dist/adapters/drizzle-adapter/index.d.mts +2 -3
  4. package/dist/adapters/drizzle-adapter/index.d.ts +2 -3
  5. package/dist/adapters/drizzle-adapter/index.mjs +5 -6
  6. package/dist/adapters/index.cjs +5 -6
  7. package/dist/adapters/index.d.cts +3 -4
  8. package/dist/adapters/index.d.mts +3 -4
  9. package/dist/adapters/index.d.ts +3 -4
  10. package/dist/adapters/index.mjs +5 -6
  11. package/dist/adapters/kysely-adapter/index.cjs +6 -7
  12. package/dist/adapters/kysely-adapter/index.d.cts +2 -3
  13. package/dist/adapters/kysely-adapter/index.d.mts +2 -3
  14. package/dist/adapters/kysely-adapter/index.d.ts +2 -3
  15. package/dist/adapters/kysely-adapter/index.mjs +6 -7
  16. package/dist/adapters/memory-adapter/index.cjs +6 -7
  17. package/dist/adapters/memory-adapter/index.d.cts +2 -3
  18. package/dist/adapters/memory-adapter/index.d.mts +2 -3
  19. package/dist/adapters/memory-adapter/index.d.ts +2 -3
  20. package/dist/adapters/memory-adapter/index.mjs +6 -7
  21. package/dist/adapters/mongodb-adapter/index.cjs +6 -7
  22. package/dist/adapters/mongodb-adapter/index.d.cts +2 -3
  23. package/dist/adapters/mongodb-adapter/index.d.mts +2 -3
  24. package/dist/adapters/mongodb-adapter/index.d.ts +2 -3
  25. package/dist/adapters/mongodb-adapter/index.mjs +6 -7
  26. package/dist/adapters/prisma-adapter/index.cjs +5 -6
  27. package/dist/adapters/prisma-adapter/index.d.cts +2 -3
  28. package/dist/adapters/prisma-adapter/index.d.mts +2 -3
  29. package/dist/adapters/prisma-adapter/index.d.ts +2 -3
  30. package/dist/adapters/prisma-adapter/index.mjs +5 -6
  31. package/dist/adapters/test.cjs +4 -5
  32. package/dist/adapters/test.d.cts +2 -3
  33. package/dist/adapters/test.d.mts +2 -3
  34. package/dist/adapters/test.d.ts +2 -3
  35. package/dist/adapters/test.mjs +4 -5
  36. package/dist/api/index.cjs +23 -6
  37. package/dist/api/index.d.cts +2 -3
  38. package/dist/api/index.d.mts +2 -3
  39. package/dist/api/index.d.ts +2 -3
  40. package/dist/api/index.mjs +24 -7
  41. package/dist/client/index.d.cts +4 -5
  42. package/dist/client/index.d.mts +4 -5
  43. package/dist/client/index.d.ts +4 -5
  44. package/dist/client/plugins/index.cjs +6 -7
  45. package/dist/client/plugins/index.d.cts +5 -5
  46. package/dist/client/plugins/index.d.mts +5 -5
  47. package/dist/client/plugins/index.d.ts +5 -5
  48. package/dist/client/plugins/index.mjs +6 -7
  49. package/dist/client/react/index.d.cts +4 -5
  50. package/dist/client/react/index.d.mts +4 -5
  51. package/dist/client/react/index.d.ts +4 -5
  52. package/dist/client/solid/index.d.cts +3 -4
  53. package/dist/client/solid/index.d.mts +3 -4
  54. package/dist/client/solid/index.d.ts +3 -4
  55. package/dist/client/svelte/index.d.cts +3 -4
  56. package/dist/client/svelte/index.d.mts +3 -4
  57. package/dist/client/svelte/index.d.ts +3 -4
  58. package/dist/client/vue/index.d.cts +3 -4
  59. package/dist/client/vue/index.d.mts +3 -4
  60. package/dist/client/vue/index.d.ts +3 -4
  61. package/dist/cookies/index.d.cts +2 -3
  62. package/dist/cookies/index.d.mts +2 -3
  63. package/dist/cookies/index.d.ts +2 -3
  64. package/dist/crypto/index.cjs +12 -13
  65. package/dist/crypto/index.mjs +4 -5
  66. package/dist/db/index.cjs +8 -9
  67. package/dist/db/index.d.cts +3 -4
  68. package/dist/db/index.d.mts +3 -4
  69. package/dist/db/index.d.ts +3 -4
  70. package/dist/db/index.mjs +8 -9
  71. package/dist/index.cjs +10 -11
  72. package/dist/index.d.cts +10 -11
  73. package/dist/index.d.mts +10 -11
  74. package/dist/index.d.ts +10 -11
  75. package/dist/index.mjs +10 -11
  76. package/dist/integrations/next-js.cjs +7 -8
  77. package/dist/integrations/next-js.d.cts +2 -3
  78. package/dist/integrations/next-js.d.mts +2 -3
  79. package/dist/integrations/next-js.d.ts +2 -3
  80. package/dist/integrations/next-js.mjs +7 -8
  81. package/dist/integrations/node.d.cts +2 -3
  82. package/dist/integrations/node.d.mts +2 -3
  83. package/dist/integrations/node.d.ts +2 -3
  84. package/dist/integrations/react-start.cjs +7 -8
  85. package/dist/integrations/react-start.d.cts +2 -3
  86. package/dist/integrations/react-start.d.mts +2 -3
  87. package/dist/integrations/react-start.d.ts +2 -3
  88. package/dist/integrations/react-start.mjs +7 -8
  89. package/dist/integrations/svelte-kit.cjs +5 -6
  90. package/dist/integrations/svelte-kit.d.cts +2 -3
  91. package/dist/integrations/svelte-kit.d.mts +2 -3
  92. package/dist/integrations/svelte-kit.d.ts +2 -3
  93. package/dist/integrations/svelte-kit.mjs +5 -6
  94. package/dist/oauth2/index.cjs +5 -6
  95. package/dist/oauth2/index.d.cts +4 -4
  96. package/dist/oauth2/index.d.mts +4 -4
  97. package/dist/oauth2/index.d.ts +4 -4
  98. package/dist/oauth2/index.mjs +5 -6
  99. package/dist/plugins/admin/index.cjs +6 -7
  100. package/dist/plugins/admin/index.d.cts +4 -5
  101. package/dist/plugins/admin/index.d.mts +4 -5
  102. package/dist/plugins/admin/index.d.ts +4 -5
  103. package/dist/plugins/admin/index.mjs +6 -7
  104. package/dist/plugins/anonymous/index.cjs +5 -6
  105. package/dist/plugins/anonymous/index.d.cts +2 -3
  106. package/dist/plugins/anonymous/index.d.mts +2 -3
  107. package/dist/plugins/anonymous/index.d.ts +2 -3
  108. package/dist/plugins/anonymous/index.mjs +5 -6
  109. package/dist/plugins/bearer/index.cjs +5 -6
  110. package/dist/plugins/bearer/index.d.cts +2 -3
  111. package/dist/plugins/bearer/index.d.mts +2 -3
  112. package/dist/plugins/bearer/index.d.ts +2 -3
  113. package/dist/plugins/bearer/index.mjs +5 -6
  114. package/dist/plugins/captcha/index.d.cts +2 -3
  115. package/dist/plugins/captcha/index.d.mts +2 -3
  116. package/dist/plugins/captcha/index.d.ts +2 -3
  117. package/dist/plugins/custom-session/index.cjs +5 -6
  118. package/dist/plugins/custom-session/index.d.cts +2 -3
  119. package/dist/plugins/custom-session/index.d.mts +2 -3
  120. package/dist/plugins/custom-session/index.d.ts +2 -3
  121. package/dist/plugins/custom-session/index.mjs +5 -6
  122. package/dist/plugins/device-authorization/index.cjs +4 -5
  123. package/dist/plugins/device-authorization/index.d.cts +2 -3
  124. package/dist/plugins/device-authorization/index.d.mts +2 -3
  125. package/dist/plugins/device-authorization/index.d.ts +2 -3
  126. package/dist/plugins/device-authorization/index.mjs +4 -5
  127. package/dist/plugins/email-otp/index.cjs +5 -6
  128. package/dist/plugins/email-otp/index.d.cts +2 -3
  129. package/dist/plugins/email-otp/index.d.mts +2 -3
  130. package/dist/plugins/email-otp/index.d.ts +2 -3
  131. package/dist/plugins/email-otp/index.mjs +5 -6
  132. package/dist/plugins/generic-oauth/index.cjs +5 -6
  133. package/dist/plugins/generic-oauth/index.d.cts +2 -3
  134. package/dist/plugins/generic-oauth/index.d.mts +2 -3
  135. package/dist/plugins/generic-oauth/index.d.ts +2 -3
  136. package/dist/plugins/generic-oauth/index.mjs +5 -6
  137. package/dist/plugins/haveibeenpwned/index.cjs +5 -6
  138. package/dist/plugins/haveibeenpwned/index.d.cts +2 -3
  139. package/dist/plugins/haveibeenpwned/index.d.mts +2 -3
  140. package/dist/plugins/haveibeenpwned/index.d.ts +2 -3
  141. package/dist/plugins/haveibeenpwned/index.mjs +5 -6
  142. package/dist/plugins/index.cjs +17 -16
  143. package/dist/plugins/index.d.cts +7 -7
  144. package/dist/plugins/index.d.mts +7 -7
  145. package/dist/plugins/index.d.ts +7 -7
  146. package/dist/plugins/index.mjs +18 -17
  147. package/dist/plugins/jwt/index.cjs +6 -7
  148. package/dist/plugins/jwt/index.d.cts +2 -2
  149. package/dist/plugins/jwt/index.d.mts +2 -2
  150. package/dist/plugins/jwt/index.d.ts +2 -2
  151. package/dist/plugins/jwt/index.mjs +7 -8
  152. package/dist/plugins/magic-link/index.cjs +5 -6
  153. package/dist/plugins/magic-link/index.mjs +5 -6
  154. package/dist/plugins/multi-session/index.cjs +5 -6
  155. package/dist/plugins/multi-session/index.d.cts +2 -3
  156. package/dist/plugins/multi-session/index.d.mts +2 -3
  157. package/dist/plugins/multi-session/index.d.ts +2 -3
  158. package/dist/plugins/multi-session/index.mjs +5 -6
  159. package/dist/plugins/oauth-proxy/index.cjs +5 -6
  160. package/dist/plugins/oauth-proxy/index.d.cts +2 -3
  161. package/dist/plugins/oauth-proxy/index.d.mts +2 -3
  162. package/dist/plugins/oauth-proxy/index.d.ts +2 -3
  163. package/dist/plugins/oauth-proxy/index.mjs +5 -6
  164. package/dist/plugins/oidc-provider/index.cjs +7 -8
  165. package/dist/plugins/oidc-provider/index.d.cts +2 -3
  166. package/dist/plugins/oidc-provider/index.d.mts +2 -3
  167. package/dist/plugins/oidc-provider/index.d.ts +2 -3
  168. package/dist/plugins/oidc-provider/index.mjs +7 -8
  169. package/dist/plugins/one-tap/index.cjs +5 -6
  170. package/dist/plugins/one-tap/index.mjs +5 -6
  171. package/dist/plugins/one-time-token/index.cjs +8 -9
  172. package/dist/plugins/one-time-token/index.d.cts +2 -3
  173. package/dist/plugins/one-time-token/index.d.mts +2 -3
  174. package/dist/plugins/one-time-token/index.d.ts +2 -3
  175. package/dist/plugins/one-time-token/index.mjs +8 -9
  176. package/dist/plugins/open-api/index.cjs +44 -13
  177. package/dist/plugins/open-api/index.d.cts +2 -3
  178. package/dist/plugins/open-api/index.d.mts +2 -3
  179. package/dist/plugins/open-api/index.d.ts +2 -3
  180. package/dist/plugins/open-api/index.mjs +44 -13
  181. package/dist/plugins/organization/index.cjs +8 -9
  182. package/dist/plugins/organization/index.d.cts +2 -3
  183. package/dist/plugins/organization/index.d.mts +2 -3
  184. package/dist/plugins/organization/index.d.ts +2 -3
  185. package/dist/plugins/organization/index.mjs +8 -9
  186. package/dist/plugins/passkey/index.cjs +5 -6
  187. package/dist/plugins/passkey/index.d.cts +2 -3
  188. package/dist/plugins/passkey/index.d.mts +2 -3
  189. package/dist/plugins/passkey/index.d.ts +2 -3
  190. package/dist/plugins/passkey/index.mjs +5 -6
  191. package/dist/plugins/phone-number/index.cjs +5 -6
  192. package/dist/plugins/phone-number/index.d.cts +2 -3
  193. package/dist/plugins/phone-number/index.d.mts +2 -3
  194. package/dist/plugins/phone-number/index.d.ts +2 -3
  195. package/dist/plugins/phone-number/index.mjs +5 -6
  196. package/dist/plugins/siwe/index.cjs +7 -8
  197. package/dist/plugins/siwe/index.d.cts +2 -3
  198. package/dist/plugins/siwe/index.d.mts +2 -3
  199. package/dist/plugins/siwe/index.d.ts +2 -3
  200. package/dist/plugins/siwe/index.mjs +7 -8
  201. package/dist/plugins/sso/index.cjs +5 -6
  202. package/dist/plugins/sso/index.d.cts +2 -3
  203. package/dist/plugins/sso/index.d.mts +2 -3
  204. package/dist/plugins/sso/index.d.ts +2 -3
  205. package/dist/plugins/sso/index.mjs +5 -6
  206. package/dist/plugins/two-factor/index.cjs +5 -6
  207. package/dist/plugins/two-factor/index.d.cts +2 -3
  208. package/dist/plugins/two-factor/index.d.mts +2 -3
  209. package/dist/plugins/two-factor/index.d.ts +2 -3
  210. package/dist/plugins/two-factor/index.mjs +5 -6
  211. package/dist/plugins/username/index.cjs +20 -6
  212. package/dist/plugins/username/index.d.cts +19 -5
  213. package/dist/plugins/username/index.d.mts +19 -5
  214. package/dist/plugins/username/index.d.ts +19 -5
  215. package/dist/plugins/username/index.mjs +20 -6
  216. package/dist/shared/{better-auth.Ck4qhtF6.mjs → better-auth.5WTE-uUO.mjs} +5 -6
  217. package/dist/shared/{better-auth.DGuotwA1.d.cts → better-auth.6crrbXrP.d.cts} +308 -8
  218. package/dist/shared/{better-auth.gF8vGD5L.mjs → better-auth.7ZeACU2v.mjs} +5 -6
  219. package/dist/shared/{better-auth.CnIVrMwK.d.ts → better-auth.B-CitgLp.d.ts} +1 -1
  220. package/dist/shared/{better-auth.CXBi-DJc.cjs → better-auth.B-GguVp5.cjs} +7 -8
  221. package/dist/shared/{better-auth.CEc4wau_.d.cts → better-auth.B-V8R4q7.d.cts} +1 -1
  222. package/dist/shared/{better-auth.mA4L_-fq.d.ts → better-auth.B5FL4Q2B.d.ts} +2 -3
  223. package/dist/shared/{better-auth.EF9Iq11i.d.ts → better-auth.BAnyvLX6.d.ts} +1 -1
  224. package/dist/shared/{better-auth.C_gHVcnc.cjs → better-auth.BEYvND1Y.cjs} +1 -1
  225. package/dist/shared/{better-auth.TZOo7890.cjs → better-auth.BVUwL7ru.cjs} +1 -1
  226. package/dist/shared/{better-auth.BjjUH-Ka.mjs → better-auth.BWl2NB1B.mjs} +1 -1
  227. package/dist/shared/{better-auth.BlqpEUaH.mjs → better-auth.BZTBs9Yy.mjs} +7 -8
  228. package/dist/shared/{better-auth.CTMmErGI.d.cts → better-auth.BaMSx6K3.d.cts} +2 -3
  229. package/dist/shared/{better-auth.DXKgbji-.mjs → better-auth.BduPtJy8.mjs} +1 -1
  230. package/dist/shared/{better-auth.Dc0nj0we.cjs → better-auth.BlsHS68J.cjs} +22 -5
  231. package/dist/shared/{better-auth.Dyb4JEgv.cjs → better-auth.C5ZbY8Lo.cjs} +6 -7
  232. package/dist/shared/{better-auth.XP_NDvic.mjs → better-auth.C7KUdiwV.mjs} +1 -1
  233. package/dist/shared/{better-auth.BvYLXwvp.cjs → better-auth.CMwM5enp.cjs} +1 -0
  234. package/dist/shared/{better-auth.DtZRMuXL.cjs → better-auth.CRFFLEbh.cjs} +6 -7
  235. package/dist/shared/{better-auth.B3CPLvGC.mjs → better-auth.CSEecXfV.mjs} +22 -5
  236. package/dist/shared/{better-auth.DTV9hYzN.cjs → better-auth.CdLjcJ6z.cjs} +7 -8
  237. package/dist/shared/{better-auth.B8UjXTUa.mjs → better-auth.CtB1M_c7.mjs} +1 -1
  238. package/dist/shared/{better-auth.DFJOJkY1.cjs → better-auth.CtgUZb45.cjs} +7 -8
  239. package/dist/shared/{better-auth.3K3VNUn3.mjs → better-auth.D9PzlwY_.mjs} +6 -7
  240. package/dist/shared/{better-auth.CY7-Inqt.mjs → better-auth.DDuRjwGK.mjs} +1 -0
  241. package/dist/shared/{better-auth.B1yOWNP8.cjs → better-auth.DEKJQy4E.cjs} +1 -1
  242. package/dist/shared/{better-auth.DAUyNtx1.mjs → better-auth.DLsqH9Hw.mjs} +7 -8
  243. package/dist/shared/{better-auth.BuBqXPUp.mjs → better-auth.DOXaXTC6.mjs} +4 -5
  244. package/dist/shared/{better-auth.BWzwHY8m.cjs → better-auth.DPsIzckY.cjs} +5 -6
  245. package/dist/shared/{better-auth.DDDKwecE.mjs → better-auth.DQ6bmgix.mjs} +7 -8
  246. package/dist/shared/{better-auth.ChqAn6N0.d.mts → better-auth.DQLetyog.d.cts} +1 -1
  247. package/dist/shared/{better-auth.ZUo2dMO3.d.mts → better-auth.DR57bygo.d.mts} +2 -3
  248. package/dist/shared/{better-auth.fBcUR9cm.mjs → better-auth.DV0Lly8-.mjs} +6 -7
  249. package/dist/shared/{better-auth.WOu5GuAp.d.ts → better-auth.DtrrQDoO.d.ts} +5 -5
  250. package/dist/shared/{better-auth.aZPAhP-f.cjs → better-auth.QqWdVDmR.cjs} +5 -6
  251. package/dist/shared/{better-auth.DU2vRHKI.d.ts → better-auth.S3lnSz8Y.d.ts} +308 -8
  252. package/dist/shared/{better-auth.C9jfJUDF.cjs → better-auth.Szg-8evr.cjs} +4 -5
  253. package/dist/shared/{better-auth.llWU4_4y.d.cts → better-auth.UcasWcPe.d.cts} +5 -5
  254. package/dist/shared/{better-auth.YWGwdADP.cjs → better-auth.WyvofoOW.cjs} +1 -1
  255. package/dist/shared/{better-auth.f-bUldRg.d.mts → better-auth.YK5LQtFt.d.mts} +308 -8
  256. package/dist/shared/{better-auth.Df1_Wu_1.d.mts → better-auth.eYki6XKk.d.mts} +5 -5
  257. package/dist/shared/{better-auth.BZiffGTH.d.mts → better-auth.g9DlWOx7.d.mts} +1 -1
  258. package/dist/shared/{better-auth.D9BrVtBy.d.cts → better-auth.km36dqos.d.mts} +1 -1
  259. package/dist/social-providers/index.cjs +5 -6
  260. package/dist/social-providers/index.d.cts +1 -2
  261. package/dist/social-providers/index.d.mts +1 -2
  262. package/dist/social-providers/index.d.ts +1 -2
  263. package/dist/social-providers/index.mjs +5 -6
  264. package/dist/test-utils/index.cjs +13 -14
  265. package/dist/test-utils/index.d.cts +258 -4
  266. package/dist/test-utils/index.d.mts +258 -4
  267. package/dist/test-utils/index.d.ts +258 -4
  268. package/dist/test-utils/index.mjs +13 -14
  269. package/dist/types/index.d.cts +3 -4
  270. package/dist/types/index.d.mts +3 -4
  271. package/dist/types/index.d.ts +3 -4
  272. package/package.json +10 -5
@@ -1,10 +1,9 @@
1
1
  import * as better_call from 'better-call';
2
- import { h as AuthContext, U as User, H as HookEndpointContext } from '../../shared/better-auth.DGuotwA1.cjs';
2
+ import { h as AuthContext, U as User, H as HookEndpointContext } from '../../shared/better-auth.6crrbXrP.cjs';
3
3
  import * as z from 'zod/v4';
4
4
  import 'kysely';
5
5
  import '../../shared/better-auth.DTtXpZYr.cjs';
6
- import '../../shared/better-auth.CTMmErGI.cjs';
7
- import 'jose';
6
+ import '../../shared/better-auth.BaMSx6K3.cjs';
8
7
  import 'zod/v4/core';
9
8
  import 'zod';
10
9
  import 'better-sqlite3';
@@ -1,10 +1,9 @@
1
1
  import * as better_call from 'better-call';
2
- import { h as AuthContext, U as User, H as HookEndpointContext } from '../../shared/better-auth.f-bUldRg.mjs';
2
+ import { h as AuthContext, U as User, H as HookEndpointContext } from '../../shared/better-auth.YK5LQtFt.mjs';
3
3
  import * as z from 'zod/v4';
4
4
  import 'kysely';
5
5
  import '../../shared/better-auth.DTtXpZYr.mjs';
6
- import '../../shared/better-auth.ZUo2dMO3.mjs';
7
- import 'jose';
6
+ import '../../shared/better-auth.DR57bygo.mjs';
8
7
  import 'zod/v4/core';
9
8
  import 'zod';
10
9
  import 'better-sqlite3';
@@ -1,10 +1,9 @@
1
1
  import * as better_call from 'better-call';
2
- import { h as AuthContext, U as User, H as HookEndpointContext } from '../../shared/better-auth.DU2vRHKI.js';
2
+ import { h as AuthContext, U as User, H as HookEndpointContext } from '../../shared/better-auth.S3lnSz8Y.js';
3
3
  import * as z from 'zod/v4';
4
4
  import 'kysely';
5
5
  import '../../shared/better-auth.DTtXpZYr.js';
6
- import '../../shared/better-auth.mA4L_-fq.js';
7
- import 'jose';
6
+ import '../../shared/better-auth.B5FL4Q2B.js';
8
7
  import 'zod/v4/core';
9
8
  import 'zod';
10
9
  import 'better-sqlite3';
@@ -1,6 +1,6 @@
1
1
  import * as z from 'zod/v4';
2
2
  import { APIError } from 'better-call';
3
- import '../../shared/better-auth.B3CPLvGC.mjs';
3
+ import '../../shared/better-auth.CSEecXfV.mjs';
4
4
  import { a as createAuthEndpoint, c as createAuthMiddleware } from '../../shared/better-auth.DV5EHeYG.mjs';
5
5
  import { s as setSessionCookie } from '../../shared/better-auth.UfVWArIB.mjs';
6
6
  import '../../shared/better-auth.Dcv8PS7T.mjs';
@@ -14,13 +14,12 @@ import { base64Url } from '@better-auth/utils/base64';
14
14
  import { g as generateRandomString } from '../../shared/better-auth.B4Qoxdgc.mjs';
15
15
  import '@better-fetch/fetch';
16
16
  import 'jose';
17
- import '@noble/ciphers/chacha';
18
- import '@noble/ciphers/utils';
19
- import '@noble/ciphers/webcrypto';
20
- import '@noble/hashes/scrypt';
17
+ import '@noble/ciphers/chacha.js';
18
+ import '@noble/ciphers/utils.js';
19
+ import '@noble/hashes/scrypt.js';
21
20
  import '@better-auth/utils';
22
21
  import '@better-auth/utils/hex';
23
- import '@noble/hashes/utils';
22
+ import '@noble/hashes/utils.js';
24
23
  import '../../shared/better-auth.CuS_eDdK.mjs';
25
24
  import '../../shared/better-auth.DdzSJf-n.mjs';
26
25
  import 'jose/errors';
@@ -4,7 +4,7 @@ const fetch = require('@better-fetch/fetch');
4
4
  const betterCall = require('better-call');
5
5
  const jose = require('jose');
6
6
  const z = require('zod/v4');
7
- const socialProviders_index = require('../../shared/better-auth.Dc0nj0we.cjs');
7
+ const socialProviders_index = require('../../shared/better-auth.BlsHS68J.cjs');
8
8
  const session = require('../../shared/better-auth.CLv80Pwz.cjs');
9
9
  const cookies_index = require('../../shared/better-auth.D5q0JUiv.cjs');
10
10
  require('../../shared/better-auth.gN3g-znU.cjs');
@@ -12,13 +12,12 @@ require('../../shared/better-auth.B6fIklBU.cjs');
12
12
  require('../../shared/better-auth.B3274wGK.cjs');
13
13
  require('@better-auth/utils/hash');
14
14
  require('@better-auth/utils/base64');
15
- require('@noble/ciphers/chacha');
16
- require('@noble/ciphers/utils');
17
- require('@noble/ciphers/webcrypto');
18
- require('@noble/hashes/scrypt');
15
+ require('@noble/ciphers/chacha.js');
16
+ require('@noble/ciphers/utils.js');
17
+ require('@noble/hashes/scrypt.js');
19
18
  require('@better-auth/utils');
20
19
  require('@better-auth/utils/hex');
21
- require('@noble/hashes/utils');
20
+ require('@noble/hashes/utils.js');
22
21
  require('../../shared/better-auth.CYeOI8C-.cjs');
23
22
  require('../../shared/better-auth.C1hdVENX.cjs');
24
23
  require('../../crypto/index.cjs');
@@ -1,9 +1,8 @@
1
1
  import * as better_call from 'better-call';
2
- import { O as OAuth2Tokens, a as OAuth2UserInfo, b as OAuthProvider, P as ProviderOptions } from '../../shared/better-auth.CTMmErGI.cjs';
3
- import { U as User, h as AuthContext } from '../../shared/better-auth.DGuotwA1.cjs';
2
+ import { O as OAuth2Tokens, a as OAuth2UserInfo, b as OAuthProvider, P as ProviderOptions } from '../../shared/better-auth.BaMSx6K3.cjs';
3
+ import { U as User, h as AuthContext } from '../../shared/better-auth.6crrbXrP.cjs';
4
4
  import * as z from 'zod/v4';
5
5
  import '../../shared/better-auth.DTtXpZYr.cjs';
6
- import 'jose';
7
6
  import 'kysely';
8
7
  import 'zod/v4/core';
9
8
  import 'zod';
@@ -1,9 +1,8 @@
1
1
  import * as better_call from 'better-call';
2
- import { O as OAuth2Tokens, a as OAuth2UserInfo, b as OAuthProvider, P as ProviderOptions } from '../../shared/better-auth.ZUo2dMO3.mjs';
3
- import { U as User, h as AuthContext } from '../../shared/better-auth.f-bUldRg.mjs';
2
+ import { O as OAuth2Tokens, a as OAuth2UserInfo, b as OAuthProvider, P as ProviderOptions } from '../../shared/better-auth.DR57bygo.mjs';
3
+ import { U as User, h as AuthContext } from '../../shared/better-auth.YK5LQtFt.mjs';
4
4
  import * as z from 'zod/v4';
5
5
  import '../../shared/better-auth.DTtXpZYr.mjs';
6
- import 'jose';
7
6
  import 'kysely';
8
7
  import 'zod/v4/core';
9
8
  import 'zod';
@@ -1,9 +1,8 @@
1
1
  import * as better_call from 'better-call';
2
- import { O as OAuth2Tokens, a as OAuth2UserInfo, b as OAuthProvider, P as ProviderOptions } from '../../shared/better-auth.mA4L_-fq.js';
3
- import { U as User, h as AuthContext } from '../../shared/better-auth.DU2vRHKI.js';
2
+ import { O as OAuth2Tokens, a as OAuth2UserInfo, b as OAuthProvider, P as ProviderOptions } from '../../shared/better-auth.B5FL4Q2B.js';
3
+ import { U as User, h as AuthContext } from '../../shared/better-auth.S3lnSz8Y.js';
4
4
  import * as z from 'zod/v4';
5
5
  import '../../shared/better-auth.DTtXpZYr.js';
6
- import 'jose';
7
6
  import 'kysely';
8
7
  import 'zod/v4/core';
9
8
  import 'zod';
@@ -2,7 +2,7 @@ import { betterFetch } from '@better-fetch/fetch';
2
2
  import { APIError } from 'better-call';
3
3
  import { decodeJwt } from 'jose';
4
4
  import * as z from 'zod/v4';
5
- import { g as generateState, c as createAuthorizationURL, p as parseState, v as validateAuthorizationCode, j as handleOAuthUserInfo, r as refreshAccessToken } from '../../shared/better-auth.B3CPLvGC.mjs';
5
+ import { g as generateState, c as createAuthorizationURL, p as parseState, v as validateAuthorizationCode, j as handleOAuthUserInfo, r as refreshAccessToken } from '../../shared/better-auth.CSEecXfV.mjs';
6
6
  import { a as createAuthEndpoint, s as sessionMiddleware, B as BASE_ERROR_CODES } from '../../shared/better-auth.DV5EHeYG.mjs';
7
7
  import { s as setSessionCookie } from '../../shared/better-auth.UfVWArIB.mjs';
8
8
  import '../../shared/better-auth.Dcv8PS7T.mjs';
@@ -10,13 +10,12 @@ import '../../shared/better-auth.CMQ3rA-I.mjs';
10
10
  import '../../shared/better-auth.BjBlybv-.mjs';
11
11
  import '@better-auth/utils/hash';
12
12
  import '@better-auth/utils/base64';
13
- import '@noble/ciphers/chacha';
14
- import '@noble/ciphers/utils';
15
- import '@noble/ciphers/webcrypto';
16
- import '@noble/hashes/scrypt';
13
+ import '@noble/ciphers/chacha.js';
14
+ import '@noble/ciphers/utils.js';
15
+ import '@noble/hashes/scrypt.js';
17
16
  import '@better-auth/utils';
18
17
  import '@better-auth/utils/hex';
19
- import '@noble/hashes/utils';
18
+ import '@noble/hashes/utils.js';
20
19
  import '../../shared/better-auth.B4Qoxdgc.mjs';
21
20
  import '../../shared/better-auth.CW6D9eSx.mjs';
22
21
  import '../../crypto/index.mjs';
@@ -1,7 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  const betterCall = require('better-call');
4
- require('../../shared/better-auth.Dc0nj0we.cjs');
4
+ require('../../shared/better-auth.BlsHS68J.cjs');
5
5
  require('../../shared/better-auth.CLv80Pwz.cjs');
6
6
  require('zod/v4');
7
7
  require('../../shared/better-auth.B6fIklBU.cjs');
@@ -14,14 +14,13 @@ const hash = require('@better-auth/utils/hash');
14
14
  const fetch = require('@better-fetch/fetch');
15
15
  require('../../shared/better-auth.C1hdVENX.cjs');
16
16
  require('../../crypto/index.cjs');
17
- require('@noble/ciphers/chacha');
18
- require('@noble/ciphers/utils');
19
- require('@noble/ciphers/webcrypto');
17
+ require('@noble/ciphers/chacha.js');
18
+ require('@noble/ciphers/utils.js');
20
19
  require('jose');
21
- require('@noble/hashes/scrypt');
20
+ require('@noble/hashes/scrypt.js');
22
21
  require('@better-auth/utils');
23
22
  require('@better-auth/utils/hex');
24
- require('@noble/hashes/utils');
23
+ require('@noble/hashes/utils.js');
25
24
  require('../../shared/better-auth.ANpbi45u.cjs');
26
25
  require('../../shared/better-auth.CYeOI8C-.cjs');
27
26
  require('@better-auth/utils/random');
@@ -1,10 +1,9 @@
1
- import { h as AuthContext, k as checkPassword } from '../../shared/better-auth.DGuotwA1.cjs';
1
+ import { h as AuthContext, k as checkPassword } from '../../shared/better-auth.6crrbXrP.cjs';
2
2
  import 'kysely';
3
3
  import 'better-call';
4
4
  import 'zod/v4';
5
5
  import '../../shared/better-auth.DTtXpZYr.cjs';
6
- import '../../shared/better-auth.CTMmErGI.cjs';
7
- import 'jose';
6
+ import '../../shared/better-auth.BaMSx6K3.cjs';
8
7
  import 'zod/v4/core';
9
8
  import 'zod';
10
9
  import 'better-sqlite3';
@@ -1,10 +1,9 @@
1
- import { h as AuthContext, k as checkPassword } from '../../shared/better-auth.f-bUldRg.mjs';
1
+ import { h as AuthContext, k as checkPassword } from '../../shared/better-auth.YK5LQtFt.mjs';
2
2
  import 'kysely';
3
3
  import 'better-call';
4
4
  import 'zod/v4';
5
5
  import '../../shared/better-auth.DTtXpZYr.mjs';
6
- import '../../shared/better-auth.ZUo2dMO3.mjs';
7
- import 'jose';
6
+ import '../../shared/better-auth.DR57bygo.mjs';
8
7
  import 'zod/v4/core';
9
8
  import 'zod';
10
9
  import 'better-sqlite3';
@@ -1,10 +1,9 @@
1
- import { h as AuthContext, k as checkPassword } from '../../shared/better-auth.DU2vRHKI.js';
1
+ import { h as AuthContext, k as checkPassword } from '../../shared/better-auth.S3lnSz8Y.js';
2
2
  import 'kysely';
3
3
  import 'better-call';
4
4
  import 'zod/v4';
5
5
  import '../../shared/better-auth.DTtXpZYr.js';
6
- import '../../shared/better-auth.mA4L_-fq.js';
7
- import 'jose';
6
+ import '../../shared/better-auth.B5FL4Q2B.js';
8
7
  import 'zod/v4/core';
9
8
  import 'zod';
10
9
  import 'better-sqlite3';
@@ -1,5 +1,5 @@
1
1
  import { APIError } from 'better-call';
2
- import '../../shared/better-auth.B3CPLvGC.mjs';
2
+ import '../../shared/better-auth.CSEecXfV.mjs';
3
3
  import '../../shared/better-auth.DV5EHeYG.mjs';
4
4
  import 'zod/v4';
5
5
  import '../../shared/better-auth.CMQ3rA-I.mjs';
@@ -12,14 +12,13 @@ import { createHash } from '@better-auth/utils/hash';
12
12
  import { betterFetch } from '@better-fetch/fetch';
13
13
  import '../../shared/better-auth.CW6D9eSx.mjs';
14
14
  import '../../crypto/index.mjs';
15
- import '@noble/ciphers/chacha';
16
- import '@noble/ciphers/utils';
17
- import '@noble/ciphers/webcrypto';
15
+ import '@noble/ciphers/chacha.js';
16
+ import '@noble/ciphers/utils.js';
18
17
  import 'jose';
19
- import '@noble/hashes/scrypt';
18
+ import '@noble/hashes/scrypt.js';
20
19
  import '@better-auth/utils';
21
20
  import '@better-auth/utils/hex';
22
- import '@noble/hashes/utils';
21
+ import '@noble/hashes/utils.js';
23
22
  import '../../shared/better-auth.DdzSJf-n.mjs';
24
23
  import '../../shared/better-auth.B4Qoxdgc.mjs';
25
24
  import '@better-auth/utils/random';
@@ -1,15 +1,15 @@
1
1
  'use strict';
2
2
 
3
- const organization = require('../shared/better-auth.DFJOJkY1.cjs');
3
+ const organization = require('../shared/better-auth.CtgUZb45.cjs');
4
4
  const plugins_twoFactor_index = require('./two-factor/index.cjs');
5
5
  const plugins_username_index = require('./username/index.cjs');
6
6
  const plugins_bearer_index = require('./bearer/index.cjs');
7
7
  const session = require('../shared/better-auth.CLv80Pwz.cjs');
8
- const socialProviders_index = require('../shared/better-auth.Dc0nj0we.cjs');
8
+ const socialProviders_index = require('../shared/better-auth.BlsHS68J.cjs');
9
9
  const plugins_magicLink_index = require('./magic-link/index.cjs');
10
10
  const plugins_phoneNumber_index = require('./phone-number/index.cjs');
11
11
  const plugins_anonymous_index = require('./anonymous/index.cjs');
12
- const admin = require('../shared/better-auth.TZOo7890.cjs');
12
+ const admin = require('../shared/better-auth.BVUwL7ru.cjs');
13
13
  const plugins_genericOauth_index = require('./generic-oauth/index.cjs');
14
14
  const plugins_jwt_index = require('./jwt/index.cjs');
15
15
  const plugins_multiSession_index = require('./multi-session/index.cjs');
@@ -18,9 +18,9 @@ const plugins_oneTap_index = require('./one-tap/index.cjs');
18
18
  const plugins_oauthProxy_index = require('./oauth-proxy/index.cjs');
19
19
  const plugins_customSession_index = require('./custom-session/index.cjs');
20
20
  const plugins_openApi_index = require('./open-api/index.cjs');
21
- const plugins_oidcProvider_index = require('../shared/better-auth.DtZRMuXL.cjs');
21
+ const plugins_oidcProvider_index = require('../shared/better-auth.CRFFLEbh.cjs');
22
22
  const plugins_captcha_index = require('./captcha/index.cjs');
23
- const plugins_oneTimeToken_index = require('../shared/better-auth.DTV9hYzN.cjs');
23
+ const plugins_oneTimeToken_index = require('../shared/better-auth.CdLjcJ6z.cjs');
24
24
  const plugins_haveibeenpwned_index = require('./haveibeenpwned/index.cjs');
25
25
  const z = require('zod/v4');
26
26
  const betterCall = require('better-call');
@@ -32,34 +32,33 @@ const url = require('../shared/better-auth.DRmln2Nr.cjs');
32
32
  require('@better-auth/utils/binary');
33
33
  const cookies_index = require('../shared/better-auth.D5q0JUiv.cjs');
34
34
  require('../shared/better-auth.gN3g-znU.cjs');
35
- require('../shared/better-auth.BWzwHY8m.cjs');
35
+ require('../shared/better-auth.DPsIzckY.cjs');
36
36
  require('./organization/access/index.cjs');
37
37
  require('@better-auth/utils/random');
38
38
  const hash = require('@better-auth/utils/hash');
39
- require('@noble/ciphers/chacha');
40
- require('@noble/ciphers/utils');
41
- require('@noble/ciphers/webcrypto');
39
+ require('@noble/ciphers/chacha.js');
40
+ require('@noble/ciphers/utils.js');
42
41
  const jose = require('jose');
43
- require('@noble/hashes/scrypt');
42
+ require('@noble/hashes/scrypt.js');
44
43
  const utils = require('@better-auth/utils');
45
44
  require('@better-auth/utils/hex');
46
- require('@noble/hashes/utils');
45
+ require('@noble/hashes/utils.js');
47
46
  const random = require('../shared/better-auth.CYeOI8C-.cjs');
48
47
  require('kysely');
49
48
  require('@better-auth/utils/otp');
50
49
  require('./admin/access/index.cjs');
51
50
  require('@better-fetch/fetch');
52
51
  require('zod');
53
- require('@noble/hashes/sha3');
52
+ require('@noble/hashes/sha3.js');
54
53
  const plugins_deviceAuthorization_index = require('./device-authorization/index.cjs');
55
54
  const plugins_siwe_index = require('./siwe/index.cjs');
56
55
  const client = require('../shared/better-auth.DnER2-iT.cjs');
57
- const sign = require('../shared/better-auth.BvYLXwvp.cjs');
56
+ const sign = require('../shared/better-auth.CMwM5enp.cjs');
58
57
  const client$1 = require('../shared/better-auth.BMgeJg3r.cjs');
59
58
  require('../shared/better-auth.C1hdVENX.cjs');
60
59
  require('../shared/better-auth.ANpbi45u.cjs');
61
60
  require('../shared/better-auth.DhsGZ30Q.cjs');
62
- require('../shared/better-auth.B1yOWNP8.cjs');
61
+ require('../shared/better-auth.DEKJQy4E.cjs');
63
62
  require('../shared/better-auth.CpS2FLSa.cjs');
64
63
  require('../crypto/index.cjs');
65
64
  require('../shared/better-auth.CDXNofOe.cjs');
@@ -1066,7 +1065,7 @@ const withMcpAuth = (auth, handler) => {
1066
1065
  const session = await auth.api.getMcpSession({
1067
1066
  headers: req.headers
1068
1067
  });
1069
- const wwwAuthenticateValue = `Bearer resource_metadata=${baseURL}/api/auth/.well-known/oauth-protected-resource`;
1068
+ const wwwAuthenticateValue = `Bearer resource_metadata="${baseURL}/.well-known/oauth-protected-resource"`;
1070
1069
  if (!session) {
1071
1070
  return Response.json(
1072
1071
  {
@@ -1081,7 +1080,9 @@ const withMcpAuth = (auth, handler) => {
1081
1080
  {
1082
1081
  status: 401,
1083
1082
  headers: {
1084
- "WWW-Authenticate": wwwAuthenticateValue
1083
+ "WWW-Authenticate": wwwAuthenticateValue,
1084
+ // we also add this headers otherwise browser based clients will not be able to read the `www-authenticate` header
1085
+ "Access-Control-Expose-Headers": "WWW-Authenticate"
1085
1086
  }
1086
1087
  }
1087
1088
  );
@@ -3,8 +3,8 @@ export { adminAc, defaultAc, defaultRoles, defaultStatements, memberAc, ownerAc
3
3
  export { TWO_FACTOR_ERROR_CODES, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, UserWithTwoFactor, twoFactor, twoFactorClient } from './two-factor/index.cjs';
4
4
  export { USERNAME_ERROR_CODES, UsernameOptions, username } from './username/index.cjs';
5
5
  export { bearer } from './bearer/index.cjs';
6
- import { G as GenericEndpointContext, B as BetterAuthOptions, h as AuthContext } from '../shared/better-auth.DGuotwA1.cjs';
7
- export { z as AuthEndpoint, D as AuthMiddleware, v as AuthPluginSchema, r as BetterAuthPlugin, I as InferOptionSchema, t as InferPluginErrorCodes, y as createAuthEndpoint, x as createAuthMiddleware, w as optionsMiddleware } from '../shared/better-auth.DGuotwA1.cjs';
6
+ import { G as GenericEndpointContext, B as BetterAuthOptions, h as AuthContext } from '../shared/better-auth.6crrbXrP.cjs';
7
+ export { z as AuthEndpoint, D as AuthMiddleware, v as AuthPluginSchema, r as BetterAuthPlugin, I as InferOptionSchema, t as InferPluginErrorCodes, y as createAuthEndpoint, x as createAuthMiddleware, w as optionsMiddleware } from '../shared/better-auth.6crrbXrP.cjs';
8
8
  export { H as HIDE_METADATA } from '../shared/better-auth.DEHJp1rk.cjs';
9
9
  export { magicLink } from './magic-link/index.cjs';
10
10
  export { PhoneNumberOptions, UserWithPhoneNumber, phoneNumber } from './phone-number/index.cjs';
@@ -21,7 +21,7 @@ export { OpenAPIOptions, Path, generator, openAPI } from './open-api/index.cjs';
21
21
  import { OIDCOptions, OIDCMetadata, OAuthAccessToken } from './oidc-provider/index.cjs';
22
22
  export { AuthorizationQuery, Client, CodeVerificationValue, TokenBody, getClient, getMetadata, oidcProvider } from './oidc-provider/index.cjs';
23
23
  export { captcha } from './captcha/index.cjs';
24
- export { A as API_KEY_TABLE_NAME, E as ERROR_CODES, a as apiKey, d as defaultKeyHasher } from '../shared/better-auth.llWU4_4y.cjs';
24
+ export { A as API_KEY_TABLE_NAME, E as ERROR_CODES, a as apiKey, d as defaultKeyHasher } from '../shared/better-auth.UcasWcPe.cjs';
25
25
  export { HaveIBeenPwnedOptions, haveIBeenPwned } from './haveibeenpwned/index.cjs';
26
26
  export { oneTimeToken } from './one-time-token/index.cjs';
27
27
  import * as better_call from 'better-call';
@@ -32,13 +32,13 @@ import './access/index.cjs';
32
32
  import '../shared/better-auth.DTtXpZYr.cjs';
33
33
  import '@better-fetch/fetch';
34
34
  import 'kysely';
35
- import '../shared/better-auth.CTMmErGI.cjs';
36
- import 'jose';
35
+ import '../shared/better-auth.BaMSx6K3.cjs';
37
36
  import 'zod/v4/core';
38
37
  import 'zod';
39
38
  import 'better-sqlite3';
40
39
  import 'bun:sqlite';
41
40
  import 'node:sqlite';
41
+ import 'jose';
42
42
 
43
43
  interface MCPOptions {
44
44
  loginPage: string;
@@ -267,7 +267,7 @@ declare const mcp: (options: MCPOptions) => {
267
267
  redirect_uris: string[];
268
268
  token_endpoint_auth_method?: "none" | "client_secret_basic" | "client_secret_post" | undefined;
269
269
  grant_types?: ("authorization_code" | "password" | "refresh_token" | "implicit" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[] | undefined;
270
- response_types?: ("token" | "code")[] | undefined;
270
+ response_types?: ("code" | "token")[] | undefined;
271
271
  client_name?: string | undefined;
272
272
  client_uri?: string | undefined;
273
273
  logo_uri?: string | undefined;
@@ -323,8 +323,8 @@ declare const mcp: (options: MCPOptions) => {
323
323
  "urn:ietf:params:oauth:grant-type:saml2-bearer": "urn:ietf:params:oauth:grant-type:saml2-bearer";
324
324
  }>>>>;
325
325
  response_types: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodEnum<{
326
- token: "token";
327
326
  code: "code";
327
+ token: "token";
328
328
  }>>>>;
329
329
  client_name: z.ZodOptional<z.ZodString>;
330
330
  client_uri: z.ZodOptional<z.ZodString>;
@@ -3,8 +3,8 @@ export { adminAc, defaultAc, defaultRoles, defaultStatements, memberAc, ownerAc
3
3
  export { TWO_FACTOR_ERROR_CODES, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, UserWithTwoFactor, twoFactor, twoFactorClient } from './two-factor/index.mjs';
4
4
  export { USERNAME_ERROR_CODES, UsernameOptions, username } from './username/index.mjs';
5
5
  export { bearer } from './bearer/index.mjs';
6
- import { G as GenericEndpointContext, B as BetterAuthOptions, h as AuthContext } from '../shared/better-auth.f-bUldRg.mjs';
7
- export { z as AuthEndpoint, D as AuthMiddleware, v as AuthPluginSchema, r as BetterAuthPlugin, I as InferOptionSchema, t as InferPluginErrorCodes, y as createAuthEndpoint, x as createAuthMiddleware, w as optionsMiddleware } from '../shared/better-auth.f-bUldRg.mjs';
6
+ import { G as GenericEndpointContext, B as BetterAuthOptions, h as AuthContext } from '../shared/better-auth.YK5LQtFt.mjs';
7
+ export { z as AuthEndpoint, D as AuthMiddleware, v as AuthPluginSchema, r as BetterAuthPlugin, I as InferOptionSchema, t as InferPluginErrorCodes, y as createAuthEndpoint, x as createAuthMiddleware, w as optionsMiddleware } from '../shared/better-auth.YK5LQtFt.mjs';
8
8
  export { H as HIDE_METADATA } from '../shared/better-auth.DEHJp1rk.mjs';
9
9
  export { magicLink } from './magic-link/index.mjs';
10
10
  export { PhoneNumberOptions, UserWithPhoneNumber, phoneNumber } from './phone-number/index.mjs';
@@ -21,7 +21,7 @@ export { OpenAPIOptions, Path, generator, openAPI } from './open-api/index.mjs';
21
21
  import { OIDCOptions, OIDCMetadata, OAuthAccessToken } from './oidc-provider/index.mjs';
22
22
  export { AuthorizationQuery, Client, CodeVerificationValue, TokenBody, getClient, getMetadata, oidcProvider } from './oidc-provider/index.mjs';
23
23
  export { captcha } from './captcha/index.mjs';
24
- export { A as API_KEY_TABLE_NAME, E as ERROR_CODES, a as apiKey, d as defaultKeyHasher } from '../shared/better-auth.Df1_Wu_1.mjs';
24
+ export { A as API_KEY_TABLE_NAME, E as ERROR_CODES, a as apiKey, d as defaultKeyHasher } from '../shared/better-auth.eYki6XKk.mjs';
25
25
  export { HaveIBeenPwnedOptions, haveIBeenPwned } from './haveibeenpwned/index.mjs';
26
26
  export { oneTimeToken } from './one-time-token/index.mjs';
27
27
  import * as better_call from 'better-call';
@@ -32,13 +32,13 @@ import './access/index.mjs';
32
32
  import '../shared/better-auth.DTtXpZYr.mjs';
33
33
  import '@better-fetch/fetch';
34
34
  import 'kysely';
35
- import '../shared/better-auth.ZUo2dMO3.mjs';
36
- import 'jose';
35
+ import '../shared/better-auth.DR57bygo.mjs';
37
36
  import 'zod/v4/core';
38
37
  import 'zod';
39
38
  import 'better-sqlite3';
40
39
  import 'bun:sqlite';
41
40
  import 'node:sqlite';
41
+ import 'jose';
42
42
 
43
43
  interface MCPOptions {
44
44
  loginPage: string;
@@ -267,7 +267,7 @@ declare const mcp: (options: MCPOptions) => {
267
267
  redirect_uris: string[];
268
268
  token_endpoint_auth_method?: "none" | "client_secret_basic" | "client_secret_post" | undefined;
269
269
  grant_types?: ("authorization_code" | "password" | "refresh_token" | "implicit" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[] | undefined;
270
- response_types?: ("token" | "code")[] | undefined;
270
+ response_types?: ("code" | "token")[] | undefined;
271
271
  client_name?: string | undefined;
272
272
  client_uri?: string | undefined;
273
273
  logo_uri?: string | undefined;
@@ -323,8 +323,8 @@ declare const mcp: (options: MCPOptions) => {
323
323
  "urn:ietf:params:oauth:grant-type:saml2-bearer": "urn:ietf:params:oauth:grant-type:saml2-bearer";
324
324
  }>>>>;
325
325
  response_types: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodEnum<{
326
- token: "token";
327
326
  code: "code";
327
+ token: "token";
328
328
  }>>>>;
329
329
  client_name: z.ZodOptional<z.ZodString>;
330
330
  client_uri: z.ZodOptional<z.ZodString>;
@@ -3,8 +3,8 @@ export { adminAc, defaultAc, defaultRoles, defaultStatements, memberAc, ownerAc
3
3
  export { TWO_FACTOR_ERROR_CODES, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, UserWithTwoFactor, twoFactor, twoFactorClient } from './two-factor/index.js';
4
4
  export { USERNAME_ERROR_CODES, UsernameOptions, username } from './username/index.js';
5
5
  export { bearer } from './bearer/index.js';
6
- import { G as GenericEndpointContext, B as BetterAuthOptions, h as AuthContext } from '../shared/better-auth.DU2vRHKI.js';
7
- export { z as AuthEndpoint, D as AuthMiddleware, v as AuthPluginSchema, r as BetterAuthPlugin, I as InferOptionSchema, t as InferPluginErrorCodes, y as createAuthEndpoint, x as createAuthMiddleware, w as optionsMiddleware } from '../shared/better-auth.DU2vRHKI.js';
6
+ import { G as GenericEndpointContext, B as BetterAuthOptions, h as AuthContext } from '../shared/better-auth.S3lnSz8Y.js';
7
+ export { z as AuthEndpoint, D as AuthMiddleware, v as AuthPluginSchema, r as BetterAuthPlugin, I as InferOptionSchema, t as InferPluginErrorCodes, y as createAuthEndpoint, x as createAuthMiddleware, w as optionsMiddleware } from '../shared/better-auth.S3lnSz8Y.js';
8
8
  export { H as HIDE_METADATA } from '../shared/better-auth.DEHJp1rk.js';
9
9
  export { magicLink } from './magic-link/index.js';
10
10
  export { PhoneNumberOptions, UserWithPhoneNumber, phoneNumber } from './phone-number/index.js';
@@ -21,7 +21,7 @@ export { OpenAPIOptions, Path, generator, openAPI } from './open-api/index.js';
21
21
  import { OIDCOptions, OIDCMetadata, OAuthAccessToken } from './oidc-provider/index.js';
22
22
  export { AuthorizationQuery, Client, CodeVerificationValue, TokenBody, getClient, getMetadata, oidcProvider } from './oidc-provider/index.js';
23
23
  export { captcha } from './captcha/index.js';
24
- export { A as API_KEY_TABLE_NAME, E as ERROR_CODES, a as apiKey, d as defaultKeyHasher } from '../shared/better-auth.WOu5GuAp.js';
24
+ export { A as API_KEY_TABLE_NAME, E as ERROR_CODES, a as apiKey, d as defaultKeyHasher } from '../shared/better-auth.DtrrQDoO.js';
25
25
  export { HaveIBeenPwnedOptions, haveIBeenPwned } from './haveibeenpwned/index.js';
26
26
  export { oneTimeToken } from './one-time-token/index.js';
27
27
  import * as better_call from 'better-call';
@@ -32,13 +32,13 @@ import './access/index.js';
32
32
  import '../shared/better-auth.DTtXpZYr.js';
33
33
  import '@better-fetch/fetch';
34
34
  import 'kysely';
35
- import '../shared/better-auth.mA4L_-fq.js';
36
- import 'jose';
35
+ import '../shared/better-auth.B5FL4Q2B.js';
37
36
  import 'zod/v4/core';
38
37
  import 'zod';
39
38
  import 'better-sqlite3';
40
39
  import 'bun:sqlite';
41
40
  import 'node:sqlite';
41
+ import 'jose';
42
42
 
43
43
  interface MCPOptions {
44
44
  loginPage: string;
@@ -267,7 +267,7 @@ declare const mcp: (options: MCPOptions) => {
267
267
  redirect_uris: string[];
268
268
  token_endpoint_auth_method?: "none" | "client_secret_basic" | "client_secret_post" | undefined;
269
269
  grant_types?: ("authorization_code" | "password" | "refresh_token" | "implicit" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[] | undefined;
270
- response_types?: ("token" | "code")[] | undefined;
270
+ response_types?: ("code" | "token")[] | undefined;
271
271
  client_name?: string | undefined;
272
272
  client_uri?: string | undefined;
273
273
  logo_uri?: string | undefined;
@@ -323,8 +323,8 @@ declare const mcp: (options: MCPOptions) => {
323
323
  "urn:ietf:params:oauth:grant-type:saml2-bearer": "urn:ietf:params:oauth:grant-type:saml2-bearer";
324
324
  }>>>>;
325
325
  response_types: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodEnum<{
326
- token: "token";
327
326
  code: "code";
327
+ token: "token";
328
328
  }>>>>;
329
329
  client_name: z.ZodOptional<z.ZodString>;
330
330
  client_uri: z.ZodOptional<z.ZodString>;
@@ -1,14 +1,14 @@
1
- export { o as organization, p as parseRoles } from '../shared/better-auth.BlqpEUaH.mjs';
1
+ export { o as organization, p as parseRoles } from '../shared/better-auth.BZTBs9Yy.mjs';
2
2
  export { TWO_FACTOR_ERROR_CODES, twoFactor } from './two-factor/index.mjs';
3
3
  export { USERNAME_ERROR_CODES, username } from './username/index.mjs';
4
4
  export { bearer } from './bearer/index.mjs';
5
5
  import { g as getSessionFromCtx, a as createAuthEndpoint, c as createAuthMiddleware } from '../shared/better-auth.DV5EHeYG.mjs';
6
6
  export { o as optionsMiddleware } from '../shared/better-auth.DV5EHeYG.mjs';
7
- export { H as HIDE_METADATA } from '../shared/better-auth.B3CPLvGC.mjs';
7
+ export { H as HIDE_METADATA } from '../shared/better-auth.CSEecXfV.mjs';
8
8
  export { magicLink } from './magic-link/index.mjs';
9
9
  export { phoneNumber } from './phone-number/index.mjs';
10
10
  export { anonymous } from './anonymous/index.mjs';
11
- export { a as admin } from '../shared/better-auth.B8UjXTUa.mjs';
11
+ export { a as admin } from '../shared/better-auth.CtB1M_c7.mjs';
12
12
  export { genericOAuth } from './generic-oauth/index.mjs';
13
13
  export { jwt } from './jwt/index.mjs';
14
14
  export { multiSession } from './multi-session/index.mjs';
@@ -17,10 +17,10 @@ export { oneTap } from './one-tap/index.mjs';
17
17
  export { oAuthProxy } from './oauth-proxy/index.mjs';
18
18
  export { customSession } from './custom-session/index.mjs';
19
19
  export { openAPI } from './open-api/index.mjs';
20
- import { o as oidcProvider, s as schema } from '../shared/better-auth.3K3VNUn3.mjs';
21
- export { g as getClient, a as getMetadata } from '../shared/better-auth.3K3VNUn3.mjs';
20
+ import { o as oidcProvider, s as schema } from '../shared/better-auth.D9PzlwY_.mjs';
21
+ export { g as getClient, a as getMetadata } from '../shared/better-auth.D9PzlwY_.mjs';
22
22
  export { captcha } from './captcha/index.mjs';
23
- export { A as API_KEY_TABLE_NAME, E as ERROR_CODES, a as apiKey, d as defaultKeyHasher, o as oneTimeToken } from '../shared/better-auth.DDDKwecE.mjs';
23
+ export { A as API_KEY_TABLE_NAME, E as ERROR_CODES, a as apiKey, d as defaultKeyHasher, o as oneTimeToken } from '../shared/better-auth.DQ6bmgix.mjs';
24
24
  export { haveIBeenPwned } from './haveibeenpwned/index.mjs';
25
25
  import * as z from 'zod/v4';
26
26
  import { APIError } from 'better-call';
@@ -32,34 +32,33 @@ import { a as getBaseURL } from '../shared/better-auth.CuS_eDdK.mjs';
32
32
  import '@better-auth/utils/binary';
33
33
  import { p as parseSetCookieHeader } from '../shared/better-auth.UfVWArIB.mjs';
34
34
  import '../shared/better-auth.Dcv8PS7T.mjs';
35
- import '../shared/better-auth.Ck4qhtF6.mjs';
35
+ import '../shared/better-auth.5WTE-uUO.mjs';
36
36
  import './organization/access/index.mjs';
37
37
  import '@better-auth/utils/random';
38
38
  import { createHash } from '@better-auth/utils/hash';
39
- import '@noble/ciphers/chacha';
40
- import '@noble/ciphers/utils';
41
- import '@noble/ciphers/webcrypto';
39
+ import '@noble/ciphers/chacha.js';
40
+ import '@noble/ciphers/utils.js';
42
41
  import { SignJWT } from 'jose';
43
- import '@noble/hashes/scrypt';
42
+ import '@noble/hashes/scrypt.js';
44
43
  import { subtle } from '@better-auth/utils';
45
44
  import '@better-auth/utils/hex';
46
- import '@noble/hashes/utils';
45
+ import '@noble/hashes/utils.js';
47
46
  import { g as generateRandomString } from '../shared/better-auth.B4Qoxdgc.mjs';
48
47
  import 'kysely';
49
48
  import '@better-auth/utils/otp';
50
49
  import './admin/access/index.mjs';
51
50
  import '@better-fetch/fetch';
52
51
  import 'zod';
53
- import '@noble/hashes/sha3';
52
+ import '@noble/hashes/sha3.js';
54
53
  export { $deviceAuthorizationOptionsSchema, deviceAuthorization } from './device-authorization/index.mjs';
55
54
  export { siwe } from './siwe/index.mjs';
56
55
  export { t as twoFactorClient } from '../shared/better-auth.Ddw8bVyV.mjs';
57
- export { c as createJwk, b as generateExportedKeyPair, g as getJwtToken } from '../shared/better-auth.CY7-Inqt.mjs';
56
+ export { c as createJwk, b as generateExportedKeyPair, g as getJwtToken } from '../shared/better-auth.DDuRjwGK.mjs';
58
57
  export { d as deviceAuthorizationClient } from '../shared/better-auth.BpA03GIs.mjs';
59
58
  import '../shared/better-auth.CW6D9eSx.mjs';
60
59
  import '../shared/better-auth.DdzSJf-n.mjs';
61
60
  import '../shared/better-auth.ffWeg50w.mjs';
62
- import '../shared/better-auth.BjjUH-Ka.mjs';
61
+ import '../shared/better-auth.BWl2NB1B.mjs';
63
62
  import '../shared/better-auth.DrJWSFx6.mjs';
64
63
  import '../crypto/index.mjs';
65
64
  import '../shared/better-auth.YwDQhoPc.mjs';
@@ -1052,7 +1051,7 @@ const withMcpAuth = (auth, handler) => {
1052
1051
  const session = await auth.api.getMcpSession({
1053
1052
  headers: req.headers
1054
1053
  });
1055
- const wwwAuthenticateValue = `Bearer resource_metadata=${baseURL}/api/auth/.well-known/oauth-protected-resource`;
1054
+ const wwwAuthenticateValue = `Bearer resource_metadata="${baseURL}/.well-known/oauth-protected-resource"`;
1056
1055
  if (!session) {
1057
1056
  return Response.json(
1058
1057
  {
@@ -1067,7 +1066,9 @@ const withMcpAuth = (auth, handler) => {
1067
1066
  {
1068
1067
  status: 401,
1069
1068
  headers: {
1070
- "WWW-Authenticate": wwwAuthenticateValue
1069
+ "WWW-Authenticate": wwwAuthenticateValue,
1070
+ // we also add this headers otherwise browser based clients will not be able to read the `www-authenticate` header
1071
+ "Access-Control-Expose-Headers": "WWW-Authenticate"
1071
1072
  }
1072
1073
  }
1073
1074
  );