better-auth 1.6.17 → 1.6.19

package/dist/cookies/session-store.mjs

@@ -1,19 +1,30 @@
 import { symmetricDecodeJWT, symmetricEncodeJWT } from "../crypto/jwt.mjs";
 import { parseCookies } from "./cookie-utils.mjs";
 import { safeJSONParse } from "@better-auth/core/utils/json";
+import { serializeCookie } from "better-call";
 import * as z from "zod";
 //#region src/cookies/session-store.ts
-const ALLOWED_COOKIE_SIZE = 4096;
-const ESTIMATED_EMPTY_COOKIE_SIZE = 200;
-const CHUNK_SIZE = ALLOWED_COOKIE_SIZE - ESTIMATED_EMPTY_COOKIE_SIZE;
 /**
-* Extract the chunk index from a cookie name
+* Per-cookie byte ceiling.
+* Safari's ~4093 floor is the lowest among browsers.
+* Kept a little under it for attributes added after sizing.
+*
+* @see https://datatracker.ietf.org/doc/html/rfc6265#section-6.1
+* @see https://github.com/dotnet/aspnetcore/blob/aa5493528640932601bb82ef3295e4d8ca7e11c5/src/Shared/ChunkingCookieManager/ChunkingCookieManager.cs#L40
+*/
+const MAX_COOKIE_SIZE = 4050;
+/**
+* Max chunks per cookie.
+* A larger value does not belong in a cookie.
 */
-function getChunkIndex(cookieName) {
-	const parts = cookieName.split(".");
-	const lastPart = parts[parts.length - 1];
-	const index = parseInt(lastPart || "0", 10);
-	return isNaN(index) ? 0 : index;
+const MAX_COOKIE_CHUNKS = 100;
+/**
+* Largest value that keeps the serialized cookie within {@link MAX_COOKIE_SIZE},
+* measured with the real `serializeCookie` writer so it stays in sync with the
+* wire. Non-positive when the name and attributes alone overflow.
+*/
+function getMaxCookieValueSize(name, options) {
+	return MAX_COOKIE_SIZE - serializeCookie(name, "", { ...options }).length;
 }
 /**
 * Read all existing chunks from cookies
@@ -25,27 +36,24 @@ function readExistingChunks(cookieName, ctx) {
 	return chunks;
 }
 /**
-* Get the full session data by joining all chunks
-*/
-function joinChunks(chunks) {
-	return Object.keys(chunks).sort((a, b) => {
-		return getChunkIndex(a) - getChunkIndex(b);
-	}).map((key) => chunks[key]).join("");
-}
-/**
 * Split a cookie value into chunks if needed
 */
 function chunkCookie(storeName, cookie, chunks, logger) {
-	const chunkCount = Math.ceil(cookie.value.length / CHUNK_SIZE);
-	if (chunkCount === 1) {
+	const chunkSize = getMaxCookieValueSize(`${cookie.name}.${MAX_COOKIE_CHUNKS - 1}`, cookie.attributes);
+	const chunkCount = chunkSize > 0 ? Math.ceil(cookie.value.length / chunkSize) : Infinity;
+	if (chunkCount <= 1) {
 		chunks[cookie.name] = cookie.value;
 		return [cookie];
 	}
+	if (chunkCount > MAX_COOKIE_CHUNKS) {
+		logger.warn(`${storeName} cookie is too large to store even after chunking, so the cache was skipped. Reduce the cached data or use a database session.`);
+		return [];
+	}
 	const cookies = [];
 	for (let i = 0; i < chunkCount; i++) {
 		const name = `${cookie.name}.${i}`;
-		const start = i * CHUNK_SIZE;
-		const value = cookie.value.substring(start, start + CHUNK_SIZE);
+		const start = i * chunkSize;
+		const value = cookie.value.substring(start, start + chunkSize);
 		cookies.push({
 			...cookie,
 			name,
@@ -54,11 +62,10 @@ function chunkCookie(storeName, cookie, chunks, logger) {
 		chunks[name] = value;
 	}
 	logger.debug(`CHUNKING_${storeName.toUpperCase()}_COOKIE`, {
-		message: `${storeName} cookie exceeds allowed ${ALLOWED_COOKIE_SIZE} bytes.`,
-		emptyCookieSize: ESTIMATED_EMPTY_COOKIE_SIZE,
+		message: `${storeName} cookie exceeds the ${MAX_COOKIE_SIZE} byte limit and was split into ${chunkCount} chunks.`,
 		valueSize: cookie.value.length,
 		chunkCount,
-		chunks: cookies.map((c) => c.value.length + ESTIMATED_EMPTY_COOKIE_SIZE)
+		chunkSizes: cookies.map((c) => c.value.length)
 	});
 	return cookies;
 }
@@ -78,26 +85,22 @@ function getCleanCookies(chunks, cookieOptions) {
 	return cleanedChunks;
 }
 /**
-* Create a session store for handling cookie chunking.
-* When session data exceeds 4KB, it automatically splits it into multiple cookies.
+* Store that splits a cookie into numbered chunks when its serialized form
+* would exceed the per-cookie byte limit, expiring stale chunks as needed.
 *
-* Based on next-auth's SessionStore implementation.
 * @see https://github.com/nextauthjs/next-auth/blob/27b2519b84b8eb9cf053775dea29d577d2aa0098/packages/next-auth/src/core/lib/cookie.ts
 */
 const storeFactory = (storeName) => (cookieName, cookieOptions, ctx) => {
 	const chunks = readExistingChunks(cookieName, ctx);
 	const logger = ctx.context.logger;
+	const expireExistingChunks = () => {
+		const expired = getCleanCookies(chunks, cookieOptions);
+		for (const name in chunks) delete chunks[name];
+		return expired;
+	};
 	return {
-		getValue() {
-			return joinChunks(chunks);
-		},
-		hasChunks() {
-			return Object.keys(chunks).length > 0;
-		},
 		chunk(value, options) {
-			const cleanedChunks = getCleanCookies(chunks, cookieOptions);
-			for (const name in chunks) delete chunks[name];
-			const cookies = cleanedChunks;
+			const cookies = expireExistingChunks();
 			const chunked = chunkCookie(storeName, {
 				name: cookieName,
 				value,
@@ -110,9 +113,7 @@ const storeFactory = (storeName) => (cookieName, cookieOptions, ctx) => {
 			return Object.values(cookies);
 		},
 		clean() {
-			const cleanedChunks = getCleanCookies(chunks, cookieOptions);
-			for (const name in chunks) delete chunks[name];
-			return Object.values(cleanedChunks);
+			return Object.values(expireExistingChunks());
 		},
 		setCookies(cookies) {
 			for (const cookie of cookies) ctx.setCookie(cookie.name, cookie.value, cookie.attributes);
@@ -148,18 +149,8 @@ async function setAccountCookie(c, accountData) {
 		...accountDataCookie.attributes
 	};
 	const data = await symmetricEncodeJWT(accountData, c.context.secretConfig, "better-auth-account", options.maxAge);
-	if (data.length > ALLOWED_COOKIE_SIZE) {
-		const accountStore = createAccountStore(accountDataCookie.name, options, c);
-		const cookies = accountStore.chunk(data, options);
-		accountStore.setCookies(cookies);
-	} else {
-		const accountStore = createAccountStore(accountDataCookie.name, options, c);
-		if (accountStore.hasChunks()) {
-			const cleanCookies = accountStore.clean();
-			accountStore.setCookies(cleanCookies);
-		}
-		c.setCookie(accountDataCookie.name, data, options);
-	}
+	const accountStore = createAccountStore(accountDataCookie.name, options, c);
+	accountStore.setCookies(accountStore.chunk(data, options));
 }
 async function getAccountCookie(c) {
 	const accountCookie = getChunkedCookie(c, c.context.authCookies.accountData.name);

package/dist/package.mjs

@@ -1,4 +1,4 @@
 //#region package.json
-var version = "1.6.17";
+var version = "1.6.19";
 //#endregion
 export { version };

package/dist/plugins/device-authorization/index.d.mts

@@ -104,6 +104,7 @@ declare const deviceAuthorization: (options?: Partial<DeviceAuthorizationOptions
       method: "POST";
       body: z.ZodObject<{
         client_id: z.ZodString;
+        user_id: z.ZodOptional<z.ZodString>;
         scope: z.ZodOptional<z.ZodString>;
       }, z.core.$strip>;
       error: z.ZodObject<{

package/dist/plugins/device-authorization/routes.mjs

@@ -9,6 +9,7 @@ import * as z from "zod";
 const defaultCharset = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789";
 const deviceCodeBodySchema = z.object({
 	client_id: z.string().meta({ description: "The client ID of the application" }),
+	user_id: z.string().meta({ description: "The user ID to which the device code should be pre-bound." }).optional(),
 	scope: z.string().meta({ description: "Space-separated list of scopes" }).optional()
 });
 const deviceCodeErrorSchema = z.object({
@@ -99,7 +100,7 @@ Follow [rfc8628#section-3.2](https://datatracker.ietf.org/doc/html/rfc8628#secti
 			data: {
 				deviceCode,
 				userCode,
-				userId: null,
+				userId: ctx.body.user_id || null,
 				expiresAt,
 				status: "pending",
 				pollingInterval: ms(opts.interval),
@@ -341,7 +342,7 @@ const deviceVerify = createAuthEndpoint("/device", {
 	});
 	const session = await getSessionFromCtx(ctx);
 	if (session?.user?.id && !deviceCodeRecord.userId && deviceCodeRecord.status === "pending") {
-		if (await ctx.context.adapter.update({
+		if (await ctx.context.adapter.incrementOne({
 			model: "deviceCode",
 			where: [
 				{
@@ -358,7 +359,8 @@ const deviceVerify = createAuthEndpoint("/device", {
 					value: null
 				}
 			],
-			update: { userId: session.user.id }
+			increment: {},
+			set: { userId: session.user.id }
 		})) deviceCodeRecord.userId = session.user.id;
 	}
 	return ctx.json({

package/dist/plugins/index.d.mts

@@ -48,7 +48,7 @@ import { OAUTH_POPUP_COMPLETE_SCRIPT, OAUTH_POPUP_SCRIPT_CSP_HASH, oauthPopup }
 import { OAuthProxyOptions, oAuthProxy } from "./oauth-proxy/index.mjs";
 import { OneTapOptions, oneTap } from "./one-tap/index.mjs";
 import { OneTimeTokenOptions, oneTimeToken } from "./one-time-token/index.mjs";
-import { FieldSchema, OpenAPIModelSchema, Path, generator } from "./open-api/generator.mjs";
+import { FieldSchema, OpenAPIModelSchema, OpenAPIParameter, OpenAPISchema, Path, generator } from "./open-api/generator.mjs";
 import { OpenAPIOptions, openAPI } from "./open-api/index.mjs";
 import { PhoneNumberOptions, UserWithPhoneNumber } from "./phone-number/types.mjs";
 import { phoneNumber } from "./phone-number/index.mjs";
@@ -66,4 +66,4 @@ import { USERNAME_ERROR_CODES } from "./username/error-codes.mjs";
 import { UsernameOptions, username } from "./username/index.mjs";
 import { hasPermission } from "./organization/has-permission.mjs";
 import { DefaultOrganizationPlugin, DynamicAccessControlEndpoints, OrganizationCreator, OrganizationEndpoints, OrganizationPlugin, TeamEndpoints, organization, parseRoles } from "./organization/organization.mjs";
-export { AccessControl, AdminOptions, AnonymousOptions, AnonymousSession, ArrayElement, Auth0Options, AuthorizationQuery, AuthorizeResponse, BackupCodeOptions, BaseCaptchaOptions, BaseOAuthProviderOptions, BearerOptions, CaptchaFoxOptions, CaptchaOptions, Client, CloudflareTurnstileOptions, CodeVerificationValue, CustomSessionPluginOptions, DefaultOrganizationPlugin, DeviceAuthorizationOptions, DynamicAccessControlEndpoints, MULTI_SESSION_ERROR_CODES as ERROR_CODES, EmailOTPOptions, ExactRoleStatements, FieldSchema, GenericOAuthConfig, GenericOAuthOptions, GoogleRecaptchaOptions, GumroadOptions, HCaptchaOptions, HIDE_METADATA, HaveIBeenPwnedOptions, HubSpotOptions, InferAdminRolesFromOption, InferInvitation, InferMember, InferOptionSchema, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPluginContext, InferPluginErrorCodes, InferPluginIDs, InferTeam, Invitation, InvitationInput, InvitationStatus, JWKOptions, JWSAlgorithms, Jwk, JwtOptions, KeycloakOptions, LastLoginMethodOptions, LineOptions, LoginResult, MagicLinkOptions, Member, MemberInput, MicrosoftEntraIdOptions, MultiSessionConfig, OAUTH_POPUP_COMPLETE_SCRIPT, OAUTH_POPUP_DATA_ELEMENT_ID, OAUTH_POPUP_ERROR_CODES, OAUTH_POPUP_MESSAGE_TYPE, OAUTH_POPUP_SCRIPT_CSP_HASH, OAuthAccessToken, OAuthPopupData, OAuthPopupMessage, OAuthProxyOptions, OIDCMetadata, OIDCOptions, OTPOptions, OktaOptions, OneTapOptions, OneTimeTokenOptions, OpenAPIModelSchema, OpenAPIOptions, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, POPUP_MARKER_COOKIE, Path, PatreonOptions, PhoneNumberOptions, Provider, Role, RoleAuthorizeRequest, RoleInput, RoleStatements, SIWEPluginOptions, SessionWithImpersonatedBy, SlackOptions, Statements, SubArray, Subset, TOTPOptions, TWO_FACTOR_ERROR_CODES, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, TestCookie, TestHelpers, TestUtilsOptions, TimeString, TokenBody, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, USERNAME_ERROR_CODES, UserWithAnonymous, UserWithPhoneNumber, UserWithRole, UserWithTwoFactor, UsernameOptions, admin, anonymous, auth0, backupCode2fa, bearer, captcha, createAccessControl, createJwk, customSession, defaultRolesSchema, deviceAuthorization, deviceAuthorizationOptionsSchema, emailOTP, encodeBackupCodes, generateBackupCodes, generateExportedKeyPair, generator, genericOAuth, getBackupCodes, getClient, getJwtToken, getMCPProtectedResourceMetadata, getMCPProviderMetadata, getMetadata, getOrgAdapter, gumroad, hasPermission, haveIBeenPwned, hubspot, invitationSchema, invitationStatus, jwt, keycloak, lastLoginMethod, line, magicLink, mcp, memberSchema, microsoftEntraId, ms, multiSession, oAuthDiscoveryMetadata, oAuthProtectedResourceMetadata, oAuthProxy, oauthPopup, oidcProvider, okta, oneTap, oneTimeToken, openAPI, organization, organizationRoleSchema, organizationSchema, otp2fa, parseRoles, patreon, phoneNumber, role, roleSchema, sec, signJWT, siwe, slack, teamMemberSchema, teamSchema, testUtils, toExpJWT, totp2fa, twoFactor, twoFactorClient, username, verifyBackupCode, verifyJWT, withMcpAuth };
+export { AccessControl, AdminOptions, AnonymousOptions, AnonymousSession, ArrayElement, Auth0Options, AuthorizationQuery, AuthorizeResponse, BackupCodeOptions, BaseCaptchaOptions, BaseOAuthProviderOptions, BearerOptions, CaptchaFoxOptions, CaptchaOptions, Client, CloudflareTurnstileOptions, CodeVerificationValue, CustomSessionPluginOptions, DefaultOrganizationPlugin, DeviceAuthorizationOptions, DynamicAccessControlEndpoints, MULTI_SESSION_ERROR_CODES as ERROR_CODES, EmailOTPOptions, ExactRoleStatements, FieldSchema, GenericOAuthConfig, GenericOAuthOptions, GoogleRecaptchaOptions, GumroadOptions, HCaptchaOptions, HIDE_METADATA, HaveIBeenPwnedOptions, HubSpotOptions, InferAdminRolesFromOption, InferInvitation, InferMember, InferOptionSchema, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPluginContext, InferPluginErrorCodes, InferPluginIDs, InferTeam, Invitation, InvitationInput, InvitationStatus, JWKOptions, JWSAlgorithms, Jwk, JwtOptions, KeycloakOptions, LastLoginMethodOptions, LineOptions, LoginResult, MagicLinkOptions, Member, MemberInput, MicrosoftEntraIdOptions, MultiSessionConfig, OAUTH_POPUP_COMPLETE_SCRIPT, OAUTH_POPUP_DATA_ELEMENT_ID, OAUTH_POPUP_ERROR_CODES, OAUTH_POPUP_MESSAGE_TYPE, OAUTH_POPUP_SCRIPT_CSP_HASH, OAuthAccessToken, OAuthPopupData, OAuthPopupMessage, OAuthProxyOptions, OIDCMetadata, OIDCOptions, OTPOptions, OktaOptions, OneTapOptions, OneTimeTokenOptions, OpenAPIModelSchema, OpenAPIOptions, OpenAPIParameter, OpenAPISchema, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, POPUP_MARKER_COOKIE, Path, PatreonOptions, PhoneNumberOptions, Provider, Role, RoleAuthorizeRequest, RoleInput, RoleStatements, SIWEPluginOptions, SessionWithImpersonatedBy, SlackOptions, Statements, SubArray, Subset, TOTPOptions, TWO_FACTOR_ERROR_CODES, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, TestCookie, TestHelpers, TestUtilsOptions, TimeString, TokenBody, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, USERNAME_ERROR_CODES, UserWithAnonymous, UserWithPhoneNumber, UserWithRole, UserWithTwoFactor, UsernameOptions, admin, anonymous, auth0, backupCode2fa, bearer, captcha, createAccessControl, createJwk, customSession, defaultRolesSchema, deviceAuthorization, deviceAuthorizationOptionsSchema, emailOTP, encodeBackupCodes, generateBackupCodes, generateExportedKeyPair, generator, genericOAuth, getBackupCodes, getClient, getJwtToken, getMCPProtectedResourceMetadata, getMCPProviderMetadata, getMetadata, getOrgAdapter, gumroad, hasPermission, haveIBeenPwned, hubspot, invitationSchema, invitationStatus, jwt, keycloak, lastLoginMethod, line, magicLink, mcp, memberSchema, microsoftEntraId, ms, multiSession, oAuthDiscoveryMetadata, oAuthProtectedResourceMetadata, oAuthProxy, oauthPopup, oidcProvider, okta, oneTap, oneTimeToken, openAPI, organization, organizationRoleSchema, organizationSchema, otp2fa, parseRoles, patreon, phoneNumber, role, roleSchema, sec, signJWT, siwe, slack, teamMemberSchema, teamSchema, testUtils, toExpJWT, totp2fa, twoFactor, twoFactorClient, username, verifyBackupCode, verifyJWT, withMcpAuth };

package/dist/plugins/last-login-method/client.d.mts

@@ -8,6 +8,16 @@ interface LastLoginMethodClientConfig {
    * @default "better-auth.last_used_login_method"
    */
   cookieName?: string | undefined;
+  /**
+   * Domain for the cookie. Required when using cross-subdomain cookies
+   * so the client can properly clear the cookie set by the server.
+   *
+   * Should match the `domain` value in your server's
+   * `crossSubDomainCookies` configuration.
+   *
+   * @example ".example.com"
+   */
+  domain?: string | undefined;
 }
 /**
  * Client-side plugin to retrieve the last used login method

package/dist/plugins/last-login-method/client.mjs

@@ -19,7 +19,10 @@ const lastLoginMethodClient = (config = {}) => {
 					return getCookieValue(cookieName);
 				},
 				clearLastUsedLoginMethod: () => {
-					if (typeof document !== "undefined") document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;
+					if (typeof document !== "undefined") {
+						const domainPart = config.domain ? ` domain=${config.domain};` : "";
+						document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;${domainPart}`;
+					}
 				},
 				isLastUsedLoginMethod: (method) => {
 					return getCookieValue(cookieName) === method;

package/dist/plugins/oauth-popup/index.mjs

@@ -3,7 +3,7 @@ import { generateRandomString } from "../../crypto/random.mjs";
 import { expireCookie } from "../../cookies/index.mjs";
 import { getAwaitableValue } from "../../context/helpers.mjs";
 import { setOAuthState } from "../../api/state/oauth.mjs";
-import { generateGenericState } from "../../state.mjs";
+import { INTERNAL_STATE_KEYS, generateGenericState } from "../../state.mjs";
 import { HIDE_METADATA } from "../../utils/hide-metadata.mjs";
 import { PACKAGE_VERSION } from "../../version.mjs";
 import { OAUTH_POPUP_DATA_ELEMENT_ID, OAUTH_POPUP_MESSAGE_TYPE, POPUP_MARKER_COOKIE } from "./constants.mjs";
@@ -132,8 +132,9 @@ const oauthPopupStart = createAuthEndpoint("/oauth-popup/start", {
 	let url;
 	try {
 		const codeVerifier = generateRandomString(128);
+		const parsedAdditionalData = c.query.additionalData ? safeJSONParse(c.query.additionalData) ?? {} : {};
 		const stateData = {
-			...c.query.additionalData ? safeJSONParse(c.query.additionalData) ?? {} : {},
+			...Object.fromEntries(Object.entries(parsedAdditionalData).filter(([key]) => !INTERNAL_STATE_KEYS.has(key))),
 			callbackURL,
 			codeVerifier,
 			errorURL: c.query.errorCallbackURL,

package/dist/plugins/open-api/generator.d.mts

@@ -4,66 +4,75 @@ import { OpenAPIParameter, OpenAPISchemaType } from "better-call";
 
 //#region src/plugins/open-api/generator.d.ts
 interface Path {
-  get?: {
-    tags?: string[];
-    operationId?: string;
-    description?: string;
-    security?: [{
-      bearerAuth: string[];
-    }];
-    parameters?: OpenAPIParameter[];
-    responses?: { [key in string]: {
-      description?: string;
-      content: {
-        "application/json": {
-          schema: {
-            type?: OpenAPISchemaType;
-            properties?: Record<string, any>;
-            required?: string[];
-            $ref?: string;
-          };
-        };
-      };
-    } };
-  } | undefined;
-  post?: {
-    tags?: string[];
-    operationId?: string;
-    description?: string;
-    security?: [{
-      bearerAuth: string[];
-    }];
-    parameters?: OpenAPIParameter[];
-    requestBody?: {
-      content: {
-        "application/json": {
-          schema: {
-            type?: OpenAPISchemaType;
-            properties?: Record<string, any>;
-            required?: string[];
-            $ref?: string;
-          };
-        };
-      };
-    };
-    responses?: { [key in string]: {
-      description?: string;
-      content: {
-        "application/json": {
-          schema: {
-            type?: OpenAPISchemaType;
-            properties?: Record<string, any>;
-            required?: string[];
-            $ref?: string;
-          };
-        };
-      };
-    } };
-  } | undefined;
+  get?: OpenAPIOperation | undefined;
+  post?: OpenAPIOperation | undefined;
+  put?: OpenAPIOperation | undefined;
+  patch?: OpenAPIOperation | undefined;
+  delete?: OpenAPIOperation | undefined;
 }
+type OpenAPISchemaPrimitiveType = OpenAPISchemaType | "null";
+type OpenAPISchema = {
+  type?: OpenAPISchemaPrimitiveType | OpenAPISchemaPrimitiveType[];
+  properties?: Record<string, OpenAPISchema>;
+  required?: string[];
+  $ref?: string;
+  description?: string;
+  default?: unknown;
+  readOnly?: boolean;
+  format?: string;
+  deprecated?: boolean;
+  enum?: unknown[];
+  items?: OpenAPISchema;
+  minLength?: number;
+  maxLength?: number;
+  minimum?: number;
+  maximum?: number;
+  additionalProperties?: boolean | OpenAPISchema;
+  propertyNames?: OpenAPISchema;
+  allOf?: OpenAPISchema[];
+  anyOf?: OpenAPISchema[];
+  oneOf?: OpenAPISchema[];
+  const?: unknown;
+  example?: unknown;
+};
+type OpenAPIParameter$1 = Omit<OpenAPIParameter, "schema"> & {
+  schema?: OpenAPISchema;
+};
+type OpenAPIMediaTypeObject = {
+  schema?: OpenAPISchema;
+};
+type OpenAPIResponseContent = {
+  "application/json"?: OpenAPIMediaTypeObject;
+  "text/plain"?: OpenAPIMediaTypeObject;
+  "text/html"?: OpenAPIMediaTypeObject;
+  [contentType: string]: OpenAPIMediaTypeObject | undefined;
+};
+type OpenAPIResponse = {
+  description?: string;
+  content?: OpenAPIResponseContent;
+};
+type OpenAPIRequestBody = {
+  required?: boolean;
+  content: {
+    "application/json": {
+      schema: OpenAPISchema;
+    };
+  };
+};
+type OpenAPIOperation = {
+  tags?: string[];
+  operationId?: string;
+  description?: string;
+  security?: [{
+    bearerAuth: string[];
+  }];
+  parameters?: OpenAPIParameter$1[];
+  requestBody?: OpenAPIRequestBody;
+  responses?: Record<string, OpenAPIResponse>;
+};
 type FieldSchema = {
   type: DBFieldType;
-  default?: (DBFieldAttributeConfig["defaultValue"] | "Generated at runtime") | undefined;
+  default?: DBFieldAttributeConfig["defaultValue"] | undefined;
   readOnly?: boolean | undefined;
   format?: string;
 };
@@ -111,4 +120,4 @@ declare function generator(ctx: AuthContext, options: BetterAuthOptions): Promis
   paths: Record<string, Path>;
 }>;
 //#endregion
-export { FieldSchema, OpenAPIModelSchema, Path, generator };
+export { FieldSchema, OpenAPIModelSchema, OpenAPIParameter$1 as OpenAPIParameter, OpenAPISchema, Path, generator };