better-auth 1.6.7 → 1.6.8

package/dist/api/routes/account.mjs

@@ -1,6 +1,7 @@
 import { parseAccountOutput } from "../../db/schema.mjs";
 import { getAccountCookie, setAccountCookie } from "../../cookies/session-store.mjs";
 import { getAwaitableValue } from "../../context/helpers.mjs";
+import { missingEmailLogMessage } from "../../oauth2/errors.mjs";
 import { generateState } from "../../oauth2/state.mjs";
 import { decryptOAuthToken, setTokenUtil } from "../../oauth2/utils.mjs";
 import { freshSessionMiddleware, getSessionFromCtx, sessionMiddleware } from "./session.mjs";
@@ -133,7 +134,7 @@ const linkSocialAccount = createAuthEndpoint("/link-social", {
 		}
 		const linkingUserId = String(linkingUserInfo.user.id);
 		if (!linkingUserInfo.user.email) {
-			c.context.logger.error("User email not found", { provider: c.body.provider });
+			c.context.logger.error(missingEmailLogMessage(c.body.provider, { source: "id_token" }), { provider: c.body.provider });
 			throw APIError.from("UNAUTHORIZED", BASE_ERROR_CODES.USER_EMAIL_NOT_FOUND);
 		}
 		if ((await c.context.internalAdapter.findAccounts(session.user.id)).find((a) => a.providerId === provider.id && a.accountId === linkingUserId)) return c.json({

package/dist/api/routes/callback.mjs

@@ -1,5 +1,6 @@
 import { setSessionCookie } from "../../cookies/index.mjs";
 import { getAwaitableValue } from "../../context/helpers.mjs";
+import { missingEmailLogMessage } from "../../oauth2/errors.mjs";
 import { parseState } from "../../oauth2/state.mjs";
 import { setTokenUtil } from "../../oauth2/utils.mjs";
 import { handleOAuthUserInfo } from "../../oauth2/link-account.mjs";
@@ -134,7 +135,7 @@ const callbackOAuth = createAuthEndpoint("/callback/:id", {
 		throw c.redirect(toRedirectTo);
 	}
 	if (!userInfo.email) {
-		c.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings.");
+		c.context.logger.error(missingEmailLogMessage(provider.id));
 		return redirectOnError("email_not_found");
 	}
 	const accountData = {

package/dist/api/routes/sign-in.mjs

@@ -2,6 +2,7 @@ import { formCsrfMiddleware } from "../middlewares/origin-check.mjs";
 import { parseUserOutput } from "../../db/schema.mjs";
 import { setSessionCookie } from "../../cookies/index.mjs";
 import { getAwaitableValue } from "../../context/helpers.mjs";
+import { missingEmailLogMessage } from "../../oauth2/errors.mjs";
 import { generateState } from "../../oauth2/state.mjs";
 import { handleOAuthUserInfo } from "../../oauth2/link-account.mjs";
 import { createEmailVerificationToken } from "./email-verification.mjs";
@@ -100,7 +101,7 @@ const signInSocial = () => createAuthEndpoint("/sign-in/social", {
 			throw APIError.from("UNAUTHORIZED", BASE_ERROR_CODES.FAILED_TO_GET_USER_INFO);
 		}
 		if (!userInfo.user.email) {
-			c.context.logger.error("User email not found", { provider: c.body.provider });
+			c.context.logger.error(missingEmailLogMessage(c.body.provider, { source: "id_token" }), { provider: c.body.provider });
 			throw APIError.from("UNAUTHORIZED", BASE_ERROR_CODES.USER_EMAIL_NOT_FOUND);
 		}
 		const data = await handleOAuthUserInfo(c, {

package/dist/oauth2/errors.mjs

@@ -0,0 +1,12 @@
+//#region src/oauth2/errors.ts
+const HANDLING_DOCS_URL = "https://www.better-auth.com/docs/concepts/oauth#handling-providers-without-email";
+/**
+* Build the logger message shown when an OAuth provider does not return an
+* email address. Kept in one place so every rejection site points users at
+* the same workaround docs.
+*/
+function missingEmailLogMessage(providerId, options) {
+	return `${options?.source === "generic" ? `Generic OAuth provider "${providerId}"` : `Provider "${providerId}"`} did not return an email${options?.source === "id_token" ? " in the id token" : ""}. Either request the provider's email scope, or synthesize one via \`mapProfileToUser\`. See ${HANDLING_DOCS_URL}`;
+}
+//#endregion
+export { missingEmailLogMessage };

package/dist/package.mjs

@@ -1,4 +1,4 @@
 //#region package.json
-var version = "1.6.7";
+var version = "1.6.8";
 //#endregion
 export { version };

package/dist/plugins/generic-oauth/routes.mjs

@@ -1,4 +1,5 @@
 import { setSessionCookie } from "../../cookies/index.mjs";
+import { missingEmailLogMessage } from "../../oauth2/errors.mjs";
 import { generateState, parseState } from "../../oauth2/state.mjs";
 import { setTokenUtil } from "../../oauth2/utils.mjs";
 import { sessionMiddleware } from "../../api/routes/session.mjs";
@@ -209,7 +210,7 @@ const oAuth2Callback = (options) => createAuthEndpoint("/oauth2/callback/:provid
 		const mapUser = providerConfig.mapProfileToUser ? await providerConfig.mapProfileToUser(userInfo) : userInfo;
 		const email = mapUser.email ? mapUser.email.toLowerCase() : userInfo.email?.toLowerCase();
 		if (!email) {
-			ctx.context.logger.error("Unable to get user info", userInfo);
+			ctx.context.logger.error(missingEmailLogMessage(providerConfig.providerId, { source: "generic" }), userInfo);
 			throw redirectOnError("email_is_missing");
 		}
 		const id = mapUser.id ? String(mapUser.id) : String(userInfo.id);

package/dist/plugins/organization/adapter.d.mts

@@ -396,7 +396,7 @@ declare const getOrgAdapter: <O extends OrganizationOptions>(context: AuthContex
     } ? FieldAttributeToObject<RemoveFieldsWithReturnedFalse<Field>> : {}) extends infer T_3 ? { [K_3 in keyof T_3]: T_3[K_3] } : never)[] | undefined;
   }) | null>;
   listOrganizations: (userId: string) => Promise<InferOrganization<O>[]>;
-  createTeam: (data: Omit<TeamInput, "id">) => Promise<{
+  createTeam: (data: TeamInput) => Promise<{
     id: string;
     name: string;
     organizationId: string;

package/dist/plugins/organization/adapter.mjs

@@ -357,7 +357,8 @@ const getOrgAdapter = (context, options) => {
 		createTeam: async (data) => {
 			return await (await getCurrentAdapter(baseAdapter)).create({
 				model: "team",
-				data
+				data,
+				forceAllowId: true
 			});
 		},
 		findTeamById: async ({ teamId, organizationId, includeTeamMembers }) => {
@@ -553,7 +554,8 @@ const getOrgAdapter = (context, options) => {
 					inviterId: user.id,
 					...invitation,
 					teamId: invitation.teamIds.length > 0 ? invitation.teamIds.join(",") : null
-				}
+				},
+				forceAllowId: true
 			});
 		},
 		findInvitationById: async (id) => {

package/dist/plugins/organization/schema.d.mts

@@ -294,7 +294,7 @@ type InvitationInput = z.input<typeof invitationSchema>;
 type MemberInput = z.input<typeof memberSchema>;
 type TeamMemberInput = z.input<typeof teamMemberSchema>;
 type OrganizationInput = z.input<typeof organizationSchema>;
-type TeamInput = z.infer<typeof teamSchema>;
+type TeamInput = z.input<typeof teamSchema>;
 type OrganizationRole = z.infer<typeof organizationRoleSchema>;
 declare const defaultRolesSchema: z.ZodUnion<readonly [z.ZodEnum<{
   admin: "admin";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "better-auth",
-  "version": "1.6.7",
+  "version": "1.6.8",
   "description": "The most comprehensive authentication framework for TypeScript.",
   "type": "module",
   "license": "MIT",
@@ -489,13 +489,13 @@
     "kysely": "^0.28.14",
     "nanostores": "^1.1.1",
     "zod": "^4.3.6",
-    "@better-auth/core": "1.6.7",
-    "@better-auth/drizzle-adapter": "1.6.7",
-    "@better-auth/kysely-adapter": "1.6.7",
-    "@better-auth/memory-adapter": "1.6.7",
-    "@better-auth/mongo-adapter": "1.6.7",
-    "@better-auth/prisma-adapter": "1.6.7",
-    "@better-auth/telemetry": "1.6.7"
+    "@better-auth/core": "1.6.8",
+    "@better-auth/drizzle-adapter": "1.6.8",
+    "@better-auth/kysely-adapter": "1.6.8",
+    "@better-auth/memory-adapter": "1.6.8",
+    "@better-auth/mongo-adapter": "1.6.8",
+    "@better-auth/prisma-adapter": "1.6.8",
+    "@better-auth/telemetry": "1.6.8"
   },
   "devDependencies": {
     "@lynx-js/react": "^0.116.3",