This is page 11 of 51. Use http://codebase.md/better-auth/better-auth?lines=false&page={x} to view the full context.
# Directory Structure
```
├── .gitattributes
├── .github
│ ├── CODEOWNERS
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE
│ │ ├── bug_report.yml
│ │ └── feature_request.yml
│ ├── renovate.json5
│ └── workflows
│ ├── ci.yml
│ ├── e2e.yml
│ ├── preview.yml
│ └── release.yml
├── .gitignore
├── .npmrc
├── .nvmrc
├── .vscode
│ └── settings.json
├── banner-dark.png
├── banner.png
├── biome.json
├── bump.config.ts
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── demo
│ ├── expo-example
│ │ ├── .env.example
│ │ ├── .gitignore
│ │ ├── app.config.ts
│ │ ├── assets
│ │ │ ├── bg-image.jpeg
│ │ │ ├── fonts
│ │ │ │ └── SpaceMono-Regular.ttf
│ │ │ ├── icon.png
│ │ │ └── images
│ │ │ ├── adaptive-icon.png
│ │ │ ├── favicon.png
│ │ │ ├── logo.png
│ │ │ ├── partial-react-logo.png
│ │ │ ├── react-logo.png
│ │ │ ├── [email protected]
│ │ │ ├── [email protected]
│ │ │ └── splash.png
│ │ ├── babel.config.js
│ │ ├── components.json
│ │ ├── expo-env.d.ts
│ │ ├── index.ts
│ │ ├── metro.config.js
│ │ ├── nativewind-env.d.ts
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── app
│ │ │ │ ├── _layout.tsx
│ │ │ │ ├── api
│ │ │ │ │ └── auth
│ │ │ │ │ └── [...route]+api.ts
│ │ │ │ ├── dashboard.tsx
│ │ │ │ ├── forget-password.tsx
│ │ │ │ ├── index.tsx
│ │ │ │ └── sign-up.tsx
│ │ │ ├── components
│ │ │ │ ├── icons
│ │ │ │ │ └── google.tsx
│ │ │ │ └── ui
│ │ │ │ ├── avatar.tsx
│ │ │ │ ├── button.tsx
│ │ │ │ ├── card.tsx
│ │ │ │ ├── dialog.tsx
│ │ │ │ ├── input.tsx
│ │ │ │ ├── separator.tsx
│ │ │ │ └── text.tsx
│ │ │ ├── global.css
│ │ │ └── lib
│ │ │ ├── auth-client.ts
│ │ │ ├── auth.ts
│ │ │ ├── icons
│ │ │ │ ├── iconWithClassName.ts
│ │ │ │ └── X.tsx
│ │ │ └── utils.ts
│ │ ├── tailwind.config.js
│ │ └── tsconfig.json
│ └── nextjs
│ ├── .env.example
│ ├── .gitignore
│ ├── app
│ │ ├── (auth)
│ │ │ ├── forget-password
│ │ │ │ └── page.tsx
│ │ │ ├── reset-password
│ │ │ │ └── page.tsx
│ │ │ ├── sign-in
│ │ │ │ ├── loading.tsx
│ │ │ │ └── page.tsx
│ │ │ └── two-factor
│ │ │ ├── otp
│ │ │ │ └── page.tsx
│ │ │ └── page.tsx
│ │ ├── accept-invitation
│ │ │ └── [id]
│ │ │ ├── invitation-error.tsx
│ │ │ └── page.tsx
│ │ ├── admin
│ │ │ └── page.tsx
│ │ ├── api
│ │ │ └── auth
│ │ │ └── [...all]
│ │ │ └── route.ts
│ │ ├── apps
│ │ │ └── register
│ │ │ └── page.tsx
│ │ ├── client-test
│ │ │ └── page.tsx
│ │ ├── dashboard
│ │ │ ├── change-plan.tsx
│ │ │ ├── client.tsx
│ │ │ ├── organization-card.tsx
│ │ │ ├── page.tsx
│ │ │ ├── upgrade-button.tsx
│ │ │ └── user-card.tsx
│ │ ├── device
│ │ │ ├── approve
│ │ │ │ └── page.tsx
│ │ │ ├── denied
│ │ │ │ └── page.tsx
│ │ │ ├── layout.tsx
│ │ │ ├── page.tsx
│ │ │ └── success
│ │ │ └── page.tsx
│ │ ├── favicon.ico
│ │ ├── features.tsx
│ │ ├── fonts
│ │ │ ├── GeistMonoVF.woff
│ │ │ └── GeistVF.woff
│ │ ├── globals.css
│ │ ├── layout.tsx
│ │ ├── oauth
│ │ │ └── authorize
│ │ │ ├── concet-buttons.tsx
│ │ │ └── page.tsx
│ │ ├── page.tsx
│ │ └── pricing
│ │ └── page.tsx
│ ├── components
│ │ ├── account-switch.tsx
│ │ ├── blocks
│ │ │ └── pricing.tsx
│ │ ├── logo.tsx
│ │ ├── one-tap.tsx
│ │ ├── sign-in-btn.tsx
│ │ ├── sign-in.tsx
│ │ ├── sign-up.tsx
│ │ ├── theme-provider.tsx
│ │ ├── theme-toggle.tsx
│ │ ├── tier-labels.tsx
│ │ ├── ui
│ │ │ ├── accordion.tsx
│ │ │ ├── alert-dialog.tsx
│ │ │ ├── alert.tsx
│ │ │ ├── aspect-ratio.tsx
│ │ │ ├── avatar.tsx
│ │ │ ├── badge.tsx
│ │ │ ├── breadcrumb.tsx
│ │ │ ├── button.tsx
│ │ │ ├── calendar.tsx
│ │ │ ├── card.tsx
│ │ │ ├── carousel.tsx
│ │ │ ├── chart.tsx
│ │ │ ├── checkbox.tsx
│ │ │ ├── collapsible.tsx
│ │ │ ├── command.tsx
│ │ │ ├── context-menu.tsx
│ │ │ ├── copy-button.tsx
│ │ │ ├── dialog.tsx
│ │ │ ├── drawer.tsx
│ │ │ ├── dropdown-menu.tsx
│ │ │ ├── form.tsx
│ │ │ ├── hover-card.tsx
│ │ │ ├── input-otp.tsx
│ │ │ ├── input.tsx
│ │ │ ├── label.tsx
│ │ │ ├── menubar.tsx
│ │ │ ├── navigation-menu.tsx
│ │ │ ├── pagination.tsx
│ │ │ ├── password-input.tsx
│ │ │ ├── popover.tsx
│ │ │ ├── progress.tsx
│ │ │ ├── radio-group.tsx
│ │ │ ├── resizable.tsx
│ │ │ ├── scroll-area.tsx
│ │ │ ├── select.tsx
│ │ │ ├── separator.tsx
│ │ │ ├── sheet.tsx
│ │ │ ├── skeleton.tsx
│ │ │ ├── slider.tsx
│ │ │ ├── sonner.tsx
│ │ │ ├── switch.tsx
│ │ │ ├── table.tsx
│ │ │ ├── tabs.tsx
│ │ │ ├── tabs2.tsx
│ │ │ ├── textarea.tsx
│ │ │ ├── toast.tsx
│ │ │ ├── toaster.tsx
│ │ │ ├── toggle-group.tsx
│ │ │ ├── toggle.tsx
│ │ │ └── tooltip.tsx
│ │ └── wrapper.tsx
│ ├── components.json
│ ├── hooks
│ │ └── use-toast.ts
│ ├── lib
│ │ ├── auth-client.ts
│ │ ├── auth-types.ts
│ │ ├── auth.ts
│ │ ├── email
│ │ │ ├── invitation.tsx
│ │ │ ├── resend.ts
│ │ │ └── reset-password.tsx
│ │ ├── metadata.ts
│ │ ├── shared.ts
│ │ └── utils.ts
│ ├── next.config.ts
│ ├── package.json
│ ├── postcss.config.mjs
│ ├── proxy.ts
│ ├── public
│ │ ├── __og.png
│ │ ├── _og.png
│ │ ├── favicon
│ │ │ ├── android-chrome-192x192.png
│ │ │ ├── android-chrome-512x512.png
│ │ │ ├── apple-touch-icon.png
│ │ │ ├── favicon-16x16.png
│ │ │ ├── favicon-32x32.png
│ │ │ ├── favicon.ico
│ │ │ ├── light
│ │ │ │ ├── android-chrome-192x192.png
│ │ │ │ ├── android-chrome-512x512.png
│ │ │ │ ├── apple-touch-icon.png
│ │ │ │ ├── favicon-16x16.png
│ │ │ │ ├── favicon-32x32.png
│ │ │ │ ├── favicon.ico
│ │ │ │ └── site.webmanifest
│ │ │ └── site.webmanifest
│ │ ├── logo.svg
│ │ └── og.png
│ ├── README.md
│ ├── tailwind.config.ts
│ ├── tsconfig.json
│ └── turbo.json
├── docker-compose.yml
├── docs
│ ├── .env.example
│ ├── .gitignore
│ ├── app
│ │ ├── api
│ │ │ ├── ai-chat
│ │ │ │ └── route.ts
│ │ │ ├── analytics
│ │ │ │ ├── conversation
│ │ │ │ │ └── route.ts
│ │ │ │ ├── event
│ │ │ │ │ └── route.ts
│ │ │ │ └── feedback
│ │ │ │ └── route.ts
│ │ │ ├── chat
│ │ │ │ └── route.ts
│ │ │ ├── og
│ │ │ │ └── route.tsx
│ │ │ ├── og-release
│ │ │ │ └── route.tsx
│ │ │ ├── search
│ │ │ │ └── route.ts
│ │ │ └── support
│ │ │ └── route.ts
│ │ ├── blog
│ │ │ ├── _components
│ │ │ │ ├── _layout.tsx
│ │ │ │ ├── blog-list.tsx
│ │ │ │ ├── changelog-layout.tsx
│ │ │ │ ├── default-changelog.tsx
│ │ │ │ ├── fmt-dates.tsx
│ │ │ │ ├── icons.tsx
│ │ │ │ ├── stat-field.tsx
│ │ │ │ └── support.tsx
│ │ │ ├── [[...slug]]
│ │ │ │ └── page.tsx
│ │ │ └── layout.tsx
│ │ ├── changelogs
│ │ │ ├── _components
│ │ │ │ ├── _layout.tsx
│ │ │ │ ├── changelog-layout.tsx
│ │ │ │ ├── default-changelog.tsx
│ │ │ │ ├── fmt-dates.tsx
│ │ │ │ ├── grid-pattern.tsx
│ │ │ │ ├── icons.tsx
│ │ │ │ └── stat-field.tsx
│ │ │ ├── [[...slug]]
│ │ │ │ └── page.tsx
│ │ │ └── layout.tsx
│ │ ├── community
│ │ │ ├── _components
│ │ │ │ ├── header.tsx
│ │ │ │ └── stats.tsx
│ │ │ └── page.tsx
│ │ ├── docs
│ │ │ ├── [[...slug]]
│ │ │ │ ├── page.client.tsx
│ │ │ │ └── page.tsx
│ │ │ ├── layout.tsx
│ │ │ └── lib
│ │ │ └── get-llm-text.ts
│ │ ├── global.css
│ │ ├── layout.config.tsx
│ │ ├── layout.tsx
│ │ ├── llms.txt
│ │ │ ├── [...slug]
│ │ │ │ └── route.ts
│ │ │ └── route.ts
│ │ ├── not-found.tsx
│ │ ├── page.tsx
│ │ ├── reference
│ │ │ └── route.ts
│ │ ├── sitemap.xml
│ │ ├── static.json
│ │ │ └── route.ts
│ │ └── v1
│ │ ├── _components
│ │ │ └── v1-text.tsx
│ │ ├── bg-line.tsx
│ │ └── page.tsx
│ ├── assets
│ │ ├── Geist.ttf
│ │ └── GeistMono.ttf
│ ├── components
│ │ ├── ai-chat-modal.tsx
│ │ ├── anchor-scroll-fix.tsx
│ │ ├── api-method-tabs.tsx
│ │ ├── api-method.tsx
│ │ ├── banner.tsx
│ │ ├── blocks
│ │ │ └── features.tsx
│ │ ├── builder
│ │ │ ├── beam.tsx
│ │ │ ├── code-tabs
│ │ │ │ ├── code-editor.tsx
│ │ │ │ ├── code-tabs.tsx
│ │ │ │ ├── index.tsx
│ │ │ │ ├── tab-bar.tsx
│ │ │ │ └── theme.ts
│ │ │ ├── index.tsx
│ │ │ ├── sign-in.tsx
│ │ │ ├── sign-up.tsx
│ │ │ ├── social-provider.tsx
│ │ │ ├── store.ts
│ │ │ └── tabs.tsx
│ │ ├── display-techstack.tsx
│ │ ├── divider-text.tsx
│ │ ├── docs
│ │ │ ├── docs.client.tsx
│ │ │ ├── docs.tsx
│ │ │ ├── layout
│ │ │ │ ├── nav.tsx
│ │ │ │ ├── theme-toggle.tsx
│ │ │ │ ├── toc-thumb.tsx
│ │ │ │ └── toc.tsx
│ │ │ ├── page.client.tsx
│ │ │ ├── page.tsx
│ │ │ ├── shared.tsx
│ │ │ └── ui
│ │ │ ├── button.tsx
│ │ │ ├── collapsible.tsx
│ │ │ ├── popover.tsx
│ │ │ └── scroll-area.tsx
│ │ ├── endpoint.tsx
│ │ ├── features.tsx
│ │ ├── floating-ai-search.tsx
│ │ ├── fork-button.tsx
│ │ ├── generate-apple-jwt.tsx
│ │ ├── generate-secret.tsx
│ │ ├── github-stat.tsx
│ │ ├── icons.tsx
│ │ ├── landing
│ │ │ ├── gradient-bg.tsx
│ │ │ ├── grid-pattern.tsx
│ │ │ ├── hero.tsx
│ │ │ ├── section-svg.tsx
│ │ │ ├── section.tsx
│ │ │ ├── spotlight.tsx
│ │ │ └── testimonials.tsx
│ │ ├── logo-context-menu.tsx
│ │ ├── logo.tsx
│ │ ├── markdown-renderer.tsx
│ │ ├── markdown.tsx
│ │ ├── mdx
│ │ │ ├── add-to-cursor.tsx
│ │ │ └── database-tables.tsx
│ │ ├── message-feedback.tsx
│ │ ├── mobile-search-icon.tsx
│ │ ├── nav-bar.tsx
│ │ ├── nav-link.tsx
│ │ ├── nav-mobile.tsx
│ │ ├── promo-card.tsx
│ │ ├── resource-card.tsx
│ │ ├── resource-grid.tsx
│ │ ├── resource-section.tsx
│ │ ├── ripple.tsx
│ │ ├── search-dialog.tsx
│ │ ├── side-bar.tsx
│ │ ├── sidebar-content.tsx
│ │ ├── techstack-icons.tsx
│ │ ├── theme-provider.tsx
│ │ ├── theme-toggler.tsx
│ │ └── ui
│ │ ├── accordion.tsx
│ │ ├── alert-dialog.tsx
│ │ ├── alert.tsx
│ │ ├── aside-link.tsx
│ │ ├── aspect-ratio.tsx
│ │ ├── avatar.tsx
│ │ ├── background-beams.tsx
│ │ ├── background-boxes.tsx
│ │ ├── badge.tsx
│ │ ├── breadcrumb.tsx
│ │ ├── button.tsx
│ │ ├── calendar.tsx
│ │ ├── callout.tsx
│ │ ├── card.tsx
│ │ ├── carousel.tsx
│ │ ├── chart.tsx
│ │ ├── checkbox.tsx
│ │ ├── code-block.tsx
│ │ ├── collapsible.tsx
│ │ ├── command.tsx
│ │ ├── context-menu.tsx
│ │ ├── dialog.tsx
│ │ ├── drawer.tsx
│ │ ├── dropdown-menu.tsx
│ │ ├── dynamic-code-block.tsx
│ │ ├── fade-in.tsx
│ │ ├── form.tsx
│ │ ├── hover-card.tsx
│ │ ├── input-otp.tsx
│ │ ├── input.tsx
│ │ ├── label.tsx
│ │ ├── menubar.tsx
│ │ ├── navigation-menu.tsx
│ │ ├── pagination.tsx
│ │ ├── popover.tsx
│ │ ├── progress.tsx
│ │ ├── radio-group.tsx
│ │ ├── resizable.tsx
│ │ ├── scroll-area.tsx
│ │ ├── select.tsx
│ │ ├── separator.tsx
│ │ ├── sheet.tsx
│ │ ├── sidebar.tsx
│ │ ├── skeleton.tsx
│ │ ├── slider.tsx
│ │ ├── sonner.tsx
│ │ ├── sparkles.tsx
│ │ ├── switch.tsx
│ │ ├── table.tsx
│ │ ├── tabs.tsx
│ │ ├── textarea.tsx
│ │ ├── toggle-group.tsx
│ │ ├── toggle.tsx
│ │ ├── tooltip-docs.tsx
│ │ ├── tooltip.tsx
│ │ └── use-copy-button.tsx
│ ├── components.json
│ ├── content
│ │ ├── blogs
│ │ │ ├── 0-supabase-auth-to-planetscale-migration.mdx
│ │ │ ├── 1-3.mdx
│ │ │ ├── authjs-joins-better-auth.mdx
│ │ │ └── seed-round.mdx
│ │ ├── changelogs
│ │ │ ├── 1-2.mdx
│ │ │ └── 1.0.mdx
│ │ └── docs
│ │ ├── adapters
│ │ │ ├── community-adapters.mdx
│ │ │ ├── drizzle.mdx
│ │ │ ├── mongo.mdx
│ │ │ ├── mssql.mdx
│ │ │ ├── mysql.mdx
│ │ │ ├── other-relational-databases.mdx
│ │ │ ├── postgresql.mdx
│ │ │ ├── prisma.mdx
│ │ │ └── sqlite.mdx
│ │ ├── authentication
│ │ │ ├── apple.mdx
│ │ │ ├── atlassian.mdx
│ │ │ ├── cognito.mdx
│ │ │ ├── discord.mdx
│ │ │ ├── dropbox.mdx
│ │ │ ├── email-password.mdx
│ │ │ ├── facebook.mdx
│ │ │ ├── figma.mdx
│ │ │ ├── github.mdx
│ │ │ ├── gitlab.mdx
│ │ │ ├── google.mdx
│ │ │ ├── huggingface.mdx
│ │ │ ├── kakao.mdx
│ │ │ ├── kick.mdx
│ │ │ ├── line.mdx
│ │ │ ├── linear.mdx
│ │ │ ├── linkedin.mdx
│ │ │ ├── microsoft.mdx
│ │ │ ├── naver.mdx
│ │ │ ├── notion.mdx
│ │ │ ├── other-social-providers.mdx
│ │ │ ├── paypal.mdx
│ │ │ ├── reddit.mdx
│ │ │ ├── roblox.mdx
│ │ │ ├── salesforce.mdx
│ │ │ ├── slack.mdx
│ │ │ ├── spotify.mdx
│ │ │ ├── tiktok.mdx
│ │ │ ├── twitch.mdx
│ │ │ ├── twitter.mdx
│ │ │ ├── vk.mdx
│ │ │ └── zoom.mdx
│ │ ├── basic-usage.mdx
│ │ ├── comparison.mdx
│ │ ├── concepts
│ │ │ ├── api.mdx
│ │ │ ├── cli.mdx
│ │ │ ├── client.mdx
│ │ │ ├── cookies.mdx
│ │ │ ├── database.mdx
│ │ │ ├── email.mdx
│ │ │ ├── hooks.mdx
│ │ │ ├── oauth.mdx
│ │ │ ├── plugins.mdx
│ │ │ ├── rate-limit.mdx
│ │ │ ├── session-management.mdx
│ │ │ ├── typescript.mdx
│ │ │ └── users-accounts.mdx
│ │ ├── examples
│ │ │ ├── astro.mdx
│ │ │ ├── next-js.mdx
│ │ │ ├── nuxt.mdx
│ │ │ ├── remix.mdx
│ │ │ └── svelte-kit.mdx
│ │ ├── guides
│ │ │ ├── auth0-migration-guide.mdx
│ │ │ ├── browser-extension-guide.mdx
│ │ │ ├── clerk-migration-guide.mdx
│ │ │ ├── create-a-db-adapter.mdx
│ │ │ ├── next-auth-migration-guide.mdx
│ │ │ ├── optimizing-for-performance.mdx
│ │ │ ├── saml-sso-with-okta.mdx
│ │ │ ├── supabase-migration-guide.mdx
│ │ │ └── your-first-plugin.mdx
│ │ ├── installation.mdx
│ │ ├── integrations
│ │ │ ├── astro.mdx
│ │ │ ├── convex.mdx
│ │ │ ├── elysia.mdx
│ │ │ ├── expo.mdx
│ │ │ ├── express.mdx
│ │ │ ├── fastify.mdx
│ │ │ ├── hono.mdx
│ │ │ ├── lynx.mdx
│ │ │ ├── nestjs.mdx
│ │ │ ├── next.mdx
│ │ │ ├── nitro.mdx
│ │ │ ├── nuxt.mdx
│ │ │ ├── remix.mdx
│ │ │ ├── solid-start.mdx
│ │ │ ├── svelte-kit.mdx
│ │ │ ├── tanstack.mdx
│ │ │ └── waku.mdx
│ │ ├── introduction.mdx
│ │ ├── meta.json
│ │ ├── plugins
│ │ │ ├── 2fa.mdx
│ │ │ ├── admin.mdx
│ │ │ ├── anonymous.mdx
│ │ │ ├── api-key.mdx
│ │ │ ├── autumn.mdx
│ │ │ ├── bearer.mdx
│ │ │ ├── captcha.mdx
│ │ │ ├── community-plugins.mdx
│ │ │ ├── device-authorization.mdx
│ │ │ ├── dodopayments.mdx
│ │ │ ├── dub.mdx
│ │ │ ├── email-otp.mdx
│ │ │ ├── generic-oauth.mdx
│ │ │ ├── have-i-been-pwned.mdx
│ │ │ ├── jwt.mdx
│ │ │ ├── last-login-method.mdx
│ │ │ ├── magic-link.mdx
│ │ │ ├── mcp.mdx
│ │ │ ├── multi-session.mdx
│ │ │ ├── oauth-proxy.mdx
│ │ │ ├── oidc-provider.mdx
│ │ │ ├── one-tap.mdx
│ │ │ ├── one-time-token.mdx
│ │ │ ├── open-api.mdx
│ │ │ ├── organization.mdx
│ │ │ ├── passkey.mdx
│ │ │ ├── phone-number.mdx
│ │ │ ├── polar.mdx
│ │ │ ├── siwe.mdx
│ │ │ ├── sso.mdx
│ │ │ ├── stripe.mdx
│ │ │ └── username.mdx
│ │ └── reference
│ │ ├── contributing.mdx
│ │ ├── faq.mdx
│ │ ├── options.mdx
│ │ ├── resources.mdx
│ │ ├── security.mdx
│ │ └── telemetry.mdx
│ ├── hooks
│ │ └── use-mobile.ts
│ ├── ignore-build.sh
│ ├── lib
│ │ ├── blog.ts
│ │ ├── chat
│ │ │ └── inkeep-qa-schema.ts
│ │ ├── constants.ts
│ │ ├── export-search-indexes.ts
│ │ ├── inkeep-analytics.ts
│ │ ├── is-active.ts
│ │ ├── metadata.ts
│ │ ├── source.ts
│ │ └── utils.ts
│ ├── next.config.js
│ ├── package.json
│ ├── postcss.config.js
│ ├── proxy.ts
│ ├── public
│ │ ├── avatars
│ │ │ └── beka.jpg
│ │ ├── blogs
│ │ │ ├── authjs-joins.png
│ │ │ ├── seed-round.png
│ │ │ └── supabase-ps.png
│ │ ├── branding
│ │ │ ├── better-auth-brand-assets.zip
│ │ │ ├── better-auth-logo-dark.png
│ │ │ ├── better-auth-logo-dark.svg
│ │ │ ├── better-auth-logo-light.png
│ │ │ ├── better-auth-logo-light.svg
│ │ │ ├── better-auth-logo-wordmark-dark.png
│ │ │ ├── better-auth-logo-wordmark-dark.svg
│ │ │ ├── better-auth-logo-wordmark-light.png
│ │ │ └── better-auth-logo-wordmark-light.svg
│ │ ├── extension-id.png
│ │ ├── favicon
│ │ │ ├── android-chrome-192x192.png
│ │ │ ├── android-chrome-512x512.png
│ │ │ ├── apple-touch-icon.png
│ │ │ ├── favicon-16x16.png
│ │ │ ├── favicon-32x32.png
│ │ │ ├── favicon.ico
│ │ │ ├── light
│ │ │ │ ├── android-chrome-192x192.png
│ │ │ │ ├── android-chrome-512x512.png
│ │ │ │ ├── apple-touch-icon.png
│ │ │ │ ├── favicon-16x16.png
│ │ │ │ ├── favicon-32x32.png
│ │ │ │ ├── favicon.ico
│ │ │ │ └── site.webmanifest
│ │ │ └── site.webmanifest
│ │ ├── images
│ │ │ └── blogs
│ │ │ └── better auth (1).png
│ │ ├── logo.png
│ │ ├── logo.svg
│ │ ├── LogoDark.webp
│ │ ├── LogoLight.webp
│ │ ├── og.png
│ │ ├── open-api-reference.png
│ │ ├── people-say
│ │ │ ├── code-with-antonio.jpg
│ │ │ ├── dagmawi-babi.png
│ │ │ ├── dax.png
│ │ │ ├── dev-ed.png
│ │ │ ├── egoist.png
│ │ │ ├── guillermo-rauch.png
│ │ │ ├── jonathan-wilke.png
│ │ │ ├── josh-tried-coding.jpg
│ │ │ ├── kitze.jpg
│ │ │ ├── lazar-nikolov.png
│ │ │ ├── nizzy.png
│ │ │ ├── omar-mcadam.png
│ │ │ ├── ryan-vogel.jpg
│ │ │ ├── saltyatom.jpg
│ │ │ ├── sebastien-chopin.png
│ │ │ ├── shreyas-mididoddi.png
│ │ │ ├── tech-nerd.png
│ │ │ ├── theo.png
│ │ │ ├── vybhav-bhargav.png
│ │ │ └── xavier-pladevall.jpg
│ │ ├── plus.svg
│ │ ├── release-og
│ │ │ ├── 1-2.png
│ │ │ ├── 1-3.png
│ │ │ └── changelog-og.png
│ │ └── v1-og.png
│ ├── README.md
│ ├── scripts
│ │ ├── endpoint-to-doc
│ │ │ ├── index.ts
│ │ │ ├── input.ts
│ │ │ ├── output.mdx
│ │ │ └── readme.md
│ │ └── sync-orama.ts
│ ├── source.config.ts
│ ├── tailwind.config.js
│ ├── tsconfig.json
│ └── turbo.json
├── e2e
│ ├── integration
│ │ ├── package.json
│ │ ├── playwright.config.ts
│ │ ├── solid-vinxi
│ │ │ ├── .gitignore
│ │ │ ├── app.config.ts
│ │ │ ├── e2e
│ │ │ │ ├── test.spec.ts
│ │ │ │ └── utils.ts
│ │ │ ├── package.json
│ │ │ ├── public
│ │ │ │ └── favicon.ico
│ │ │ ├── src
│ │ │ │ ├── app.tsx
│ │ │ │ ├── entry-client.tsx
│ │ │ │ ├── entry-server.tsx
│ │ │ │ ├── global.d.ts
│ │ │ │ ├── lib
│ │ │ │ │ ├── auth-client.ts
│ │ │ │ │ └── auth.ts
│ │ │ │ └── routes
│ │ │ │ ├── [...404].tsx
│ │ │ │ ├── api
│ │ │ │ │ └── auth
│ │ │ │ │ └── [...all].ts
│ │ │ │ └── index.tsx
│ │ │ └── tsconfig.json
│ │ ├── test-utils
│ │ │ ├── package.json
│ │ │ └── src
│ │ │ └── playwright.ts
│ │ └── vanilla-node
│ │ ├── e2e
│ │ │ ├── app.ts
│ │ │ ├── domain.spec.ts
│ │ │ ├── postgres-js.spec.ts
│ │ │ ├── test.spec.ts
│ │ │ └── utils.ts
│ │ ├── index.html
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── main.ts
│ │ │ └── vite-env.d.ts
│ │ ├── tsconfig.json
│ │ └── vite.config.ts
│ └── smoke
│ ├── package.json
│ ├── test
│ │ ├── bun.spec.ts
│ │ ├── cloudflare.spec.ts
│ │ ├── deno.spec.ts
│ │ ├── fixtures
│ │ │ ├── bun-simple.ts
│ │ │ ├── cloudflare
│ │ │ │ ├── .gitignore
│ │ │ │ ├── drizzle
│ │ │ │ │ ├── 0000_clean_vector.sql
│ │ │ │ │ └── meta
│ │ │ │ │ ├── _journal.json
│ │ │ │ │ └── 0000_snapshot.json
│ │ │ │ ├── drizzle.config.ts
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ ├── auth-schema.ts
│ │ │ │ │ ├── db.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── test
│ │ │ │ │ ├── apply-migrations.ts
│ │ │ │ │ ├── env.d.ts
│ │ │ │ │ └── index.test.ts
│ │ │ │ ├── tsconfig.json
│ │ │ │ ├── vitest.config.ts
│ │ │ │ ├── worker-configuration.d.ts
│ │ │ │ └── wrangler.json
│ │ │ ├── deno-simple.ts
│ │ │ ├── tsconfig-decelration
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ ├── demo.ts
│ │ │ │ │ └── index.ts
│ │ │ │ └── tsconfig.json
│ │ │ ├── tsconfig-exact-optional-property-types
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── organization.ts
│ │ │ │ │ ├── user-additional-fields.ts
│ │ │ │ │ └── username.ts
│ │ │ │ └── tsconfig.json
│ │ │ ├── tsconfig-isolated-module-bundler
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ └── index.ts
│ │ │ │ └── tsconfig.json
│ │ │ ├── tsconfig-verbatim-module-syntax-node10
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ └── index.ts
│ │ │ │ └── tsconfig.json
│ │ │ └── vite
│ │ │ ├── package.json
│ │ │ ├── src
│ │ │ │ ├── client.ts
│ │ │ │ └── server.ts
│ │ │ ├── tsconfig.json
│ │ │ └── vite.config.ts
│ │ ├── ssr.ts
│ │ ├── typecheck.spec.ts
│ │ └── vite.spec.ts
│ └── tsconfig.json
├── LICENSE.md
├── package.json
├── packages
│ ├── better-auth
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── __snapshots__
│ │ │ │ └── init.test.ts.snap
│ │ │ ├── adapters
│ │ │ │ ├── adapter-factory
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── test
│ │ │ │ │ │ ├── __snapshots__
│ │ │ │ │ │ │ └── adapter-factory.test.ts.snap
│ │ │ │ │ │ └── adapter-factory.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── create-test-suite.ts
│ │ │ │ ├── drizzle-adapter
│ │ │ │ │ ├── drizzle-adapter.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── test
│ │ │ │ │ ├── .gitignore
│ │ │ │ │ ├── adapter.drizzle.mysql.test.ts
│ │ │ │ │ ├── adapter.drizzle.pg.test.ts
│ │ │ │ │ ├── adapter.drizzle.sqlite.test.ts
│ │ │ │ │ └── generate-schema.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── kysely-adapter
│ │ │ │ │ ├── bun-sqlite-dialect.ts
│ │ │ │ │ ├── dialect.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── kysely-adapter.ts
│ │ │ │ │ ├── node-sqlite-dialect.ts
│ │ │ │ │ ├── test
│ │ │ │ │ │ ├── adapter.kysely.mssql.test.ts
│ │ │ │ │ │ ├── adapter.kysely.mysql.test.ts
│ │ │ │ │ │ ├── adapter.kysely.pg.test.ts
│ │ │ │ │ │ ├── adapter.kysely.sqlite.test.ts
│ │ │ │ │ │ └── node-sqlite-dialect.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── memory-adapter
│ │ │ │ │ ├── adapter.memory.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── memory-adapter.ts
│ │ │ │ ├── mongodb-adapter
│ │ │ │ │ ├── adapter.mongo-db.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── mongodb-adapter.ts
│ │ │ │ ├── prisma-adapter
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── prisma-adapter.ts
│ │ │ │ │ └── test
│ │ │ │ │ ├── .gitignore
│ │ │ │ │ ├── base.prisma
│ │ │ │ │ ├── generate-auth-config.ts
│ │ │ │ │ ├── generate-prisma-schema.ts
│ │ │ │ │ ├── get-prisma-client.ts
│ │ │ │ │ ├── prisma.mysql.test.ts
│ │ │ │ │ ├── prisma.pg.test.ts
│ │ │ │ │ ├── prisma.sqlite.test.ts
│ │ │ │ │ └── push-prisma-schema.ts
│ │ │ │ ├── test-adapter.ts
│ │ │ │ ├── test.ts
│ │ │ │ ├── tests
│ │ │ │ │ ├── auth-flow.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── normal.ts
│ │ │ │ │ ├── number-id.ts
│ │ │ │ │ ├── performance.ts
│ │ │ │ │ └── transactions.ts
│ │ │ │ └── utils.ts
│ │ │ ├── api
│ │ │ │ ├── check-endpoint-conflicts.test.ts
│ │ │ │ ├── index.test.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── middlewares
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── origin-check.test.ts
│ │ │ │ │ └── origin-check.ts
│ │ │ │ ├── rate-limiter
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── rate-limiter.test.ts
│ │ │ │ ├── routes
│ │ │ │ │ ├── account.test.ts
│ │ │ │ │ ├── account.ts
│ │ │ │ │ ├── callback.ts
│ │ │ │ │ ├── email-verification.test.ts
│ │ │ │ │ ├── email-verification.ts
│ │ │ │ │ ├── error.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── ok.ts
│ │ │ │ │ ├── reset-password.test.ts
│ │ │ │ │ ├── reset-password.ts
│ │ │ │ │ ├── session-api.test.ts
│ │ │ │ │ ├── session.ts
│ │ │ │ │ ├── sign-in.test.ts
│ │ │ │ │ ├── sign-in.ts
│ │ │ │ │ ├── sign-out.test.ts
│ │ │ │ │ ├── sign-out.ts
│ │ │ │ │ ├── sign-up.test.ts
│ │ │ │ │ ├── sign-up.ts
│ │ │ │ │ ├── update-user.test.ts
│ │ │ │ │ └── update-user.ts
│ │ │ │ ├── to-auth-endpoints.test.ts
│ │ │ │ └── to-auth-endpoints.ts
│ │ │ ├── auth.test.ts
│ │ │ ├── auth.ts
│ │ │ ├── call.test.ts
│ │ │ ├── client
│ │ │ │ ├── client-ssr.test.ts
│ │ │ │ ├── client.test.ts
│ │ │ │ ├── config.ts
│ │ │ │ ├── fetch-plugins.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── lynx
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── lynx-store.ts
│ │ │ │ ├── parser.ts
│ │ │ │ ├── path-to-object.ts
│ │ │ │ ├── plugins
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── infer-plugin.ts
│ │ │ │ ├── proxy.ts
│ │ │ │ ├── query.ts
│ │ │ │ ├── react
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── react-store.ts
│ │ │ │ ├── session-atom.ts
│ │ │ │ ├── solid
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── solid-store.ts
│ │ │ │ ├── svelte
│ │ │ │ │ └── index.ts
│ │ │ │ ├── test-plugin.ts
│ │ │ │ ├── types.ts
│ │ │ │ ├── url.test.ts
│ │ │ │ ├── vanilla.ts
│ │ │ │ └── vue
│ │ │ │ ├── index.ts
│ │ │ │ └── vue-store.ts
│ │ │ ├── cookies
│ │ │ │ ├── check-cookies.ts
│ │ │ │ ├── cookie-utils.ts
│ │ │ │ ├── cookies.test.ts
│ │ │ │ └── index.ts
│ │ │ ├── crypto
│ │ │ │ ├── buffer.ts
│ │ │ │ ├── hash.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── jwt.ts
│ │ │ │ ├── password.test.ts
│ │ │ │ ├── password.ts
│ │ │ │ └── random.ts
│ │ │ ├── db
│ │ │ │ ├── db.test.ts
│ │ │ │ ├── field.ts
│ │ │ │ ├── get-migration.ts
│ │ │ │ ├── get-schema.ts
│ │ │ │ ├── get-tables.test.ts
│ │ │ │ ├── get-tables.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── internal-adapter.test.ts
│ │ │ │ ├── internal-adapter.ts
│ │ │ │ ├── schema.ts
│ │ │ │ ├── secondary-storage.test.ts
│ │ │ │ ├── to-zod.ts
│ │ │ │ ├── utils.ts
│ │ │ │ └── with-hooks.ts
│ │ │ ├── index.ts
│ │ │ ├── init.test.ts
│ │ │ ├── init.ts
│ │ │ ├── integrations
│ │ │ │ ├── next-js.ts
│ │ │ │ ├── node.ts
│ │ │ │ ├── react-start.ts
│ │ │ │ ├── solid-start.ts
│ │ │ │ └── svelte-kit.ts
│ │ │ ├── oauth2
│ │ │ │ ├── index.ts
│ │ │ │ ├── link-account.test.ts
│ │ │ │ ├── link-account.ts
│ │ │ │ ├── state.ts
│ │ │ │ └── utils.ts
│ │ │ ├── plugins
│ │ │ │ ├── access
│ │ │ │ │ ├── access.test.ts
│ │ │ │ │ ├── access.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── additional-fields
│ │ │ │ │ ├── additional-fields.test.ts
│ │ │ │ │ └── client.ts
│ │ │ │ ├── admin
│ │ │ │ │ ├── access
│ │ │ │ │ │ ├── index.ts
│ │ │ │ │ │ └── statement.ts
│ │ │ │ │ ├── admin.test.ts
│ │ │ │ │ ├── admin.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── error-codes.ts
│ │ │ │ │ ├── has-permission.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── anonymous
│ │ │ │ │ ├── anon.test.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── api-key
│ │ │ │ │ ├── api-key.test.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── rate-limit.ts
│ │ │ │ │ ├── routes
│ │ │ │ │ │ ├── create-api-key.ts
│ │ │ │ │ │ ├── delete-all-expired-api-keys.ts
│ │ │ │ │ │ ├── delete-api-key.ts
│ │ │ │ │ │ ├── get-api-key.ts
│ │ │ │ │ │ ├── index.ts
│ │ │ │ │ │ ├── list-api-keys.ts
│ │ │ │ │ │ ├── update-api-key.ts
│ │ │ │ │ │ └── verify-api-key.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── bearer
│ │ │ │ │ ├── bearer.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── captcha
│ │ │ │ │ ├── captcha.test.ts
│ │ │ │ │ ├── constants.ts
│ │ │ │ │ ├── error-codes.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ ├── utils.ts
│ │ │ │ │ └── verify-handlers
│ │ │ │ │ ├── captchafox.ts
│ │ │ │ │ ├── cloudflare-turnstile.ts
│ │ │ │ │ ├── google-recaptcha.ts
│ │ │ │ │ ├── h-captcha.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── custom-session
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── custom-session.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── device-authorization
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── device-authorization.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── schema.ts
│ │ │ │ ├── email-otp
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── email-otp.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── generic-oauth
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── generic-oauth.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── haveibeenpwned
│ │ │ │ │ ├── haveibeenpwned.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── jwt
│ │ │ │ │ ├── adapter.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── jwt.test.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── sign.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── last-login-method
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── custom-prefix.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── last-login-method.test.ts
│ │ │ │ ├── magic-link
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── magic-link.test.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── mcp
│ │ │ │ │ ├── authorize.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── mcp.test.ts
│ │ │ │ ├── multi-session
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── multi-session.test.ts
│ │ │ │ ├── oauth-proxy
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── oauth-proxy.test.ts
│ │ │ │ ├── oidc-provider
│ │ │ │ │ ├── authorize.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── oidc.test.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ ├── ui.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── one-tap
│ │ │ │ │ ├── client.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── one-time-token
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── one-time-token.test.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── open-api
│ │ │ │ │ ├── generator.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── logo.ts
│ │ │ │ │ └── open-api.test.ts
│ │ │ │ ├── organization
│ │ │ │ │ ├── access
│ │ │ │ │ │ ├── index.ts
│ │ │ │ │ │ └── statement.ts
│ │ │ │ │ ├── adapter.ts
│ │ │ │ │ ├── call.ts
│ │ │ │ │ ├── client.test.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── error-codes.ts
│ │ │ │ │ ├── has-permission.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── organization-hook.test.ts
│ │ │ │ │ ├── organization.test.ts
│ │ │ │ │ ├── organization.ts
│ │ │ │ │ ├── permission.ts
│ │ │ │ │ ├── routes
│ │ │ │ │ │ ├── crud-access-control.test.ts
│ │ │ │ │ │ ├── crud-access-control.ts
│ │ │ │ │ │ ├── crud-invites.ts
│ │ │ │ │ │ ├── crud-members.test.ts
│ │ │ │ │ │ ├── crud-members.ts
│ │ │ │ │ │ ├── crud-org.test.ts
│ │ │ │ │ │ ├── crud-org.ts
│ │ │ │ │ │ └── crud-team.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── team.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── passkey
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── passkey.test.ts
│ │ │ │ ├── phone-number
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── phone-number-error.ts
│ │ │ │ │ └── phone-number.test.ts
│ │ │ │ ├── siwe
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── siwe.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── two-factor
│ │ │ │ │ ├── backup-codes
│ │ │ │ │ │ └── index.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── constant.ts
│ │ │ │ │ ├── error-code.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── otp
│ │ │ │ │ │ └── index.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── totp
│ │ │ │ │ │ └── index.ts
│ │ │ │ │ ├── two-factor.test.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ ├── utils.ts
│ │ │ │ │ └── verify-two-factor.ts
│ │ │ │ └── username
│ │ │ │ ├── client.ts
│ │ │ │ ├── error-codes.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── schema.ts
│ │ │ │ └── username.test.ts
│ │ │ ├── social-providers
│ │ │ │ └── index.ts
│ │ │ ├── social.test.ts
│ │ │ ├── test-utils
│ │ │ │ ├── headers.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── state.ts
│ │ │ │ └── test-instance.ts
│ │ │ ├── types
│ │ │ │ ├── adapter.ts
│ │ │ │ ├── api.ts
│ │ │ │ ├── helper.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── models.ts
│ │ │ │ ├── plugins.ts
│ │ │ │ └── types.test.ts
│ │ │ └── utils
│ │ │ ├── await-object.ts
│ │ │ ├── boolean.ts
│ │ │ ├── clone.ts
│ │ │ ├── constants.ts
│ │ │ ├── date.ts
│ │ │ ├── ensure-utc.ts
│ │ │ ├── get-request-ip.ts
│ │ │ ├── hashing.ts
│ │ │ ├── hide-metadata.ts
│ │ │ ├── id.ts
│ │ │ ├── import-util.ts
│ │ │ ├── index.ts
│ │ │ ├── is-atom.ts
│ │ │ ├── is-promise.ts
│ │ │ ├── json.ts
│ │ │ ├── merger.ts
│ │ │ ├── middleware-response.ts
│ │ │ ├── misc.ts
│ │ │ ├── password.ts
│ │ │ ├── plugin-helper.ts
│ │ │ ├── shim.ts
│ │ │ ├── time.ts
│ │ │ ├── url.ts
│ │ │ └── wildcard.ts
│ │ ├── tsconfig.json
│ │ ├── tsdown.config.ts
│ │ ├── vitest.config.ts
│ │ └── vitest.setup.ts
│ ├── cli
│ │ ├── CHANGELOG.md
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── commands
│ │ │ │ ├── generate.ts
│ │ │ │ ├── info.ts
│ │ │ │ ├── init.ts
│ │ │ │ ├── login.ts
│ │ │ │ ├── mcp.ts
│ │ │ │ ├── migrate.ts
│ │ │ │ └── secret.ts
│ │ │ ├── generators
│ │ │ │ ├── auth-config.ts
│ │ │ │ ├── drizzle.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── kysely.ts
│ │ │ │ ├── prisma.ts
│ │ │ │ └── types.ts
│ │ │ ├── index.ts
│ │ │ └── utils
│ │ │ ├── add-svelte-kit-env-modules.ts
│ │ │ ├── check-package-managers.ts
│ │ │ ├── format-ms.ts
│ │ │ ├── get-config.ts
│ │ │ ├── get-package-info.ts
│ │ │ ├── get-tsconfig-info.ts
│ │ │ └── install-dependencies.ts
│ │ ├── test
│ │ │ ├── __snapshots__
│ │ │ │ ├── auth-schema-mysql-enum.txt
│ │ │ │ ├── auth-schema-mysql-number-id.txt
│ │ │ │ ├── auth-schema-mysql-passkey-number-id.txt
│ │ │ │ ├── auth-schema-mysql-passkey.txt
│ │ │ │ ├── auth-schema-mysql.txt
│ │ │ │ ├── auth-schema-number-id.txt
│ │ │ │ ├── auth-schema-pg-enum.txt
│ │ │ │ ├── auth-schema-pg-passkey.txt
│ │ │ │ ├── auth-schema-sqlite-enum.txt
│ │ │ │ ├── auth-schema-sqlite-number-id.txt
│ │ │ │ ├── auth-schema-sqlite-passkey-number-id.txt
│ │ │ │ ├── auth-schema-sqlite-passkey.txt
│ │ │ │ ├── auth-schema-sqlite.txt
│ │ │ │ ├── auth-schema.txt
│ │ │ │ ├── migrations.sql
│ │ │ │ ├── schema-mongodb.prisma
│ │ │ │ ├── schema-mysql-custom.prisma
│ │ │ │ ├── schema-mysql.prisma
│ │ │ │ ├── schema-numberid.prisma
│ │ │ │ └── schema.prisma
│ │ │ ├── generate-all-db.test.ts
│ │ │ ├── generate.test.ts
│ │ │ ├── get-config.test.ts
│ │ │ ├── info.test.ts
│ │ │ └── migrate.test.ts
│ │ ├── tsconfig.json
│ │ ├── tsconfig.test.json
│ │ └── tsdown.config.ts
│ ├── core
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── api
│ │ │ │ └── index.ts
│ │ │ ├── async_hooks
│ │ │ │ └── index.ts
│ │ │ ├── context
│ │ │ │ ├── endpoint-context.ts
│ │ │ │ ├── index.ts
│ │ │ │ └── transaction.ts
│ │ │ ├── db
│ │ │ │ ├── adapter
│ │ │ │ │ └── index.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── plugin.ts
│ │ │ │ ├── schema
│ │ │ │ │ ├── account.ts
│ │ │ │ │ ├── rate-limit.ts
│ │ │ │ │ ├── session.ts
│ │ │ │ │ ├── shared.ts
│ │ │ │ │ ├── user.ts
│ │ │ │ │ └── verification.ts
│ │ │ │ └── type.ts
│ │ │ ├── env
│ │ │ │ ├── color-depth.ts
│ │ │ │ ├── env-impl.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── logger.test.ts
│ │ │ │ └── logger.ts
│ │ │ ├── error
│ │ │ │ ├── codes.ts
│ │ │ │ └── index.ts
│ │ │ ├── index.ts
│ │ │ ├── oauth2
│ │ │ │ ├── client-credentials-token.ts
│ │ │ │ ├── create-authorization-url.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── oauth-provider.ts
│ │ │ │ ├── refresh-access-token.ts
│ │ │ │ ├── utils.ts
│ │ │ │ └── validate-authorization-code.ts
│ │ │ ├── social-providers
│ │ │ │ ├── apple.ts
│ │ │ │ ├── atlassian.ts
│ │ │ │ ├── cognito.ts
│ │ │ │ ├── discord.ts
│ │ │ │ ├── dropbox.ts
│ │ │ │ ├── facebook.ts
│ │ │ │ ├── figma.ts
│ │ │ │ ├── github.ts
│ │ │ │ ├── gitlab.ts
│ │ │ │ ├── google.ts
│ │ │ │ ├── huggingface.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── kakao.ts
│ │ │ │ ├── kick.ts
│ │ │ │ ├── line.ts
│ │ │ │ ├── linear.ts
│ │ │ │ ├── linkedin.ts
│ │ │ │ ├── microsoft-entra-id.ts
│ │ │ │ ├── naver.ts
│ │ │ │ ├── notion.ts
│ │ │ │ ├── paypal.ts
│ │ │ │ ├── reddit.ts
│ │ │ │ ├── roblox.ts
│ │ │ │ ├── salesforce.ts
│ │ │ │ ├── slack.ts
│ │ │ │ ├── spotify.ts
│ │ │ │ ├── tiktok.ts
│ │ │ │ ├── twitch.ts
│ │ │ │ ├── twitter.ts
│ │ │ │ ├── vk.ts
│ │ │ │ └── zoom.ts
│ │ │ ├── types
│ │ │ │ ├── context.ts
│ │ │ │ ├── cookie.ts
│ │ │ │ ├── helper.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── init-options.ts
│ │ │ │ ├── plugin-client.ts
│ │ │ │ └── plugin.ts
│ │ │ └── utils
│ │ │ ├── error-codes.ts
│ │ │ └── index.ts
│ │ ├── tsconfig.json
│ │ └── tsdown.config.ts
│ ├── expo
│ │ ├── CHANGELOG.md
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── client.ts
│ │ │ ├── expo.test.ts
│ │ │ └── index.ts
│ │ ├── tsconfig.json
│ │ └── tsdown.config.ts
│ ├── sso
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── client.ts
│ │ │ ├── index.ts
│ │ │ ├── oidc.test.ts
│ │ │ └── saml.test.ts
│ │ ├── tsconfig.json
│ │ └── tsdown.config.ts
│ ├── stripe
│ │ ├── CHANGELOG.md
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── client.ts
│ │ │ ├── hooks.ts
│ │ │ ├── index.ts
│ │ │ ├── schema.ts
│ │ │ ├── stripe.test.ts
│ │ │ ├── types.ts
│ │ │ └── utils.ts
│ │ ├── tsconfig.json
│ │ ├── tsdown.config.ts
│ │ └── vitest.config.ts
│ └── telemetry
│ ├── package.json
│ ├── src
│ │ ├── detectors
│ │ │ ├── detect-auth-config.ts
│ │ │ ├── detect-database.ts
│ │ │ ├── detect-framework.ts
│ │ │ ├── detect-project-info.ts
│ │ │ ├── detect-runtime.ts
│ │ │ └── detect-system-info.ts
│ │ ├── index.ts
│ │ ├── project-id.ts
│ │ ├── telemetry.test.ts
│ │ ├── types.ts
│ │ └── utils
│ │ ├── hash.ts
│ │ ├── id.ts
│ │ ├── import-util.ts
│ │ └── package-json.ts
│ ├── tsconfig.json
│ └── tsdown.config.ts
├── pnpm-lock.yaml
├── pnpm-workspace.yaml
├── README.md
├── SECURITY.md
├── tsconfig.json
└── turbo.json
```
# Files
--------------------------------------------------------------------------------
/packages/core/src/social-providers/salesforce.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
import { BetterAuthError } from "../error";
import type { OAuthProvider, ProviderOptions } from "../oauth2";
import { createAuthorizationURL, validateAuthorizationCode } from "../oauth2";
import { logger } from "../env";
import { refreshAccessToken } from "../oauth2";
export interface SalesforceProfile {
sub: string;
user_id: string;
organization_id: string;
preferred_username?: string;
email: string;
email_verified?: boolean;
name: string;
given_name?: string;
family_name?: string;
zoneinfo?: string;
photos?: {
picture?: string;
thumbnail?: string;
};
}
export interface SalesforceOptions extends ProviderOptions<SalesforceProfile> {
clientId: string;
environment?: "sandbox" | "production";
loginUrl?: string;
/**
* Override the redirect URI if auto-detection fails.
* Should match the Callback URL configured in your Salesforce Connected App.
* @example "http://localhost:3000/api/auth/callback/salesforce"
*/
redirectURI?: string;
}
export const salesforce = (options: SalesforceOptions) => {
const environment = options.environment ?? "production";
const isSandbox = environment === "sandbox";
const authorizationEndpoint = options.loginUrl
? `https://${options.loginUrl}/services/oauth2/authorize`
: isSandbox
? "https://test.salesforce.com/services/oauth2/authorize"
: "https://login.salesforce.com/services/oauth2/authorize";
const tokenEndpoint = options.loginUrl
? `https://${options.loginUrl}/services/oauth2/token`
: isSandbox
? "https://test.salesforce.com/services/oauth2/token"
: "https://login.salesforce.com/services/oauth2/token";
const userInfoEndpoint = options.loginUrl
? `https://${options.loginUrl}/services/oauth2/userinfo`
: isSandbox
? "https://test.salesforce.com/services/oauth2/userinfo"
: "https://login.salesforce.com/services/oauth2/userinfo";
return {
id: "salesforce",
name: "Salesforce",
async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
if (!options.clientId || !options.clientSecret) {
logger.error(
"Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options.",
);
throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
}
if (!codeVerifier) {
throw new BetterAuthError("codeVerifier is required for Salesforce");
}
const _scopes = options.disableDefaultScope
? []
: ["openid", "email", "profile"];
options.scope && _scopes.push(...options.scope);
scopes && _scopes.push(...scopes);
return createAuthorizationURL({
id: "salesforce",
options,
authorizationEndpoint,
scopes: _scopes,
state,
codeVerifier,
redirectURI: options.redirectURI || redirectURI,
});
},
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
return validateAuthorizationCode({
code,
codeVerifier,
redirectURI: options.redirectURI || redirectURI,
options,
tokenEndpoint,
});
},
refreshAccessToken: options.refreshAccessToken
? options.refreshAccessToken
: async (refreshToken) => {
return refreshAccessToken({
refreshToken,
options: {
clientId: options.clientId,
clientSecret: options.clientSecret,
},
tokenEndpoint,
});
},
async getUserInfo(token) {
if (options.getUserInfo) {
return options.getUserInfo(token);
}
try {
const { data: user } = await betterFetch<SalesforceProfile>(
userInfoEndpoint,
{
headers: {
Authorization: `Bearer ${token.accessToken}`,
},
},
);
if (!user) {
logger.error("Failed to fetch user info from Salesforce");
return null;
}
const userMap = await options.mapProfileToUser?.(user);
return {
user: {
id: user.user_id,
name: user.name,
email: user.email,
image: user.photos?.picture || user.photos?.thumbnail,
emailVerified: user.email_verified ?? false,
...userMap,
},
data: user,
};
} catch (error) {
logger.error("Failed to fetch user info from Salesforce:", error);
return null;
}
},
options,
} satisfies OAuthProvider<SalesforceProfile>;
};
```
--------------------------------------------------------------------------------
/docs/content/docs/plugins/one-tap.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: One Tap
description: One Tap plugin for Better Auth
---
The One Tap plugin allows users to log in with a single tap using Google's One Tap API. The plugin
provides a simple way to integrate One Tap into your application, handling the client-side and server-side logic for you.
## Installation
### Add the Server Plugin
Add the One Tap plugin to your auth configuration:
```ts title="auth.ts"
import { betterAuth } from "better-auth";
import { oneTap } from "better-auth/plugins"; // [!code highlight]
export const auth = betterAuth({
plugins: [ // [!code highlight]
oneTap(), // Add the One Tap server plugin // [!code highlight]
] // [!code highlight]
});
```
### Add the Client Plugin
Add the client plugin and specify where the user should be redirected after sign-in or if additional verification (like 2FA) is needed.
```ts
import { createAuthClient } from "better-auth/client";
import { oneTapClient } from "better-auth/client/plugins";
export const authClient = createAuthClient({
plugins: [
oneTapClient({
clientId: "YOUR_CLIENT_ID",
// Optional client configuration:
autoSelect: false,
cancelOnTapOutside: true,
context: "signin",
additionalOptions: {
// Any extra options for the Google initialize method
},
// Configure prompt behavior and exponential backoff:
promptOptions: {
baseDelay: 1000, // Base delay in ms (default: 1000)
maxAttempts: 5 // Maximum number of attempts before triggering onPromptNotification (default: 5)
}
})
]
});
```
### Usage
To display the One Tap popup, simply call the oneTap method on your auth client:
```ts
await authClient.oneTap();
```
### Customizing Redirect Behavior
By default, after a successful login the plugin will hard redirect the user to `/`. You can customize this behavior as follows:
#### Avoiding a Hard Redirect
Pass fetchOptions with an onSuccess callback to handle the login response without a page reload:
```ts
await authClient.oneTap({
fetchOptions: {
onSuccess: () => {
// For example, use a router to navigate without a full reload:
router.push("/dashboard");
}
}
});
```
#### Specifying a Custom Callback URL
To perform a hard redirect to a different page after login, use the callbackURL option:
```ts
await authClient.oneTap({
callbackURL: "/dashboard"
});
```
#### Handling Prompt Dismissals with Exponential Backoff
If the user dismisses or skips the prompt, the plugin will retry showing the One Tap prompt using exponential backoff based on your configured promptOptions.
If the maximum number of attempts is reached without a successful sign-in, you can use the onPromptNotification callback to be notified—allowing you to render an alternative UI (e.g., a traditional Google Sign-In button) so users can restart the process manually:
```ts
await authClient.oneTap({
onPromptNotification: (notification) => {
console.warn("Prompt was dismissed or skipped. Consider displaying an alternative sign-in option.", notification);
// Render your alternative UI here
}
});
```
### Client Options
- **clientId**: The client ID for your Google One Tap API.
- **autoSelect**: Automatically select the account if the user is already signed in. Default is false.
- **context**: The context in which the One Tap API should be used (e.g., "signin"). Default is "signin".
- **cancelOnTapOutside**: Cancel the One Tap popup when the user taps outside it. Default is true.
- additionalOptions: Extra options to pass to Google's initialize method as per the [Google Identity Services docs](https://developers.google.com/identity/gsi/web/reference/js-reference#google.accounts.id.prompt).
- **promptOptions**: Configuration for the prompt behavior and exponential backoff:
- **baseDelay**: Base delay in milliseconds for retries. Default is 1000.
- **maxAttempts**: Maximum number of prompt attempts before invoking the onPromptNotification callback. Default is 5.
### Server Options
- **disableSignUp**: Disable the sign-up option, allowing only existing users to sign in. Default is `false`.
- **ClientId**: Optionally, pass a client ID here if it is not provided in your social provider configuration.
```
--------------------------------------------------------------------------------
/packages/core/src/social-providers/google.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
import { decodeJwt } from "jose";
import { BetterAuthError } from "../error";
import type { OAuthProvider, ProviderOptions } from "../oauth2";
import { createAuthorizationURL, validateAuthorizationCode } from "../oauth2";
import { logger } from "../env";
import { refreshAccessToken } from "../oauth2";
export interface GoogleProfile {
aud: string;
azp: string;
email: string;
email_verified: boolean;
exp: number;
/**
* The family name of the user, or last name in most
* Western languages.
*/
family_name: string;
/**
* The given name of the user, or first name in most
* Western languages.
*/
given_name: string;
hd?: string;
iat: number;
iss: string;
jti?: string;
locale?: string;
name: string;
nbf?: number;
picture: string;
sub: string;
}
export interface GoogleOptions extends ProviderOptions<GoogleProfile> {
clientId: string;
/**
* The access type to use for the authorization code request
*/
accessType?: "offline" | "online";
/**
* The display mode to use for the authorization code request
*/
display?: "page" | "popup" | "touch" | "wap";
/**
* The hosted domain of the user
*/
hd?: string;
}
export const google = (options: GoogleOptions) => {
return {
id: "google",
name: "Google",
async createAuthorizationURL({
state,
scopes,
codeVerifier,
redirectURI,
loginHint,
display,
}) {
if (!options.clientId || !options.clientSecret) {
logger.error(
"Client Id and Client Secret is required for Google. Make sure to provide them in the options.",
);
throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
}
if (!codeVerifier) {
throw new BetterAuthError("codeVerifier is required for Google");
}
const _scopes = options.disableDefaultScope
? []
: ["email", "profile", "openid"];
options.scope && _scopes.push(...options.scope);
scopes && _scopes.push(...scopes);
const url = await createAuthorizationURL({
id: "google",
options,
authorizationEndpoint: "https://accounts.google.com/o/oauth2/auth",
scopes: _scopes,
state,
codeVerifier,
redirectURI,
prompt: options.prompt,
accessType: options.accessType,
display: display || options.display,
loginHint,
hd: options.hd,
additionalParams: {
include_granted_scopes: "true",
},
});
return url;
},
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
return validateAuthorizationCode({
code,
codeVerifier,
redirectURI,
options,
tokenEndpoint: "https://oauth2.googleapis.com/token",
});
},
refreshAccessToken: options.refreshAccessToken
? options.refreshAccessToken
: async (refreshToken) => {
return refreshAccessToken({
refreshToken,
options: {
clientId: options.clientId,
clientKey: options.clientKey,
clientSecret: options.clientSecret,
},
tokenEndpoint: "https://www.googleapis.com/oauth2/v4/token",
});
},
async verifyIdToken(token, nonce) {
if (options.disableIdTokenSignIn) {
return false;
}
if (options.verifyIdToken) {
return options.verifyIdToken(token, nonce);
}
const googlePublicKeyUrl = `https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${token}`;
const { data: tokenInfo } = await betterFetch<{
aud: string;
iss: string;
email: string;
email_verified: boolean;
name: string;
picture: string;
sub: string;
}>(googlePublicKeyUrl);
if (!tokenInfo) {
return false;
}
const isValid =
tokenInfo.aud === options.clientId &&
(tokenInfo.iss === "https://accounts.google.com" ||
tokenInfo.iss === "accounts.google.com");
return isValid;
},
async getUserInfo(token) {
if (options.getUserInfo) {
return options.getUserInfo(token);
}
if (!token.idToken) {
return null;
}
const user = decodeJwt(token.idToken) as GoogleProfile;
const userMap = await options.mapProfileToUser?.(user);
return {
user: {
id: user.sub,
name: user.name,
email: user.email,
image: user.picture,
emailVerified: user.email_verified,
...userMap,
},
data: user,
};
},
options,
} satisfies OAuthProvider<GoogleProfile>;
};
```
--------------------------------------------------------------------------------
/docs/content/docs/reference/telemetry.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Telemetry
description: Better Auth now collects anonymous telemetry data about general usage.
---
Better Auth collects anonymous usage data to help us improve the project. This is optional, transparent, and disabled by default.
## Why is telemetry collected?
Since v1.3.5, Better Auth collects anonymous telemetry data about general usage if enabled.
Telemetry data helps us understand how Better Auth is being used across different environments so we can improve performance, prioritize features, and fix issues more effectively. It guides our decisions on performance optimizations, feature development, and bug fixes. All data is collected completely anonymously and with privacy in mind, and users can opt out at any time. We strive to keep what we collect as transparent as possible.
## What is being collected?
The following data points may be reported. Everything is anonymous and intended for aggregate insights only.
- **Anonymous identifier**: A non-reversible hash derived from your project (`package.json` name and optionally `baseURL`). This lets us de‑duplicate events per project without knowing who you are.
- **Runtime**: `{ name: "node" | "bun" | "deno", version }`.
- **Environment**: one of `development`, `production`, `test`, or `ci`.
- **Framework (if detected)**: `{ name, version }` for frameworks like Next.js, Nuxt, Remix, Astro, SvelteKit, etc.
- **Database (if detected)**: `{ name, version }` for integrations like PostgreSQL, MySQL, SQLite, Prisma, Drizzle, MongoDB, etc.
- **System info**: platform, OS release, architecture, CPU count/model/speed, total memory, and flags like `isDocker`, `isWSL`, `isTTY`.
- **Package manager**: `{ name, version }` derived from the npm user agent.
- **Redacted auth config snapshot**: A minimized, privacy‑preserving view of your `betterAuth` options produced by `getTelemetryAuthConfig`.
We also collect anonymous telemetry from the CLI:
- **CLI generate (`cli_generate`)**: outcome `generated | overwritten | appended | no_changes | aborted` plus redacted config.
- **CLI migrate (`cli_migrate`)**: outcome `migrated | no_changes | aborted | unsupported_adapter` plus adapter id (when relevant) and redacted config.
<Callout type="info">
You can audit telemetry locally by setting the `BETTER_AUTH_TELEMETRY_DEBUG=1` environment variable when running your project or by setting `telemetry: { debug: true }` in your auth config. In this debug mode, telemetry events are logged only to the console.
```ts title="auth.ts"
export const auth = betterAuth({
// [!code highlight]
telemetry: { // [!code highlight]
debug: true // [!code highlight]
} // [!code highlight]
});
```
</Callout>
## How is my data protected?
All collected data is fully anonymous and only useful in aggregate. It cannot be traced back to any individual source and is accessible only to a small group of core Better Auth maintainers to guide roadmap decisions.
- **No PII or secrets**: We do not collect emails, usernames, tokens, secrets, client IDs, client secrets, or database URLs.
- **No full config**: We never send your full `betterAuth` configuration. Instead we send a reduced, redacted snapshot of non‑sensitive toggles and counts.
- **Redaction by design**: See [detect-auth-config.ts](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/src/telemetry/detectors/detect-auth-config.ts) in the Better Auth source for the exact shape of what is included. It purposely converts sensitive values to booleans, counts, or generic identifiers.
## How can I enable it?
You can enable telemetry collection in your auth config or by setting an environment variable.
- Via your auth config.
```ts title="auth.ts"
export const auth = betterAuth({
// [!code highlight]
telemetry: { // [!code highlight]
enabled: true// [!code highlight]
} // [!code highlight]
});
```
- Via an environment variable.
```txt title=".env"
# Enable telemetry
BETTER_AUTH_TELEMETRY=1
# Disable telemetry
BETTER_AUTH_TELEMETRY=0
```
### When is telemetry sent?
- On `betterAuth` initialization (`type: "init"`).
- On CLI actions: `generate` and `migrate` as described above.
Telemetry is disabled automatically in tests (`NODE_ENV=test`) unless explicitly overridden by internal tooling.
```
--------------------------------------------------------------------------------
/packages/better-auth/src/client/path-to-object.ts:
--------------------------------------------------------------------------------
```typescript
import type {
BetterFetchOption,
BetterFetchResponse,
} from "@better-fetch/fetch";
import type { InputContext, Endpoint, StandardSchemaV1 } from "better-call";
import type {
HasRequiredKeys,
Prettify,
UnionToIntersection,
} from "../types/helper";
import type {
InferAdditionalFromClient,
InferSessionFromClient,
InferUserFromClient,
} from "./types";
import type { BetterAuthClientOptions } from "@better-auth/core";
export type CamelCase<S extends string> =
S extends `${infer P1}-${infer P2}${infer P3}`
? `${Lowercase<P1>}${Uppercase<P2>}${CamelCase<P3>}`
: Lowercase<S>;
export type PathToObject<
T extends string,
Fn extends (...args: any[]) => any,
> = T extends `/${infer Segment}/${infer Rest}`
? { [K in CamelCase<Segment>]: PathToObject<`/${Rest}`, Fn> }
: T extends `/${infer Segment}`
? { [K in CamelCase<Segment>]: Fn }
: never;
export type InferSignUpEmailCtx<
ClientOpts extends BetterAuthClientOptions,
FetchOptions extends BetterFetchOption,
> = {
email: string;
name: string;
password: string;
image?: string;
callbackURL?: string;
fetchOptions?: FetchOptions;
} & UnionToIntersection<InferAdditionalFromClient<ClientOpts, "user", "input">>;
export type InferUserUpdateCtx<
ClientOpts extends BetterAuthClientOptions,
FetchOptions extends BetterFetchOption,
> = {
image?: string | null;
name?: string;
fetchOptions?: FetchOptions;
} & Partial<
UnionToIntersection<InferAdditionalFromClient<ClientOpts, "user", "input">>
>;
export type InferCtx<
C extends InputContext<any, any>,
FetchOptions extends BetterFetchOption,
> = C["body"] extends Record<string, any>
? C["body"] & {
fetchOptions?: FetchOptions;
}
: C["query"] extends Record<string, any>
? {
query: C["query"];
fetchOptions?: FetchOptions;
}
: C["query"] extends Record<string, any> | undefined
? {
query?: C["query"];
fetchOptions?: FetchOptions;
}
: {
fetchOptions?: FetchOptions;
};
export type MergeRoutes<T> = UnionToIntersection<T>;
export type InferRoute<
API,
COpts extends BetterAuthClientOptions,
> = API extends Record<string, infer T>
? T extends Endpoint
? T["options"]["metadata"] extends
| {
isAction: false;
}
| {
SERVER_ONLY: true;
}
? {}
: PathToObject<
T["path"],
T extends (ctx: infer C) => infer R
? C extends InputContext<any, any>
? <
FetchOptions extends BetterFetchOption<
Partial<C["body"]> & Record<string, any>,
Partial<C["query"]> & Record<string, any>,
C["params"]
>,
>(
...data: HasRequiredKeys<
InferCtx<C, FetchOptions>
> extends true
? [
Prettify<
T["path"] extends `/sign-up/email`
? InferSignUpEmailCtx<COpts, FetchOptions>
: InferCtx<C, FetchOptions>
>,
FetchOptions?,
]
: [
Prettify<
T["path"] extends `/update-user`
? InferUserUpdateCtx<COpts, FetchOptions>
: InferCtx<C, FetchOptions>
>?,
FetchOptions?,
]
) => Promise<
BetterFetchResponse<
T["options"]["metadata"] extends {
CUSTOM_SESSION: boolean;
}
? NonNullable<Awaited<R>>
: T["path"] extends "/get-session"
? {
user: InferUserFromClient<COpts>;
session: InferSessionFromClient<COpts>;
} | null
: NonNullable<Awaited<R>>,
T["options"]["error"] extends StandardSchemaV1
? // InferOutput
NonNullable<
T["options"]["error"]["~standard"]["types"]
>["output"]
: {
code?: string;
message?: string;
},
FetchOptions["throw"] extends true
? true
: COpts["fetchOptions"] extends { throw: true }
? true
: false
>
>
: never
: never
>
: {}
: never;
export type InferRoutes<
API extends Record<string, Endpoint>,
ClientOpts extends BetterAuthClientOptions,
> = MergeRoutes<InferRoute<API, ClientOpts>>;
export type ProxyRequest = {
options?: BetterFetchOption<any, any>;
query?: any;
[key: string]: any;
};
```
--------------------------------------------------------------------------------
/docs/content/docs/plugins/community-plugins.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Community Plugins
description: A list of recommended community plugins.
---
This page showcases a list of recommended community made plugins.
We encourage you to create custom plugins and maybe get added to the list!
To create your own custom plugin, get started by reading our [plugins documentation](/docs/concepts/plugins). And if you want to share your plugin with the community, please open a pull request to add it to this list.
| <div className="w-[200px]">Plugin</div> | Description | <div className="w-[150px]">Author</div> |
| ----------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [@dymo-api/better-auth](https://github.com/TPEOficial/dymo-api-better-auth) | Sign Up Protection and validation of disposable emails (the world's largest database with nearly 14 million entries). | <img src="https://github.com/TPEOficial.png" className="rounded-full w-6 h-6 border opacity-70 m-0 inline mr-1" /> [TPEOficial](https://github.com/TPEOficial) |
| [better-auth-harmony](https://github.com/gekorm/better-auth-harmony/) | Email & phone normalization and additional validation, blocking over 55,000 temporary email domains. | <img src="https://github.com/GeKorm.png" className="rounded-full w-6 h-6 border opacity-70 m-0 inline mr-1" /> [GeKorm](https://github.com/GeKorm) |
| [validation-better-auth](https://github.com/Daanish2003/validation-better-auth) | Validate API request using any validation library (e.g., Zod, Yup) | <img src="https://github.com/Daanish2003.png" className="rounded-full w-6 h-6 border opacity-70 m-0 inline mr-1" /> [Daanish2003](https://github.com/Daanish2003) |
| [better-auth-localization](https://github.com/marcellosso/better-auth-localization) | Localize and customize better-auth messages with easy translation and message override support. | <img src="https://github.com/marcellosso.png" className="rounded-full w-6 h-6 border opacity-70 m-0 inline mr-1" /> [marcellosso](https://github.com/marcellosso) |
| [better-auth-attio-plugin](https://github.com/tobimori/better-auth-attio-plugin) | Sync your products Better Auth users & workspaces with Attio | <img src="https://github.com/tobimori.png" className="rounded-full w-6 h-6 border opacity-70 m-0 inline mr-1" /> [tobimori](https://github.com/tobimori) |
| [better-auth-cloudflare](https://github.com/zpg6/better-auth-cloudflare) | Seamlessly integrate with Cloudflare Workers, D1, Hyperdrive, KV, R2, and geolocation services. Includes CLI for project generation, automated resource provisioning on Cloudflare, and database migrations. Supports Next.js, Hono, and more! | <img src="https://github.com/zpg6.png" className="rounded-full w-6 h-6 border opacity-70 m-0 inline mr-1" /> [zpg6](https://github.com/zpg6) |
| [expo-better-auth-passkey](https://github.com/kevcube/expo-better-auth-passkey) | Better-auth client plugin for using passkeys on mobile platforms in expo apps. Supports iOS, macOS, Android (and web!) by wrapping the existing better-auth passkey client plugin. | <img src="https://github.com/kevcube.png" className="rounded-full w-6 h-6 border opacity-70 m-0 inline mr-1" /> [kevcube](https://github.com/kevcube) |
| [better-auth-credentials-plugin](https://github.com/erickweil/better-auth-credentials-plugin) | LDAP authentication plugin for Better Auth. | <img src="https://github.com/erickweil.png" className="rounded-full w-6 h-6 border opacity-70 m-0 inline mr-1" /> [erickweil](https://github.com/erickweil) |
```
--------------------------------------------------------------------------------
/demo/nextjs/components/ui/alert-dialog.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import * as React from "react";
import * as AlertDialogPrimitive from "@radix-ui/react-alert-dialog";
import { cn } from "@/lib/utils";
import { buttonVariants } from "@/components/ui/button";
const AlertDialog = AlertDialogPrimitive.Root;
const AlertDialogTrigger = AlertDialogPrimitive.Trigger;
const AlertDialogPortal = AlertDialogPrimitive.Portal;
const AlertDialogOverlay = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof AlertDialogPrimitive.Overlay> & {
ref: React.RefObject<React.ElementRef<typeof AlertDialogPrimitive.Overlay>>;
}) => (
<AlertDialogPrimitive.Overlay
className={cn(
"fixed inset-0 z-50 bg-black/80 data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0",
className,
)}
{...props}
ref={ref}
/>
);
AlertDialogOverlay.displayName = AlertDialogPrimitive.Overlay.displayName;
const AlertDialogContent = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof AlertDialogPrimitive.Content> & {
ref: React.RefObject<React.ElementRef<typeof AlertDialogPrimitive.Content>>;
}) => (
<AlertDialogPortal>
<AlertDialogOverlay />
<AlertDialogPrimitive.Content
ref={ref}
className={cn(
"fixed left-[50%] top-[50%] z-50 grid w-full max-w-lg translate-x-[-50%] translate-y-[-50%] gap-4 border bg-background p-6 shadow-lg duration-200 data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[state=closed]:slide-out-to-left-1/2 data-[state=closed]:slide-out-to-top-[48%] data-[state=open]:slide-in-from-left-1/2 data-[state=open]:slide-in-from-top-[48%] sm:rounded-lg",
className,
)}
{...props}
/>
</AlertDialogPortal>
);
AlertDialogContent.displayName = AlertDialogPrimitive.Content.displayName;
const AlertDialogHeader = ({
className,
...props
}: React.HTMLAttributes<HTMLDivElement>) => (
<div
className={cn(
"flex flex-col space-y-2 text-center sm:text-left",
className,
)}
{...props}
/>
);
AlertDialogHeader.displayName = "AlertDialogHeader";
const AlertDialogFooter = ({
className,
...props
}: React.HTMLAttributes<HTMLDivElement>) => (
<div
className={cn(
"flex flex-col-reverse sm:flex-row sm:justify-end sm:space-x-2",
className,
)}
{...props}
/>
);
AlertDialogFooter.displayName = "AlertDialogFooter";
const AlertDialogTitle = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof AlertDialogPrimitive.Title> & {
ref: React.RefObject<React.ElementRef<typeof AlertDialogPrimitive.Title>>;
}) => (
<AlertDialogPrimitive.Title
ref={ref}
className={cn("text-lg font-semibold", className)}
{...props}
/>
);
AlertDialogTitle.displayName = AlertDialogPrimitive.Title.displayName;
const AlertDialogDescription = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof AlertDialogPrimitive.Description> & {
ref: React.RefObject<
React.ElementRef<typeof AlertDialogPrimitive.Description>
>;
}) => (
<AlertDialogPrimitive.Description
ref={ref}
className={cn("text-sm text-muted-foreground", className)}
{...props}
/>
);
AlertDialogDescription.displayName =
AlertDialogPrimitive.Description.displayName;
const AlertDialogAction = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof AlertDialogPrimitive.Action> & {
ref: React.RefObject<React.ElementRef<typeof AlertDialogPrimitive.Action>>;
}) => (
<AlertDialogPrimitive.Action
ref={ref}
className={cn(buttonVariants(), className)}
{...props}
/>
);
AlertDialogAction.displayName = AlertDialogPrimitive.Action.displayName;
const AlertDialogCancel = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof AlertDialogPrimitive.Cancel> & {
ref: React.RefObject<React.ElementRef<typeof AlertDialogPrimitive.Cancel>>;
}) => (
<AlertDialogPrimitive.Cancel
ref={ref}
className={cn(
buttonVariants({ variant: "outline" }),
"mt-2 sm:mt-0",
className,
)}
{...props}
/>
);
AlertDialogCancel.displayName = AlertDialogPrimitive.Cancel.displayName;
export {
AlertDialog,
AlertDialogPortal,
AlertDialogOverlay,
AlertDialogTrigger,
AlertDialogContent,
AlertDialogHeader,
AlertDialogFooter,
AlertDialogTitle,
AlertDialogDescription,
AlertDialogAction,
AlertDialogCancel,
};
```
--------------------------------------------------------------------------------
/demo/expo-example/src/components/ui/dialog.tsx:
--------------------------------------------------------------------------------
```typescript
import * as DialogPrimitive from "@rn-primitives/dialog";
import * as React from "react";
import { Platform, StyleSheet, View, type ViewProps } from "react-native";
import Animated, { FadeIn, FadeOut } from "react-native-reanimated";
import { X } from "@/lib/icons/X";
import { cn } from "@/lib/utils";
const Dialog = DialogPrimitive.Root;
const DialogTrigger = DialogPrimitive.Trigger;
const DialogPortal = DialogPrimitive.Portal;
const DialogClose = DialogPrimitive.Close;
const DialogOverlayWeb = React.forwardRef<
DialogPrimitive.OverlayRef,
DialogPrimitive.OverlayProps
>(({ className, ...props }, ref) => {
const { open } = DialogPrimitive.useRootContext();
return (
<DialogPrimitive.Overlay
className={cn(
"bg-black/80 flex justify-center items-center p-2 absolute top-0 right-0 bottom-0 left-0",
open
? "web:animate-in web:fade-in-0"
: "web:animate-out web:fade-out-0",
className,
)}
{...props}
ref={ref}
/>
);
});
DialogOverlayWeb.displayName = "DialogOverlayWeb";
const DialogOverlayNative = React.forwardRef<
DialogPrimitive.OverlayRef,
DialogPrimitive.OverlayProps
>(({ className, children, ...props }, ref) => {
return (
<DialogPrimitive.Overlay
style={StyleSheet.absoluteFill}
className={cn(
"flex bg-black/80 justify-center items-center p-2",
className,
)}
{...props}
ref={ref}
>
<Animated.View
entering={FadeIn.duration(150)}
exiting={FadeOut.duration(150)}
>
<>{children}</>
</Animated.View>
</DialogPrimitive.Overlay>
);
});
DialogOverlayNative.displayName = "DialogOverlayNative";
const DialogOverlay = Platform.select({
web: DialogOverlayWeb,
default: DialogOverlayNative,
});
const DialogContent = React.forwardRef<
DialogPrimitive.ContentRef,
DialogPrimitive.ContentProps & { portalHost?: string }
>(({ className, children, portalHost, ...props }, ref) => {
const { open } = DialogPrimitive.useRootContext();
return (
<DialogPortal hostName={portalHost}>
<DialogOverlay>
<DialogPrimitive.Content
ref={ref}
className={cn(
"max-w-lg gap-4 border border-border web:cursor-default bg-background p-6 shadow-lg web:duration-200 rounded-lg",
open
? "web:animate-in web:fade-in-0 web:zoom-in-95"
: "web:animate-out web:fade-out-0 web:zoom-out-95",
className,
)}
{...props}
>
{children}
<DialogPrimitive.Close
className={
"absolute right-4 top-4 p-0.5 web:group rounded-sm opacity-70 web:ring-offset-background web:transition-opacity web:hover:opacity-100 web:focus:outline-none web:focus:ring-2 web:focus:ring-ring web:focus:ring-offset-2 web:disabled:pointer-events-none"
}
>
<X
size={Platform.OS === "web" ? 16 : 18}
className={cn(
"text-muted-foreground",
open && "text-accent-foreground",
)}
/>
</DialogPrimitive.Close>
</DialogPrimitive.Content>
</DialogOverlay>
</DialogPortal>
);
});
DialogContent.displayName = DialogPrimitive.Content.displayName;
const DialogHeader = ({ className, ...props }: ViewProps) => (
<View
className={cn("flex flex-col gap-1.5 text-center sm:text-left", className)}
{...props}
/>
);
DialogHeader.displayName = "DialogHeader";
const DialogFooter = ({ className, ...props }: ViewProps) => (
<View
className={cn(
"flex flex-col-reverse sm:flex-row sm:justify-end gap-2",
className,
)}
{...props}
/>
);
DialogFooter.displayName = "DialogFooter";
const DialogTitle = React.forwardRef<
DialogPrimitive.TitleRef,
DialogPrimitive.TitleProps
>(({ className, ...props }, ref) => (
<DialogPrimitive.Title
ref={ref}
className={cn(
"text-lg native:text-xl text-foreground font-semibold leading-none tracking-tight",
className,
)}
{...props}
/>
));
DialogTitle.displayName = DialogPrimitive.Title.displayName;
const DialogDescription = React.forwardRef<
DialogPrimitive.DescriptionRef,
DialogPrimitive.DescriptionProps
>(({ className, ...props }, ref) => (
<DialogPrimitive.Description
ref={ref}
className={cn("text-sm native:text-base text-muted-foreground", className)}
{...props}
/>
));
DialogDescription.displayName = DialogPrimitive.Description.displayName;
export {
Dialog,
DialogClose,
DialogContent,
DialogDescription,
DialogFooter,
DialogHeader,
DialogOverlay,
DialogPortal,
DialogTitle,
DialogTrigger,
};
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/oidc-provider/ui.ts:
--------------------------------------------------------------------------------
```typescript
export const authorizeHTML = ({
scopes,
clientIcon,
clientName,
redirectURI,
cancelURI,
}: {
scopes: string[];
clientIcon?: string;
clientName: string;
redirectURI: string;
cancelURI: string;
clientMetadata?: Record<string, any>;
}) => `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta clientName="viewport" content="width=device-width, initial-scale=1.0">
<title>Authorize Application</title>
<style>
:root {
--bg-color: #000000;
--card-color: #1a1a1a;
--text-primary: #ffffff;
--text-secondary: #b0b0b0;
--border-color: #333333;
--button-color: #ffffff;
--button-text: #000000;
}
body {
font-family: 'Inter', 'Helvetica', 'Arial', sans-serif;
background-color: var(--bg-color);
color: var(--text-primary);
display: flex;
justify-content: center;
align-items: center;
min-height: 100vh;
margin: 0;
padding: 20px;
box-sizing: border-box;
}
.authorize-container {
background-color: var(--card-color);
border: 1px solid var(--border-color);
padding: 32px;
width: 100%;
max-width: 420px;
box-shadow: 0 8px 24px rgba(255,255,255,0.1);
}
.app-info {
display: flex;
align-items: center;
margin-bottom: 24px;
}
.app-clientIcon {
width: 64px;
height: 64px;
margin-right: 16px;
object-fit: cover;
}
.app-clientName {
font-size: 24px;
font-weight: 700;
}
.permissions-list {
background-color: rgba(255, 255, 255, 0.05);
border: 1px solid var(--border-color);
padding: 16px;
margin-bottom: 24px;
}
.permissions-list h3 {
margin-top: 0;
font-size: 16px;
color: var(--text-secondary);
margin-bottom: 12px;
}
.permissions-list ul {
list-style-type: none;
padding: 0;
margin: 0;
}
.permissions-list li {
margin-bottom: 8px;
display: flex;
align-items: center;
}
.permissions-list li::before {
content: "•";
color: var(--text-primary);
font-size: 18px;
margin-right: 8px;
}
.buttons {
display: flex;
justify-content: flex-end;
gap: 12px;
}
.button {
padding: 10px 20px;
border: none;
font-size: 14px;
font-weight: 600;
cursor: pointer;
transition: all 0.2s ease;
}
.authorize {
background-color: var(--button-color);
color: var(--button-text);
}
.authorize:hover {
opacity: 0.9;
}
.cancel {
background-color: transparent;
color: var(--text-secondary);
border: 1px solid var(--text-secondary);
}
.cancel:hover {
background-color: rgba(255, 255, 255, 0.1);
}
</style>
</head>
<body>
<div class="authorize-container">
<div class="app-info">
<img src="${clientIcon || ""}" alt="${clientName} clientIcon" class="app-clientIcon">
<span class="app-clientName">${clientName}</span>
</div>
<p>${clientName} would like permission to access your account</p>
<div class="permissions-list">
<h3>This will allow ${clientName} to:</h3>
<ul>
${scopes.map((scope) => `<li>${scope}</li>`).join("")}
</ul>
</div>
<div class="buttons">
<a href="${cancelURI}" class="button cancel">Cancel</a>
<a href="${redirectURI}" class="button authorize">Authorize</a>
</div>
</div>
</body>
</html>`;
```
--------------------------------------------------------------------------------
/demo/nextjs/components/ui/command.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import * as React from "react";
import { Command as CommandPrimitive } from "cmdk";
import { SearchIcon } from "lucide-react";
import { cn } from "@/lib/utils";
import {
Dialog,
DialogContent,
DialogDescription,
DialogHeader,
DialogTitle,
} from "@/components/ui/dialog";
function Command({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive>) {
return (
<CommandPrimitive
data-slot="command"
className={cn(
"bg-popover text-popover-foreground flex h-full w-full flex-col overflow-hidden rounded-md",
className,
)}
{...props}
/>
);
}
function CommandDialog({
title = "Command Palette",
description = "Search for a command to run...",
children,
...props
}: React.ComponentProps<typeof Dialog> & {
title?: string;
description?: string;
}) {
return (
<Dialog {...props}>
<DialogHeader className="sr-only">
<DialogTitle>{title}</DialogTitle>
<DialogDescription>{description}</DialogDescription>
</DialogHeader>
<DialogContent className="overflow-hidden p-0">
<Command className="[&_[cmdk-group-heading]]:text-muted-foreground **:data-[slot=command-input-wrapper]:h-12 [&_[cmdk-group-heading]]:px-2 [&_[cmdk-group-heading]]:font-medium [&_[cmdk-group]]:px-2 [&_[cmdk-group]:not([hidden])_~[cmdk-group]]:pt-0 [&_[cmdk-input-wrapper]_svg]:h-5 [&_[cmdk-input-wrapper]_svg]:w-5 [&_[cmdk-input]]:h-12 [&_[cmdk-item]]:px-2 [&_[cmdk-item]]:py-3 [&_[cmdk-item]_svg]:h-5 [&_[cmdk-item]_svg]:w-5">
{children}
</Command>
</DialogContent>
</Dialog>
);
}
function CommandInput({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.Input>) {
return (
<div
data-slot="command-input-wrapper"
className="flex h-9 items-center gap-2 border-b px-3"
>
<SearchIcon className="size-4 shrink-0 opacity-50" />
<CommandPrimitive.Input
data-slot="command-input"
className={cn(
"placeholder:text-muted-foreground flex h-10 w-full rounded-md bg-transparent py-3 text-sm outline-hidden disabled:cursor-not-allowed disabled:opacity-50",
className,
)}
{...props}
/>
</div>
);
}
function CommandList({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.List>) {
return (
<CommandPrimitive.List
data-slot="command-list"
className={cn(
"max-h-[300px] scroll-py-1 overflow-x-hidden overflow-y-auto",
className,
)}
{...props}
/>
);
}
function CommandEmpty({
...props
}: React.ComponentProps<typeof CommandPrimitive.Empty>) {
return (
<CommandPrimitive.Empty
data-slot="command-empty"
className="py-6 text-center text-sm"
{...props}
/>
);
}
function CommandGroup({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.Group>) {
return (
<CommandPrimitive.Group
data-slot="command-group"
className={cn(
"text-foreground [&_[cmdk-group-heading]]:text-muted-foreground overflow-hidden p-1 [&_[cmdk-group-heading]]:px-2 [&_[cmdk-group-heading]]:py-1.5 [&_[cmdk-group-heading]]:text-xs [&_[cmdk-group-heading]]:font-medium",
className,
)}
{...props}
/>
);
}
function CommandSeparator({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.Separator>) {
return (
<CommandPrimitive.Separator
data-slot="command-separator"
className={cn("bg-border -mx-1 h-px", className)}
{...props}
/>
);
}
function CommandItem({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.Item>) {
return (
<CommandPrimitive.Item
data-slot="command-item"
className={cn(
"data-[selected=true]:bg-accent data-[selected=true]:text-accent-foreground [&_svg:not([class*='text-'])]:text-muted-foreground relative flex cursor-default items-center gap-2 rounded-sm px-2 py-1.5 text-sm outline-hidden select-none data-[disabled=true]:pointer-events-none data-[disabled=true]:opacity-50 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
className,
)}
{...props}
/>
);
}
function CommandShortcut({
className,
...props
}: React.ComponentProps<"span">) {
return (
<span
data-slot="command-shortcut"
className={cn(
"text-muted-foreground ml-auto text-xs tracking-widest",
className,
)}
{...props}
/>
);
}
export {
Command,
CommandDialog,
CommandInput,
CommandList,
CommandEmpty,
CommandGroup,
CommandItem,
CommandShortcut,
CommandSeparator,
};
```
--------------------------------------------------------------------------------
/docs/components/ui/command.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import * as React from "react";
import { Command as CommandPrimitive } from "cmdk";
import { SearchIcon } from "lucide-react";
import { cn } from "@/lib/utils";
import {
Dialog,
DialogContent,
DialogDescription,
DialogHeader,
DialogTitle,
} from "@/components/ui/dialog";
function Command({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive>) {
return (
<CommandPrimitive
data-slot="command"
className={cn(
"bg-popover text-popover-foreground flex h-full w-full flex-col overflow-hidden rounded-md",
className,
)}
{...props}
/>
);
}
function CommandDialog({
title = "Command Palette",
description = "Search for a command to run...",
children,
...props
}: React.ComponentProps<typeof Dialog> & {
title?: string;
description?: string;
}) {
return (
<Dialog {...props}>
<DialogHeader className="sr-only">
<DialogTitle>{title}</DialogTitle>
<DialogDescription>{description}</DialogDescription>
</DialogHeader>
<DialogContent className="overflow-hidden p-0">
<Command className="[&_[cmdk-group-heading]]:text-muted-foreground **:data-[slot=command-input-wrapper]:h-12 [&_[cmdk-group-heading]]:px-2 [&_[cmdk-group-heading]]:font-medium [&_[cmdk-group]]:px-2 [&_[cmdk-group]:not([hidden])_~[cmdk-group]]:pt-0 [&_[cmdk-input-wrapper]_svg]:h-5 [&_[cmdk-input-wrapper]_svg]:w-5 [&_[cmdk-input]]:h-12 [&_[cmdk-item]]:px-2 [&_[cmdk-item]]:py-3 [&_[cmdk-item]_svg]:h-5 [&_[cmdk-item]_svg]:w-5">
{children}
</Command>
</DialogContent>
</Dialog>
);
}
function CommandInput({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.Input>) {
return (
<div
data-slot="command-input-wrapper"
className="flex h-9 items-center gap-2 border-b px-3"
>
<SearchIcon className="size-4 shrink-0 opacity-50" />
<CommandPrimitive.Input
data-slot="command-input"
className={cn(
"placeholder:text-muted-foreground flex h-10 w-full rounded-md bg-transparent py-3 text-sm outline-hidden disabled:cursor-not-allowed disabled:opacity-50",
className,
)}
{...props}
/>
</div>
);
}
function CommandList({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.List>) {
return (
<CommandPrimitive.List
data-slot="command-list"
className={cn(
"max-h-[300px] scroll-py-1 overflow-x-hidden overflow-y-auto",
className,
)}
{...props}
/>
);
}
function CommandEmpty({
...props
}: React.ComponentProps<typeof CommandPrimitive.Empty>) {
return (
<CommandPrimitive.Empty
data-slot="command-empty"
className="py-6 text-center text-sm"
{...props}
/>
);
}
function CommandGroup({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.Group>) {
return (
<CommandPrimitive.Group
data-slot="command-group"
className={cn(
"text-foreground [&_[cmdk-group-heading]]:text-muted-foreground overflow-hidden p-1 [&_[cmdk-group-heading]]:px-2 [&_[cmdk-group-heading]]:py-1.5 [&_[cmdk-group-heading]]:text-xs [&_[cmdk-group-heading]]:font-medium",
className,
)}
{...props}
/>
);
}
function CommandSeparator({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.Separator>) {
return (
<CommandPrimitive.Separator
data-slot="command-separator"
className={cn("bg-border -mx-1 h-px", className)}
{...props}
/>
);
}
function CommandItem({
className,
...props
}: React.ComponentProps<typeof CommandPrimitive.Item>) {
return (
<CommandPrimitive.Item
data-slot="command-item"
className={cn(
"data-[selected=true]:bg-accent data-[selected=true]:text-accent-foreground [&_svg:not([class*='text-'])]:text-muted-foreground relative flex cursor-default items-center gap-2 rounded-sm px-2 py-1.5 text-sm outline-hidden select-none data-[disabled=true]:pointer-events-none data-[disabled=true]:opacity-50 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
className,
)}
{...props}
/>
);
}
function CommandShortcut({
className,
...props
}: React.ComponentProps<"span">) {
return (
<span
data-slot="command-shortcut"
className={cn(
"text-muted-foreground ml-auto text-xs tracking-widest",
className,
)}
{...props}
/>
);
}
export {
Command,
CommandDialog,
CommandInput,
CommandList,
CommandEmpty,
CommandGroup,
CommandItem,
CommandShortcut,
CommandSeparator,
};
```
--------------------------------------------------------------------------------
/docs/components/message-feedback.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import { useState } from "react";
import { Check, Copy, ThumbsDown, ThumbsUp } from "lucide-react";
import { cn } from "@/lib/utils";
import { buttonVariants } from "fumadocs-ui/components/ui/button";
import {
submitFeedbackToInkeep,
logEventToInkeep,
} from "@/lib/inkeep-analytics";
interface MessageFeedbackProps {
messageId: string;
userMessageId?: string;
content: string;
className?: string;
}
export function MessageFeedback({
messageId,
userMessageId,
content,
className,
}: MessageFeedbackProps) {
const [feedback, setFeedback] = useState<"positive" | "negative" | null>(
null,
);
const [copied, setCopied] = useState(false);
const [isSubmittingFeedback, setIsSubmittingFeedback] = useState(false);
const [showSuccessCheckmark, setShowSuccessCheckmark] = useState<
"positive" | "negative" | null
>(null);
const handleFeedback = async (type: "positive" | "negative") => {
if (isSubmittingFeedback || feedback === type) return;
const feedbackMessageId = userMessageId || messageId;
setIsSubmittingFeedback(true);
try {
await submitFeedbackToInkeep(feedbackMessageId, type, [
{
label:
type === "positive" ? "helpful_response" : "unhelpful_response",
details:
type === "positive"
? "The response was helpful"
: "The response was not helpful",
},
]);
setFeedback(type);
setShowSuccessCheckmark(type);
setTimeout(() => {
setShowSuccessCheckmark(null);
}, 1000);
} catch (error) {
} finally {
setIsSubmittingFeedback(false);
}
};
const handleCopy = async () => {
if (copied) return;
const eventMessageId = userMessageId || messageId;
try {
await navigator.clipboard.writeText(content);
setCopied(true);
await logEventToInkeep("message:copied", "message", eventMessageId);
setTimeout(() => setCopied(false), 2000);
} catch (error) {
// Silently handle error
}
};
return (
<div
className={cn(
"flex items-center gap-1 mt-3 pt-2 border-t border-fd-border/30",
className,
)}
>
<button
type="button"
onClick={() => handleFeedback("positive")}
disabled={isSubmittingFeedback}
className={cn(
buttonVariants({
size: "icon-sm",
color: feedback === "positive" ? "primary" : "ghost",
className: cn(
"h-7 w-7 transition-colors",
isSubmittingFeedback && "opacity-50 cursor-not-allowed",
feedback === "positive"
? "bg-green-100 text-green-700 hover:bg-green-200 dark:bg-green-900/30 dark:text-green-400 dark:hover:bg-green-900/50"
: "hover:bg-fd-accent hover:text-fd-accent-foreground",
),
}),
)}
title={
showSuccessCheckmark === "positive"
? "Feedback submitted!"
: "Helpful"
}
>
{showSuccessCheckmark === "positive" ? (
<Check className="h-3.5 w-3.5 text-green-600 animate-in fade-in duration-200" />
) : (
<ThumbsUp className="h-3.5 w-3.5 transition-all duration-200" />
)}
</button>
<button
type="button"
onClick={() => handleFeedback("negative")}
disabled={isSubmittingFeedback}
className={cn(
buttonVariants({
size: "icon-sm",
color: feedback === "negative" ? "primary" : "ghost",
className: cn(
"h-7 w-7 transition-colors",
isSubmittingFeedback && "opacity-50 cursor-not-allowed",
feedback === "negative"
? "bg-red-100 text-red-700 hover:bg-red-200 dark:bg-red-900/30 dark:text-red-400 dark:hover:bg-red-900/50"
: "hover:bg-fd-accent hover:text-fd-accent-foreground",
),
}),
)}
title={
showSuccessCheckmark === "negative"
? "Feedback submitted!"
: "Not helpful"
}
>
{showSuccessCheckmark === "negative" ? (
<Check className="h-3.5 w-3.5 text-green-600 animate-in fade-in duration-200" />
) : (
<ThumbsDown className="h-3.5 w-3.5 transition-all duration-200" />
)}
</button>
<button
type="button"
onClick={handleCopy}
className={cn(
buttonVariants({
size: "icon-sm",
color: "ghost",
className:
"h-7 w-7 hover:bg-fd-accent hover:text-fd-accent-foreground transition-colors",
}),
)}
title={copied ? "Copied!" : "Copy message"}
>
{copied ? (
<Check className="h-3.5 w-3.5 text-green-600" />
) : (
<Copy className="h-3.5 w-3.5" />
)}
</button>
</div>
);
}
```
--------------------------------------------------------------------------------
/packages/core/package.json:
--------------------------------------------------------------------------------
```json
{
"name": "@better-auth/core",
"version": "1.4.0-beta.11",
"description": "The most comprehensive authentication library for TypeScript.",
"type": "module",
"main": "./dist/index.js",
"module": "./dist/index.js",
"exports": {
".": {
"import": {
"types": "./dist/index.d.ts",
"default": "./dist/index.js"
},
"require": {
"types": "./dist/index.d.cts",
"default": "./dist/index.cjs"
}
},
"./api": {
"import": {
"types": "./dist/api/index.d.ts",
"default": "./dist/api/index.js"
},
"require": {
"types": "./dist/api/index.d.cts",
"default": "./dist/api/index.cjs"
}
},
"./async_hooks": {
"import": {
"types": "./dist/async_hooks/index.d.ts",
"default": "./dist/async_hooks/index.js"
},
"require": {
"types": "./dist/async_hooks/index.d.cts",
"default": "./dist/async_hooks/index.cjs"
}
},
"./context": {
"import": {
"types": "./dist/context/index.d.ts",
"default": "./dist/context/index.js"
},
"require": {
"types": "./dist/context/index.d.cts",
"default": "./dist/context/index.cjs"
}
},
"./env": {
"import": {
"types": "./dist/env/index.d.ts",
"default": "./dist/env/index.js"
},
"require": {
"types": "./dist/env/index.d.cts",
"default": "./dist/env/index.cjs"
}
},
"./error": {
"import": {
"types": "./dist/error/index.d.ts",
"default": "./dist/error/index.js"
},
"require": {
"types": "./dist/error/index.d.cts",
"default": "./dist/error/index.cjs"
}
},
"./utils": {
"import": {
"types": "./dist/utils/index.d.ts",
"default": "./dist/utils/index.js"
},
"require": {
"types": "./dist/utils/index.d.cts",
"default": "./dist/utils/index.cjs"
}
},
"./social-providers": {
"import": {
"types": "./dist/social-providers/index.d.ts",
"default": "./dist/social-providers/index.js"
},
"require": {
"types": "./dist/social-providers/index.d.cts",
"default": "./dist/social-providers/index.cjs"
}
},
"./db": {
"import": {
"types": "./dist/db/index.d.ts",
"default": "./dist/db/index.js"
},
"require": {
"types": "./dist/db/index.d.cts",
"default": "./dist/db/index.cjs"
}
},
"./db/adapter": {
"import": {
"types": "./dist/db/adapter/index.d.ts",
"default": "./dist/db/adapter/index.js"
},
"require": {
"types": "./dist/db/adapter/index.d.cts",
"default": "./dist/db/adapter/index.cjs"
}
},
"./oauth2": {
"import": {
"types": "./dist/oauth2/index.d.ts",
"default": "./dist/oauth2/index.js"
},
"require": {
"types": "./dist/oauth2/index.d.cts",
"default": "./dist/oauth2/index.cjs"
}
}
},
"typesVersions": {
"*": {
"index": [
"dist/index.d.ts"
],
"async_hooks": [
"dist/async_hooks.d.ts"
],
"db": [
"dist/db.d.ts"
],
"db/adapter": [
"dist/db/adapter/index.d.ts"
],
"env": [
"dist/env.d.ts"
],
"error": [
"dist/error.d.ts"
],
"middleware": [
"dist/middleware.d.ts"
],
"oauth2": [
"dist/oauth2.d.ts"
],
"social-providers": [
"dist/social-providers.d.ts"
],
"utils": [
"dist/utils.d.ts"
]
}
},
"scripts": {
"build": "tsdown",
"dev": "tsdown --watch",
"typecheck": "tsc --project tsconfig.json"
},
"devDependencies": {
"@better-auth/utils": "0.3.0",
"@better-fetch/fetch": "catalog:",
"@types/better-sqlite3": "^7.6.13",
"better-call": "catalog:",
"better-sqlite3": "^12.4.1",
"jose": "^6.1.0",
"kysely": "^0.28.5",
"nanostores": "^1.0.1",
"tsdown": "catalog:"
},
"dependencies": {
"zod": "^4.1.5"
},
"peerDependencies": {
"@better-auth/utils": "0.3.0",
"@better-fetch/fetch": "catalog:",
"better-call": "catalog:",
"better-sqlite3": "^12.4.1",
"jose": "^6.1.0",
"kysely": "^0.28.5",
"nanostores": "^1.0.1"
}
}
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/jwt/types.ts:
--------------------------------------------------------------------------------
```typescript
import type { JWTPayload } from "jose";
import type { InferOptionSchema, Session, User } from "../../types";
import type { Awaitable } from "../../types/helper";
import type { schema } from "./schema";
export interface JwtOptions {
jwks?: {
/**
* Disables the /jwks endpoint and uses this endpoint in discovery.
*
* Useful if jwks are not managed at /jwks or
* if your jwks are signed with a certificate and placed on your CDN.
*/
remoteUrl?: string;
/**
* Key pair configuration
* @description A subset of the options available for the generateKeyPair function
*
* @see https://github.com/panva/jose/blob/main/src/runtime/node/generate.ts
*
* @default { alg: 'EdDSA', crv: 'Ed25519' }
*/
keyPairConfig?: JWKOptions;
/**
* Disable private key encryption
* @description Disable the encryption of the private key in the database
*
* @default false
*/
disablePrivateKeyEncryption?: boolean;
};
jwt?: {
/**
* The issuer of the JWT
*/
issuer?: string;
/**
* The audience of the JWT
*/
audience?: string;
/**
* Set the "exp" (Expiration Time) Claim.
*
* - If a `number` is passed as an argument it is used as the claim directly.
* - If a `Date` instance is passed as an argument it is converted to unix timestamp and used as the
* claim.
* - If a `string` is passed as an argument it is resolved to a time span, and then added to the
* current unix timestamp and used as the claim.
*
* Format used for time span should be a number followed by a unit, such as "5 minutes" or "1
* day".
*
* Valid units are: "sec", "secs", "second", "seconds", "s", "minute", "minutes", "min", "mins",
* "m", "hour", "hours", "hr", "hrs", "h", "day", "days", "d", "week", "weeks", "w", "year",
* "years", "yr", "yrs", and "y". It is not possible to specify months. 365.25 days is used as an
* alias for a year.
*
* If the string is suffixed with "ago", or prefixed with a "-", the resulting time span gets
* subtracted from the current unix timestamp. A "from now" suffix can also be used for
* readability when adding to the current unix timestamp.
*
* @default 15m
*/
expirationTime?: number | string | Date;
/**
* A function that is called to define the payload of the JWT
*/
definePayload?: (session: {
user: User & Record<string, any>;
session: Session & Record<string, any>;
}) => Promise<Record<string, any>> | Record<string, any>;
/**
* A function that is called to get the subject of the JWT
*
* @default session.user.id
*/
getSubject?: (session: {
user: User & Record<string, any>;
session: Session & Record<string, any>;
}) => Promise<string> | string;
/**
* A custom function to remote sign the jwt payload.
*
* All headers, such as `alg` and `kid`,
* MUST be defined within this function.
* You can safely define the header `typ: 'JWT'`.
*
* @requires jwks.remoteUrl
* @invalidates other jwt.* options
*/
sign?: (payload: JWTPayload) => Awaitable<string>;
};
/**
* Disables setting JWTs through middleware.
*
* Recommended to set `true` when using an oAuth provider plugin
* like OIDC or MCP where session payloads should not be signed.
*
* @default false
*/
disableSettingJwtHeader?: boolean;
/**
* Custom schema for the admin plugin
*/
schema?: InferOptionSchema<typeof schema>;
}
/**
* Asymmetric (JWS) Supported.
*
* @see https://github.com/panva/jose/issues/210
*/
// JWE is symmetric (ie sharing a secret) thus a jwks is not applicable since there is no public key to share.
// All new JWK "alg" and/or "crv" MUST have an associated test in jwt.test.ts
export type JWKOptions =
| {
alg: "EdDSA"; // EdDSA with Ed25519 key
crv?: "Ed25519";
}
| {
alg: "ES256"; // ECDSA with P-256 curve
crv?: never; // Only one valid option, no need for crv
}
| {
alg: "ES512"; // ECDSA with P-521 curve
crv?: never; // Only P-521 for ES512
}
| {
alg: "PS256"; // RSA-PSS with SHA-256
modulusLength?: number; // Default to 2048 or higher
}
| {
alg: "RS256"; // RSA with SHA-256
modulusLength?: number; // Default to 2048 or higher
};
export type JWSAlgorithms = JWKOptions["alg"];
export interface Jwk {
id: string;
publicKey: string;
privateKey: string;
createdAt: Date;
alg?: JWSAlgorithms;
crv?: "Ed25519" | "P-256" | "P-521";
}
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/one-time-token/index.ts:
--------------------------------------------------------------------------------
```typescript
import * as z from "zod";
import { defaultKeyHasher } from "..";
import { createAuthEndpoint } from "@better-auth/core/api";
import { sessionMiddleware } from "../../api";
import { generateRandomString } from "../../crypto";
import type { BetterAuthPlugin } from "@better-auth/core";
import type { Session, User } from "../../types";
import type { GenericEndpointContext } from "@better-auth/core";
interface OneTimeTokenOptions {
/**
* Expires in minutes
*
* @default 3
*/
expiresIn?: number;
/**
* Only allow server initiated requests
*/
disableClientRequest?: boolean;
/**
* Generate a custom token
*/
generateToken?: (
session: {
user: User & Record<string, any>;
session: Session & Record<string, any>;
},
ctx: GenericEndpointContext,
) => Promise<string>;
/**
* This option allows you to configure how the token is stored in your database.
* Note: This will not affect the token that's sent, it will only affect the token stored in your database.
*
* @default "plain"
*/
storeToken?:
| "plain"
| "hashed"
| { type: "custom-hasher"; hash: (token: string) => Promise<string> };
}
export const oneTimeToken = (options?: OneTimeTokenOptions) => {
const opts = {
storeToken: "plain",
...options,
} satisfies OneTimeTokenOptions;
async function storeToken(ctx: GenericEndpointContext, token: string) {
if (opts.storeToken === "hashed") {
return await defaultKeyHasher(token);
}
if (
typeof opts.storeToken === "object" &&
"type" in opts.storeToken &&
opts.storeToken.type === "custom-hasher"
) {
return await opts.storeToken.hash(token);
}
return token;
}
return {
id: "one-time-token",
endpoints: {
/**
* ### Endpoint
*
* GET `/one-time-token/generate`
*
* ### API Methods
*
* **server:**
* `auth.api.generateOneTimeToken`
*
* **client:**
* `authClient.oneTimeToken.generate`
*
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/one-time-token#api-method-one-time-token-generate)
*/
generateOneTimeToken: createAuthEndpoint(
"/one-time-token/generate",
{
method: "GET",
use: [sessionMiddleware],
},
async (c) => {
//if request exist, it means it's a client request
if (opts?.disableClientRequest && c.request) {
throw c.error("BAD_REQUEST", {
message: "Client requests are disabled",
});
}
const session = c.context.session;
const token = opts?.generateToken
? await opts.generateToken(session, c)
: generateRandomString(32);
const expiresAt = new Date(
Date.now() + (opts?.expiresIn ?? 3) * 60 * 1000,
);
const storedToken = await storeToken(c, token);
await c.context.internalAdapter.createVerificationValue({
value: session.session.token,
identifier: `one-time-token:${storedToken}`,
expiresAt,
});
return c.json({ token });
},
),
/**
* ### Endpoint
*
* POST `/one-time-token/verify`
*
* ### API Methods
*
* **server:**
* `auth.api.verifyOneTimeToken`
*
* **client:**
* `authClient.oneTimeToken.verify`
*
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/one-time-token#api-method-one-time-token-verify)
*/
verifyOneTimeToken: createAuthEndpoint(
"/one-time-token/verify",
{
method: "POST",
body: z.object({
token: z.string().meta({
description: 'The token to verify. Eg: "some-token"',
}),
}),
},
async (c) => {
const { token } = c.body;
const storedToken = await storeToken(c, token);
const verificationValue =
await c.context.internalAdapter.findVerificationValue(
`one-time-token:${storedToken}`,
);
if (!verificationValue) {
throw c.error("BAD_REQUEST", {
message: "Invalid token",
});
}
await c.context.internalAdapter.deleteVerificationValue(
verificationValue.id,
);
if (verificationValue.expiresAt < new Date()) {
throw c.error("BAD_REQUEST", {
message: "Token expired",
});
}
const session = await c.context.internalAdapter.findSession(
verificationValue.value,
);
if (!session) {
throw c.error("BAD_REQUEST", {
message: "Session not found",
});
}
return c.json(session);
},
),
},
} satisfies BetterAuthPlugin;
};
```
--------------------------------------------------------------------------------
/docs/content/docs/integrations/astro.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Astro Integration
description: Integrate Better Auth with Astro.
---
Better Auth comes with first class support for Astro. This guide will show you how to integrate Better Auth with Astro.
Before you start, make sure you have a Better Auth instance configured. If you haven't done that yet, check out the [installation](/docs/installation).
### Mount the handler
To enable Better Auth to handle requests, we need to mount the handler to a catch all API route. Create a file inside `/pages/api/auth` called `[...all].ts` and add the following code:
```ts title="pages/api/auth/[...all].ts"
import { auth } from "~/auth";
import type { APIRoute } from "astro";
export const ALL: APIRoute = async (ctx) => {
// If you want to use rate limiting, make sure to set the 'x-forwarded-for' header to the request headers from the context
// ctx.request.headers.set("x-forwarded-for", ctx.clientAddress);
return auth.handler(ctx.request);
};
```
<Callout>
You can change the path on your better-auth configuration but it's recommended to keep it as `/api/auth/[...all]`
</Callout>
## Create a client
Astro supports multiple frontend frameworks, so you can easily import your client based on the framework you're using.
If you're not using a frontend framework, you can still import the vanilla client.
<Tabs items={[ "vanilla", "react", "vue", "svelte", "solid",
]} defaultValue="react">
<Tab value="vanilla">
```ts title="lib/auth-client.ts"
import { createAuthClient } from "better-auth/client"
export const authClient = createAuthClient()
```
</Tab>
<Tab value="react" title="lib/auth-client.ts">
```ts title="lib/auth-client.ts"
import { createAuthClient } from "better-auth/react"
export const authClient = createAuthClient()
```
</Tab>
<Tab value="vue" title="lib/auth-client.ts">
```ts title="lib/auth-client.ts"
import { createAuthClient } from "better-auth/vue"
export const authClient = createAuthClient()
```
</Tab>
<Tab value="svelte" title="lib/auth-client.ts">
```ts title="lib/auth-client.ts"
import { createAuthClient } from "better-auth/svelte"
export const authClient = createAuthClient()
```
</Tab>
<Tab value="solid" title="lib/auth-client.ts">
```ts title="lib/auth-client.ts"
import { createAuthClient } from "better-auth/solid"
export const authClient = createAuthClient()
```
</Tab>
</Tabs>
## Auth Middleware
### Astro Locals types
To have types for your Astro locals, you need to set it inside the `env.d.ts` file.
```ts title="env.d.ts"
/// <reference path="../.astro/types.d.ts" />
declare namespace App {
// Note: 'import {} from ""' syntax does not work in .d.ts files.
interface Locals {
user: import("better-auth").User | null;
session: import("better-auth").Session | null;
}
}
```
### Middleware
To protect your routes, you can check if the user is authenticated using the `getSession` method in middleware and set the user and session data using the Astro locals with the types we set before. Start by creating a `middleware.ts` file in the root of your project and follow the example below:
```ts title="middleware.ts"
import { auth } from "@/auth";
import { defineMiddleware } from "astro:middleware";
export const onRequest = defineMiddleware(async (context, next) => {
const isAuthed = await auth.api
.getSession({
headers: context.request.headers,
})
if (isAuthed) {
context.locals.user = isAuthed.user;
context.locals.session = isAuthed.session;
} else {
context.locals.user = null;
context.locals.session = null;
}
return next();
});
```
### Getting session on the server inside `.astro` file
You can use `Astro.locals` to check if the user has session and get the user data from the server side. Here is an example of how you can get the session inside an `.astro` file:
```astro
---
import { UserCard } from "@/components/user-card";
const session = () => {
if (Astro.locals.session) {
return Astro.locals.session;
} else {
// Redirect to login page if the user is not authenticated
return Astro.redirect("/login");
}
}
---
<UserCard initialSession={session} />
```
```
--------------------------------------------------------------------------------
/packages/core/src/social-providers/line.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
import { decodeJwt } from "jose";
import type { OAuthProvider, ProviderOptions } from "../oauth2";
import {
createAuthorizationURL,
refreshAccessToken,
validateAuthorizationCode,
} from "../oauth2";
export interface LineIdTokenPayload {
iss: string;
sub: string;
aud: string;
exp: number;
iat: number;
name?: string;
picture?: string;
email?: string;
amr?: string[];
nonce?: string;
}
export interface LineUserInfo {
sub: string;
name?: string;
picture?: string;
email?: string;
}
export interface LineOptions
extends ProviderOptions<LineUserInfo | LineIdTokenPayload> {
clientId: string;
}
/**
* LINE Login v2.1
* - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize
* - Token endpoint: https://api.line.me/oauth2/v2.1/token
* - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo
* - Verify ID token: https://api.line.me/oauth2/v2.1/verify
*
* Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token
*/
export const line = (options: LineOptions) => {
const authorizationEndpoint = "https://access.line.me/oauth2/v2.1/authorize";
const tokenEndpoint = "https://api.line.me/oauth2/v2.1/token";
const userInfoEndpoint = "https://api.line.me/oauth2/v2.1/userinfo";
const verifyIdTokenEndpoint = "https://api.line.me/oauth2/v2.1/verify";
return {
id: "line",
name: "LINE",
async createAuthorizationURL({
state,
scopes,
codeVerifier,
redirectURI,
loginHint,
}) {
const _scopes = options.disableDefaultScope
? []
: ["openid", "profile", "email"];
options.scope && _scopes.push(...options.scope);
scopes && _scopes.push(...scopes);
return await createAuthorizationURL({
id: "line",
options,
authorizationEndpoint,
scopes: _scopes,
state,
codeVerifier,
redirectURI,
loginHint,
});
},
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
return validateAuthorizationCode({
code,
codeVerifier,
redirectURI,
options,
tokenEndpoint,
});
},
refreshAccessToken: options.refreshAccessToken
? options.refreshAccessToken
: async (refreshToken) => {
return refreshAccessToken({
refreshToken,
options: {
clientId: options.clientId,
clientSecret: options.clientSecret,
},
tokenEndpoint,
});
},
async verifyIdToken(token, nonce) {
if (options.disableIdTokenSignIn) {
return false;
}
if (options.verifyIdToken) {
return options.verifyIdToken(token, nonce);
}
const body = new URLSearchParams();
body.set("id_token", token);
body.set("client_id", options.clientId);
if (nonce) body.set("nonce", nonce);
const { data, error } = await betterFetch<LineIdTokenPayload>(
verifyIdTokenEndpoint,
{
method: "POST",
headers: {
"content-type": "application/x-www-form-urlencoded",
},
body,
},
);
if (error || !data) {
return false;
}
// aud must match clientId; nonce (if provided) must also match
if (data.aud !== options.clientId) return false;
if (nonce && data.nonce && data.nonce !== nonce) return false;
return true;
},
async getUserInfo(token) {
if (options.getUserInfo) {
return options.getUserInfo(token);
}
let profile: LineUserInfo | LineIdTokenPayload | null = null;
// Prefer ID token if available
if (token.idToken) {
try {
profile = decodeJwt(token.idToken) as LineIdTokenPayload;
} catch {}
}
// Fallback to UserInfo endpoint
if (!profile) {
const { data } = await betterFetch<LineUserInfo>(userInfoEndpoint, {
headers: {
authorization: `Bearer ${token.accessToken}`,
},
});
profile = data || null;
}
if (!profile) return null;
const userMap = await options.mapProfileToUser?.(profile as any);
// ID preference order
const id = (profile as any).sub || (profile as any).userId;
const name = (profile as any).name || (profile as any).displayName;
const image =
(profile as any).picture || (profile as any).pictureUrl || undefined;
const email = (profile as any).email;
return {
user: {
id,
name,
email,
image,
// LINE does not expose email verification status in ID token/userinfo
emailVerified: false,
...userMap,
},
data: profile as any,
};
},
options,
} satisfies OAuthProvider<LineUserInfo | LineIdTokenPayload, LineOptions>;
};
```
--------------------------------------------------------------------------------
/docs/content/docs/concepts/typescript.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: TypeScript
description: Better Auth TypeScript integration.
---
Better Auth is designed to be type-safe. Both the client and server are built with TypeScript, allowing you to easily infer types.
## TypeScript Config
### Strict Mode
Better Auth is designed to work with TypeScript's strict mode. We recommend enabling strict mode in your TypeScript config file:
```json title="tsconfig.json"
{
"compilerOptions": {
"strict": true
}
}
```
if you can't set `strict` to `true`, you can enable `strictNullChecks`:
```json title="tsconfig.json"
{
"compilerOptions": {
"strictNullChecks": true,
}
}
```
<Callout type="warn">
If you're running into issues with TypeScript inference exceeding maximum length the compiler will serialize,
then please make sure you're following the instructions above, as well as ensuring that both `declaration` and `composite` are not enabled.
</Callout>
## Inferring Types
Both the client SDK and the server offer types that can be inferred using the `$Infer` property. Plugins can extend base types like `User` and `Session`, and you can use `$Infer` to infer these types. Additionally, plugins can provide extra types that can also be inferred through `$Infer`.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/client"
const authClient = createAuthClient()
export type Session = typeof authClient.$Infer.Session
```
The `Session` type includes both `session` and `user` properties. The user property represents the user object type, and the `session` property represents the `session` object type.
You can also infer types on the server side.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
import Database from "better-sqlite3"
export const auth = betterAuth({
database: new Database("database.db")
})
type Session = typeof auth.$Infer.Session
```
## Additional Fields
Better Auth allows you to add additional fields to the user and session objects. All additional fields are properly inferred and available on the server and client side.
```ts
import { betterAuth } from "better-auth"
import Database from "better-sqlite3"
export const auth = betterAuth({
database: new Database("database.db"),
user: {
additionalFields: {
role: {
type: "string",
input: false
}
}
}
})
type Session = typeof auth.$Infer.Session
```
In the example above, we added a `role` field to the user object. This field is now available on the `Session` type.
### The `input` property
The `input` property in an additional field configuration determines whether the field should be included in the user input. This property defaults to `true`, meaning the field will be part of the user input during operations like registration.
To prevent a field from being part of the user input, you must explicitly set `input: false`:
```ts
additionalFields: {
role: {
type: "string",
input: false
}
}
```
When `input` is set to `false`, the field will be excluded from user input, preventing users from passing a value for it.
By default, additional fields are included in the user input, which can lead to security vulnerabilities if not handled carefully. For fields that should not be set by the user, like a `role`, it is crucial to set `input: false` in the configuration.
### Inferring Additional Fields on Client
To make sure proper type inference for additional fields on the client side, you need to inform the client about these fields. There are two approaches to achieve this, depending on your project structure:
1. For Monorepo or Single-Project Setups
If your server and client code reside in the same project, you can use the `inferAdditionalFields` plugin to automatically infer the additional fields from your server configuration.
```ts
import { inferAdditionalFields } from "better-auth/client/plugins";
import { createAuthClient } from "better-auth/react";
import type { auth } from "./auth";
export const authClient = createAuthClient({
plugins: [inferAdditionalFields<typeof auth>()],
});
```
2. For Separate Client-Server Projects
If your client and server are in separate projects, you'll need to manually specify the additional fields when creating the auth client.
```ts
import { inferAdditionalFields } from "better-auth/client/plugins";
export const authClient = createAuthClient({
plugins: [inferAdditionalFields({
user: {
role: {
type: "string"
}
}
})],
});
```
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/last-login-method/index.ts:
--------------------------------------------------------------------------------
```typescript
import { createAuthMiddleware } from "@better-auth/core/api";
import type { BetterAuthPlugin } from "@better-auth/core";
import type { GenericEndpointContext } from "@better-auth/core";
/**
* Configuration for tracking different authentication methods
*/
export interface LastLoginMethodOptions {
/**
* Name of the cookie to store the last login method
* @default "better-auth.last_used_login_method"
*/
cookieName?: string;
/**
* Cookie expiration time in seconds
* @default 2592000 (30 days)
*/
maxAge?: number;
/**
* Custom method to resolve the last login method
* @param ctx - The context from the hook
* @returns The last login method
*/
customResolveMethod?: (ctx: GenericEndpointContext) => string | null;
/**
* Store the last login method in the database. This will create a new field in the user table.
* @default false
*/
storeInDatabase?: boolean;
/**
* Custom schema for the plugin
* @default undefined
*/
schema?: {
user?: {
lastLoginMethod?: string;
};
};
}
/**
* Plugin to track the last used login method
*/
export const lastLoginMethod = <O extends LastLoginMethodOptions>(
userConfig?: O,
) => {
const paths = [
"/callback/:id",
"/oauth2/callback/:id",
"/sign-in/email",
"/sign-up/email",
];
const defaultResolveMethod = (ctx: GenericEndpointContext) => {
if (paths.includes(ctx.path)) {
return ctx.params?.id ? ctx.params.id : ctx.path.split("/").pop();
}
return null;
};
const config = {
cookieName: "better-auth.last_used_login_method",
maxAge: 60 * 60 * 24 * 30,
...userConfig,
} satisfies LastLoginMethodOptions;
return {
id: "last-login-method",
init(ctx) {
return {
options: {
databaseHooks: {
user: {
create: {
async before(user, context) {
if (!config.storeInDatabase) return;
if (!context) return;
const lastUsedLoginMethod =
config.customResolveMethod?.(context) ??
defaultResolveMethod(context);
if (lastUsedLoginMethod) {
return {
data: {
...user,
lastLoginMethod: lastUsedLoginMethod,
},
};
}
},
},
},
session: {
create: {
async after(session, context) {
if (!config.storeInDatabase) return;
if (!context) return;
const lastUsedLoginMethod =
config.customResolveMethod?.(context) ??
defaultResolveMethod(context);
if (lastUsedLoginMethod && session?.userId) {
try {
await ctx.internalAdapter.updateUser(session.userId, {
lastLoginMethod: lastUsedLoginMethod,
});
} catch (error) {
ctx.logger.error(
"Failed to update lastLoginMethod",
error,
);
}
}
},
},
},
},
},
};
},
hooks: {
after: [
{
matcher() {
return true;
},
handler: createAuthMiddleware(async (ctx) => {
const lastUsedLoginMethod =
config.customResolveMethod?.(ctx) ?? defaultResolveMethod(ctx);
if (lastUsedLoginMethod) {
const setCookie = ctx.context.responseHeaders?.get("set-cookie");
const sessionTokenName =
ctx.context.authCookies.sessionToken.name;
const hasSessionToken =
setCookie && setCookie.includes(sessionTokenName);
if (hasSessionToken) {
// Inherit cookie attributes from Better Auth's centralized cookie system
// This ensures consistency with cross-origin, cross-subdomain, and security settings
const cookieAttributes = {
...ctx.context.authCookies.sessionToken.options,
maxAge: config.maxAge,
httpOnly: false, // Override: plugin cookies are not httpOnly
};
ctx.setCookie(
config.cookieName,
lastUsedLoginMethod,
cookieAttributes,
);
}
}
}),
},
],
},
schema: (config.storeInDatabase
? {
user: {
fields: {
lastLoginMethod: {
type: "string",
input: false,
required: false,
fieldName:
config.schema?.user?.lastLoginMethod || "lastLoginMethod",
},
},
},
}
: undefined) as O["storeInDatabase"] extends true
? {
user: {
fields: {
lastLoginMethod: {
type: "string";
required: false;
input: false;
};
};
};
}
: undefined,
} satisfies BetterAuthPlugin;
};
```
--------------------------------------------------------------------------------
/docs/content/changelogs/1-2.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: 1.2 Release
description: Stripe, Captcha, API Keys, Teams, Init CLI, and more.
date: 2025-03-01
---
# Better Auth 1.2 – Stripe, Captcha, API Keys, Teams, Init CLI, and more
To upgrade, run:
```package-install
npm install [email protected]
```
---
### **Stripe Plugin (Beta)**
Stripe integration for customer management, subscriptions, and webhooks.
```package-install
npm install @better-auth/stripe
```
```ts title="auth.ts"
import { stripe } from "@better-auth/stripe"; // [!code highlight]
export const auth = betterAuth({
plugins: [
stripe({
// [!code highlight]
createCustomerOnSignup: true, // [!code highlight]
subscription: { // [!code highlight]
enabled: true, // [!code highlight]
plans: [// [!code highlight]
{ // [!code highlight]
name: "pro", // [!code highlight]
priceId: "price_1234567890", // [!code highlight]
}, // [!code highlight]
], // [!code highlight]
}, // [!code highlight]
}), // [!code highlight]
],
});
```
Read the [Stripe Plugin docs](/docs/plugins/stripe) for more information.
### **Captcha Plugin**
Protect your authentication flows with Google reCAPTCHA and Cloudflare Turnstile. Works for signup, signin, and password resets.
```ts title="auth.ts"
import { captcha } from "better-auth/plugins";
const auth = betterAuth({
plugins: [
// [!code highlight]
captcha({
// [!code highlight]
provider: "cloudflare-turnstile", // or "google-recaptcha" // [!code highlight]
secretKey: process.env.TURNSTILE_SECRET_KEY!, // [!code highlight]
}), // [!code highlight]
], // [!code highlight]
});
```
Read the [Captcha Plugin docs](/docs/plugins/captcha) for more information.
### **API Key Plugin**
Generate and manage API keys with rate limiting, expiration, and metadata. Supports session creation from API keys.
```ts title="auth.ts"
import { apiKey } from "better-auth/plugins";
const auth = betterAuth({
plugins: [apiKey()],
});
```
Read the [API Key Plugin docs](/docs/plugins/api-key) for more information.
### **Teams/Sub-Organizations**
Organizations can now have teams or sub-organizations under them.
```ts title="auth.ts"
const auth = betterAuth({
plugins: [
organization({
teams: {
enabled: true,
},
}),
],
});
```
Read the [Organization Plugin docs](/docs/plugins/organization#teams) for more information.
### **Init CLI**
The CLI now includes an `init` command to add Better Auth to your project.
```bash title="terminal"
npx @better-auth/cli init
```
### **Username**
- Added `displayName` for case-insensitive lookups while preserving original formatting.
- Built-in validation.
<Callout type="info">
If you're using the Username plugin, make sure to add the `displayName` field
to your schema.
</Callout>
### **Organization**
- **Multiple Roles per User** – Assign more than one role to a user.
### **Admin Plugin**
- Manage roles and permissions within the admin plugin. [Learn more](/docs/plugins/admin)
- `adminUserIds` option to grant specific users admin privileges. [Learn more](/docs/plugins/admin#usage)
---
## 🎭 New Social Providers
- [TikTok](/docs/authentication/tiktok)
- [Roblox](/docs/authentication/roblox)
- [VK](/docs/authentication/vk)
---
## ✨ Core Enhancements
- **Auto Cleanup** for expired verification data
- **Improved Google One Tap** integration with JWT verification and enhanced prompt handling
- **Phone-based Password Reset** functionality
- **Provider Control Options**:
- Disable signups for specific providers
- Disable implicit signups for specific providers
- Control default scopes and allow custom scopes on request
- **Enhanced Database Hooks** with additional context information
---
## 🚀 Performance Boosts
We rewrote **better-call** (the core library behind Better Auth) to fix TypeScript editor lag. Your IDE should now feel much snappier when working with Better Auth.
---
## ⚡ CLI Enhancements
### **`init` Command**
The CLI now includes an `init` command to speed up setup:
- Scaffold new projects
- Generate schemas
- Run migrations
[Learn more](/docs/concepts/cli)
---
## 🛠 Bug Fixes & Stability Improvements
A lot of fixes and refinements to make everything smoother, faster, and more reliable. Check out the [changelog](https://github.com/better-auth/better-auth/releases/tag/v1.2.0) for more details.
---
```package-install
npm install [email protected]
```
**Upgrade now and take advantage of these powerful new features!** 🚀
```
--------------------------------------------------------------------------------
/demo/nextjs/components/ui/toast.tsx:
--------------------------------------------------------------------------------
```typescript
// @ts-nocheck
"use client";
import * as React from "react";
import { Cross2Icon } from "@radix-ui/react-icons";
import * as ToastPrimitives from "@radix-ui/react-toast";
import { cva } from "class-variance-authority";
import { cn } from "@/lib/utils";
const ToastProvider = ToastPrimitives.Provider;
const ToastViewport = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof ToastPrimitives.Viewport> & {
ref: React.RefObject<React.ElementRef<typeof ToastPrimitives.Viewport>>;
}) => (
<ToastPrimitives.Viewport
ref={ref}
className={cn(
"fixed top-0 z-100 flex max-h-screen w-full flex-col-reverse p-4 sm:bottom-0 sm:right-0 sm:top-auto sm:flex-col md:max-w-[420px]",
className,
)}
{...props}
/>
);
ToastViewport.displayName = ToastPrimitives.Viewport.displayName;
const toastVariants = cva(
"group pointer-events-auto relative flex w-full items-center justify-between space-x-2 overflow-hidden rounded-md border p-4 pr-6 shadow-lg transition-all data-[swipe=cancel]:translate-x-0 data-[swipe=end]:translate-x-(--radix-toast-swipe-end-x) data-[swipe=move]:translate-x-(--radix-toast-swipe-move-x) data-[swipe=move]:transition-none data-[state=open]:animate-in data-[state=closed]:animate-out data-[swipe=end]:animate-out data-[state=closed]:fade-out-80 data-[state=closed]:slide-out-to-right-full data-[state=open]:slide-in-from-top-full data-[state=open]:sm:slide-in-from-bottom-full",
{
variants: {
variant: {
default: "border bg-background text-foreground",
destructive:
"destructive group border-destructive bg-destructive text-destructive-foreground",
},
},
defaultVariants: {
variant: "default",
},
},
);
const Toast = ({ ref, className, variant, ...props }) => {
return (
<ToastPrimitives.Root
ref={ref}
className={cn(toastVariants({ variant }), className)}
{...props}
/>
);
};
Toast.displayName = ToastPrimitives.Root.displayName;
const ToastAction = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof ToastPrimitives.Action> & {
ref: React.RefObject<React.ElementRef<typeof ToastPrimitives.Action>>;
}) => (
<ToastPrimitives.Action
ref={ref}
className={cn(
"inline-flex h-8 shrink-0 items-center justify-center rounded-md border bg-transparent px-3 text-sm font-medium transition-colors hover:bg-secondary focus:outline-none focus:ring-1 focus:ring-ring disabled:pointer-events-none disabled:opacity-50 group-[.destructive]:border-muted/40 group-[.destructive]:hover:border-destructive/30 group-[.destructive]:hover:bg-destructive group-[.destructive]:hover:text-destructive-foreground group-[.destructive]:focus:ring-destructive",
className,
)}
{...props}
/>
);
ToastAction.displayName = ToastPrimitives.Action.displayName;
const ToastClose = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof ToastPrimitives.Close> & {
ref: React.RefObject<React.ElementRef<typeof ToastPrimitives.Close>>;
}) => (
<ToastPrimitives.Close
ref={ref}
className={cn(
"absolute right-1 top-1 rounded-md p-1 text-foreground/50 opacity-0 transition-opacity hover:text-foreground focus:opacity-100 focus:outline-none focus:ring-1 group-hover:opacity-100 group-[.destructive]:text-red-300 group-[.destructive]:hover:text-red-50 group-[.destructive]:focus:ring-red-400 group-[.destructive]:focus:ring-offset-red-600",
className,
)}
toast-close=""
{...props}
>
<Cross2Icon className="h-4 w-4" />
</ToastPrimitives.Close>
);
ToastClose.displayName = ToastPrimitives.Close.displayName;
const ToastTitle = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof ToastPrimitives.Title> & {
ref: React.RefObject<React.ElementRef<typeof ToastPrimitives.Title>>;
}) => (
<ToastPrimitives.Title
ref={ref}
className={cn("text-sm font-semibold [&+div]:text-xs", className)}
{...props}
/>
);
ToastTitle.displayName = ToastPrimitives.Title.displayName;
const ToastDescription = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<typeof ToastPrimitives.Description> & {
ref: React.RefObject<React.ElementRef<typeof ToastPrimitives.Description>>;
}) => (
<ToastPrimitives.Description
ref={ref}
className={cn("text-sm opacity-90", className)}
{...props}
/>
);
ToastDescription.displayName = ToastPrimitives.Description.displayName;
type ToastProps = React.ComponentPropsWithoutRef<typeof Toast>;
type ToastActionElement = React.ReactElement<typeof ToastAction>;
export {
type ToastProps,
type ToastActionElement,
ToastProvider,
ToastViewport,
Toast,
ToastTitle,
ToastDescription,
ToastClose,
ToastAction,
};
```
--------------------------------------------------------------------------------
/packages/core/src/social-providers/facebook.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
import type { OAuthProvider, ProviderOptions } from "../oauth2";
import { createAuthorizationURL, validateAuthorizationCode } from "../oauth2";
import { createRemoteJWKSet, jwtVerify, decodeJwt } from "jose";
import { refreshAccessToken } from "../oauth2";
export interface FacebookProfile {
id: string;
name: string;
email: string;
email_verified: boolean;
picture: {
data: {
height: number;
is_silhouette: boolean;
url: string;
width: number;
};
};
}
export interface FacebookOptions extends ProviderOptions<FacebookProfile> {
clientId: string;
/**
* Extend list of fields to retrieve from the Facebook user profile.
*
* @default ["id", "name", "email", "picture"]
*/
fields?: string[];
/**
* The config id to use when undergoing oauth
*/
configId?: string;
}
export const facebook = (options: FacebookOptions) => {
return {
id: "facebook",
name: "Facebook",
async createAuthorizationURL({ state, scopes, redirectURI, loginHint }) {
const _scopes = options.disableDefaultScope
? []
: ["email", "public_profile"];
options.scope && _scopes.push(...options.scope);
scopes && _scopes.push(...scopes);
return await createAuthorizationURL({
id: "facebook",
options,
authorizationEndpoint: "https://www.facebook.com/v21.0/dialog/oauth",
scopes: _scopes,
state,
redirectURI,
loginHint,
additionalParams: options.configId
? {
config_id: options.configId,
}
: {},
});
},
validateAuthorizationCode: async ({ code, redirectURI }) => {
return validateAuthorizationCode({
code,
redirectURI,
options,
tokenEndpoint: "https://graph.facebook.com/oauth/access_token",
});
},
async verifyIdToken(token, nonce) {
if (options.disableIdTokenSignIn) {
return false;
}
if (options.verifyIdToken) {
return options.verifyIdToken(token, nonce);
}
/* limited login */
// check is limited token
if (token.split(".").length === 3) {
try {
const { payload: jwtClaims } = await jwtVerify(
token,
createRemoteJWKSet(
// https://developers.facebook.com/docs/facebook-login/limited-login/token/#jwks
new URL(
"https://limited.facebook.com/.well-known/oauth/openid/jwks/",
),
),
{
algorithms: ["RS256"],
audience: options.clientId,
issuer: "https://www.facebook.com",
},
);
if (nonce && jwtClaims.nonce !== nonce) {
return false;
}
return !!jwtClaims;
} catch (error) {
return false;
}
}
/* access_token */
return true;
},
refreshAccessToken: options.refreshAccessToken
? options.refreshAccessToken
: async (refreshToken) => {
return refreshAccessToken({
refreshToken,
options: {
clientId: options.clientId,
clientKey: options.clientKey,
clientSecret: options.clientSecret,
},
tokenEndpoint:
"https://graph.facebook.com/v18.0/oauth/access_token",
});
},
async getUserInfo(token) {
if (options.getUserInfo) {
return options.getUserInfo(token);
}
if (token.idToken && token.idToken.split(".").length === 3) {
const profile = decodeJwt(token.idToken) as {
sub: string;
email: string;
name: string;
picture: string;
};
const user = {
id: profile.sub,
name: profile.name,
email: profile.email,
picture: {
data: {
url: profile.picture,
height: 100,
width: 100,
is_silhouette: false,
},
},
};
// https://developers.facebook.com/docs/facebook-login/limited-login/permissions
const userMap = await options.mapProfileToUser?.({
...user,
email_verified: true,
});
return {
user: {
...user,
emailVerified: true,
...userMap,
},
data: profile,
};
}
const fields = [
"id",
"name",
"email",
"picture",
...(options?.fields || []),
];
const { data: profile, error } = await betterFetch<FacebookProfile>(
"https://graph.facebook.com/me?fields=" + fields.join(","),
{
auth: {
type: "Bearer",
token: token.accessToken,
},
},
);
if (error) {
return null;
}
const userMap = await options.mapProfileToUser?.(profile);
return {
user: {
id: profile.id,
name: profile.name,
email: profile.email,
image: profile.picture.data.url,
emailVerified: profile.email_verified,
...userMap,
},
data: profile,
};
},
options,
} satisfies OAuthProvider<FacebookProfile>;
};
```
--------------------------------------------------------------------------------
/packages/better-auth/src/api/middlewares/origin-check.ts:
--------------------------------------------------------------------------------
```typescript
import { APIError } from "better-call";
import { createAuthMiddleware } from "@better-auth/core/api";
import { wildcardMatch } from "../../utils/wildcard";
import { getHost, getOrigin, getProtocol } from "../../utils/url";
import type { GenericEndpointContext } from "@better-auth/core";
/**
* A middleware to validate callbackURL and origin against
* trustedOrigins.
*/
export const originCheckMiddleware = createAuthMiddleware(async (ctx) => {
if (ctx.request?.method !== "POST" || !ctx.request) {
return;
}
const { body, query, context } = ctx;
const originHeader =
ctx.headers?.get("origin") || ctx.headers?.get("referer") || "";
const callbackURL = body?.callbackURL || query?.callbackURL;
const redirectURL = body?.redirectTo;
const errorCallbackURL = body?.errorCallbackURL;
const newUserCallbackURL = body?.newUserCallbackURL;
const trustedOrigins: string[] = Array.isArray(context.options.trustedOrigins)
? context.trustedOrigins
: [
...context.trustedOrigins,
...((await context.options.trustedOrigins?.(ctx.request)) || []),
];
const usesCookies = ctx.headers?.has("cookie");
const matchesPattern = (url: string, pattern: string): boolean => {
if (url.startsWith("/")) {
return false;
}
if (pattern.includes("*")) {
// For protocol-specific wildcards, match the full origin
if (pattern.includes("://")) {
return wildcardMatch(pattern)(getOrigin(url) || url);
}
// For host-only wildcards, match just the host
return wildcardMatch(pattern)(getHost(url));
}
const protocol = getProtocol(url);
return protocol === "http:" || protocol === "https:" || !protocol
? pattern === getOrigin(url)
: url.startsWith(pattern);
};
const validateURL = (url: string | undefined, label: string) => {
if (!url) {
return;
}
const isTrustedOrigin = trustedOrigins.some(
(origin) =>
matchesPattern(url, origin) ||
(url?.startsWith("/") &&
label !== "origin" &&
/^\/(?!\/|\\|%2f|%5c)[\w\-.\+/@]*(?:\?[\w\-.\+/=&%@]*)?$/.test(url)),
);
if (!isTrustedOrigin) {
ctx.context.logger.error(`Invalid ${label}: ${url}`);
ctx.context.logger.info(
`If it's a valid URL, please add ${url} to trustedOrigins in your auth config\n`,
`Current list of trustedOrigins: ${trustedOrigins}`,
);
throw new APIError("FORBIDDEN", { message: `Invalid ${label}` });
}
};
if (usesCookies && !ctx.context.options.advanced?.disableCSRFCheck) {
validateURL(originHeader, "origin");
}
callbackURL && validateURL(callbackURL, "callbackURL");
redirectURL && validateURL(redirectURL, "redirectURL");
errorCallbackURL && validateURL(errorCallbackURL, "errorCallbackURL");
newUserCallbackURL && validateURL(newUserCallbackURL, "newUserCallbackURL");
});
export const originCheck = (
getValue: (ctx: GenericEndpointContext) => string | string[],
) =>
createAuthMiddleware(async (ctx) => {
if (!ctx.request) {
return;
}
const { context } = ctx;
const callbackURL = getValue(ctx);
const trustedOrigins: string[] = Array.isArray(
context.options.trustedOrigins,
)
? context.trustedOrigins
: [
...context.trustedOrigins,
...((await context.options.trustedOrigins?.(ctx.request)) || []),
];
const matchesPattern = (url: string, pattern: string): boolean => {
if (url.startsWith("/")) {
return false;
}
if (pattern.includes("*")) {
// For protocol-specific wildcards, match the full origin
if (pattern.includes("://")) {
return wildcardMatch(pattern)(getOrigin(url) || url);
}
// For host-only wildcards, match just the host
return wildcardMatch(pattern)(getHost(url));
}
const protocol = getProtocol(url);
return protocol === "http:" || protocol === "https:" || !protocol
? pattern === getOrigin(url)
: url.startsWith(pattern);
};
const validateURL = (url: string | undefined, label: string) => {
if (!url) {
return;
}
const isTrustedOrigin = trustedOrigins.some(
(origin) =>
matchesPattern(url, origin) ||
(url?.startsWith("/") &&
label !== "origin" &&
/^\/(?!\/|\\|%2f|%5c)[\w\-.\+/@]*(?:\?[\w\-.\+/=&%@]*)?$/.test(
url,
)),
);
if (!isTrustedOrigin) {
ctx.context.logger.error(`Invalid ${label}: ${url}`);
ctx.context.logger.info(
`If it's a valid URL, please add ${url} to trustedOrigins in your auth config\n`,
`Current list of trustedOrigins: ${trustedOrigins}`,
);
throw new APIError("FORBIDDEN", { message: `Invalid ${label}` });
}
};
const callbacks = Array.isArray(callbackURL) ? callbackURL : [callbackURL];
for (const url of callbacks) {
validateURL(url, "callbackURL");
}
});
```
--------------------------------------------------------------------------------
/docs/app/blog/_components/changelog-layout.tsx:
--------------------------------------------------------------------------------
```typescript
import Link from "next/link";
import clsx from "clsx";
import { DiscordLogoIcon } from "@radix-ui/react-icons";
function BookIcon(props: React.ComponentPropsWithoutRef<"svg">) {
return (
<svg viewBox="0 0 16 16" aria-hidden="true" fill="currentColor" {...props}>
<path d="M7 3.41a1 1 0 0 0-.668-.943L2.275 1.039a.987.987 0 0 0-.877.166c-.25.192-.398.493-.398.812V12.2c0 .454.296.853.725.977l3.948 1.365A1 1 0 0 0 7 13.596V3.41ZM9 13.596a1 1 0 0 0 1.327.946l3.948-1.365c.429-.124.725-.523.725-.977V2.017c0-.32-.147-.62-.398-.812a.987.987 0 0 0-.877-.166L9.668 2.467A1 1 0 0 0 9 3.41v10.186Z" />
</svg>
);
}
function GitHubIcon(props: React.ComponentPropsWithoutRef<"svg">) {
return (
<svg viewBox="0 0 16 16" aria-hidden="true" fill="currentColor" {...props}>
<path d="M8 .198a8 8 0 0 0-8 8 7.999 7.999 0 0 0 5.47 7.59c.4.076.547-.172.547-.384 0-.19-.007-.694-.01-1.36-2.226.482-2.695-1.074-2.695-1.074-.364-.923-.89-1.17-.89-1.17-.725-.496.056-.486.056-.486.803.056 1.225.824 1.225.824.714 1.224 1.873.87 2.33.666.072-.518.278-.87.507-1.07-1.777-.2-3.644-.888-3.644-3.954 0-.873.31-1.586.823-2.146-.09-.202-.36-1.016.07-2.118 0 0 .67-.214 2.2.82a7.67 7.67 0 0 1 2-.27 7.67 7.67 0 0 1 2 .27c1.52-1.034 2.19-.82 2.19-.82.43 1.102.16 1.916.08 2.118.51.56.82 1.273.82 2.146 0 3.074-1.87 3.75-3.65 3.947.28.24.54.73.54 1.48 0 1.07-.01 1.93-.01 2.19 0 .21.14.46.55.38A7.972 7.972 0 0 0 16 8.199a8 8 0 0 0-8-8Z" />
</svg>
);
}
function FeedIcon(props: React.ComponentPropsWithoutRef<"svg">) {
return (
<svg viewBox="0 0 16 16" aria-hidden="true" fill="currentColor" {...props}>
<path
fillRule="evenodd"
clipRule="evenodd"
d="M2.5 3a.5.5 0 0 1 .5-.5h.5c5.523 0 10 4.477 10 10v.5a.5.5 0 0 1-.5.5h-.5a.5.5 0 0 1-.5-.5v-.5A8.5 8.5 0 0 0 3.5 4H3a.5.5 0 0 1-.5-.5V3Zm0 4.5A.5.5 0 0 1 3 7h.5A5.5 5.5 0 0 1 9 12.5v.5a.5.5 0 0 1-.5.5H8a.5.5 0 0 1-.5-.5v-.5a4 4 0 0 0-4-4H3a.5.5 0 0 1-.5-.5v-.5Zm0 5a1 1 0 1 1 2 0 1 1 0 0 1-2 0Z"
/>
</svg>
);
}
function XIcon(props: React.ComponentPropsWithoutRef<"svg">) {
return (
<svg viewBox="0 0 16 16" aria-hidden="true" fill="currentColor" {...props}>
<path d="M9.51762 6.77491L15.3459 0H13.9648L8.90409 5.88256L4.86212 0H0.200195L6.31244 8.89547L0.200195 16H1.58139L6.92562 9.78782L11.1942 16H15.8562L9.51728 6.77491H9.51762ZM7.62588 8.97384L7.00658 8.08805L2.07905 1.03974H4.20049L8.17706 6.72795L8.79636 7.61374L13.9654 15.0075H11.844L7.62588 8.97418V8.97384Z" />
</svg>
);
}
export function Intro() {
return (
<>
<h1 className="mt-14 font-sans font-semibold tracking-tighter text-5xl">
All of the changes made will be{" "}
<span className="">available here.</span>
</h1>
<p className="mt-4 text-sm text-gray-600 dark:text-gray-300">
Better Auth is comprehensive authentication library for TypeScript that
provides a wide range of features to make authentication easier and more
secure.
</p>
<hr className="h-px bg-gray-300 mt-5" />
<div className="mt-8 flex flex-wrap text-gray-600 dark:text-gray-300 justify-center gap-x-1 gap-y-3 sm:gap-x-2 lg:justify-start">
<IconLink
href="/docs"
icon={BookIcon}
className="flex-none text-gray-600 dark:text-gray-300"
>
Documentation
</IconLink>
<IconLink
href="https://github.com/better-auth/better-auth"
icon={GitHubIcon}
className="flex-none text-gray-600 dark:text-gray-300"
>
GitHub
</IconLink>
<IconLink
href="https://discord.gg/better-auth"
icon={DiscordLogoIcon}
className="flex-none text-gray-600 dark:text-gray-300"
>
Community
</IconLink>
</div>
</>
);
}
export function IntroFooter() {
return (
<p className="flex items-baseline gap-x-2 text-[0.8125rem]/6 text-gray-500">
Brought to you by{" "}
<IconLink href="#" icon={XIcon} compact>
BETTER-AUTH.
</IconLink>
</p>
);
}
export function IconLink({
children,
className,
compact = false,
icon: Icon,
...props
}: React.ComponentPropsWithoutRef<typeof Link> & {
compact?: boolean;
icon?: React.ComponentType<{ className?: string }>;
}) {
return (
<Link
{...props}
className={clsx(
className,
"group relative isolate flex items-center px-2 py-0.5 text-[0.8125rem]/6 font-medium text-black/70 dark:text-white/30 transition-colors hover:text-stone-300 rounded-none",
compact ? "gap-x-2" : "gap-x-3",
)}
>
<span className="absolute inset-0 -z-10 scale-75 rounded-lg bg-white/5 opacity-0 transition group-hover:scale-100 group-hover:opacity-100" />
{Icon && <Icon className="h-4 w-4 flex-none" />}
<span className="self-baseline text-black/70 dark:text-white">
{children}
</span>
</Link>
);
}
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/custom-session/custom-session.test.ts:
--------------------------------------------------------------------------------
```typescript
import { describe, expect, expectTypeOf, it } from "vitest";
import { getTestInstance } from "../../test-utils/test-instance";
import { customSession } from ".";
import { admin } from "../admin";
import { createAuthClient } from "../../client";
import { customSessionClient } from "./client";
import type { BetterAuthOptions } from "../../types";
import { adminClient } from "../admin/client";
import { multiSession } from "../multi-session";
import { multiSessionClient } from "../multi-session/client";
import { parseSetCookieHeader } from "../../cookies";
describe("Custom Session Plugin Tests", async () => {
const options = {
plugins: [admin(), multiSession()],
} satisfies BetterAuthOptions;
const { auth, signInWithTestUser, testUser, customFetchImpl, cookieSetter } =
await getTestInstance({
session: {
maxAge: 10,
updateAge: 0,
cookieCache: {
enabled: true,
maxAge: 10,
},
},
plugins: [
...options.plugins,
customSession(
async ({ user, session }) => {
const newData = {
message: "Hello, World!",
};
return {
user: {
firstName: user.name.split(" ")[0],
lastName: user.name.split(" ")[1],
},
newData,
session,
};
},
options,
{ shouldMutateListDeviceSessionsEndpoint: true },
),
],
});
const client = createAuthClient({
baseURL: "http://localhost:3000",
plugins: [
customSessionClient<typeof auth>(),
adminClient(),
multiSessionClient(),
],
fetchOptions: { customFetchImpl },
});
it("should return the session", async () => {
const { headers } = await signInWithTestUser();
const session = await auth.api.getSession({ headers });
const s = await client.getSession({ fetchOptions: { headers } });
expect(s.data?.newData).toEqual({ message: "Hello, World!" });
expect(session?.newData).toEqual({ message: "Hello, World!" });
});
it("should return set cookie headers", async () => {
const { headers } = await signInWithTestUser();
const s = await client.getSession({
fetchOptions: {
headers,
onResponse(context) {
const header = context.response.headers.get("set-cookie");
expect(header).toBeDefined();
const cookies = parseSetCookieHeader(header!);
expect(cookies.has("better-auth.session_token")).toBe(true);
expect(cookies.has("better-auth.session_data")).toBe(true);
},
},
});
});
it("should return the custom session for multi-session", async () => {
let headers = new Headers();
const testUser = {
email: "[email protected]",
password: "password",
name: "Name",
};
await client.signUp.email(
{
name: testUser.name,
email: testUser.email,
password: testUser.password,
},
{
onSuccess: cookieSetter(headers),
},
);
const sessions = await auth.api.listDeviceSessions({
headers,
});
const session = sessions[0]!;
//@ts-expect-error
expect(session.newData).toEqual({ message: "Hello, World!" });
});
it.skipIf(globalThis.gc == null)(
"should not create memory leaks with multiple plugin instances",
async () => {
const initialMemory = process.memoryUsage();
const pluginInstances = [];
const sessionCount = 100;
for (let i = 0; i < sessionCount; i++) {
const plugin = customSession(async ({ user, session }) => {
return {
user: {
...user,
testField: `test-${i}`,
},
session,
iteration: i,
};
});
pluginInstances.push(plugin);
}
// Force garbage collection (only works if Node.js is started with --expose-gc)
// @ts-expect-error
globalThis.gc();
const afterPluginCreation = process.memoryUsage();
const memoryIncrease =
afterPluginCreation.heapUsed - initialMemory.heapUsed;
const memoryIncreasePerPlugin = memoryIncrease / sessionCount;
// Each plugin instance should not use more than <5KB of memory
// (this is a reasonable threshold that indicates no major memory leak)
expect(memoryIncreasePerPlugin).toBeLessThan(5 * 1024);
// Verify that plugins are still functional
expect(pluginInstances).toHaveLength(sessionCount);
expect(pluginInstances[0]!.id).toBe("custom-session");
expect(pluginInstances[sessionCount - 1]!.id).toBe("custom-session");
},
);
it("should infer the session type", async () => {
const { auth } = await getTestInstance({
plugins: [
customSession(async ({ user, session }) => {
return {
custom: {
field: "field",
},
};
}),
],
});
type Session = typeof auth.$Infer.Session;
expectTypeOf<Session>().toEqualTypeOf<{
custom: {
field: string;
};
}>();
});
});
```
--------------------------------------------------------------------------------
/packages/core/src/oauth2/oauth-provider.ts:
--------------------------------------------------------------------------------
```typescript
import type { LiteralString } from "../types";
export interface OAuth2Tokens {
tokenType?: string;
accessToken?: string;
refreshToken?: string;
accessTokenExpiresAt?: Date;
refreshTokenExpiresAt?: Date;
scopes?: string[];
idToken?: string;
}
export type OAuth2UserInfo = {
id: string | number;
name?: string;
email?: string | null;
image?: string;
emailVerified: boolean;
};
export interface OAuthProvider<
T extends Record<string, any> = Record<string, any>,
O extends Record<string, any> = Partial<ProviderOptions>,
> {
id: LiteralString;
createAuthorizationURL: (data: {
state: string;
codeVerifier: string;
scopes?: string[];
redirectURI: string;
display?: string;
loginHint?: string;
}) => Promise<URL> | URL;
name: string;
validateAuthorizationCode: (data: {
code: string;
redirectURI: string;
codeVerifier?: string;
deviceId?: string;
}) => Promise<OAuth2Tokens>;
getUserInfo: (
token: OAuth2Tokens & {
/**
* The user object from the provider
* This is only available for some providers like Apple
*/
user?: {
name?: {
firstName?: string;
lastName?: string;
};
email?: string;
};
},
) => Promise<{
user: OAuth2UserInfo;
data: T;
} | null>;
/**
* Custom function to refresh a token
*/
refreshAccessToken?: (refreshToken: string) => Promise<OAuth2Tokens>;
revokeToken?: (token: string) => Promise<void>;
/**
* Verify the id token
* @param token - The id token
* @param nonce - The nonce
* @returns True if the id token is valid, false otherwise
*/
verifyIdToken?: (token: string, nonce?: string) => Promise<boolean>;
/**
* Disable implicit sign up for new users. When set to true for the provider,
* sign-in need to be called with with requestSignUp as true to create new users.
*/
disableImplicitSignUp?: boolean;
/**
* Disable sign up for new users.
*/
disableSignUp?: boolean;
/**
* Options for the provider
*/
options?: O;
}
export type ProviderOptions<Profile extends Record<string, any> = any> = {
/**
* The client ID of your application.
*
* This is usually a string but can be any type depending on the provider.
*/
clientId?: unknown;
/**
* The client secret of your application
*/
clientSecret?: string;
/**
* The scopes you want to request from the provider
*/
scope?: string[];
/**
* Remove default scopes of the provider
*/
disableDefaultScope?: boolean;
/**
* The redirect URL for your application. This is where the provider will
* redirect the user after the sign in process. Make sure this URL is
* whitelisted in the provider's dashboard.
*/
redirectURI?: string;
/**
* The client key of your application
* Tiktok Social Provider uses this field instead of clientId
*/
clientKey?: string;
/**
* Disable provider from allowing users to sign in
* with this provider with an id token sent from the
* client.
*/
disableIdTokenSignIn?: boolean;
/**
* verifyIdToken function to verify the id token
*/
verifyIdToken?: (token: string, nonce?: string) => Promise<boolean>;
/**
* Custom function to get user info from the provider
*/
getUserInfo?: (token: OAuth2Tokens) => Promise<{
user: {
id: string;
name?: string;
email?: string | null;
image?: string;
emailVerified: boolean;
[key: string]: any;
};
data: any;
}>;
/**
* Custom function to refresh a token
*/
refreshAccessToken?: (refreshToken: string) => Promise<OAuth2Tokens>;
/**
* Custom function to map the provider profile to a
* user.
*/
mapProfileToUser?: (profile: Profile) =>
| {
id?: string;
name?: string;
email?: string | null;
image?: string;
emailVerified?: boolean;
[key: string]: any;
}
| Promise<{
id?: string;
name?: string;
email?: string | null;
image?: string;
emailVerified?: boolean;
[key: string]: any;
}>;
/**
* Disable implicit sign up for new users. When set to true for the provider,
* sign-in need to be called with with requestSignUp as true to create new users.
*/
disableImplicitSignUp?: boolean;
/**
* Disable sign up for new users.
*/
disableSignUp?: boolean;
/**
* The prompt to use for the authorization code request
*/
prompt?:
| "select_account"
| "consent"
| "login"
| "none"
| "select_account consent";
/**
* The response mode to use for the authorization code request
*/
responseMode?: "query" | "form_post";
/**
* If enabled, the user info will be overridden with the provider user info
* This is useful if you want to use the provider user info to update the user info
*
* @default false
*/
overrideUserInfoOnSignIn?: boolean;
};
```
--------------------------------------------------------------------------------
/docs/content/docs/authentication/facebook.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Facebook
description: Facebook provider setup and usage.
---
<Steps>
<Step>
### Get your Facebook credentials
To use Facebook sign in, you need a client ID and client Secret. You can get them from the [Facebook Developer Portal](https://developers.facebook.com/).
Select your app, navigate to **App Settings > Basic**, locate the following:
- **App ID**: This is your `clientId`
- **App Secret**: This is your `clientSecret`.
<Callout type="warn">
Avoid exposing the `clientSecret` in client-side code (e.g., frontend apps) because it’s sensitive information.
</Callout>
Make sure to set the redirect URL to `http://localhost:3000/api/auth/callback/facebook` for local development. For production, you should set it to the URL of your application. If you change the base path of the auth routes, you should update the redirect URL accordingly.
</Step>
<Step>
### Configure the provider
To configure the provider, you need to import the provider and pass it to the `socialProviders` option of the auth instance.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
socialProviders: {
facebook: { // [!code highlight]
clientId: process.env.FACEBOOK_CLIENT_ID as string, // [!code highlight]
clientSecret: process.env.FACEBOOK_CLIENT_SECRET as string, // [!code highlight]
}, // [!code highlight]
},
})
```
<Callout>
BetterAuth also supports Facebook Login for Business, all you need
to do is provide the `configId` as listed in **Facebook Login For Business > Configurations** alongside your `clientId` and `clientSecret`. Note that the app must be a Business app and, since BetterAuth expects to have an email address and account id, the configuration must be of the "User access token" type. "System-user access token" is not supported.
</Callout>
</Step>
<Step>
### Sign In with Facebook
To sign in with Facebook, you can use the `signIn.social` function provided by the client. The `signIn` function takes an object with the following properties:
- `provider`: The provider to use. It should be set to `facebook`.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/auth-client"
const authClient = createAuthClient()
const signIn = async () => {
const data = await authClient.signIn.social({
provider: "facebook"
})
}
```
</Step>
</Steps>
## Additional Configuration
### Scopes
By default, Facebook provides basic user information. If you need additional permissions, you can specify scopes in your auth configuration:
```ts title="auth.ts"
export const auth = betterAuth({
socialProviders: {
facebook: {
clientId: process.env.FACEBOOK_CLIENT_ID as string,
clientSecret: process.env.FACEBOOK_CLIENT_SECRET as string,
scopes: ["email", "public_profile", "user_friends"], // Overwrites permissions
fields: ["user_friends"], // Extending list of fields
},
},
})
```
Additional options:
- `scopes`: Access basic account information (overwrites).
- Default: `"email", "public_profile"`
- `fields`: Extend list of fields to retrieve from the Facebook user profile (assignment).
- Default: `"id", "name", "email", "picture"`
### Sign In with Facebook With ID or Access Token
To sign in with Facebook using the ID Token, you can use the `signIn.social` function to pass the ID Token.
This is useful when you have the ID Token from Facebook on the client-side and want to use it to sign in on the server.
<Callout>
If ID token is provided no redirection will happen, and the user will be signed in directly.
</Callout>
For limited login, you need to pass `idToken.token`, for only `accessToken` you need to pass `idToken.accessToken` and `idToken.token` together because of (#1183)[https://github.com/better-auth/better-auth/issues/1183].
```ts title="auth-client.ts"
const data = await authClient.signIn.social({
provider: "facebook",
idToken: { // [!code highlight]
...(platform === 'ios' ? // [!code highlight]
{ token: idToken } // [!code highlight]
: { token: accessToken, accessToken: accessToken }), // [!code highlight]
},
})
```
For a complete list of available permissions, refer to the [Permissions Reference](https://developers.facebook.com/docs/permissions).
```