This is page 5 of 49. Use http://codebase.md/better-auth/better-auth?page={x} to view the full context.
# Directory Structure
```
├── .gitattributes
├── .github
│ ├── CODEOWNERS
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE
│ │ ├── bug_report.yml
│ │ └── feature_request.yml
│ ├── renovate.json5
│ └── workflows
│ ├── ci.yml
│ ├── e2e.yml
│ ├── preview.yml
│ └── release.yml
├── .gitignore
├── .npmrc
├── .nvmrc
├── .vscode
│ └── settings.json
├── banner-dark.png
├── banner.png
├── biome.json
├── bump.config.ts
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── demo
│ ├── expo-example
│ │ ├── .env.example
│ │ ├── .gitignore
│ │ ├── app.config.ts
│ │ ├── assets
│ │ │ ├── bg-image.jpeg
│ │ │ ├── fonts
│ │ │ │ └── SpaceMono-Regular.ttf
│ │ │ ├── icon.png
│ │ │ └── images
│ │ │ ├── adaptive-icon.png
│ │ │ ├── favicon.png
│ │ │ ├── logo.png
│ │ │ ├── partial-react-logo.png
│ │ │ ├── react-logo.png
│ │ │ ├── [email protected]
│ │ │ ├── [email protected]
│ │ │ └── splash.png
│ │ ├── babel.config.js
│ │ ├── components.json
│ │ ├── expo-env.d.ts
│ │ ├── index.ts
│ │ ├── metro.config.js
│ │ ├── nativewind-env.d.ts
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── app
│ │ │ │ ├── _layout.tsx
│ │ │ │ ├── api
│ │ │ │ │ └── auth
│ │ │ │ │ └── [...route]+api.ts
│ │ │ │ ├── dashboard.tsx
│ │ │ │ ├── forget-password.tsx
│ │ │ │ ├── index.tsx
│ │ │ │ └── sign-up.tsx
│ │ │ ├── components
│ │ │ │ ├── icons
│ │ │ │ │ └── google.tsx
│ │ │ │ └── ui
│ │ │ │ ├── avatar.tsx
│ │ │ │ ├── button.tsx
│ │ │ │ ├── card.tsx
│ │ │ │ ├── dialog.tsx
│ │ │ │ ├── input.tsx
│ │ │ │ ├── separator.tsx
│ │ │ │ └── text.tsx
│ │ │ ├── global.css
│ │ │ └── lib
│ │ │ ├── auth-client.ts
│ │ │ ├── auth.ts
│ │ │ ├── icons
│ │ │ │ ├── iconWithClassName.ts
│ │ │ │ └── X.tsx
│ │ │ └── utils.ts
│ │ ├── tailwind.config.js
│ │ └── tsconfig.json
│ └── nextjs
│ ├── .env.example
│ ├── .gitignore
│ ├── app
│ │ ├── (auth)
│ │ │ ├── forget-password
│ │ │ │ └── page.tsx
│ │ │ ├── reset-password
│ │ │ │ └── page.tsx
│ │ │ ├── sign-in
│ │ │ │ ├── loading.tsx
│ │ │ │ └── page.tsx
│ │ │ └── two-factor
│ │ │ ├── otp
│ │ │ │ └── page.tsx
│ │ │ └── page.tsx
│ │ ├── accept-invitation
│ │ │ └── [id]
│ │ │ ├── invitation-error.tsx
│ │ │ └── page.tsx
│ │ ├── admin
│ │ │ └── page.tsx
│ │ ├── api
│ │ │ └── auth
│ │ │ └── [...all]
│ │ │ └── route.ts
│ │ ├── apps
│ │ │ └── register
│ │ │ └── page.tsx
│ │ ├── client-test
│ │ │ └── page.tsx
│ │ ├── dashboard
│ │ │ ├── change-plan.tsx
│ │ │ ├── client.tsx
│ │ │ ├── organization-card.tsx
│ │ │ ├── page.tsx
│ │ │ ├── upgrade-button.tsx
│ │ │ └── user-card.tsx
│ │ ├── device
│ │ │ ├── approve
│ │ │ │ └── page.tsx
│ │ │ ├── denied
│ │ │ │ └── page.tsx
│ │ │ ├── layout.tsx
│ │ │ ├── page.tsx
│ │ │ └── success
│ │ │ └── page.tsx
│ │ ├── favicon.ico
│ │ ├── features.tsx
│ │ ├── fonts
│ │ │ ├── GeistMonoVF.woff
│ │ │ └── GeistVF.woff
│ │ ├── globals.css
│ │ ├── layout.tsx
│ │ ├── oauth
│ │ │ └── authorize
│ │ │ ├── concet-buttons.tsx
│ │ │ └── page.tsx
│ │ ├── page.tsx
│ │ └── pricing
│ │ └── page.tsx
│ ├── components
│ │ ├── account-switch.tsx
│ │ ├── blocks
│ │ │ └── pricing.tsx
│ │ ├── logo.tsx
│ │ ├── one-tap.tsx
│ │ ├── sign-in-btn.tsx
│ │ ├── sign-in.tsx
│ │ ├── sign-up.tsx
│ │ ├── theme-provider.tsx
│ │ ├── theme-toggle.tsx
│ │ ├── tier-labels.tsx
│ │ ├── ui
│ │ │ ├── accordion.tsx
│ │ │ ├── alert-dialog.tsx
│ │ │ ├── alert.tsx
│ │ │ ├── aspect-ratio.tsx
│ │ │ ├── avatar.tsx
│ │ │ ├── badge.tsx
│ │ │ ├── breadcrumb.tsx
│ │ │ ├── button.tsx
│ │ │ ├── calendar.tsx
│ │ │ ├── card.tsx
│ │ │ ├── carousel.tsx
│ │ │ ├── chart.tsx
│ │ │ ├── checkbox.tsx
│ │ │ ├── collapsible.tsx
│ │ │ ├── command.tsx
│ │ │ ├── context-menu.tsx
│ │ │ ├── copy-button.tsx
│ │ │ ├── dialog.tsx
│ │ │ ├── drawer.tsx
│ │ │ ├── dropdown-menu.tsx
│ │ │ ├── form.tsx
│ │ │ ├── hover-card.tsx
│ │ │ ├── input-otp.tsx
│ │ │ ├── input.tsx
│ │ │ ├── label.tsx
│ │ │ ├── menubar.tsx
│ │ │ ├── navigation-menu.tsx
│ │ │ ├── pagination.tsx
│ │ │ ├── password-input.tsx
│ │ │ ├── popover.tsx
│ │ │ ├── progress.tsx
│ │ │ ├── radio-group.tsx
│ │ │ ├── resizable.tsx
│ │ │ ├── scroll-area.tsx
│ │ │ ├── select.tsx
│ │ │ ├── separator.tsx
│ │ │ ├── sheet.tsx
│ │ │ ├── skeleton.tsx
│ │ │ ├── slider.tsx
│ │ │ ├── sonner.tsx
│ │ │ ├── switch.tsx
│ │ │ ├── table.tsx
│ │ │ ├── tabs.tsx
│ │ │ ├── tabs2.tsx
│ │ │ ├── textarea.tsx
│ │ │ ├── toast.tsx
│ │ │ ├── toaster.tsx
│ │ │ ├── toggle-group.tsx
│ │ │ ├── toggle.tsx
│ │ │ └── tooltip.tsx
│ │ └── wrapper.tsx
│ ├── components.json
│ ├── hooks
│ │ └── use-toast.ts
│ ├── lib
│ │ ├── auth-client.ts
│ │ ├── auth-types.ts
│ │ ├── auth.ts
│ │ ├── email
│ │ │ ├── invitation.tsx
│ │ │ ├── resend.ts
│ │ │ └── reset-password.tsx
│ │ ├── metadata.ts
│ │ ├── shared.ts
│ │ └── utils.ts
│ ├── next.config.ts
│ ├── package.json
│ ├── postcss.config.mjs
│ ├── proxy.ts
│ ├── public
│ │ ├── __og.png
│ │ ├── _og.png
│ │ ├── favicon
│ │ │ ├── android-chrome-192x192.png
│ │ │ ├── android-chrome-512x512.png
│ │ │ ├── apple-touch-icon.png
│ │ │ ├── favicon-16x16.png
│ │ │ ├── favicon-32x32.png
│ │ │ ├── favicon.ico
│ │ │ ├── light
│ │ │ │ ├── android-chrome-192x192.png
│ │ │ │ ├── android-chrome-512x512.png
│ │ │ │ ├── apple-touch-icon.png
│ │ │ │ ├── favicon-16x16.png
│ │ │ │ ├── favicon-32x32.png
│ │ │ │ ├── favicon.ico
│ │ │ │ └── site.webmanifest
│ │ │ └── site.webmanifest
│ │ ├── logo.svg
│ │ └── og.png
│ ├── README.md
│ ├── tailwind.config.ts
│ ├── tsconfig.json
│ └── turbo.json
├── docker-compose.yml
├── docs
│ ├── .env.example
│ ├── .gitignore
│ ├── app
│ │ ├── api
│ │ │ ├── ai-chat
│ │ │ │ └── route.ts
│ │ │ ├── analytics
│ │ │ │ ├── conversation
│ │ │ │ │ └── route.ts
│ │ │ │ ├── event
│ │ │ │ │ └── route.ts
│ │ │ │ └── feedback
│ │ │ │ └── route.ts
│ │ │ ├── chat
│ │ │ │ └── route.ts
│ │ │ ├── og
│ │ │ │ └── route.tsx
│ │ │ ├── og-release
│ │ │ │ └── route.tsx
│ │ │ ├── search
│ │ │ │ └── route.ts
│ │ │ └── support
│ │ │ └── route.ts
│ │ ├── blog
│ │ │ ├── _components
│ │ │ │ ├── _layout.tsx
│ │ │ │ ├── blog-list.tsx
│ │ │ │ ├── changelog-layout.tsx
│ │ │ │ ├── default-changelog.tsx
│ │ │ │ ├── fmt-dates.tsx
│ │ │ │ ├── icons.tsx
│ │ │ │ ├── stat-field.tsx
│ │ │ │ └── support.tsx
│ │ │ ├── [[...slug]]
│ │ │ │ └── page.tsx
│ │ │ └── layout.tsx
│ │ ├── changelogs
│ │ │ ├── _components
│ │ │ │ ├── _layout.tsx
│ │ │ │ ├── changelog-layout.tsx
│ │ │ │ ├── default-changelog.tsx
│ │ │ │ ├── fmt-dates.tsx
│ │ │ │ ├── grid-pattern.tsx
│ │ │ │ ├── icons.tsx
│ │ │ │ └── stat-field.tsx
│ │ │ ├── [[...slug]]
│ │ │ │ └── page.tsx
│ │ │ └── layout.tsx
│ │ ├── community
│ │ │ ├── _components
│ │ │ │ ├── header.tsx
│ │ │ │ └── stats.tsx
│ │ │ └── page.tsx
│ │ ├── docs
│ │ │ ├── [[...slug]]
│ │ │ │ ├── page.client.tsx
│ │ │ │ └── page.tsx
│ │ │ ├── layout.tsx
│ │ │ └── lib
│ │ │ └── get-llm-text.ts
│ │ ├── global.css
│ │ ├── layout.config.tsx
│ │ ├── layout.tsx
│ │ ├── llms.txt
│ │ │ ├── [...slug]
│ │ │ │ └── route.ts
│ │ │ └── route.ts
│ │ ├── not-found.tsx
│ │ ├── page.tsx
│ │ ├── reference
│ │ │ └── route.ts
│ │ ├── sitemap.xml
│ │ ├── static.json
│ │ │ └── route.ts
│ │ └── v1
│ │ ├── _components
│ │ │ └── v1-text.tsx
│ │ ├── bg-line.tsx
│ │ └── page.tsx
│ ├── assets
│ │ ├── Geist.ttf
│ │ └── GeistMono.ttf
│ ├── components
│ │ ├── ai-chat-modal.tsx
│ │ ├── anchor-scroll-fix.tsx
│ │ ├── api-method-tabs.tsx
│ │ ├── api-method.tsx
│ │ ├── banner.tsx
│ │ ├── blocks
│ │ │ └── features.tsx
│ │ ├── builder
│ │ │ ├── beam.tsx
│ │ │ ├── code-tabs
│ │ │ │ ├── code-editor.tsx
│ │ │ │ ├── code-tabs.tsx
│ │ │ │ ├── index.tsx
│ │ │ │ ├── tab-bar.tsx
│ │ │ │ └── theme.ts
│ │ │ ├── index.tsx
│ │ │ ├── sign-in.tsx
│ │ │ ├── sign-up.tsx
│ │ │ ├── social-provider.tsx
│ │ │ ├── store.ts
│ │ │ └── tabs.tsx
│ │ ├── display-techstack.tsx
│ │ ├── divider-text.tsx
│ │ ├── docs
│ │ │ ├── docs.client.tsx
│ │ │ ├── docs.tsx
│ │ │ ├── layout
│ │ │ │ ├── nav.tsx
│ │ │ │ ├── theme-toggle.tsx
│ │ │ │ ├── toc-thumb.tsx
│ │ │ │ └── toc.tsx
│ │ │ ├── page.client.tsx
│ │ │ ├── page.tsx
│ │ │ ├── shared.tsx
│ │ │ └── ui
│ │ │ ├── button.tsx
│ │ │ ├── collapsible.tsx
│ │ │ ├── popover.tsx
│ │ │ └── scroll-area.tsx
│ │ ├── endpoint.tsx
│ │ ├── features.tsx
│ │ ├── floating-ai-search.tsx
│ │ ├── fork-button.tsx
│ │ ├── generate-apple-jwt.tsx
│ │ ├── generate-secret.tsx
│ │ ├── github-stat.tsx
│ │ ├── icons.tsx
│ │ ├── landing
│ │ │ ├── gradient-bg.tsx
│ │ │ ├── grid-pattern.tsx
│ │ │ ├── hero.tsx
│ │ │ ├── section-svg.tsx
│ │ │ ├── section.tsx
│ │ │ ├── spotlight.tsx
│ │ │ └── testimonials.tsx
│ │ ├── logo-context-menu.tsx
│ │ ├── logo.tsx
│ │ ├── markdown-renderer.tsx
│ │ ├── markdown.tsx
│ │ ├── mdx
│ │ │ ├── add-to-cursor.tsx
│ │ │ └── database-tables.tsx
│ │ ├── message-feedback.tsx
│ │ ├── mobile-search-icon.tsx
│ │ ├── nav-bar.tsx
│ │ ├── nav-link.tsx
│ │ ├── nav-mobile.tsx
│ │ ├── promo-card.tsx
│ │ ├── resource-card.tsx
│ │ ├── resource-grid.tsx
│ │ ├── resource-section.tsx
│ │ ├── ripple.tsx
│ │ ├── search-dialog.tsx
│ │ ├── side-bar.tsx
│ │ ├── sidebar-content.tsx
│ │ ├── techstack-icons.tsx
│ │ ├── theme-provider.tsx
│ │ ├── theme-toggler.tsx
│ │ └── ui
│ │ ├── accordion.tsx
│ │ ├── alert-dialog.tsx
│ │ ├── alert.tsx
│ │ ├── aside-link.tsx
│ │ ├── aspect-ratio.tsx
│ │ ├── avatar.tsx
│ │ ├── background-beams.tsx
│ │ ├── background-boxes.tsx
│ │ ├── badge.tsx
│ │ ├── breadcrumb.tsx
│ │ ├── button.tsx
│ │ ├── calendar.tsx
│ │ ├── callout.tsx
│ │ ├── card.tsx
│ │ ├── carousel.tsx
│ │ ├── chart.tsx
│ │ ├── checkbox.tsx
│ │ ├── code-block.tsx
│ │ ├── collapsible.tsx
│ │ ├── command.tsx
│ │ ├── context-menu.tsx
│ │ ├── dialog.tsx
│ │ ├── drawer.tsx
│ │ ├── dropdown-menu.tsx
│ │ ├── dynamic-code-block.tsx
│ │ ├── fade-in.tsx
│ │ ├── form.tsx
│ │ ├── hover-card.tsx
│ │ ├── input-otp.tsx
│ │ ├── input.tsx
│ │ ├── label.tsx
│ │ ├── menubar.tsx
│ │ ├── navigation-menu.tsx
│ │ ├── pagination.tsx
│ │ ├── popover.tsx
│ │ ├── progress.tsx
│ │ ├── radio-group.tsx
│ │ ├── resizable.tsx
│ │ ├── scroll-area.tsx
│ │ ├── select.tsx
│ │ ├── separator.tsx
│ │ ├── sheet.tsx
│ │ ├── sidebar.tsx
│ │ ├── skeleton.tsx
│ │ ├── slider.tsx
│ │ ├── sonner.tsx
│ │ ├── sparkles.tsx
│ │ ├── switch.tsx
│ │ ├── table.tsx
│ │ ├── tabs.tsx
│ │ ├── textarea.tsx
│ │ ├── toggle-group.tsx
│ │ ├── toggle.tsx
│ │ ├── tooltip-docs.tsx
│ │ ├── tooltip.tsx
│ │ └── use-copy-button.tsx
│ ├── components.json
│ ├── content
│ │ ├── blogs
│ │ │ ├── 0-supabase-auth-to-planetscale-migration.mdx
│ │ │ ├── 1-3.mdx
│ │ │ ├── authjs-joins-better-auth.mdx
│ │ │ └── seed-round.mdx
│ │ ├── changelogs
│ │ │ ├── 1-2.mdx
│ │ │ └── 1.0.mdx
│ │ └── docs
│ │ ├── adapters
│ │ │ ├── community-adapters.mdx
│ │ │ ├── drizzle.mdx
│ │ │ ├── mongo.mdx
│ │ │ ├── mssql.mdx
│ │ │ ├── mysql.mdx
│ │ │ ├── other-relational-databases.mdx
│ │ │ ├── postgresql.mdx
│ │ │ ├── prisma.mdx
│ │ │ └── sqlite.mdx
│ │ ├── authentication
│ │ │ ├── apple.mdx
│ │ │ ├── atlassian.mdx
│ │ │ ├── cognito.mdx
│ │ │ ├── discord.mdx
│ │ │ ├── dropbox.mdx
│ │ │ ├── email-password.mdx
│ │ │ ├── facebook.mdx
│ │ │ ├── figma.mdx
│ │ │ ├── github.mdx
│ │ │ ├── gitlab.mdx
│ │ │ ├── google.mdx
│ │ │ ├── huggingface.mdx
│ │ │ ├── kakao.mdx
│ │ │ ├── kick.mdx
│ │ │ ├── line.mdx
│ │ │ ├── linear.mdx
│ │ │ ├── linkedin.mdx
│ │ │ ├── microsoft.mdx
│ │ │ ├── naver.mdx
│ │ │ ├── notion.mdx
│ │ │ ├── other-social-providers.mdx
│ │ │ ├── paypal.mdx
│ │ │ ├── reddit.mdx
│ │ │ ├── roblox.mdx
│ │ │ ├── salesforce.mdx
│ │ │ ├── slack.mdx
│ │ │ ├── spotify.mdx
│ │ │ ├── tiktok.mdx
│ │ │ ├── twitch.mdx
│ │ │ ├── twitter.mdx
│ │ │ ├── vk.mdx
│ │ │ └── zoom.mdx
│ │ ├── basic-usage.mdx
│ │ ├── comparison.mdx
│ │ ├── concepts
│ │ │ ├── api.mdx
│ │ │ ├── cli.mdx
│ │ │ ├── client.mdx
│ │ │ ├── cookies.mdx
│ │ │ ├── database.mdx
│ │ │ ├── email.mdx
│ │ │ ├── hooks.mdx
│ │ │ ├── oauth.mdx
│ │ │ ├── plugins.mdx
│ │ │ ├── rate-limit.mdx
│ │ │ ├── session-management.mdx
│ │ │ ├── typescript.mdx
│ │ │ └── users-accounts.mdx
│ │ ├── examples
│ │ │ ├── astro.mdx
│ │ │ ├── next-js.mdx
│ │ │ ├── nuxt.mdx
│ │ │ ├── remix.mdx
│ │ │ └── svelte-kit.mdx
│ │ ├── guides
│ │ │ ├── auth0-migration-guide.mdx
│ │ │ ├── browser-extension-guide.mdx
│ │ │ ├── clerk-migration-guide.mdx
│ │ │ ├── create-a-db-adapter.mdx
│ │ │ ├── next-auth-migration-guide.mdx
│ │ │ ├── optimizing-for-performance.mdx
│ │ │ ├── saml-sso-with-okta.mdx
│ │ │ ├── supabase-migration-guide.mdx
│ │ │ └── your-first-plugin.mdx
│ │ ├── installation.mdx
│ │ ├── integrations
│ │ │ ├── astro.mdx
│ │ │ ├── convex.mdx
│ │ │ ├── elysia.mdx
│ │ │ ├── expo.mdx
│ │ │ ├── express.mdx
│ │ │ ├── fastify.mdx
│ │ │ ├── hono.mdx
│ │ │ ├── lynx.mdx
│ │ │ ├── nestjs.mdx
│ │ │ ├── next.mdx
│ │ │ ├── nitro.mdx
│ │ │ ├── nuxt.mdx
│ │ │ ├── remix.mdx
│ │ │ ├── solid-start.mdx
│ │ │ ├── svelte-kit.mdx
│ │ │ ├── tanstack.mdx
│ │ │ └── waku.mdx
│ │ ├── introduction.mdx
│ │ ├── meta.json
│ │ ├── plugins
│ │ │ ├── 2fa.mdx
│ │ │ ├── admin.mdx
│ │ │ ├── anonymous.mdx
│ │ │ ├── api-key.mdx
│ │ │ ├── autumn.mdx
│ │ │ ├── bearer.mdx
│ │ │ ├── captcha.mdx
│ │ │ ├── community-plugins.mdx
│ │ │ ├── device-authorization.mdx
│ │ │ ├── dodopayments.mdx
│ │ │ ├── dub.mdx
│ │ │ ├── email-otp.mdx
│ │ │ ├── generic-oauth.mdx
│ │ │ ├── have-i-been-pwned.mdx
│ │ │ ├── jwt.mdx
│ │ │ ├── last-login-method.mdx
│ │ │ ├── magic-link.mdx
│ │ │ ├── mcp.mdx
│ │ │ ├── multi-session.mdx
│ │ │ ├── oauth-proxy.mdx
│ │ │ ├── oidc-provider.mdx
│ │ │ ├── one-tap.mdx
│ │ │ ├── one-time-token.mdx
│ │ │ ├── open-api.mdx
│ │ │ ├── organization.mdx
│ │ │ ├── passkey.mdx
│ │ │ ├── phone-number.mdx
│ │ │ ├── polar.mdx
│ │ │ ├── siwe.mdx
│ │ │ ├── sso.mdx
│ │ │ ├── stripe.mdx
│ │ │ └── username.mdx
│ │ └── reference
│ │ ├── contributing.mdx
│ │ ├── faq.mdx
│ │ ├── options.mdx
│ │ ├── resources.mdx
│ │ ├── security.mdx
│ │ └── telemetry.mdx
│ ├── hooks
│ │ └── use-mobile.ts
│ ├── ignore-build.sh
│ ├── lib
│ │ ├── blog.ts
│ │ ├── chat
│ │ │ └── inkeep-qa-schema.ts
│ │ ├── constants.ts
│ │ ├── export-search-indexes.ts
│ │ ├── inkeep-analytics.ts
│ │ ├── is-active.ts
│ │ ├── metadata.ts
│ │ ├── source.ts
│ │ └── utils.ts
│ ├── next.config.js
│ ├── package.json
│ ├── postcss.config.js
│ ├── proxy.ts
│ ├── public
│ │ ├── avatars
│ │ │ └── beka.jpg
│ │ ├── blogs
│ │ │ ├── authjs-joins.png
│ │ │ ├── seed-round.png
│ │ │ └── supabase-ps.png
│ │ ├── branding
│ │ │ ├── better-auth-brand-assets.zip
│ │ │ ├── better-auth-logo-dark.png
│ │ │ ├── better-auth-logo-dark.svg
│ │ │ ├── better-auth-logo-light.png
│ │ │ ├── better-auth-logo-light.svg
│ │ │ ├── better-auth-logo-wordmark-dark.png
│ │ │ ├── better-auth-logo-wordmark-dark.svg
│ │ │ ├── better-auth-logo-wordmark-light.png
│ │ │ └── better-auth-logo-wordmark-light.svg
│ │ ├── extension-id.png
│ │ ├── favicon
│ │ │ ├── android-chrome-192x192.png
│ │ │ ├── android-chrome-512x512.png
│ │ │ ├── apple-touch-icon.png
│ │ │ ├── favicon-16x16.png
│ │ │ ├── favicon-32x32.png
│ │ │ ├── favicon.ico
│ │ │ ├── light
│ │ │ │ ├── android-chrome-192x192.png
│ │ │ │ ├── android-chrome-512x512.png
│ │ │ │ ├── apple-touch-icon.png
│ │ │ │ ├── favicon-16x16.png
│ │ │ │ ├── favicon-32x32.png
│ │ │ │ ├── favicon.ico
│ │ │ │ └── site.webmanifest
│ │ │ └── site.webmanifest
│ │ ├── images
│ │ │ └── blogs
│ │ │ └── better auth (1).png
│ │ ├── logo.png
│ │ ├── logo.svg
│ │ ├── LogoDark.webp
│ │ ├── LogoLight.webp
│ │ ├── og.png
│ │ ├── open-api-reference.png
│ │ ├── people-say
│ │ │ ├── code-with-antonio.jpg
│ │ │ ├── dagmawi-babi.png
│ │ │ ├── dax.png
│ │ │ ├── dev-ed.png
│ │ │ ├── egoist.png
│ │ │ ├── guillermo-rauch.png
│ │ │ ├── jonathan-wilke.png
│ │ │ ├── josh-tried-coding.jpg
│ │ │ ├── kitze.jpg
│ │ │ ├── lazar-nikolov.png
│ │ │ ├── nizzy.png
│ │ │ ├── omar-mcadam.png
│ │ │ ├── ryan-vogel.jpg
│ │ │ ├── saltyatom.jpg
│ │ │ ├── sebastien-chopin.png
│ │ │ ├── shreyas-mididoddi.png
│ │ │ ├── tech-nerd.png
│ │ │ ├── theo.png
│ │ │ ├── vybhav-bhargav.png
│ │ │ └── xavier-pladevall.jpg
│ │ ├── plus.svg
│ │ ├── release-og
│ │ │ ├── 1-2.png
│ │ │ ├── 1-3.png
│ │ │ └── changelog-og.png
│ │ └── v1-og.png
│ ├── README.md
│ ├── scripts
│ │ ├── endpoint-to-doc
│ │ │ ├── index.ts
│ │ │ ├── input.ts
│ │ │ ├── output.mdx
│ │ │ └── readme.md
│ │ └── sync-orama.ts
│ ├── source.config.ts
│ ├── tailwind.config.js
│ ├── tsconfig.json
│ └── turbo.json
├── e2e
│ ├── integration
│ │ ├── package.json
│ │ ├── playwright.config.ts
│ │ ├── solid-vinxi
│ │ │ ├── .gitignore
│ │ │ ├── app.config.ts
│ │ │ ├── e2e
│ │ │ │ ├── test.spec.ts
│ │ │ │ └── utils.ts
│ │ │ ├── package.json
│ │ │ ├── public
│ │ │ │ └── favicon.ico
│ │ │ ├── src
│ │ │ │ ├── app.tsx
│ │ │ │ ├── entry-client.tsx
│ │ │ │ ├── entry-server.tsx
│ │ │ │ ├── global.d.ts
│ │ │ │ ├── lib
│ │ │ │ │ ├── auth-client.ts
│ │ │ │ │ └── auth.ts
│ │ │ │ └── routes
│ │ │ │ ├── [...404].tsx
│ │ │ │ ├── api
│ │ │ │ │ └── auth
│ │ │ │ │ └── [...all].ts
│ │ │ │ └── index.tsx
│ │ │ └── tsconfig.json
│ │ ├── test-utils
│ │ │ ├── package.json
│ │ │ └── src
│ │ │ └── playwright.ts
│ │ └── vanilla-node
│ │ ├── e2e
│ │ │ ├── app.ts
│ │ │ ├── domain.spec.ts
│ │ │ ├── postgres-js.spec.ts
│ │ │ ├── test.spec.ts
│ │ │ └── utils.ts
│ │ ├── index.html
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── main.ts
│ │ │ └── vite-env.d.ts
│ │ ├── tsconfig.json
│ │ └── vite.config.ts
│ └── smoke
│ ├── package.json
│ ├── test
│ │ ├── bun.spec.ts
│ │ ├── cloudflare.spec.ts
│ │ ├── deno.spec.ts
│ │ ├── fixtures
│ │ │ ├── bun-simple.ts
│ │ │ ├── cloudflare
│ │ │ │ ├── .gitignore
│ │ │ │ ├── drizzle
│ │ │ │ │ ├── 0000_clean_vector.sql
│ │ │ │ │ └── meta
│ │ │ │ │ ├── _journal.json
│ │ │ │ │ └── 0000_snapshot.json
│ │ │ │ ├── drizzle.config.ts
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ ├── auth-schema.ts
│ │ │ │ │ ├── db.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── test
│ │ │ │ │ ├── apply-migrations.ts
│ │ │ │ │ ├── env.d.ts
│ │ │ │ │ └── index.test.ts
│ │ │ │ ├── tsconfig.json
│ │ │ │ ├── vitest.config.ts
│ │ │ │ ├── worker-configuration.d.ts
│ │ │ │ └── wrangler.json
│ │ │ ├── deno-simple.ts
│ │ │ ├── tsconfig-exact-optional-property-types
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── user-additional-fields.ts
│ │ │ │ │ └── username.ts
│ │ │ │ └── tsconfig.json
│ │ │ ├── tsconfig-verbatim-module-syntax-node10
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ └── index.ts
│ │ │ │ └── tsconfig.json
│ │ │ └── vite
│ │ │ ├── package.json
│ │ │ ├── src
│ │ │ │ ├── client.ts
│ │ │ │ └── server.ts
│ │ │ ├── tsconfig.json
│ │ │ └── vite.config.ts
│ │ ├── ssr.ts
│ │ ├── typecheck.spec.ts
│ │ └── vite.spec.ts
│ └── tsconfig.json
├── LICENSE.md
├── package.json
├── packages
│ ├── better-auth
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── __snapshots__
│ │ │ │ └── init.test.ts.snap
│ │ │ ├── adapters
│ │ │ │ ├── adapter-factory
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── test
│ │ │ │ │ │ ├── __snapshots__
│ │ │ │ │ │ │ └── adapter-factory.test.ts.snap
│ │ │ │ │ │ └── adapter-factory.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── create-test-suite.ts
│ │ │ │ ├── drizzle-adapter
│ │ │ │ │ ├── drizzle-adapter.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── test
│ │ │ │ │ ├── .gitignore
│ │ │ │ │ ├── adapter.drizzle.mysql.test.ts
│ │ │ │ │ ├── adapter.drizzle.pg.test.ts
│ │ │ │ │ ├── adapter.drizzle.sqlite.test.ts
│ │ │ │ │ └── generate-schema.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── kysely-adapter
│ │ │ │ │ ├── bun-sqlite-dialect.ts
│ │ │ │ │ ├── dialect.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── kysely-adapter.ts
│ │ │ │ │ ├── node-sqlite-dialect.ts
│ │ │ │ │ ├── test
│ │ │ │ │ │ ├── adapter.kysely.mssql.test.ts
│ │ │ │ │ │ ├── adapter.kysely.mysql.test.ts
│ │ │ │ │ │ ├── adapter.kysely.pg.test.ts
│ │ │ │ │ │ ├── adapter.kysely.sqlite.test.ts
│ │ │ │ │ │ └── node-sqlite-dialect.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── memory-adapter
│ │ │ │ │ ├── adapter.memory.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── memory-adapter.ts
│ │ │ │ ├── mongodb-adapter
│ │ │ │ │ ├── adapter.mongo-db.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── mongodb-adapter.ts
│ │ │ │ ├── prisma-adapter
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── prisma-adapter.ts
│ │ │ │ │ └── test
│ │ │ │ │ ├── .gitignore
│ │ │ │ │ ├── base.prisma
│ │ │ │ │ ├── generate-auth-config.ts
│ │ │ │ │ ├── generate-prisma-schema.ts
│ │ │ │ │ ├── get-prisma-client.ts
│ │ │ │ │ ├── prisma.mysql.test.ts
│ │ │ │ │ ├── prisma.pg.test.ts
│ │ │ │ │ ├── prisma.sqlite.test.ts
│ │ │ │ │ └── push-prisma-schema.ts
│ │ │ │ ├── test-adapter.ts
│ │ │ │ ├── test.ts
│ │ │ │ ├── tests
│ │ │ │ │ ├── auth-flow.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── normal.ts
│ │ │ │ │ ├── number-id.ts
│ │ │ │ │ ├── performance.ts
│ │ │ │ │ └── transactions.ts
│ │ │ │ └── utils.ts
│ │ │ ├── api
│ │ │ │ ├── check-endpoint-conflicts.test.ts
│ │ │ │ ├── index.test.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── middlewares
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── origin-check.test.ts
│ │ │ │ │ └── origin-check.ts
│ │ │ │ ├── rate-limiter
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── rate-limiter.test.ts
│ │ │ │ ├── routes
│ │ │ │ │ ├── account.test.ts
│ │ │ │ │ ├── account.ts
│ │ │ │ │ ├── callback.ts
│ │ │ │ │ ├── email-verification.test.ts
│ │ │ │ │ ├── email-verification.ts
│ │ │ │ │ ├── error.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── ok.ts
│ │ │ │ │ ├── reset-password.test.ts
│ │ │ │ │ ├── reset-password.ts
│ │ │ │ │ ├── session-api.test.ts
│ │ │ │ │ ├── session.ts
│ │ │ │ │ ├── sign-in.test.ts
│ │ │ │ │ ├── sign-in.ts
│ │ │ │ │ ├── sign-out.test.ts
│ │ │ │ │ ├── sign-out.ts
│ │ │ │ │ ├── sign-up.test.ts
│ │ │ │ │ ├── sign-up.ts
│ │ │ │ │ ├── update-user.test.ts
│ │ │ │ │ └── update-user.ts
│ │ │ │ ├── to-auth-endpoints.test.ts
│ │ │ │ └── to-auth-endpoints.ts
│ │ │ ├── auth.test.ts
│ │ │ ├── auth.ts
│ │ │ ├── call.test.ts
│ │ │ ├── client
│ │ │ │ ├── client-ssr.test.ts
│ │ │ │ ├── client.test.ts
│ │ │ │ ├── config.ts
│ │ │ │ ├── fetch-plugins.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── lynx
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── lynx-store.ts
│ │ │ │ ├── parser.ts
│ │ │ │ ├── path-to-object.ts
│ │ │ │ ├── plugins
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── infer-plugin.ts
│ │ │ │ ├── proxy.ts
│ │ │ │ ├── query.ts
│ │ │ │ ├── react
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── react-store.ts
│ │ │ │ ├── session-atom.ts
│ │ │ │ ├── solid
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── solid-store.ts
│ │ │ │ ├── svelte
│ │ │ │ │ └── index.ts
│ │ │ │ ├── test-plugin.ts
│ │ │ │ ├── types.ts
│ │ │ │ ├── url.test.ts
│ │ │ │ ├── vanilla.ts
│ │ │ │ └── vue
│ │ │ │ ├── index.ts
│ │ │ │ └── vue-store.ts
│ │ │ ├── cookies
│ │ │ │ ├── check-cookies.ts
│ │ │ │ ├── cookie-utils.ts
│ │ │ │ ├── cookies.test.ts
│ │ │ │ └── index.ts
│ │ │ ├── crypto
│ │ │ │ ├── buffer.ts
│ │ │ │ ├── hash.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── jwt.ts
│ │ │ │ ├── password.test.ts
│ │ │ │ ├── password.ts
│ │ │ │ └── random.ts
│ │ │ ├── db
│ │ │ │ ├── db.test.ts
│ │ │ │ ├── field.ts
│ │ │ │ ├── get-migration.ts
│ │ │ │ ├── get-schema.ts
│ │ │ │ ├── get-tables.test.ts
│ │ │ │ ├── get-tables.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── internal-adapter.test.ts
│ │ │ │ ├── internal-adapter.ts
│ │ │ │ ├── schema.ts
│ │ │ │ ├── secondary-storage.test.ts
│ │ │ │ ├── to-zod.ts
│ │ │ │ ├── utils.ts
│ │ │ │ └── with-hooks.ts
│ │ │ ├── index.ts
│ │ │ ├── init.test.ts
│ │ │ ├── init.ts
│ │ │ ├── integrations
│ │ │ │ ├── next-js.ts
│ │ │ │ ├── node.ts
│ │ │ │ ├── react-start.ts
│ │ │ │ ├── solid-start.ts
│ │ │ │ └── svelte-kit.ts
│ │ │ ├── oauth2
│ │ │ │ ├── index.ts
│ │ │ │ ├── link-account.test.ts
│ │ │ │ ├── link-account.ts
│ │ │ │ ├── state.ts
│ │ │ │ └── utils.ts
│ │ │ ├── plugins
│ │ │ │ ├── access
│ │ │ │ │ ├── access.test.ts
│ │ │ │ │ ├── access.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── additional-fields
│ │ │ │ │ ├── additional-fields.test.ts
│ │ │ │ │ └── client.ts
│ │ │ │ ├── admin
│ │ │ │ │ ├── access
│ │ │ │ │ │ ├── index.ts
│ │ │ │ │ │ └── statement.ts
│ │ │ │ │ ├── admin.test.ts
│ │ │ │ │ ├── admin.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── error-codes.ts
│ │ │ │ │ ├── has-permission.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── anonymous
│ │ │ │ │ ├── anon.test.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── api-key
│ │ │ │ │ ├── api-key.test.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── rate-limit.ts
│ │ │ │ │ ├── routes
│ │ │ │ │ │ ├── create-api-key.ts
│ │ │ │ │ │ ├── delete-all-expired-api-keys.ts
│ │ │ │ │ │ ├── delete-api-key.ts
│ │ │ │ │ │ ├── get-api-key.ts
│ │ │ │ │ │ ├── index.ts
│ │ │ │ │ │ ├── list-api-keys.ts
│ │ │ │ │ │ ├── update-api-key.ts
│ │ │ │ │ │ └── verify-api-key.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── bearer
│ │ │ │ │ ├── bearer.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── captcha
│ │ │ │ │ ├── captcha.test.ts
│ │ │ │ │ ├── constants.ts
│ │ │ │ │ ├── error-codes.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ ├── utils.ts
│ │ │ │ │ └── verify-handlers
│ │ │ │ │ ├── captchafox.ts
│ │ │ │ │ ├── cloudflare-turnstile.ts
│ │ │ │ │ ├── google-recaptcha.ts
│ │ │ │ │ ├── h-captcha.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── custom-session
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── custom-session.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── device-authorization
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── device-authorization.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── schema.ts
│ │ │ │ ├── email-otp
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── email-otp.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── generic-oauth
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── generic-oauth.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── haveibeenpwned
│ │ │ │ │ ├── haveibeenpwned.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── jwt
│ │ │ │ │ ├── adapter.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── jwt.test.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── sign.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── last-login-method
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── custom-prefix.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── last-login-method.test.ts
│ │ │ │ ├── magic-link
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── magic-link.test.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── mcp
│ │ │ │ │ ├── authorize.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── mcp.test.ts
│ │ │ │ ├── multi-session
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── multi-session.test.ts
│ │ │ │ ├── oauth-proxy
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── oauth-proxy.test.ts
│ │ │ │ ├── oidc-provider
│ │ │ │ │ ├── authorize.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── oidc.test.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ ├── ui.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── one-tap
│ │ │ │ │ ├── client.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── one-time-token
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── one-time-token.test.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── open-api
│ │ │ │ │ ├── generator.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── logo.ts
│ │ │ │ │ └── open-api.test.ts
│ │ │ │ ├── organization
│ │ │ │ │ ├── access
│ │ │ │ │ │ ├── index.ts
│ │ │ │ │ │ └── statement.ts
│ │ │ │ │ ├── adapter.ts
│ │ │ │ │ ├── call.ts
│ │ │ │ │ ├── client.test.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── error-codes.ts
│ │ │ │ │ ├── has-permission.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── organization-hook.test.ts
│ │ │ │ │ ├── organization.test.ts
│ │ │ │ │ ├── organization.ts
│ │ │ │ │ ├── permission.ts
│ │ │ │ │ ├── routes
│ │ │ │ │ │ ├── crud-access-control.test.ts
│ │ │ │ │ │ ├── crud-access-control.ts
│ │ │ │ │ │ ├── crud-invites.ts
│ │ │ │ │ │ ├── crud-members.test.ts
│ │ │ │ │ │ ├── crud-members.ts
│ │ │ │ │ │ ├── crud-org.test.ts
│ │ │ │ │ │ ├── crud-org.ts
│ │ │ │ │ │ └── crud-team.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── team.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── passkey
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── passkey.test.ts
│ │ │ │ ├── phone-number
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── phone-number-error.ts
│ │ │ │ │ └── phone-number.test.ts
│ │ │ │ ├── siwe
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── siwe.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── sso
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── sso.test.ts
│ │ │ │ ├── two-factor
│ │ │ │ │ ├── backup-codes
│ │ │ │ │ │ └── index.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── constant.ts
│ │ │ │ │ ├── error-code.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── otp
│ │ │ │ │ │ └── index.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── totp
│ │ │ │ │ │ └── index.ts
│ │ │ │ │ ├── two-factor.test.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ ├── utils.ts
│ │ │ │ │ └── verify-two-factor.ts
│ │ │ │ └── username
│ │ │ │ ├── client.ts
│ │ │ │ ├── error-codes.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── schema.ts
│ │ │ │ └── username.test.ts
│ │ │ ├── social-providers
│ │ │ │ └── index.ts
│ │ │ ├── social.test.ts
│ │ │ ├── test-utils
│ │ │ │ ├── headers.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── state.ts
│ │ │ │ └── test-instance.ts
│ │ │ ├── types
│ │ │ │ ├── adapter.ts
│ │ │ │ ├── api.ts
│ │ │ │ ├── helper.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── models.ts
│ │ │ │ ├── plugins.ts
│ │ │ │ └── types.test.ts
│ │ │ └── utils
│ │ │ ├── await-object.ts
│ │ │ ├── boolean.ts
│ │ │ ├── clone.ts
│ │ │ ├── constants.ts
│ │ │ ├── date.ts
│ │ │ ├── ensure-utc.ts
│ │ │ ├── get-request-ip.ts
│ │ │ ├── hashing.ts
│ │ │ ├── hide-metadata.ts
│ │ │ ├── id.ts
│ │ │ ├── import-util.ts
│ │ │ ├── index.ts
│ │ │ ├── is-atom.ts
│ │ │ ├── is-promise.ts
│ │ │ ├── json.ts
│ │ │ ├── merger.ts
│ │ │ ├── middleware-response.ts
│ │ │ ├── misc.ts
│ │ │ ├── password.ts
│ │ │ ├── plugin-helper.ts
│ │ │ ├── shim.ts
│ │ │ ├── time.ts
│ │ │ ├── url.ts
│ │ │ └── wildcard.ts
│ │ ├── tsconfig.json
│ │ ├── tsdown.config.ts
│ │ └── vitest.config.ts
│ ├── cli
│ │ ├── CHANGELOG.md
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── commands
│ │ │ │ ├── generate.ts
│ │ │ │ ├── info.ts
│ │ │ │ ├── init.ts
│ │ │ │ ├── login.ts
│ │ │ │ ├── mcp.ts
│ │ │ │ ├── migrate.ts
│ │ │ │ └── secret.ts
│ │ │ ├── generators
│ │ │ │ ├── auth-config.ts
│ │ │ │ ├── drizzle.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── kysely.ts
│ │ │ │ ├── prisma.ts
│ │ │ │ └── types.ts
│ │ │ ├── index.ts
│ │ │ └── utils
│ │ │ ├── add-svelte-kit-env-modules.ts
│ │ │ ├── check-package-managers.ts
│ │ │ ├── format-ms.ts
│ │ │ ├── get-config.ts
│ │ │ ├── get-package-info.ts
│ │ │ ├── get-tsconfig-info.ts
│ │ │ └── install-dependencies.ts
│ │ ├── test
│ │ │ ├── __snapshots__
│ │ │ │ ├── auth-schema-mysql-enum.txt
│ │ │ │ ├── auth-schema-mysql-number-id.txt
│ │ │ │ ├── auth-schema-mysql-passkey-number-id.txt
│ │ │ │ ├── auth-schema-mysql-passkey.txt
│ │ │ │ ├── auth-schema-mysql.txt
│ │ │ │ ├── auth-schema-number-id.txt
│ │ │ │ ├── auth-schema-pg-enum.txt
│ │ │ │ ├── auth-schema-pg-passkey.txt
│ │ │ │ ├── auth-schema-sqlite-enum.txt
│ │ │ │ ├── auth-schema-sqlite-number-id.txt
│ │ │ │ ├── auth-schema-sqlite-passkey-number-id.txt
│ │ │ │ ├── auth-schema-sqlite-passkey.txt
│ │ │ │ ├── auth-schema-sqlite.txt
│ │ │ │ ├── auth-schema.txt
│ │ │ │ ├── migrations.sql
│ │ │ │ ├── schema-mongodb.prisma
│ │ │ │ ├── schema-mysql-custom.prisma
│ │ │ │ ├── schema-mysql.prisma
│ │ │ │ ├── schema-numberid.prisma
│ │ │ │ └── schema.prisma
│ │ │ ├── generate-all-db.test.ts
│ │ │ ├── generate.test.ts
│ │ │ ├── get-config.test.ts
│ │ │ ├── info.test.ts
│ │ │ └── migrate.test.ts
│ │ ├── tsconfig.json
│ │ ├── tsconfig.test.json
│ │ └── tsdown.config.ts
│ ├── core
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── async_hooks
│ │ │ │ └── index.ts
│ │ │ ├── context
│ │ │ │ ├── index.ts
│ │ │ │ └── transaction.ts
│ │ │ ├── db
│ │ │ │ ├── adapter
│ │ │ │ │ └── index.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── plugin.ts
│ │ │ │ ├── schema
│ │ │ │ │ ├── account.ts
│ │ │ │ │ ├── rate-limit.ts
│ │ │ │ │ ├── session.ts
│ │ │ │ │ ├── shared.ts
│ │ │ │ │ ├── user.ts
│ │ │ │ │ └── verification.ts
│ │ │ │ └── type.ts
│ │ │ ├── env
│ │ │ │ ├── color-depth.ts
│ │ │ │ ├── env-impl.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── logger.test.ts
│ │ │ │ └── logger.ts
│ │ │ ├── error
│ │ │ │ ├── codes.ts
│ │ │ │ └── index.ts
│ │ │ ├── index.ts
│ │ │ ├── middleware
│ │ │ │ └── index.ts
│ │ │ ├── oauth2
│ │ │ │ ├── client-credentials-token.ts
│ │ │ │ ├── create-authorization-url.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── oauth-provider.ts
│ │ │ │ ├── refresh-access-token.ts
│ │ │ │ ├── utils.ts
│ │ │ │ └── validate-authorization-code.ts
│ │ │ ├── social-providers
│ │ │ │ ├── apple.ts
│ │ │ │ ├── atlassian.ts
│ │ │ │ ├── cognito.ts
│ │ │ │ ├── discord.ts
│ │ │ │ ├── dropbox.ts
│ │ │ │ ├── facebook.ts
│ │ │ │ ├── figma.ts
│ │ │ │ ├── github.ts
│ │ │ │ ├── gitlab.ts
│ │ │ │ ├── google.ts
│ │ │ │ ├── huggingface.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── kakao.ts
│ │ │ │ ├── kick.ts
│ │ │ │ ├── line.ts
│ │ │ │ ├── linear.ts
│ │ │ │ ├── linkedin.ts
│ │ │ │ ├── microsoft-entra-id.ts
│ │ │ │ ├── naver.ts
│ │ │ │ ├── notion.ts
│ │ │ │ ├── paypal.ts
│ │ │ │ ├── reddit.ts
│ │ │ │ ├── roblox.ts
│ │ │ │ ├── salesforce.ts
│ │ │ │ ├── slack.ts
│ │ │ │ ├── spotify.ts
│ │ │ │ ├── tiktok.ts
│ │ │ │ ├── twitch.ts
│ │ │ │ ├── twitter.ts
│ │ │ │ ├── vk.ts
│ │ │ │ └── zoom.ts
│ │ │ ├── types
│ │ │ │ ├── context.ts
│ │ │ │ ├── cookie.ts
│ │ │ │ ├── helper.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── init-options.ts
│ │ │ │ ├── plugin-client.ts
│ │ │ │ └── plugin.ts
│ │ │ └── utils
│ │ │ ├── error-codes.ts
│ │ │ └── index.ts
│ │ ├── tsconfig.json
│ │ └── tsdown.config.ts
│ ├── expo
│ │ ├── CHANGELOG.md
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── client.ts
│ │ │ ├── expo.test.ts
│ │ │ └── index.ts
│ │ ├── tsconfig.json
│ │ └── tsdown.config.ts
│ ├── sso
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── client.ts
│ │ │ ├── index.ts
│ │ │ ├── oidc.test.ts
│ │ │ └── saml.test.ts
│ │ ├── tsconfig.json
│ │ └── tsdown.config.ts
│ ├── stripe
│ │ ├── CHANGELOG.md
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── client.ts
│ │ │ ├── hooks.ts
│ │ │ ├── index.ts
│ │ │ ├── schema.ts
│ │ │ ├── stripe.test.ts
│ │ │ ├── types.ts
│ │ │ └── utils.ts
│ │ ├── tsconfig.json
│ │ ├── tsdown.config.ts
│ │ └── vitest.config.ts
│ └── telemetry
│ ├── package.json
│ ├── src
│ │ ├── detectors
│ │ │ ├── detect-auth-config.ts
│ │ │ ├── detect-database.ts
│ │ │ ├── detect-framework.ts
│ │ │ ├── detect-project-info.ts
│ │ │ ├── detect-runtime.ts
│ │ │ └── detect-system-info.ts
│ │ ├── index.ts
│ │ ├── project-id.ts
│ │ ├── telemetry.test.ts
│ │ ├── types.ts
│ │ └── utils
│ │ ├── hash.ts
│ │ ├── id.ts
│ │ ├── import-util.ts
│ │ └── package-json.ts
│ ├── tsconfig.json
│ └── tsdown.config.ts
├── pnpm-lock.yaml
├── pnpm-workspace.yaml
├── README.md
├── SECURITY.md
├── tsconfig.json
└── turbo.json
```
# Files
--------------------------------------------------------------------------------
/demo/expo-example/src/components/ui/card.tsx:
--------------------------------------------------------------------------------
```typescript
import { TextRef, ViewRef } from "@rn-primitives/types";
import * as React from "react";
import { Text, type TextProps, View, type ViewProps } from "react-native";
import { cn } from "@/lib/utils";
import { TextClassContext } from "@/components/ui/text";
const Card = React.forwardRef<ViewRef, ViewProps>(
({ className, ...props }, ref) => (
<View
ref={ref}
className={cn(
"rounded-lg border border-border bg-card shadow-sm shadow-foreground/10",
className,
)}
{...props}
/>
),
);
Card.displayName = "Card";
const CardHeader = React.forwardRef<ViewRef, ViewProps>(
({ className, ...props }, ref) => (
<View
ref={ref}
className={cn("flex flex-col space-y-1.5 p-6", className)}
{...props}
/>
),
);
CardHeader.displayName = "CardHeader";
const CardTitle = React.forwardRef<TextRef, TextProps>(
({ className, ...props }, ref) => (
<Text
role="heading"
aria-level={3}
ref={ref}
className={cn(
"text-2xl text-card-foreground font-semibold leading-none tracking-tight",
className,
)}
{...props}
/>
),
);
CardTitle.displayName = "CardTitle";
const CardDescription = React.forwardRef<TextRef, TextProps>(
({ className, ...props }, ref) => (
<Text
ref={ref}
className={cn("text-sm text-muted-foreground", className)}
{...props}
/>
),
);
CardDescription.displayName = "CardDescription";
const CardContent = React.forwardRef<ViewRef, ViewProps>(
({ className, ...props }, ref) => (
<TextClassContext.Provider value="text-card-foreground">
<View ref={ref} className={cn("p-6 pt-0", className)} {...props} />
</TextClassContext.Provider>
),
);
CardContent.displayName = "CardContent";
const CardFooter = React.forwardRef<ViewRef, ViewProps>(
({ className, ...props }, ref) => (
<View
ref={ref}
className={cn("flex flex-row items-center p-6 pt-0", className)}
{...props}
/>
),
);
CardFooter.displayName = "CardFooter";
export {
Card,
CardContent,
CardDescription,
CardFooter,
CardHeader,
CardTitle,
};
```
--------------------------------------------------------------------------------
/e2e/smoke/test/fixtures/cloudflare/src/auth-schema.ts:
--------------------------------------------------------------------------------
```typescript
import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
export const user = sqliteTable("user", {
id: text("id").primaryKey(),
name: text("name").notNull(),
email: text("email").notNull().unique(),
emailVerified: integer("email_verified", { mode: "boolean" }).notNull(),
image: text("image"),
createdAt: integer("created_at", { mode: "timestamp" }).notNull(),
updatedAt: integer("updated_at", { mode: "timestamp" }).notNull(),
});
export const session = sqliteTable("session", {
id: text("id").primaryKey(),
expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
token: text("token").notNull().unique(),
createdAt: integer("created_at", { mode: "timestamp" }).notNull(),
updatedAt: integer("updated_at", { mode: "timestamp" }).notNull(),
ipAddress: text("ip_address"),
userAgent: text("user_agent"),
userId: text("user_id")
.notNull()
.references(() => user.id, { onDelete: "cascade" }),
});
export const account = sqliteTable("account", {
id: text("id").primaryKey(),
accountId: text("account_id").notNull(),
providerId: text("provider_id").notNull(),
userId: text("user_id")
.notNull()
.references(() => user.id, { onDelete: "cascade" }),
accessToken: text("access_token"),
refreshToken: text("refresh_token"),
idToken: text("id_token"),
accessTokenExpiresAt: integer("access_token_expires_at", {
mode: "timestamp",
}),
refreshTokenExpiresAt: integer("refresh_token_expires_at", {
mode: "timestamp",
}),
scope: text("scope"),
password: text("password"),
createdAt: integer("created_at", { mode: "timestamp" }).notNull(),
updatedAt: integer("updated_at", { mode: "timestamp" }).notNull(),
});
export const verification = sqliteTable("verification", {
id: text("id").primaryKey(),
identifier: text("identifier").notNull(),
value: text("value").notNull(),
expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
createdAt: integer("created_at", { mode: "timestamp" }),
updatedAt: integer("updated_at", { mode: "timestamp" }),
});
```
--------------------------------------------------------------------------------
/packages/better-auth/src/adapters/drizzle-adapter/test/adapter.drizzle.sqlite.test.ts:
--------------------------------------------------------------------------------
```typescript
import Database from "better-sqlite3";
import { drizzleAdapter } from "../drizzle-adapter";
import { testAdapter } from "../../test-adapter";
import {
authFlowTestSuite,
normalTestSuite,
numberIdTestSuite,
performanceTestSuite,
transactionsTestSuite,
} from "../../tests";
import { drizzle } from "drizzle-orm/better-sqlite3";
import path from "path";
import {
clearSchemaCache,
generateDrizzleSchema,
resetGenerationCount,
} from "./generate-schema";
import fs from "fs/promises";
import { execSync } from "child_process";
const dbFilePath = path.join(import.meta.dirname, "test.db");
let sqliteDB = new Database(dbFilePath);
const { execute } = await testAdapter({
adapter: async (options) => {
const { schema } = await generateDrizzleSchema(sqliteDB, options, "sqlite");
return drizzleAdapter(drizzle(sqliteDB), {
debugLogs: { isRunningAdapterTests: true },
schema,
provider: "sqlite",
});
},
async runMigrations(betterAuthOptions) {
sqliteDB.close();
try {
await fs.unlink(dbFilePath);
} catch {
console.log("db file not found");
}
sqliteDB = new Database(dbFilePath);
const { fileName } = await generateDrizzleSchema(
sqliteDB,
betterAuthOptions,
"sqlite",
);
const command = `npx drizzle-kit push --dialect=sqlite --schema=${fileName}.ts --url=./test.db`;
console.log(`Running: ${command}`);
console.log(`Options:`, betterAuthOptions);
try {
// wait for the above console.log to be printed
await new Promise((resolve) => setTimeout(resolve, 10));
execSync(command, {
cwd: import.meta.dirname,
stdio: "inherit",
});
} catch (error) {
console.error("Failed to push drizzle schema (sqlite):", error);
throw error;
}
},
prefixTests: "sqlite",
tests: [
normalTestSuite(),
transactionsTestSuite({ disableTests: { ALL: true } }),
authFlowTestSuite(),
numberIdTestSuite(),
performanceTestSuite({ dialect: "sqlite" }),
],
async onFinish() {
clearSchemaCache();
resetGenerationCount();
},
});
execute();
```
--------------------------------------------------------------------------------
/packages/better-auth/src/adapters/drizzle-adapter/test/adapter.drizzle.pg.test.ts:
--------------------------------------------------------------------------------
```typescript
import { drizzleAdapter } from "../drizzle-adapter";
import { testAdapter } from "../../test-adapter";
import {
authFlowTestSuite,
normalTestSuite,
numberIdTestSuite,
performanceTestSuite,
transactionsTestSuite,
} from "../../tests";
import { drizzle } from "drizzle-orm/node-postgres";
import { generateDrizzleSchema, resetGenerationCount } from "./generate-schema";
import { Pool } from "pg";
import { execSync } from "child_process";
const pgDB = new Pool({
connectionString: "postgres://user:password@localhost:5432/better_auth",
});
const cleanupDatabase = async (shouldDestroy = false) => {
await pgDB.query(`DROP SCHEMA public CASCADE; CREATE SCHEMA public;`);
if (shouldDestroy) {
await pgDB.end();
}
};
const { execute } = await testAdapter({
adapter: async (options) => {
const { schema } = await generateDrizzleSchema(pgDB, options, "pg");
return drizzleAdapter(drizzle(pgDB), {
debugLogs: { isRunningAdapterTests: true },
schema,
provider: "pg",
transaction: true,
});
},
async runMigrations(betterAuthOptions) {
await cleanupDatabase();
const { fileName } = await generateDrizzleSchema(
pgDB,
betterAuthOptions,
"pg",
);
const command = `npx drizzle-kit push --dialect=postgresql --schema=${fileName}.ts --url=postgres://user:password@localhost:5432/better_auth`;
console.log(`Running: ${command}`);
console.log(`Options:`, betterAuthOptions);
try {
// wait for the above console.log to be printed
await new Promise((resolve) => setTimeout(resolve, 10));
execSync(command, {
cwd: import.meta.dirname,
stdio: "inherit",
});
} catch (error) {
console.error("Failed to push drizzle schema (pg):", error);
throw error;
}
},
prefixTests: "pg",
tests: [
normalTestSuite(),
transactionsTestSuite({ disableTests: { ALL: true } }),
authFlowTestSuite(),
numberIdTestSuite(),
performanceTestSuite({ dialect: "pg" }),
],
async onFinish() {
await cleanupDatabase(true);
resetGenerationCount();
},
});
execute();
```
--------------------------------------------------------------------------------
/demo/nextjs/components/ui/input-otp.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import * as React from "react";
import { DashIcon } from "@radix-ui/react-icons";
import { OTPInput, OTPInputContext } from "input-otp";
import { cn } from "@/lib/utils";
const InputOTP = ({
ref,
className,
containerClassName,
...props
}: React.ComponentPropsWithoutRef<typeof OTPInput> & {
ref: React.RefObject<React.ElementRef<typeof OTPInput>>;
}) => (
<OTPInput
ref={ref}
containerClassName={cn(
"flex items-center gap-2 has-disabled:opacity-50",
containerClassName,
)}
className={cn("disabled:cursor-not-allowed", className)}
{...props}
/>
);
InputOTP.displayName = "InputOTP";
const InputOTPGroup = ({
ref,
className,
...props
}: React.ComponentPropsWithoutRef<"div"> & {
ref: React.RefObject<React.ElementRef<"div">>;
}) => (
<div ref={ref} className={cn("flex items-center", className)} {...props} />
);
InputOTPGroup.displayName = "InputOTPGroup";
const InputOTPSlot = ({ ref, index, className, ...props }) => {
const inputOTPContext = React.useContext(OTPInputContext);
const { char, hasFakeCaret, isActive } = inputOTPContext.slots[index];
return (
<div
ref={ref}
className={cn(
"relative flex h-9 w-9 items-center justify-center border-y border-r border-input text-sm shadow-sm transition-all first:rounded-l-md first:border-l last:rounded-r-md",
isActive && "z-10 ring-1 ring-ring",
className,
)}
{...props}
>
{char}
{hasFakeCaret && (
<div className="pointer-events-none absolute inset-0 flex items-center justify-center">
<div className="h-4 w-px animate-caret-blink bg-foreground duration-1000" />
</div>
)}
</div>
);
};
InputOTPSlot.displayName = "InputOTPSlot";
const InputOTPSeparator = ({
ref,
...props
}: React.ComponentPropsWithoutRef<"div"> & {
ref: React.RefObject<React.ElementRef<"div">>;
}) => (
<div ref={ref} role="separator" {...props}>
<DashIcon />
</div>
);
InputOTPSeparator.displayName = "InputOTPSeparator";
export { InputOTP, InputOTPGroup, InputOTPSlot, InputOTPSeparator };
```
--------------------------------------------------------------------------------
/docs/content/docs/adapters/prisma.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Prisma
description: Integrate Better Auth with Prisma.
---
Prisma ORM is an open-source database toolkit that simplifies database access and management in applications by providing a type-safe query builder and an intuitive data modeling interface.
Read more [here](https://www.prisma.io/).
## Example Usage
Make sure you have Prisma installed and configured.
Then, you can use the Prisma adapter to connect to your database.
```ts title="auth.ts"
import { betterAuth } from "better-auth";
import { prismaAdapter } from "better-auth/adapters/prisma";
import { PrismaClient } from "@prisma/client";
const prisma = new PrismaClient();
export const auth = betterAuth({
database: prismaAdapter(prisma, {
provider: "sqlite",
}),
});
```
<Callout type="warning">
If you have configured a custom output directory in your `schema.prisma` file (e.g., `output = "../src/generated/prisma"`), make sure to import the Prisma client from that location instead of `@prisma/client`. Learn more about custom output directories in the [Prisma documentation](https://www.prisma.io/docs/guides/nextjs#21-install-prisma-orm-and-create-your-first-models).
</Callout>
## Schema generation & migration
The [Better Auth CLI](/docs/concepts/cli) allows you to generate or migrate
your database schema based on your Better Auth configuration and plugins.
<table>
<thead>
<tr className="border-b">
<th>
<p className="font-bold text-[16px] mb-1">Prisma Schema Generation</p>
</th>
<th>
<p className="font-bold text-[16px] mb-1">Prisma Schema Migration</p>
</th>
</tr>
</thead>
<tbody>
<tr className="h-10">
<td>✅ Supported</td>
<td>❌ Not Supported</td>
</tr>
</tbody>
</table>
```bash title="Schema Generation"
npx @better-auth/cli@latest generate
```
## Additional Information
If you're looking for performance improvements or tips, take a look at our guide to <Link href="/docs/guides/optimizing-for-performance">performance optimizations</Link>.
```
--------------------------------------------------------------------------------
/docs/components/ui/scroll-area.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import * as React from "react";
import * as ScrollAreaPrimitive from "@radix-ui/react-scroll-area";
import { cn } from "@/lib/utils";
function ScrollArea({
className,
children,
...props
}: React.ComponentProps<typeof ScrollAreaPrimitive.Root>) {
return (
<ScrollAreaPrimitive.Root
data-slot="scroll-area"
className={cn("relative", className)}
{...props}
>
<ScrollAreaPrimitive.Viewport
data-slot="scroll-area-viewport"
className="ring-ring/10 dark:ring-ring/20 dark:outline-ring/40 outline-ring/50 size-full rounded-[inherit] transition-[color,box-shadow] focus-visible:ring-4 focus-visible:outline-1"
>
{children}
</ScrollAreaPrimitive.Viewport>
<ScrollBar />
<ScrollAreaPrimitive.Corner />
</ScrollAreaPrimitive.Root>
);
}
const ScrollViewport = React.forwardRef<
React.ComponentRef<typeof ScrollAreaPrimitive.Viewport>,
React.ComponentPropsWithoutRef<typeof ScrollAreaPrimitive.Viewport>
>(({ className, children, ...props }, ref) => (
<ScrollAreaPrimitive.Viewport
ref={ref}
className={cn("size-full rounded-[inherit]", className)}
{...props}
>
{children}
</ScrollAreaPrimitive.Viewport>
));
ScrollViewport.displayName = ScrollAreaPrimitive.Viewport.displayName;
function ScrollBar({
className,
orientation = "vertical",
...props
}: React.ComponentProps<typeof ScrollAreaPrimitive.ScrollAreaScrollbar>) {
return (
<ScrollAreaPrimitive.ScrollAreaScrollbar
data-slot="scroll-area-scrollbar"
orientation={orientation}
className={cn(
"flex touch-none p-px transition-colors select-none",
orientation === "vertical" &&
"h-full w-2.5 border-l border-l-transparent",
orientation === "horizontal" &&
"h-2.5 flex-col border-t border-t-transparent",
className,
)}
{...props}
>
<ScrollAreaPrimitive.ScrollAreaThumb
data-slot="scroll-area-thumb"
className="bg-border relative flex-1 rounded-full"
/>
</ScrollAreaPrimitive.ScrollAreaScrollbar>
);
}
export { ScrollArea, ScrollBar, ScrollViewport };
```
--------------------------------------------------------------------------------
/packages/core/src/social-providers/kick.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
import { createAuthorizationURL, validateAuthorizationCode } from "../oauth2";
import type { OAuthProvider, ProviderOptions } from "../oauth2";
export interface KickProfile {
/**
* The user id of the user
*/
user_id: string;
/**
* The name of the user
*/
name: string;
/**
* The email of the user
*/
email: string;
/**
* The picture of the user
*/
profile_picture: string;
}
export interface KickOptions extends ProviderOptions<KickProfile> {
clientId: string;
}
export const kick = (options: KickOptions) => {
return {
id: "kick",
name: "Kick",
createAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {
const _scopes = options.disableDefaultScope ? [] : ["user:read"];
options.scope && _scopes.push(...options.scope);
scopes && _scopes.push(...scopes);
return createAuthorizationURL({
id: "kick",
redirectURI,
options,
authorizationEndpoint: "https://id.kick.com/oauth/authorize",
scopes: _scopes,
codeVerifier,
state,
});
},
async validateAuthorizationCode({ code, redirectURI, codeVerifier }) {
return validateAuthorizationCode({
code,
redirectURI,
options,
tokenEndpoint: "https://id.kick.com/oauth/token",
codeVerifier,
});
},
async getUserInfo(token) {
if (options.getUserInfo) {
return options.getUserInfo(token);
}
const { data, error } = await betterFetch<{
data: KickProfile[];
}>("https://api.kick.com/public/v1/users", {
method: "GET",
headers: {
Authorization: `Bearer ${token.accessToken}`,
},
});
if (error) {
return null;
}
const profile = data.data[0]!;
const userMap = await options.mapProfileToUser?.(profile);
return {
user: {
id: profile.user_id,
name: profile.name,
email: profile.email,
image: profile.profile_picture,
emailVerified: true,
...userMap,
},
data: profile,
};
},
options,
} satisfies OAuthProvider<KickProfile>;
};
```
--------------------------------------------------------------------------------
/e2e/integration/vanilla-node/e2e/utils.ts:
--------------------------------------------------------------------------------
```typescript
import type { Page } from "@playwright/test";
import { type ChildProcessWithoutNullStreams, spawn } from "node:child_process";
import { fileURLToPath } from "node:url";
import { createAuthServer } from "./app";
import { terminate } from "@better-auth/test-utils/playwright";
const root = fileURLToPath(new URL("../", import.meta.url));
export async function runClient<R>(
page: Page,
fn: ({ client }: { client: Window["client"] }) => R,
): Promise<R> {
const client = await page.evaluateHandle<Window["client"]>("window.client");
return page.evaluate(fn, { client });
}
export function setup() {
let server: Awaited<ReturnType<typeof createAuthServer>>;
let clientChild: ChildProcessWithoutNullStreams;
const ref: {
clientPort: number;
serverPort: number;
} = {
clientPort: -1,
serverPort: -1,
};
return {
ref,
start: async () => {
server = await createAuthServer();
clientChild = spawn("pnpm", ["run", "start:client"], {
cwd: root,
stdio: "pipe",
});
clientChild.stderr.on("data", (data) => {
const message = data.toString();
console.error(message);
});
clientChild.stdout.on("data", (data) => {
const message = data.toString();
console.log(message);
});
await Promise.all([
new Promise<void>((resolve) => {
server.listen(0, "0.0.0.0", () => {
const address = server.address();
if (address && typeof address === "object") {
ref.serverPort = address.port;
resolve();
}
});
}),
new Promise<void>((resolve) => {
clientChild.stdout.on("data", (data) => {
const message = data.toString();
// find: http://localhost:5173/
if (message.includes("http://localhost:")) {
const port: string = message
.split("http://localhost:")[1]
.split("/")[0]
.trim();
ref.clientPort = Number(port.replace(/\x1b\[[0-9;]*m/g, ""));
resolve();
}
});
}),
]);
},
clean: async () => {
await terminate(clientChild.pid!);
server.close();
},
};
}
```
--------------------------------------------------------------------------------
/packages/better-auth/src/crypto/password.test.ts:
--------------------------------------------------------------------------------
```typescript
import { describe, it, expect } from "vitest";
import { hashPassword, verifyPassword } from "./password";
describe("Password hashing and verification", () => {
it("should hash a password", async () => {
const password = "mySecurePassword123!";
const hash = await hashPassword(password);
expect(hash).toBeTruthy();
expect(hash.split(":").length).toBe(2);
});
it("should verify a correct password", async () => {
const password = "correctPassword123!";
const hash = await hashPassword(password);
const isValid = await verifyPassword({ hash, password });
expect(isValid).toBe(true);
});
it("should reject an incorrect password", async () => {
const correctPassword = "correctPassword123!";
const incorrectPassword = "wrongPassword456!";
const hash = await hashPassword(correctPassword);
const isValid = await verifyPassword({ hash, password: incorrectPassword });
expect(isValid).toBe(false);
});
it("should generate different hashes for the same password", async () => {
const password = "samePassword123!";
const hash1 = await hashPassword(password);
const hash2 = await hashPassword(password);
expect(hash1).not.toBe(hash2);
});
it("should handle long passwords", async () => {
const password = "a".repeat(1000);
const hash = await hashPassword(password);
const isValid = await verifyPassword({ hash, password });
expect(isValid).toBe(true);
});
it("should be case-sensitive", async () => {
const password = "CaseSensitivePassword123!";
const hash = await hashPassword(password);
const isValidLower = await verifyPassword({
hash,
password: password.toLowerCase(),
});
const isValidUpper = await verifyPassword({
hash,
password: password.toUpperCase(),
});
expect(isValidLower).toBe(false);
expect(isValidUpper).toBe(false);
});
it("should handle Unicode characters", async () => {
const password = "пароль123!";
const hash = await hashPassword(password);
const isValid = await verifyPassword({ hash, password });
expect(isValid).toBe(true);
});
});
```
--------------------------------------------------------------------------------
/demo/nextjs/public/logo.svg:
--------------------------------------------------------------------------------
```
<svg width="200" height="200" viewBox="0 0 200 200" fill="none" xmlns="http://www.w3.org/2000/svg">
<rect width="200" height="200" fill="#D9D9D9"/>
<line x1="21.5" y1="2.18557e-08" x2="21.5" y2="200" stroke="#C4C4C4"/>
<line x1="173.5" y1="2.18557e-08" x2="173.5" y2="200" stroke="#C4C4C4"/>
<line x1="200" y1="176.5" x2="-4.37114e-08" y2="176.5" stroke="#C4C4C4"/>
<line x1="200" y1="24.5" x2="-4.37114e-08" y2="24.5" stroke="#C4C4C4"/>
<path d="M64.4545 135V65.1818H88.8636C93.7273 65.1818 97.7386 66.0227 100.898 67.7045C104.057 69.3636 106.409 71.6023 107.955 74.4205C109.5 77.2159 110.273 80.3182 110.273 83.7273C110.273 86.7273 109.739 89.2045 108.67 91.1591C107.625 93.1136 106.239 94.6591 104.511 95.7955C102.807 96.9318 100.955 97.7727 98.9545 98.3182V99C101.091 99.1364 103.239 99.8864 105.398 101.25C107.557 102.614 109.364 104.568 110.818 107.114C112.273 109.659 113 112.773 113 116.455C113 119.955 112.205 123.102 110.614 125.898C109.023 128.693 106.511 130.909 103.08 132.545C99.6477 134.182 95.1818 135 89.6818 135H64.4545ZM72.9091 127.5H89.6818C95.2045 127.5 99.125 126.432 101.443 124.295C103.784 122.136 104.955 119.523 104.955 116.455C104.955 114.091 104.352 111.909 103.148 109.909C101.943 107.886 100.227 106.273 98 105.068C95.7727 103.841 93.1364 103.227 90.0909 103.227H72.9091V127.5ZM72.9091 95.8636H88.5909C91.1364 95.8636 93.4318 95.3636 95.4773 94.3636C97.5455 93.3636 99.1818 91.9545 100.386 90.1364C101.614 88.3182 102.227 86.1818 102.227 83.7273C102.227 80.6591 101.159 78.0568 99.0227 75.9205C96.8864 73.7614 93.5 72.6818 88.8636 72.6818H72.9091V95.8636ZM131.665 135.545C129.983 135.545 128.54 134.943 127.335 133.739C126.131 132.534 125.528 131.091 125.528 129.409C125.528 127.727 126.131 126.284 127.335 125.08C128.54 123.875 129.983 123.273 131.665 123.273C133.347 123.273 134.79 123.875 135.994 125.08C137.199 126.284 137.801 127.727 137.801 129.409C137.801 130.523 137.517 131.545 136.949 132.477C136.403 133.409 135.665 134.159 134.733 134.727C133.824 135.273 132.801 135.545 131.665 135.545Z" fill="#302208"/>
</svg>
```
--------------------------------------------------------------------------------
/docs/public/logo.svg:
--------------------------------------------------------------------------------
```
<svg width="200" height="200" viewBox="0 0 200 200" fill="none" xmlns="http://www.w3.org/2000/svg">
<rect width="200" height="200" fill="#D9D9D9"/>
<line x1="21.5" y1="2.18557e-08" x2="21.5" y2="200" stroke="#C4C4C4"/>
<line x1="173.5" y1="2.18557e-08" x2="173.5" y2="200" stroke="#C4C4C4"/>
<line x1="200" y1="176.5" x2="-4.37114e-08" y2="176.5" stroke="#C4C4C4"/>
<line x1="200" y1="24.5" x2="-4.37114e-08" y2="24.5" stroke="#C4C4C4"/>
<path d="M64.4545 135V65.1818H88.8636C93.7273 65.1818 97.7386 66.0227 100.898 67.7045C104.057 69.3636 106.409 71.6023 107.955 74.4205C109.5 77.2159 110.273 80.3182 110.273 83.7273C110.273 86.7273 109.739 89.2045 108.67 91.1591C107.625 93.1136 106.239 94.6591 104.511 95.7955C102.807 96.9318 100.955 97.7727 98.9545 98.3182V99C101.091 99.1364 103.239 99.8864 105.398 101.25C107.557 102.614 109.364 104.568 110.818 107.114C112.273 109.659 113 112.773 113 116.455C113 119.955 112.205 123.102 110.614 125.898C109.023 128.693 106.511 130.909 103.08 132.545C99.6477 134.182 95.1818 135 89.6818 135H64.4545ZM72.9091 127.5H89.6818C95.2045 127.5 99.125 126.432 101.443 124.295C103.784 122.136 104.955 119.523 104.955 116.455C104.955 114.091 104.352 111.909 103.148 109.909C101.943 107.886 100.227 106.273 98 105.068C95.7727 103.841 93.1364 103.227 90.0909 103.227H72.9091V127.5ZM72.9091 95.8636H88.5909C91.1364 95.8636 93.4318 95.3636 95.4773 94.3636C97.5455 93.3636 99.1818 91.9545 100.386 90.1364C101.614 88.3182 102.227 86.1818 102.227 83.7273C102.227 80.6591 101.159 78.0568 99.0227 75.9205C96.8864 73.7614 93.5 72.6818 88.8636 72.6818H72.9091V95.8636ZM131.665 135.545C129.983 135.545 128.54 134.943 127.335 133.739C126.131 132.534 125.528 131.091 125.528 129.409C125.528 127.727 126.131 126.284 127.335 125.08C128.54 123.875 129.983 123.273 131.665 123.273C133.347 123.273 134.79 123.875 135.994 125.08C137.199 126.284 137.801 127.727 137.801 129.409C137.801 130.523 137.517 131.545 136.949 132.477C136.403 133.409 135.665 134.159 134.733 134.727C133.824 135.273 132.801 135.545 131.665 135.545Z" fill="#302208"/>
</svg>
```
--------------------------------------------------------------------------------
/e2e/smoke/test/fixtures/cloudflare/test/index.test.ts:
--------------------------------------------------------------------------------
```typescript
import { SELF } from "cloudflare:test";
import { describe, it, expect } from "vitest";
describe("Cloudflare Worker compatibly basic tests", () => {
const randomEmail = `${crypto.randomUUID()}@test.com`;
const randomUserName = crypto.randomUUID().replaceAll("-", "").slice(6);
const randomPassword = crypto.randomUUID();
it("can sign up and login", async () => {
// Sign Up
let response = await SELF.fetch(
"http://localhost:8787/api/auth/sign-up/email",
{
method: "POST",
body: JSON.stringify({
email: randomEmail,
password: randomPassword,
name: randomUserName,
}),
headers: {
"content-type": "application/json",
},
},
);
expect(response.status).toBe(200);
// Login with correct password
response = await SELF.fetch(
"http://localhost:8787/api/auth/sign-in/email",
{
method: "POST",
body: JSON.stringify({
email: randomEmail,
password: randomPassword,
}),
headers: {
"content-type": "application/json",
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("set-cookie")).toContain("better-auth.session");
const token = response.headers.get("set-cookie")?.split(";")[0];
expect(token).toBeDefined();
// Get Auth Status
response = await SELF.fetch("http://localhost:8787/", {
headers: {
Cookie: token!,
},
});
expect(response.status).toBe(200);
expect(await response.text()!).toBe(`Hello ${randomUserName}`);
// Try login with wrong password
response = await SELF.fetch(
"http://localhost:8787/api/auth/sign-in/email",
{
method: "POST",
body: JSON.stringify({
email: randomEmail,
// wrong password
password: crypto.randomUUID(),
}),
headers: {
"content-type": "application/json",
},
},
);
expect(response.status).toBe(401);
expect(response.headers.get("set-cookie")).toBeNull();
response = await SELF.fetch("http://localhost:8787/");
expect(response.status).toBe(200);
expect(await response.text()).toBe("Not logged in");
});
});
```
--------------------------------------------------------------------------------
/docs/content/docs/authentication/roblox.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Roblox
description: Roblox provider setup and usage.
---
<Steps>
<Step>
### Get your Roblox Credentials
Get your Roblox credentials from the [Roblox Creator Hub](https://create.roblox.com/dashboard/credentials?activeTab=OAuthTab).
Make sure to set the redirect URL to `http://localhost:3000/api/auth/callback/roblox` for local development. For production, you should set it to the URL of your application. If you change the base path of the auth routes, you should update the redirect URL accordingly.
<Callout type="info">
The Roblox API does not provide email addresses. As a workaround, the user's `email` field uses the `preferred_username` value instead.
</Callout>
</Step>
<Step>
### Configure the provider
To configure the provider, you need to import the provider and pass it to the `socialProviders` option of the auth instance.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
socialProviders: {
roblox: { // [!code highlight]
clientId: process.env.ROBLOX_CLIENT_ID as string, // [!code highlight]
clientSecret: process.env.ROBLOX_CLIENT_SECRET as string, // [!code highlight]
}, // [!code highlight]
},
})
```
</Step>
<Step>
### Sign In with Roblox
To sign in with Roblox, you can use the `signIn.social` function provided by the client. The `signIn` function takes an object with the following properties:
- `provider`: The provider to use. It should be set to `roblox`.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/client"
const authClient = createAuthClient()
const signIn = async () => {
const data = await authClient.signIn.social({
provider: "roblox"
})
}
```
</Step>
</Steps>
```
--------------------------------------------------------------------------------
/docs/content/docs/adapters/other-relational-databases.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Other Relational Databases
description: Integrate Better Auth with other relational databases.
---
Better Auth supports a wide range of database dialects out of the box thanks to <Link href="https://kysely.dev/">Kysely</Link>.
Any dialect supported by Kysely can be utilized with Better Auth, including capabilities for generating and migrating database schemas through the <Link href="/docs/concepts/cli">CLI</Link>.
## Core Dialects
- [MySQL](/docs/adapters/mysql)
- [SQLite](/docs/adapters/sqlite)
- [PostgreSQL](/docs/adapters/postgresql)
- [MS SQL](/docs/adapters/mssql)
## Kysely Organization Dialects
- [Postgres.js](https://github.com/kysely-org/kysely-postgres-js)
- [SingleStore Data API](https://github.com/kysely-org/kysely-singlestore)
- [Supabase](https://github.com/kysely-org/kysely-supabase)
## Kysely Community dialects
- [PlanetScale Serverless Driver](https://github.com/depot/kysely-planetscale)
- [Cloudflare D1](https://github.com/aidenwallis/kysely-d1)
- [AWS RDS Data API](https://github.com/serverless-stack/kysely-data-api)
- [SurrealDB](https://github.com/igalklebanov/kysely-surrealdb)
- [Neon](https://github.com/seveibar/kysely-neon)
- [Xata](https://github.com/xataio/client-ts/tree/main/packages/plugin-client-kysely)
- [AWS S3 Select](https://github.com/igalklebanov/kysely-s3-select)
- [libSQL/sqld](https://github.com/libsql/kysely-libsql)
- [Fetch driver](https://github.com/andersgee/kysely-fetch-driver)
- [SQLite WASM](https://github.com/DallasHoff/sqlocal)
- [Deno SQLite](https://gitlab.com/soapbox-pub/kysely-deno-sqlite)
- [TiDB Cloud Serverless Driver](https://github.com/tidbcloud/kysely)
- [Capacitor SQLite Kysely](https://github.com/DawidWetzler/capacitor-sqlite-kysely)
- [BigQuery](https://github.com/maktouch/kysely-bigquery)
- [Clickhouse](https://github.com/founderpathcom/kysely-clickhouse)
- [PGLite](https://github.com/czeidler/kysely-pglite-dialect)
<Callout>
You can see the full list of supported Kysely dialects{" "}
<Link href="https://kysely.dev/docs/dialects">here</Link>.
</Callout>
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/access/access.test.ts:
--------------------------------------------------------------------------------
```typescript
import { describe, expect, it } from "vitest";
import { createAccessControl } from "./access";
describe("access", () => {
const ac = createAccessControl({
project: ["create", "update", "delete", "delete-many"],
ui: ["view", "edit", "comment", "hide"],
});
const role1 = ac.newRole({
project: ["create", "update", "delete"],
ui: ["view", "edit", "comment"],
});
it("should validate permissions", async () => {
const response = role1.authorize({
project: ["create"],
});
expect(response.success).toBe(true);
const failedResponse = role1.authorize({
project: ["delete-many"],
});
expect(failedResponse.success).toBe(false);
});
it("should validate multiple resource permissions", async () => {
const response = role1.authorize({
project: ["create"],
ui: ["view"],
});
expect(response.success).toBe(true);
const failedResponse = role1.authorize({
project: ["delete-many"],
ui: ["view"],
});
expect(failedResponse.success).toBe(false);
});
it("should validate multiple resource multiple permissions", async () => {
const response = role1.authorize({
project: ["create", "delete"],
ui: ["view", "edit"],
});
expect(response.success).toBe(true);
const failedResponse = role1.authorize({
project: ["create", "delete-many"],
ui: ["view", "edit"],
});
expect(failedResponse.success).toBe(false);
});
it("should validate using or connector", () => {
const response = role1.authorize(
{
project: ["create", "delete-many"],
ui: ["view", "edit"],
},
"OR",
);
expect(response.success).toBe(true);
});
it("should validate using or connector for a specific resource", () => {
const response = role1.authorize({
project: {
connector: "OR",
actions: ["create", "delete-many"],
},
ui: ["view", "edit"],
});
expect(response.success).toBe(true);
const failedResponse = role1.authorize({
project: {
connector: "OR",
actions: ["create", "delete-many"],
},
ui: ["view", "edit", "hide"],
});
expect(failedResponse.success).toBe(false);
});
});
```
--------------------------------------------------------------------------------
/docs/content/docs/authentication/twitter.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Twitter (X)
description: Twitter provider setup and usage.
---
<Steps>
<Step>
### Get your Twitter Credentials
Get your Twitter credentials from the [Twitter Developer Portal](https://developer.twitter.com/en/portal/dashboard).
Make sure to set the redirect URL to `http://localhost:3000/api/auth/callback/twitter` for local development. For production, you should set it to the URL of your application. If you change the base path of the auth routes, you should update the redirect URL accordingly.
<Callout type="info">
Twitter API v2 now supports email address retrieval. Make sure to request the `user.email` scope when configuring your Twitter app to enable this feature.
</Callout>
</Step>
<Step>
### Configure the provider
To configure the provider, you need to import the provider and pass it to the `socialProviders` option of the auth instance.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
socialProviders: {
twitter: { // [!code highlight]
clientId: process.env.TWITTER_CLIENT_ID as string, // [!code highlight]
clientSecret: process.env.TWITTER_CLIENT_SECRET as string, // [!code highlight]
}, // [!code highlight]
},
})
```
</Step>
<Step>
### Sign In with Twitter
To sign in with Twitter, you can use the `signIn.social` function provided by the client. The `signIn` function takes an object with the following properties:
- `provider`: The provider to use. It should be set to `twitter`.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/client"
const authClient = createAuthClient()
const signIn = async () => {
const data = await authClient.signIn.social({
provider: "twitter"
})
}
```
</Step>
</Steps>
```
--------------------------------------------------------------------------------
/packages/cli/test/migrate.test.ts:
--------------------------------------------------------------------------------
```typescript
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
import { migrateAction } from "../src/commands/migrate";
import * as config from "../src/utils/get-config";
import { betterAuth, type BetterAuthPlugin } from "better-auth";
import Database from "better-sqlite3";
describe("migrate base auth instance", () => {
const db = new Database(":memory:");
const auth = betterAuth({
baseURL: "http://localhost:3000",
database: db,
emailAndPassword: {
enabled: true,
},
});
beforeEach(() => {
vi.spyOn(process, "exit").mockImplementation((code) => {
return code as never;
});
vi.spyOn(config, "getConfig").mockImplementation(async () => auth.options);
});
afterEach(async () => {
vi.restoreAllMocks();
});
it("should migrate the database and sign-up a user", async () => {
await migrateAction({
cwd: process.cwd(),
config: "test/auth.ts",
y: true,
});
const signUpRes = await auth.api.signUpEmail({
body: {
name: "test",
email: "[email protected]",
password: "password",
},
});
expect(signUpRes.token).toBeDefined();
});
});
describe("migrate auth instance with plugins", () => {
const db = new Database(":memory:");
const testPlugin = {
id: "plugin",
schema: {
plugin: {
fields: {
test: {
type: "string",
fieldName: "test",
},
},
},
},
} satisfies BetterAuthPlugin;
const auth = betterAuth({
baseURL: "http://localhost:3000",
database: db,
emailAndPassword: {
enabled: true,
},
plugins: [testPlugin],
});
beforeEach(() => {
vi.spyOn(process, "exit").mockImplementation((code) => {
return code as never;
});
vi.spyOn(config, "getConfig").mockImplementation(async () => auth.options);
});
afterEach(async () => {
vi.restoreAllMocks();
});
it("should migrate the database and sign-up a user", async () => {
await migrateAction({
cwd: process.cwd(),
config: "test/auth.ts",
y: true,
});
const res = db
.prepare("INSERT INTO plugin (id, test) VALUES (?, ?)")
.run("1", "test");
expect(res.changes).toBe(1);
});
});
```
--------------------------------------------------------------------------------
/docs/components/promo-card.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import { useState } from "react";
import { Button } from "@/components/ui/button";
import { Card, CardContent, CardFooter } from "@/components/ui/card";
import { Progress } from "@/components/ui/progress";
import { Badge } from "@/components/ui/badge";
import {
Tooltip,
TooltipContent,
TooltipProvider,
TooltipTrigger,
} from "@/components/ui/tooltip";
import { Sparkles, Clock, ArrowRight } from "lucide-react";
export default function PromoCard() {
const [isHovered, setIsHovered] = useState(false);
return (
<TooltipProvider>
<Card
className="w-full overflow-hidden bg-gradient-to-br from-purple-500 to-indigo-600 text-white"
onMouseEnter={() => setIsHovered(true)}
onMouseLeave={() => setIsHovered(false)}
>
<CardContent className="p-6 pb-0">
<div className="flex justify-between items-start mb-4">
<Badge className="bg-yellow-500 text-black hover:bg-yellow-600">
New
</Badge>
<Tooltip>
<TooltipTrigger>
<Clock className="h-5 w-5 text-white/80" />
</TooltipTrigger>
<TooltipContent>
<p>Limited time offer</p>
</TooltipContent>
</Tooltip>
</div>
<h3 className="text-2xl font-bold mb-2">Unlock Pro Features</h3>
<p className="text-sm text-white/80 mb-4">
Supercharge your workflow with our advanced tools and exclusive
content.
</p>
<div className="relative">
<Progress value={67} className="h-2 mb-2" />
<span className="text-xs text-white/80">67% of slots filled</span>
</div>
</CardContent>
<CardFooter className="p-6 pt-4">
<Button
className={`w-full bg-white text-purple-600 hover:bg-white/90 transition-all duration-300 ${
isHovered ? "translate-y-[-2px] shadow-lg" : ""
}`}
>
<span className="mr-2">Upgrade Now</span>
<Sparkles className="h-4 w-4 mr-2" />
<ArrowRight
className={`h-4 w-4 transition-transform duration-300 ${
isHovered ? "translate-x-1" : ""
}`}
/>
</Button>
</CardFooter>
</Card>
</TooltipProvider>
);
}
```
--------------------------------------------------------------------------------
/docs/content/docs/authentication/dropbox.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Dropbox
description: Dropbox provider setup and usage.
---
<Steps>
<Step>
### Get your Dropbox credentials
To use Dropbox sign in, you need a client ID and client secret. You can get them from the [Dropbox Developer Portal](https://www.dropbox.com/developers). You can Allow "Implicit Grant & PKCE" for the application in the App Console.
Make sure to set the redirect URL to `http://localhost:3000/api/auth/callback/dropbox` for local development. For production, you should set it to the URL of your application. If you change the base path of the auth routes, you should update the redirect URL accordingly.
</Step>
If you need deeper dive into Dropbox Authentication, you can check out the [official documentation](https://developers.dropbox.com/oauth-guide).
<Step>
### Configure the provider
To configure the provider, you need to import the provider and pass it to the `socialProviders` option of the auth instance.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
socialProviders: {
dropbox: { // [!code highlight]
clientId: process.env.DROPBOX_CLIENT_ID as string, // [!code highlight]
clientSecret: process.env.DROPBOX_CLIENT_SECRET as string, // [!code highlight]
}, // [!code highlight]
},
})
```
</Step>
<Step>
### Sign In with Dropbox
To sign in with Dropbox, you can use the `signIn.social` function provided by the client. The `signIn` function takes an object with the following properties:
- `provider`: The provider to use. It should be set to `dropbox`.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/client"
const authClient = createAuthClient()
const signIn = async () => {
const data = await authClient.signIn.social({
provider: "dropbox"
})
}
```
</Step>
</Steps>
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/haveibeenpwned/index.ts:
--------------------------------------------------------------------------------
```typescript
import { APIError } from "../../api";
import { createHash } from "@better-auth/utils/hash";
import { betterFetch } from "@better-fetch/fetch";
import type { BetterAuthPlugin } from "@better-auth/core";
import { defineErrorCodes } from "@better-auth/core/utils";
const ERROR_CODES = defineErrorCodes({
PASSWORD_COMPROMISED:
"The password you entered has been compromised. Please choose a different password.",
});
async function checkPasswordCompromise(
password: string,
customMessage?: string,
) {
if (!password) return;
const sha1Hash = (
await createHash("SHA-1", "hex").digest(password)
).toUpperCase();
const prefix = sha1Hash.substring(0, 5);
const suffix = sha1Hash.substring(5);
try {
const { data, error } = await betterFetch<string>(
`https://api.pwnedpasswords.com/range/${prefix}`,
{
headers: {
"Add-Padding": "true",
"User-Agent": "BetterAuth Password Checker",
},
},
);
if (error) {
throw new APIError("INTERNAL_SERVER_ERROR", {
message: `Failed to check password. Status: ${error.status}`,
});
}
const lines = data.split("\n");
const found = lines.some(
(line) => line.split(":")[0]!.toUpperCase() === suffix.toUpperCase(),
);
if (found) {
throw new APIError("BAD_REQUEST", {
message: customMessage || ERROR_CODES.PASSWORD_COMPROMISED,
code: "PASSWORD_COMPROMISED",
});
}
} catch (error) {
if (error instanceof APIError) throw error;
throw new APIError("INTERNAL_SERVER_ERROR", {
message: "Failed to check password. Please try again later.",
});
}
}
export interface HaveIBeenPwnedOptions {
customPasswordCompromisedMessage?: string;
}
export const haveIBeenPwned = (options?: HaveIBeenPwnedOptions) =>
({
id: "haveIBeenPwned",
init(ctx) {
return {
context: {
password: {
...ctx.password,
async hash(password) {
await checkPasswordCompromise(
password,
options?.customPasswordCompromisedMessage,
);
return ctx.password.hash(password);
},
},
},
};
},
$ERROR_CODES: ERROR_CODES,
}) satisfies BetterAuthPlugin;
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/oidc-provider/schema.ts:
--------------------------------------------------------------------------------
```typescript
import type { BetterAuthPluginDBSchema } from "@better-auth/core/db";
export const schema = {
oauthApplication: {
modelName: "oauthApplication",
fields: {
name: {
type: "string",
},
icon: {
type: "string",
required: false,
},
metadata: {
type: "string",
required: false,
},
clientId: {
type: "string",
unique: true,
},
clientSecret: {
type: "string",
required: false,
},
redirectURLs: {
type: "string",
},
type: {
type: "string",
},
disabled: {
type: "boolean",
required: false,
defaultValue: false,
},
userId: {
type: "string",
required: false,
references: {
model: "user",
field: "id",
onDelete: "cascade",
},
},
createdAt: {
type: "date",
},
updatedAt: {
type: "date",
},
},
},
oauthAccessToken: {
modelName: "oauthAccessToken",
fields: {
accessToken: {
type: "string",
unique: true,
},
refreshToken: {
type: "string",
unique: true,
},
accessTokenExpiresAt: {
type: "date",
},
refreshTokenExpiresAt: {
type: "date",
},
clientId: {
type: "string",
references: {
model: "oauthApplication",
field: "clientId",
onDelete: "cascade",
},
},
userId: {
type: "string",
required: false,
references: {
model: "user",
field: "id",
onDelete: "cascade",
},
},
scopes: {
type: "string",
},
createdAt: {
type: "date",
},
updatedAt: {
type: "date",
},
},
},
oauthConsent: {
modelName: "oauthConsent",
fields: {
clientId: {
type: "string",
references: {
model: "oauthApplication",
field: "clientId",
onDelete: "cascade",
},
},
userId: {
type: "string",
references: {
model: "user",
field: "id",
onDelete: "cascade",
},
},
scopes: {
type: "string",
},
createdAt: {
type: "date",
},
updatedAt: {
type: "date",
},
consentGiven: {
type: "boolean",
},
},
},
} satisfies BetterAuthPluginDBSchema;
```
--------------------------------------------------------------------------------
/docs/components/ui/input-otp.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import * as React from "react";
import { OTPInput, OTPInputContext } from "input-otp";
import { MinusIcon } from "lucide-react";
import { cn } from "@/lib/utils";
function InputOTP({
className,
containerClassName,
...props
}: React.ComponentProps<typeof OTPInput> & {
containerClassName?: string;
}) {
return (
<OTPInput
data-slot="input-otp"
containerClassName={cn(
"flex items-center gap-2 has-disabled:opacity-50",
containerClassName,
)}
className={cn("disabled:cursor-not-allowed", className)}
{...props}
/>
);
}
function InputOTPGroup({ className, ...props }: React.ComponentProps<"div">) {
return (
<div
data-slot="input-otp-group"
className={cn("flex items-center", className)}
{...props}
/>
);
}
function InputOTPSlot({
index,
className,
...props
}: React.ComponentProps<"div"> & {
index: number;
}) {
const inputOTPContext = React.useContext(OTPInputContext);
const { char, hasFakeCaret, isActive } = inputOTPContext?.slots[index] ?? {};
return (
<div
data-slot="input-otp-slot"
data-active={isActive}
className={cn(
"border-input data-[active=true]:border-ring data-[active=true]:ring-ring/50 data-[active=true]:aria-invalid:ring-destructive/20 dark:data-[active=true]:aria-invalid:ring-destructive/40 aria-invalid:border-destructive data-[active=true]:aria-invalid:border-destructive relative flex h-9 w-9 items-center justify-center border-y border-r text-sm shadow-xs transition-all outline-none first:rounded-l-md first:border-l last:rounded-r-md data-[active=true]:z-10 data-[active=true]:ring-[3px]",
className,
)}
{...props}
>
{char}
{hasFakeCaret && (
<div className="pointer-events-none absolute inset-0 flex items-center justify-center">
<div className="animate-caret-blink bg-foreground h-4 w-px duration-1000" />
</div>
)}
</div>
);
}
function InputOTPSeparator({ ...props }: React.ComponentProps<"div">) {
return (
<div data-slot="input-otp-separator" role="separator" {...props}>
<MinusIcon />
</div>
);
}
export { InputOTP, InputOTPGroup, InputOTPSlot, InputOTPSeparator };
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/organization/has-permission.ts:
--------------------------------------------------------------------------------
```typescript
import { defaultRoles } from "./access";
import type { Role } from "../access";
import * as z from "zod";
import { APIError } from "../../api";
import type { OrganizationRole } from "./schema";
import {
cacheAllRoles,
hasPermissionFn,
type HasPermissionBaseInput,
} from "./permission";
import type { GenericEndpointContext } from "@better-auth/core";
export const hasPermission = async (
input: {
organizationId: string;
/**
* If true, will use the in-memory cache of the roles.
* Keep in mind to use this in a stateless mindset, the purpose of this is to avoid unnecessary database calls when running multiple
* hasPermission calls in a row.
*
* @default false
*/
useMemoryCache?: boolean;
} & HasPermissionBaseInput,
ctx: GenericEndpointContext,
) => {
let acRoles: {
[x: string]: Role<any> | undefined;
} = { ...(input.options.roles || defaultRoles) };
if (
ctx &&
input.organizationId &&
input.options.dynamicAccessControl?.enabled &&
input.options.ac &&
!input.useMemoryCache
) {
// Load roles from database
const roles = await ctx.context.adapter.findMany<
OrganizationRole & { permission: string }
>({
model: "organizationRole",
where: [
{
field: "organizationId",
value: input.organizationId,
},
],
});
for (const { role, permission: permissionsString } of roles) {
// If it's for an existing role, skip as we shouldn't override hard-coded roles.
if (role in acRoles) continue;
const result = z
.record(z.string(), z.array(z.string()))
.safeParse(JSON.parse(permissionsString));
if (!result.success) {
ctx.context.logger.error(
"[hasPermission] Invalid permissions for role " + role,
{
permissions: JSON.parse(permissionsString),
},
);
throw new APIError("INTERNAL_SERVER_ERROR", {
message: "Invalid permissions for role " + role,
});
}
acRoles[role] = input.options.ac.newRole(result.data);
}
}
if (input.useMemoryCache) {
acRoles = cacheAllRoles.get(input.organizationId) || acRoles;
}
cacheAllRoles.set(input.organizationId, acRoles);
return hasPermissionFn(input, acRoles);
};
```
--------------------------------------------------------------------------------
/docs/app/api/ai-chat/route.ts:
--------------------------------------------------------------------------------
```typescript
import { NextResponse } from "next/server";
export const maxDuration = 300;
export async function POST(request: Request) {
try {
const body = await request.json();
const gurubasePayload = {
question: body.question,
stream: body.stream,
external_user_id: body.external_user_id,
session_id: body.session_id,
fetch_existing: body.fetch_existing || false,
};
const response = await fetch(
`https://api.gurubase.io/api/v1/${process.env.GURUBASE_SLUG}/answer/`,
{
method: "POST",
headers: {
"Content-Type": "application/json",
"x-api-key": `${process.env.GURUBASE_API_KEY}`,
},
body: JSON.stringify(gurubasePayload),
},
);
if (!response.ok) {
const errorText = await response.text();
console.error("Gurubase API error:", response.status, errorText);
if (response.status === 400) {
return NextResponse.json(
{
error:
"I'm sorry, I couldn't process that question. Please try asking something else about Better-Auth.",
},
{ status: 200 },
);
}
return NextResponse.json(
{ error: `External API error: ${response.status} ${errorText}` },
{ status: response.status },
);
}
const isStreaming = gurubasePayload.stream === true;
if (isStreaming) {
const stream = new ReadableStream({
start(controller) {
const reader = response.body?.getReader();
if (!reader) {
controller.close();
return;
}
function pump(): Promise<void> {
return reader!.read().then(({ done, value }) => {
if (done) {
controller.close();
return;
}
controller.enqueue(value);
return pump();
});
}
return pump();
},
});
return new NextResponse(stream, {
headers: {
"Content-Type": "text/plain; charset=utf-8",
"Cache-Control": "no-cache",
Connection: "keep-alive",
},
});
} else {
const data = await response.json();
return NextResponse.json(data);
}
} catch (error) {
return NextResponse.json(
{
error: `Proxy error: ${error instanceof Error ? error.message : "Unknown error"}`,
},
{ status: 500 },
);
}
}
```
--------------------------------------------------------------------------------
/docs/content/docs/adapters/mysql.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: MySQL
description: Integrate Better Auth with MySQL.
---
MySQL is a popular open-source relational database management system (RDBMS) that is widely used for building web applications and other types of software. It provides a flexible and scalable database solution that allows for efficient storage and retrieval of data.
Read more here: [MySQL](https://www.mysql.com/).
## Example Usage
Make sure you have MySQL installed and configured.
Then, you can connect it straight into Better Auth.
```ts title="auth.ts"
import { betterAuth } from "better-auth";
import { createPool } from "mysql2/promise";
export const auth = betterAuth({
database: createPool({
host: "localhost",
user: "root",
password: "password",
database: "database",
timezone: "Z", // Important to ensure consistent timezone values
}),
});
```
<Callout>
For more information, read Kysely's documentation to the
[MySQLDialect](https://kysely-org.github.io/kysely-apidoc/classes/MysqlDialect.html).
</Callout>
## Schema generation & migration
The [Better Auth CLI](/docs/concepts/cli) allows you to generate or migrate
your database schema based on your Better Auth configuration and plugins.
<table>
<thead>
<tr className="border-b">
<th>
<p className="font-bold text-[16px] mb-1">MySQL Schema Generation</p>
</th>
<th>
<p className="font-bold text-[16px] mb-1">MySQL Schema Migration</p>
</th>
</tr>
</thead>
<tbody>
<tr className="h-10">
<td>✅ Supported</td>
<td>✅ Supported</td>
</tr>
</tbody>
</table>
```bash title="Schema Generation"
npx @better-auth/cli@latest generate
```
```bash title="Schema Migration"
npx @better-auth/cli@latest migrate
```
## Additional Information
MySQL is supported under the hood via the [Kysely](https://kysely.dev/) adapter, any database supported by Kysely would also be supported. (<Link href="/docs/adapters/other-relational-databases">Read more here</Link>)
If you're looking for performance improvements or tips, take a look at our guide to <Link href="/docs/guides/optimizing-for-performance">performance optimizations</Link>.
```
--------------------------------------------------------------------------------
/packages/cli/test/__snapshots__/auth-schema-pg-enum.txt:
--------------------------------------------------------------------------------
```
import { pgTable, text, timestamp, boolean, pgEnum } from "drizzle-orm/pg-core";
export const user = pgTable("user", {
id: text("id").primaryKey(),
name: text("name").notNull(),
email: text("email").notNull().unique(),
emailVerified: boolean("email_verified").default(false).notNull(),
image: text("image"),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at")
.defaultNow()
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
role: pgEnum("role", ["admin", "user", "guest"]).notNull(),
});
export const session = pgTable("session", {
id: text("id").primaryKey(),
expiresAt: timestamp("expires_at").notNull(),
token: text("token").notNull().unique(),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at")
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
ipAddress: text("ip_address"),
userAgent: text("user_agent"),
userId: text("user_id")
.notNull()
.references(() => user.id, { onDelete: "cascade" }),
});
export const account = pgTable("account", {
id: text("id").primaryKey(),
accountId: text("account_id").notNull(),
providerId: text("provider_id").notNull(),
userId: text("user_id")
.notNull()
.references(() => user.id, { onDelete: "cascade" }),
accessToken: text("access_token"),
refreshToken: text("refresh_token"),
idToken: text("id_token"),
accessTokenExpiresAt: timestamp("access_token_expires_at"),
refreshTokenExpiresAt: timestamp("refresh_token_expires_at"),
scope: text("scope"),
password: text("password"),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at")
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
});
export const verification = pgTable("verification", {
id: text("id").primaryKey(),
identifier: text("identifier").notNull(),
value: text("value").notNull(),
expiresAt: timestamp("expires_at").notNull(),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at")
.defaultNow()
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
});
```
--------------------------------------------------------------------------------
/demo/nextjs/lib/email/reset-password.tsx:
--------------------------------------------------------------------------------
```typescript
import {
Body,
Button,
Container,
Head,
Heading,
Hr,
Html,
Link,
Preview,
Text,
Tailwind,
Section,
} from "@react-email/components";
interface BetterAuthResetPasswordEmailProps {
username?: string;
resetLink?: string;
}
export const ResetPasswordEmail = ({
username,
resetLink,
}: BetterAuthResetPasswordEmailProps) => {
const previewText = `Reset your Better Auth password`;
return (
<Html>
<Head />
<Preview>{previewText}</Preview>
<Tailwind>
<Body className="bg-white my-auto mx-auto font-sans px-2">
<Container className="border border-solid border-[#eaeaea] rounded my-[40px] mx-auto p-[20px] max-w-[465px]">
<Heading className="text-black text-[24px] font-normal text-center p-0 my-[30px] mx-0">
Reset your <strong>Better Auth</strong> password
</Heading>
<Text className="text-black text-[14px] leading-[24px]">
Hello {username},
</Text>
<Text className="text-black text-[14px] leading-[24px]">
We received a request to reset your password for your Better Auth
account. If you didn't make this request, you can safely ignore
this email.
</Text>
<Section className="text-center mt-[32px] mb-[32px]">
<Button
className="bg-[#000000] rounded text-white text-[12px] font-semibold no-underline text-center px-5 py-3"
href={resetLink}
>
Reset Password
</Button>
</Section>
<Text className="text-black text-[14px] leading-[24px]">
Or copy and paste this URL into your browser:{" "}
<Link href={resetLink} className="text-blue-600 no-underline">
{resetLink}
</Link>
</Text>
<Hr className="border border-solid border-[#eaeaea] my-[26px] mx-0 w-full" />
<Text className="text-[#666666] text-[12px] leading-[24px]">
If you didn't request a password reset, please ignore this email
or contact support if you have concerns.
</Text>
</Container>
</Body>
</Tailwind>
</Html>
);
};
export function reactResetPasswordEmail(
props: BetterAuthResetPasswordEmailProps,
) {
console.log(props);
return <ResetPasswordEmail {...props} />;
}
```
--------------------------------------------------------------------------------
/docs/content/changelogs/1.0.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: v1.0
description: Built-in CLI for managing your project.
date: 2021-10-01
---
Version update
Better Auth comes with a built-in CLI to help you manage the database schema needed for both core functionality and plugins.
## Generate
The `generate` command creates the schema required by Better Auth. If you're using a database adapter like Prisma or Drizzle, this command will generate the right schema for your ORM. If you're using the built-in Kysely adapter, it will generate an SQL file you can run directly on your database.
```bash title="Terminal"
npx @better-auth/cli@latest generate
```
### Options
- `--output` - Where to save the generated schema. For Prisma, it will be saved in prisma/schema.prisma. For Drizzle, it goes to schema.ts in your project root. For Kysely, it’s an SQL file saved as schema.sql in your project root.
- `--config` - The path to your Better Auth config file. By default, the CLI will search for a better-auth.ts file in **./**, **./utils**, **./lib**, or any of these directories under `src` directory.
- `--y` - Skip the confirmation prompt and generate the schema directly.
## Migrate
The migrate command applies the Better Auth schema directly to your database. This is available if you’re using the built-in Kysely adapter.
```bash title="Terminal"
npx @better-auth/cli@latest migrate
```
### Options
- `--config` - The path to your Better Auth config file. By default, the CLI will search for a better-auth.ts file in **./**, **./utils**, **./lib**, or any of these directories under `src` directory.
- `--y` - Skip the confirmation prompt and apply the schema directly.
## Common Issues
**Error: Cannot find module X**
If you see this error, it means the CLI can’t resolve imported modules in your Better Auth config file. We're working on a fix for many of these issues, but in the meantime, you can try the following:
- Remove any import aliases in your config file and use relative paths instead. After running the CLI, you can revert to using aliases.
## Secret
The CLI also provides a way to generate a secret key for your Better Auth instance.
```bash title="Terminal"
npx @better-auth/cli@latest secret
```
```
--------------------------------------------------------------------------------
/packages/better-auth/src/types/types.test.ts:
--------------------------------------------------------------------------------
```typescript
import { describe, expectTypeOf } from "vitest";
import { getTestInstance } from "../test-utils/test-instance";
import { organization, twoFactor } from "../plugins";
describe("general types", async (it) => {
it("should infer base session", async () => {
const { auth } = await getTestInstance();
type Session = typeof auth.$Infer.Session;
expectTypeOf<Session>().toEqualTypeOf<{
session: {
id: string;
createdAt: Date;
updatedAt: Date;
userId: string;
expiresAt: Date;
token: string;
ipAddress?: string | null | undefined;
userAgent?: string | null | undefined;
};
user: {
id: string;
createdAt: Date;
updatedAt: Date;
email: string;
emailVerified: boolean;
name: string;
image?: string | null | undefined;
};
}>();
});
it("should infer additional fields from plugins", async () => {
const { auth } = await getTestInstance({
plugins: [twoFactor(), organization()],
});
expectTypeOf<typeof auth.$Infer.Session.user>().toEqualTypeOf<{
id: string;
email: string;
emailVerified: boolean;
name: string;
image?: string | undefined | null;
createdAt: Date;
updatedAt: Date;
twoFactorEnabled: boolean | undefined | null;
}>();
expectTypeOf<typeof auth.$Infer.Session.session>().toEqualTypeOf<{
id: string;
userId: string;
expiresAt: Date;
createdAt: Date;
updatedAt: Date;
token: string;
ipAddress?: string | undefined | null;
userAgent?: string | undefined | null;
activeOrganizationId?: string | undefined | null;
}>();
});
it("should infer the same types for empty plugins and no plugins", async () => {
const { auth: authWithEmptyPlugins } = await getTestInstance({
plugins: [],
secret: "test-secret",
emailAndPassword: {
enabled: true,
},
});
const { auth: authWithoutPlugins } = await getTestInstance({
secret: "test-secret",
emailAndPassword: {
enabled: true,
},
});
type SessionWithEmptyPlugins = typeof authWithEmptyPlugins.$Infer;
type SessionWithoutPlugins = typeof authWithoutPlugins.$Infer;
expectTypeOf<SessionWithEmptyPlugins>().toEqualTypeOf<SessionWithoutPlugins>();
});
});
```
--------------------------------------------------------------------------------
/docs/content/docs/integrations/tanstack.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: TanStack Start Integration
description: Integrate Better Auth with TanStack Start.
---
This integration guide is assuming you are using TanStack Start.
Before you start, make sure you have a Better Auth instance configured. If you haven't done that yet, check out the [installation](/docs/installation).
### Mount the handler
We need to mount the handler to a TanStack API endpoint/Server Route.
Create a new file: `/src/routes/api/auth/$.ts`
```ts title="src/routes/api/auth/$.ts"
import { auth } from '@/lib/auth'
import { createFileRoute } from '@tanstack/react-router'
export const Route = createFileRoute('/api/auth/$')({
server: {
handlers: {
GET: ({ request }) => {
return auth.handler(request)
},
POST: ({ request }) => {
return auth.handler(request)
},
},
},
})
```
If you haven't created your server route handler yet, you can do so by creating a file: `/src/server.ts`
```ts title="src/server.ts"
import {
createStartHandler,
defaultStreamHandler,
} from '@tanstack/react-start/server'
import { createRouter } from './router'
export default createStartHandler({
createRouter,
})(defaultStreamHandler)
```
### Usage tips
- We recommend using the client SDK or `authClient` to handle authentication, rather than server actions with `auth.api`.
- When you call functions that need to set cookies (like `signInEmail` or `signUpEmail`), you'll need to handle cookie setting for TanStack Start. Better Auth provides a `reactStartCookies` plugin to automatically handle this for you.
```ts title="src/lib/auth.ts"
import { betterAuth } from "better-auth";
import { reactStartCookies } from "better-auth/react-start";
export const auth = betterAuth({
//...your config
plugins: [reactStartCookies()] // make sure this is the last plugin in the array
})
```
Now, when you call functions that set cookies, they will be automatically set using TanStack Start's cookie handling system.
```ts
import { auth } from "@/lib/auth"
const signIn = async () => {
await auth.api.signInEmail({
body: {
email: "[email protected]",
password: "password",
}
})
}
```
```
--------------------------------------------------------------------------------
/docs/components/builder/code-tabs/code-editor.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import { useState } from "react";
import { Highlight } from "prism-react-renderer";
import { Check, Copy } from "lucide-react";
import { Button } from "@/components/ui/button";
import theme from "./theme";
interface CodeEditorProps {
code: string;
language: string;
}
export function CodeEditor({ code, language }: CodeEditorProps) {
const [isCopied, setIsCopied] = useState(false);
const copyToClipboard = async () => {
try {
await navigator.clipboard.writeText(code);
setIsCopied(true);
setTimeout(() => setIsCopied(false), 2000);
} catch (err) {
console.error("Failed to copy text: ", err);
}
};
return (
<div className="relative">
<div className="dark:bg-bg-white rounded-md overflow-hidden">
<Highlight theme={theme} code={code} language={language}>
{({ className, style, tokens, getLineProps, getTokenProps }) => (
<div className="overflow-auto max-h-[400px]">
<pre
className={`${className} relative text-sm p-4 w-full min-w-fit rounded-md`}
style={style}
>
{tokens.map((line, i) => {
const lineProps = getLineProps({ line, key: i });
return (
<div
key={i}
className={lineProps.className}
style={lineProps.style}
>
<span className="inline-block w-8 pr-2 text-right mr-4 text-gray-500 select-none sticky left-0 bg-black">
{i + 1}
</span>
{line.map((token, key) => {
const tokenProps = getTokenProps({ token, key });
return (
<span
key={key}
className={tokenProps.className}
style={tokenProps.style}
>
{tokenProps.children}
</span>
);
})}
</div>
);
})}
</pre>
</div>
)}
</Highlight>
<Button
variant="outline"
size="icon"
className="absolute top-2 right-2"
onClick={copyToClipboard}
aria-label="Copy code"
>
{isCopied ? (
<Check className="h-4 w-4" />
) : (
<Copy className="h-4 w-4" />
)}
</Button>
</div>
</div>
);
}
```
--------------------------------------------------------------------------------
/docs/app/api/chat/route.ts:
--------------------------------------------------------------------------------
```typescript
import { ProvideLinksToolSchema } from "@/lib/chat/inkeep-qa-schema";
import { createOpenAICompatible } from "@ai-sdk/openai-compatible";
import { convertToModelMessages, streamText } from "ai";
import {
logConversationToAnalytics,
type InkeepMessage,
} from "@/lib/inkeep-analytics";
export const runtime = "edge";
const openai = createOpenAICompatible({
name: "inkeep",
apiKey: process.env.INKEEP_API_KEY,
baseURL: "https://api.inkeep.com/v1",
});
export async function POST(req: Request) {
const reqJson = await req.json();
const result = streamText({
model: openai("inkeep-qa-sonnet-4"),
tools: {
provideLinks: {
inputSchema: ProvideLinksToolSchema,
},
},
messages: convertToModelMessages(reqJson.messages, {
ignoreIncompleteToolCalls: true,
}),
toolChoice: "auto",
onFinish: async (event) => {
try {
const extractMessageContent = (msg: any): string => {
if (typeof msg.content === "string") {
return msg.content;
}
if (msg.parts && Array.isArray(msg.parts)) {
return msg.parts
.filter((part: any) => part.type === "text")
.map((part: any) => part.text)
.join("");
}
if (msg.text) {
return msg.text;
}
return "";
};
const assistantMessageId =
event.response.id ||
`assistant_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
const inkeepMessages: InkeepMessage[] = [
...reqJson.messages
.map((msg: any) => ({
id:
msg.id ||
`msg_${Date.now()}_${Math.random().toString(36).substring(2, 11)}`,
role: msg.role,
content: extractMessageContent(msg),
}))
.filter((msg: any) => msg.content.trim() !== ""),
{
id: assistantMessageId,
role: "assistant" as const,
content: event.text,
},
];
await logConversationToAnalytics({
type: "openai",
messages: inkeepMessages,
properties: {
source: "better-auth-docs",
timestamp: new Date().toISOString(),
model: "inkeep-qa-sonnet-4",
},
});
} catch (error) {
// Don't fail the request if analytics logging fails
}
},
});
return result.toUIMessageStreamResponse();
}
```
--------------------------------------------------------------------------------
/docs/components/ui/breadcrumb.tsx:
--------------------------------------------------------------------------------
```typescript
import * as React from "react";
import { Slot } from "@radix-ui/react-slot";
import { ChevronRight, MoreHorizontal } from "lucide-react";
import { cn } from "@/lib/utils";
function Breadcrumb({ ...props }: React.ComponentProps<"nav">) {
return <nav aria-label="breadcrumb" data-slot="breadcrumb" {...props} />;
}
function BreadcrumbList({ className, ...props }: React.ComponentProps<"ol">) {
return (
<ol
data-slot="breadcrumb-list"
className={cn(
"text-muted-foreground flex flex-wrap items-center gap-1.5 text-sm break-words sm:gap-2.5",
className,
)}
{...props}
/>
);
}
function BreadcrumbItem({ className, ...props }: React.ComponentProps<"li">) {
return (
<li
data-slot="breadcrumb-item"
className={cn("inline-flex items-center gap-1.5", className)}
{...props}
/>
);
}
function BreadcrumbLink({
asChild,
className,
...props
}: React.ComponentProps<"a"> & {
asChild?: boolean;
}) {
const Comp = asChild ? Slot : "a";
return (
<Comp
data-slot="breadcrumb-link"
className={cn("hover:text-foreground transition-colors", className)}
{...props}
/>
);
}
function BreadcrumbPage({ className, ...props }: React.ComponentProps<"span">) {
return (
<span
data-slot="breadcrumb-page"
role="link"
aria-disabled="true"
aria-current="page"
className={cn("text-foreground font-normal", className)}
{...props}
/>
);
}
function BreadcrumbSeparator({
children,
className,
...props
}: React.ComponentProps<"li">) {
return (
<li
data-slot="breadcrumb-separator"
role="presentation"
aria-hidden="true"
className={cn("[&>svg]:size-3.5", className)}
{...props}
>
{children ?? <ChevronRight />}
</li>
);
}
function BreadcrumbEllipsis({
className,
...props
}: React.ComponentProps<"span">) {
return (
<span
data-slot="breadcrumb-ellipsis"
role="presentation"
aria-hidden="true"
className={cn("flex size-9 items-center justify-center", className)}
{...props}
>
<MoreHorizontal className="size-4" />
<span className="sr-only">More</span>
</span>
);
}
export {
Breadcrumb,
BreadcrumbList,
BreadcrumbItem,
BreadcrumbLink,
BreadcrumbPage,
BreadcrumbSeparator,
BreadcrumbEllipsis,
};
```
--------------------------------------------------------------------------------
/docs/content/docs/integrations/elysia.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Elysia Integration
description: Integrate Better Auth with Elysia.
---
This integration guide is assuming you are using Elysia with bun server.
Before you start, make sure you have a Better Auth instance configured. If you haven't done that yet, check out the [installation](/docs/installation).
### Mount the handler
We need to mount the handler to Elysia endpoint.
```ts
import { Elysia } from "elysia";
import { auth } from "./auth";
const app = new Elysia().mount(auth.handler).listen(3000);
console.log(
`🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`,
);
```
### CORS
To configure cors, you can use the `cors` plugin from `@elysiajs/cors`.
```ts
import { Elysia } from "elysia";
import { cors } from "@elysiajs/cors";
import { auth } from "./auth";
const app = new Elysia()
.use(
cors({
origin: "http://localhost:3001",
methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
credentials: true,
allowedHeaders: ["Content-Type", "Authorization"],
}),
)
.mount(auth.handler)
.listen(3000);
console.log(
`🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`,
);
```
### Macro
You can use [macro](https://elysiajs.com/patterns/macro.html#macro) with [resolve](https://elysiajs.com/essential/handler.html#resolve) to provide session and user information before pass to view.
```ts
import { Elysia } from "elysia";
import { auth } from "./auth";
// user middleware (compute user and session and pass to routes)
const betterAuth = new Elysia({ name: "better-auth" })
.mount(auth.handler)
.macro({
auth: {
async resolve({ status, request: { headers } }) {
const session = await auth.api.getSession({
headers,
});
if (!session) return status(401);
return {
user: session.user,
session: session.session,
};
},
},
});
const app = new Elysia()
.use(betterAuth)
.get("/user", ({ user }) => user, {
auth: true,
})
.listen(3000);
console.log(
`🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`,
);
```
This will allow you to access the `user` and `session` object in all of your routes.
```
--------------------------------------------------------------------------------
/demo/nextjs/app/features.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import React from "react";
import { AnimatePresence, motion } from "framer-motion";
import { Logo } from "@/components/logo";
export function Features() {
return (
<>
<div className="flex flex-col lg:flex-row bg-white dark:bg-black w-full gap-4 mx-auto px-8">
<Card title="Better Auth" icon={<Logo className=" w-44" />}></Card>
</div>
</>
);
}
const Card = ({
title,
icon,
children,
}: {
title: string;
icon: React.ReactNode;
children?: React.ReactNode;
}) => {
const [hovered, setHovered] = React.useState(false);
return (
<div
onMouseEnter={() => setHovered(true)}
onMouseLeave={() => setHovered(false)}
className="border border-black/20 group/canvas-card flex items-center justify-center dark:border-white/20 max-w-sm w-full mx-auto p-4 relative h-72"
>
<Icon className="absolute h-6 w-6 -top-3 -left-3 dark:text-white text-black" />
<Icon className="absolute h-6 w-6 -bottom-3 -left-3 dark:text-white text-black" />
<Icon className="absolute h-6 w-6 -top-3 -right-3 dark:text-white text-black" />
<Icon className="absolute h-6 w-6 -bottom-3 -right-3 dark:text-white text-black" />
<AnimatePresence>
{hovered && (
<motion.div
initial={{ opacity: 0 }}
animate={{ opacity: 1 }}
className="h-full w-full absolute inset-0"
>
{children}
</motion.div>
)}
</AnimatePresence>
<div className="relative z-20">
<div className="text-center group-hover/canvas-card:-translate-y-4 group-hover/canvas-card:opacity-0 transition duration-200 w-full mx-auto flex items-center justify-center">
{icon}
</div>
<h2 className="dark:text-white text-xl opacity-0 group-hover/canvas-card:opacity-100 relative z-10 text-black mt-4 font-bold group-hover/canvas-card:text-white group-hover/canvas-card:-translate-y-2 transition duration-200">
{title}
</h2>
</div>
</div>
);
};
export const Icon = ({ className, ...rest }: any) => {
return (
<svg
xmlns="http://www.w3.org/2000/svg"
fill="none"
viewBox="0 0 24 24"
strokeWidth="1.5"
stroke="currentColor"
className={className}
{...rest}
>
<path strokeLinecap="round" strokeLinejoin="round" d="M12 6v12m6-6H6" />
</svg>
);
};
```
--------------------------------------------------------------------------------
/docs/app/community/page.tsx:
--------------------------------------------------------------------------------
```typescript
import CommunityHeader from "./_components/header";
import Stats from "./_components/stats";
import Section from "@/components/landing/section";
type NpmPackageResp = {
downloads: number;
start: string;
end: string;
package: string;
};
async function getNPMPackageDownloads() {
const res = await fetch(
`https://api.npmjs.org/downloads/point/last-year/better-auth`,
{
next: { revalidate: 60 },
},
);
const npmStat: NpmPackageResp = await res.json();
return npmStat;
}
async function getGitHubStars() {
try {
const response = await fetch(
"https://api.github.com/repos/better-auth/better-auth",
{
next: {
revalidate: 60,
},
},
);
const json = await response.json();
const stars = Number(json.stargazers_count);
return stars;
} catch {
return 0;
}
}
export default async function CommunityPage() {
const npmDownloads = await getNPMPackageDownloads();
const githubStars = await getGitHubStars();
return (
<Section
id="hero"
className="relative md:px-[3.4rem] md:pl-[3.9rem] md:max-w-7xl md:mx-auto overflow-hidden"
crosses={false}
crossesOffset=""
customPaddings
>
<div className="min-h-screen w-full bg-transparent">
<div className="overflow-hidden flex flex-col w-full bg-transparent/10 relative">
<div className="h-[38vh]">
<CommunityHeader />
</div>
<div className="relative py-0">
<div className="absolute inset-0 z-0">
<div className="grid grid-cols-12 h-full">
{Array(12)
.fill(null)
.map((_, i) => (
<div
key={i}
className="border-l border-dashed border-stone-100 dark:border-white/10 h-full"
/>
))}
</div>
<div className="grid grid-rows-12 w-full absolute top-0">
{Array(12)
.fill(null)
.map((_, i) => (
<div
key={i}
className="border-t border-dashed border-stone-100 dark:border-stone-900/60 w-full"
/>
))}
</div>
</div>
</div>
<div className="w-full md:mx-auto overflow-hidden">
<Stats
npmDownloads={npmDownloads.downloads}
githubStars={githubStars}
/>
</div>
</div>
</div>
</Section>
);
}
```
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
```yaml
name: Release
on:
push:
tags:
- 'v*'
permissions:
contents: write
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 22.x
- run: npx changelogithub
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 22.x
registry-url: 'https://registry.npmjs.org'
- run: pnpm install
- name: Build
run: pnpm build
- name: Determine npm tag
id: determine_npm_tag
shell: bash
run: |
TAG="${GITHUB_REF#refs/tags/}"
if [[ "$TAG" =~ -(next|canary|beta|rc) ]]; then
# Extract pre-release tag (e.g., beta, rc)
NPM_TAG=${BASH_REMATCH[1]}
else
# Check if the commit is on the main branch or a version branch
git fetch origin main
CURRENT_BRANCH=$(git branch -r --contains "$GITHUB_SHA" | grep -E 'origin/(main|v[0-9]+\.[0-9]+\.x-latest)' | head -1 | sed 's/.*origin\///')
if [[ "$CURRENT_BRANCH" == "main" ]]; then
NPM_TAG="latest"
elif [[ "$CURRENT_BRANCH" =~ ^v[0-9]+\.[0-9]+\.x-latest$ ]]; then
# For version branches like v1.3.x-latest, v1.4.x-latest, use "latest" tag
NPM_TAG="latest"
else
echo "The tagged commit is not on the main branch or a version branch (v*.*.x-latest)."
echo "::error ::Releases with the 'latest' npm tag must be on the main branch or a version branch."
exit 1
fi
fi
echo "npm_tag=$NPM_TAG" >> $GITHUB_OUTPUT
echo "Using npm tag: $NPM_TAG"
- name: Publish to npm
run: pnpm -r publish --access public --no-git-checks --tag ${{ steps.determine_npm_tag.outputs.npm_tag }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
```
--------------------------------------------------------------------------------
/demo/nextjs/components/sign-in-btn.tsx:
--------------------------------------------------------------------------------
```typescript
import Link from "next/link";
import { Button } from "./ui/button";
import { auth } from "@/lib/auth";
import { headers } from "next/headers";
export async function SignInButton() {
const session = await auth.api.getSession({
headers: await headers(),
});
return (
<Link
href={session?.session ? "/dashboard" : "/sign-in"}
className="flex justify-center"
>
<Button className="gap-2 justify-between" variant="default">
{!session?.session ? (
<svg
xmlns="http://www.w3.org/2000/svg"
width="1.2em"
height="1.2em"
viewBox="0 0 24 24"
>
<path
fill="currentColor"
d="M5 3H3v4h2V5h14v14H5v-2H3v4h18V3zm12 8h-2V9h-2V7h-2v2h2v2H3v2h10v2h-2v2h2v-2h2v-2h2z"
></path>
</svg>
) : (
<svg
xmlns="http://www.w3.org/2000/svg"
width="1.2em"
height="1.2em"
viewBox="0 0 24 24"
>
<path fill="currentColor" d="M2 3h20v18H2zm18 16V7H4v12z"></path>
</svg>
)}
<span>{session?.session ? "Dashboard" : "Sign In"}</span>
</Button>
</Link>
);
}
function checkOptimisticSession(headers: Headers) {
const guessIsSignIn =
headers.get("cookie")?.includes("better-auth.session") ||
headers.get("cookie")?.includes("__Secure-better-auth.session-token");
return !!guessIsSignIn;
}
export async function SignInFallback() {
//to avoid flash of unauthenticated state
const guessIsSignIn = checkOptimisticSession(await headers());
return (
<Link
href={guessIsSignIn ? "/dashboard" : "/sign-in"}
className="flex justify-center"
>
<Button className="gap-2 justify-between" variant="default">
{!guessIsSignIn ? (
<svg
xmlns="http://www.w3.org/2000/svg"
width="1.2em"
height="1.2em"
viewBox="0 0 24 24"
>
<path
fill="currentColor"
d="M5 3H3v4h2V5h14v14H5v-2H3v4h18V3zm12 8h-2V9h-2V7h-2v2h2v2H3v2h10v2h-2v2h2v-2h2v-2h2z"
></path>
</svg>
) : (
<svg
xmlns="http://www.w3.org/2000/svg"
width="1.2em"
height="1.2em"
viewBox="0 0 24 24"
>
<path fill="currentColor" d="M2 3h20v18H2zm18 16V7H4v12z"></path>
</svg>
)}
<span>{guessIsSignIn ? "Dashboard" : "Sign In"}</span>
</Button>
</Link>
);
}
```
--------------------------------------------------------------------------------
/docs/content/docs/authentication/zoom.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Zoom
description: Zoom provider setup and usage.
---
<Steps>
<Step>
### Create a Zoom App from Marketplace
1. Visit [Zoom Marketplace](https://marketplace.zoom.us).
1. Hover on the `Develop` button and select `Build App`
1. Select `General App` and click `Create`
</Step>
<Step>
### Configure your Zoom App
Ensure that you are in the `Basic Information` of your app settings.
1. Under `Select how the app is managed`, choose `User-managed`
1. Under `App Credentials`, copy your `Client ID` and `Client Secret` and store them in a safe location
1. Under `OAuth Information` -> `OAuth Redirect URL`, add your Callback URL. For example,
```
http://localhost:3000/api/auth/callback/zoom
```
<Callout>
For production, you should set it to the URL of your application. If you change the base
path of the auth routes, you should update the redirect URL accordingly.
</Callout>
Skip to the `Scopes` section, then
1. Click the `Add Scopes` button
1. Search for `user:read:user` (View a user) and select it
1. Add any other scopes your applications needs and click `Done`
</Step>
<Step>
### Configure the provider
To configure the provider, you need to import the provider and pass it to the `socialProviders` option of the auth instance.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
socialProviders: {
zoom: { // [!code highlight]
clientId: process.env.ZOOM_CLIENT_ID as string, // [!code highlight]
clientSecret: process.env.ZOOM_CLIENT_SECRET as string, // [!code highlight]
}, // [!code highlight]
},
})
```
</Step>
<Step>
### Sign In with Zoom
To sign in with Zoom, you can use the `signIn.social` function provided by the client.
You will need to specify `zoom` as the provider.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/client"
const authClient = createAuthClient()
const signIn = async () => {
const data = await authClient.signIn.social({
provider: "zoom"
})
}
```
</Step>
</Steps>
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/api-key/rate-limit.ts:
--------------------------------------------------------------------------------
```typescript
import { ERROR_CODES } from ".";
import type { PredefinedApiKeyOptions } from "./routes";
import type { ApiKey } from "./types";
interface RateLimitResult {
success: boolean;
message: string | null;
tryAgainIn: number | null;
update: Partial<ApiKey> | null;
}
/**
* Determines if a request is allowed based on rate limiting parameters.
*
* @returns An object indicating whether the request is allowed and, if not,
* a message and updated ApiKey data.
*/
export function isRateLimited(
/**
* The ApiKey object containing rate limiting information
*/
apiKey: ApiKey,
opts: PredefinedApiKeyOptions,
): RateLimitResult {
const now = new Date();
const lastRequest = apiKey.lastRequest;
const rateLimitTimeWindow = apiKey.rateLimitTimeWindow;
const rateLimitMax = apiKey.rateLimitMax;
let requestCount = apiKey.requestCount;
if (opts.rateLimit.enabled === false)
return {
success: true,
message: null,
update: { lastRequest: now },
tryAgainIn: null,
};
if (apiKey.rateLimitEnabled === false)
return {
success: true,
message: null,
update: { lastRequest: now },
tryAgainIn: null,
};
if (rateLimitTimeWindow === null || rateLimitMax === null) {
// Rate limiting is disabled.
return {
success: true,
message: null,
update: null,
tryAgainIn: null,
};
}
if (lastRequest === null) {
// No previous requests, so allow the first one.
return {
success: true,
message: null,
update: { lastRequest: now, requestCount: 1 },
tryAgainIn: null,
};
}
const timeSinceLastRequest = now.getTime() - new Date(lastRequest).getTime();
if (timeSinceLastRequest > rateLimitTimeWindow) {
// Time window has passed, reset the request count.
return {
success: true,
message: null,
update: { lastRequest: now, requestCount: 1 },
tryAgainIn: null,
};
}
if (requestCount >= rateLimitMax) {
// Rate limit exceeded.
return {
success: false,
message: ERROR_CODES.RATE_LIMIT_EXCEEDED,
update: null,
tryAgainIn: Math.ceil(rateLimitTimeWindow - timeSinceLastRequest),
};
}
// Request is allowed.
requestCount++;
return {
success: true,
message: null,
tryAgainIn: null,
update: { lastRequest: now, requestCount: requestCount },
};
}
```
--------------------------------------------------------------------------------
/packages/core/src/oauth2/create-authorization-url.ts:
--------------------------------------------------------------------------------
```typescript
import type { ProviderOptions } from "./index";
import { generateCodeChallenge } from "./utils";
export async function createAuthorizationURL({
id,
options,
authorizationEndpoint,
state,
codeVerifier,
scopes,
claims,
redirectURI,
duration,
prompt,
accessType,
responseType,
display,
loginHint,
hd,
responseMode,
additionalParams,
scopeJoiner,
}: {
id: string;
options: ProviderOptions;
redirectURI: string;
authorizationEndpoint: string;
state: string;
codeVerifier?: string;
scopes: string[];
claims?: string[];
duration?: string;
prompt?: string;
accessType?: string;
responseType?: string;
display?: string;
loginHint?: string;
hd?: string;
responseMode?: string;
additionalParams?: Record<string, string>;
scopeJoiner?: string;
}) {
const url = new URL(authorizationEndpoint);
url.searchParams.set("response_type", responseType || "code");
const primaryClientId = Array.isArray(options.clientId)
? options.clientId[0]
: options.clientId;
url.searchParams.set("client_id", primaryClientId);
url.searchParams.set("state", state);
url.searchParams.set("scope", scopes.join(scopeJoiner || " "));
url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
duration && url.searchParams.set("duration", duration);
display && url.searchParams.set("display", display);
loginHint && url.searchParams.set("login_hint", loginHint);
prompt && url.searchParams.set("prompt", prompt);
hd && url.searchParams.set("hd", hd);
accessType && url.searchParams.set("access_type", accessType);
responseMode && url.searchParams.set("response_mode", responseMode);
if (codeVerifier) {
const codeChallenge = await generateCodeChallenge(codeVerifier);
url.searchParams.set("code_challenge_method", "S256");
url.searchParams.set("code_challenge", codeChallenge);
}
if (claims) {
const claimsObj = claims.reduce(
(acc, claim) => {
acc[claim] = null;
return acc;
},
{} as Record<string, null>,
);
url.searchParams.set(
"claims",
JSON.stringify({
id_token: { email: null, email_verified: null, ...claimsObj },
}),
);
}
if (additionalParams) {
Object.entries(additionalParams).forEach(([key, value]) => {
url.searchParams.set(key, value);
});
}
return url;
}
```
--------------------------------------------------------------------------------
/demo/nextjs/components/ui/table.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import * as React from "react";
import { cn } from "@/lib/utils";
function Table({ className, ...props }: React.ComponentProps<"table">) {
return (
<div
data-slot="table-container"
className="relative w-full overflow-x-auto"
>
<table
data-slot="table"
className={cn("w-full caption-bottom text-sm", className)}
{...props}
/>
</div>
);
}
function TableHeader({ className, ...props }: React.ComponentProps<"thead">) {
return (
<thead
data-slot="table-header"
className={cn("[&_tr]:border-b", className)}
{...props}
/>
);
}
function TableBody({ className, ...props }: React.ComponentProps<"tbody">) {
return (
<tbody
data-slot="table-body"
className={cn("[&_tr:last-child]:border-0", className)}
{...props}
/>
);
}
function TableFooter({ className, ...props }: React.ComponentProps<"tfoot">) {
return (
<tfoot
data-slot="table-footer"
className={cn(
"bg-muted/50 border-t font-medium [&>tr]:last:border-b-0",
className,
)}
{...props}
/>
);
}
function TableRow({ className, ...props }: React.ComponentProps<"tr">) {
return (
<tr
data-slot="table-row"
className={cn(
"hover:bg-muted/50 data-[state=selected]:bg-muted border-b transition-colors",
className,
)}
{...props}
/>
);
}
function TableHead({ className, ...props }: React.ComponentProps<"th">) {
return (
<th
data-slot="table-head"
className={cn(
"text-muted-foreground h-10 px-2 text-left align-middle font-medium whitespace-nowrap [&:has([role=checkbox])]:pr-0 [&>[role=checkbox]]:translate-y-[2px]",
className,
)}
{...props}
/>
);
}
function TableCell({ className, ...props }: React.ComponentProps<"td">) {
return (
<td
data-slot="table-cell"
className={cn(
"p-2 align-middle whitespace-nowrap [&:has([role=checkbox])]:pr-0 [&>[role=checkbox]]:translate-y-[2px]",
className,
)}
{...props}
/>
);
}
function TableCaption({
className,
...props
}: React.ComponentProps<"caption">) {
return (
<caption
data-slot="table-caption"
className={cn("text-muted-foreground mt-4 text-sm", className)}
{...props}
/>
);
}
export {
Table,
TableHeader,
TableBody,
TableFooter,
TableHead,
TableRow,
TableCell,
TableCaption,
};
```
--------------------------------------------------------------------------------
/docs/components/ui/table.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import * as React from "react";
import { cn } from "@/lib/utils";
function Table({ className, ...props }: React.ComponentProps<"table">) {
return (
<div
data-slot="table-container"
className="relative w-full overflow-x-auto"
>
<table
data-slot="table"
className={cn("w-full caption-bottom text-sm", className)}
{...props}
/>
</div>
);
}
function TableHeader({ className, ...props }: React.ComponentProps<"thead">) {
return (
<thead
data-slot="table-header"
className={cn("[&_tr]:border-b", className)}
{...props}
/>
);
}
function TableBody({ className, ...props }: React.ComponentProps<"tbody">) {
return (
<tbody
data-slot="table-body"
className={cn("[&_tr:last-child]:border-0", className)}
{...props}
/>
);
}
function TableFooter({ className, ...props }: React.ComponentProps<"tfoot">) {
return (
<tfoot
data-slot="table-footer"
className={cn(
"bg-muted/50 border-t font-medium [&>tr]:last:border-b-0",
className,
)}
{...props}
/>
);
}
function TableRow({ className, ...props }: React.ComponentProps<"tr">) {
return (
<tr
data-slot="table-row"
className={cn(
"hover:bg-muted/50 data-[state=selected]:bg-muted border-b transition-colors",
className,
)}
{...props}
/>
);
}
function TableHead({ className, ...props }: React.ComponentProps<"th">) {
return (
<th
data-slot="table-head"
className={cn(
"text-muted-foreground h-10 px-2 text-left align-middle font-medium whitespace-nowrap [&:has([role=checkbox])]:pr-0 [&>[role=checkbox]]:translate-y-[2px]",
className,
)}
{...props}
/>
);
}
function TableCell({ className, ...props }: React.ComponentProps<"td">) {
return (
<td
data-slot="table-cell"
className={cn(
"p-2 align-middle whitespace-nowrap [&:has([role=checkbox])]:pr-0 [&>[role=checkbox]]:translate-y-[2px]",
className,
)}
{...props}
/>
);
}
function TableCaption({
className,
...props
}: React.ComponentProps<"caption">) {
return (
<caption
data-slot="table-caption"
className={cn("text-muted-foreground mt-4 text-sm", className)}
{...props}
/>
);
}
export {
Table,
TableHeader,
TableBody,
TableFooter,
TableHead,
TableRow,
TableCell,
TableCaption,
};
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/access/access.ts:
--------------------------------------------------------------------------------
```typescript
import { BetterAuthError } from "@better-auth/core/error";
import type { Statements, Subset } from "./types";
export type AuthorizeResponse =
| { success: false; error: string }
| { success: true; error?: never };
export function role<TStatements extends Statements>(statements: TStatements) {
return {
authorize<K extends keyof TStatements>(
request: {
[key in K]?:
| TStatements[key]
| {
actions: TStatements[key];
connector: "OR" | "AND";
};
},
connector: "OR" | "AND" = "AND",
): AuthorizeResponse {
let success = false;
for (const [requestedResource, requestedActions] of Object.entries(
request,
)) {
const allowedActions = statements[requestedResource];
if (!allowedActions) {
return {
success: false,
error: `You are not allowed to access resource: ${requestedResource}`,
};
}
if (Array.isArray(requestedActions)) {
success = (requestedActions as string[]).every((requestedAction) =>
allowedActions.includes(requestedAction),
);
} else {
if (typeof requestedActions === "object") {
const actions = requestedActions as {
actions: string[];
connector: "OR" | "AND";
};
if (actions.connector === "OR") {
success = actions.actions.some((requestedAction) =>
allowedActions.includes(requestedAction),
);
} else {
success = actions.actions.every((requestedAction) =>
allowedActions.includes(requestedAction),
);
}
} else {
throw new BetterAuthError("Invalid access control request");
}
}
if (success && connector === "OR") {
return { success };
}
if (!success && connector === "AND") {
return {
success: false,
error: `unauthorized to access resource "${requestedResource}"`,
};
}
}
if (success) {
return {
success,
};
}
return {
success: false,
error: "Not authorized",
};
},
statements,
};
}
export function createAccessControl<const TStatements extends Statements>(
s: TStatements,
) {
return {
newRole<K extends keyof TStatements>(statements: Subset<K, TStatements>) {
return role<Subset<K, TStatements>>(statements);
},
statements: s,
};
}
```
--------------------------------------------------------------------------------
/packages/better-auth/src/adapters/drizzle-adapter/test/adapter.drizzle.mysql.test.ts:
--------------------------------------------------------------------------------
```typescript
import { drizzleAdapter } from "../drizzle-adapter";
import { testAdapter } from "../../test-adapter";
import {
authFlowTestSuite,
normalTestSuite,
numberIdTestSuite,
performanceTestSuite,
transactionsTestSuite,
} from "../../tests";
import { drizzle } from "drizzle-orm/mysql2";
import { generateDrizzleSchema, resetGenerationCount } from "./generate-schema";
import { createPool } from "mysql2/promise";
import { assert } from "vitest";
import { execSync } from "child_process";
const mysqlDB = createPool({
uri: "mysql://user:password@localhost:3306",
timezone: "Z",
});
const { execute } = await testAdapter({
adapter: async (options) => {
const { schema } = await generateDrizzleSchema(mysqlDB, options, "mysql");
return drizzleAdapter(drizzle(mysqlDB), {
debugLogs: { isRunningAdapterTests: true },
schema,
provider: "mysql",
});
},
async runMigrations(betterAuthOptions) {
await mysqlDB.query("DROP DATABASE IF EXISTS better_auth");
await mysqlDB.query("CREATE DATABASE better_auth");
await mysqlDB.query("USE better_auth");
const { fileName } = await generateDrizzleSchema(
mysqlDB,
betterAuthOptions,
"mysql",
);
const command = `npx drizzle-kit push --dialect=mysql --schema=${fileName}.ts --url=mysql://user:password@localhost:3306/better_auth`;
console.log(`Running: ${command}`);
console.log(`Options:`, betterAuthOptions);
try {
// wait for the above console.log to be printed
await new Promise((resolve) => setTimeout(resolve, 10));
execSync(command, {
cwd: import.meta.dirname,
stdio: "inherit",
});
} catch (error) {
console.error("Failed to push drizzle schema (mysql):", error);
throw error;
}
// ensure migrations were run successfully
const [tables_result] = (await mysqlDB.query("SHOW TABLES")) as unknown as [
{ Tables_in_better_auth: string }[],
];
const tables = tables_result.map((table) => table.Tables_in_better_auth);
assert(tables.length > 0, "No tables found");
},
prefixTests: "mysql",
tests: [
normalTestSuite(),
transactionsTestSuite({ disableTests: { ALL: true } }),
authFlowTestSuite(),
numberIdTestSuite(),
performanceTestSuite({ dialect: "mysql" }),
],
async onFinish() {
await mysqlDB.end();
resetGenerationCount();
},
});
execute();
```
--------------------------------------------------------------------------------
/packages/core/src/social-providers/spotify.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
import type { OAuthProvider, ProviderOptions } from "../oauth2";
import {
createAuthorizationURL,
validateAuthorizationCode,
refreshAccessToken,
} from "../oauth2";
export interface SpotifyProfile {
id: string;
display_name: string;
email: string;
images: {
url: string;
}[];
}
export interface SpotifyOptions extends ProviderOptions<SpotifyProfile> {
clientId: string;
}
export const spotify = (options: SpotifyOptions) => {
return {
id: "spotify",
name: "Spotify",
createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
const _scopes = options.disableDefaultScope ? [] : ["user-read-email"];
options.scope && _scopes.push(...options.scope);
scopes && _scopes.push(...scopes);
return createAuthorizationURL({
id: "spotify",
options,
authorizationEndpoint: "https://accounts.spotify.com/authorize",
scopes: _scopes,
state,
codeVerifier,
redirectURI,
});
},
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
return validateAuthorizationCode({
code,
codeVerifier,
redirectURI,
options,
tokenEndpoint: "https://accounts.spotify.com/api/token",
});
},
refreshAccessToken: options.refreshAccessToken
? options.refreshAccessToken
: async (refreshToken) => {
return refreshAccessToken({
refreshToken,
options: {
clientId: options.clientId,
clientKey: options.clientKey,
clientSecret: options.clientSecret,
},
tokenEndpoint: "https://accounts.spotify.com/api/token",
});
},
async getUserInfo(token) {
if (options.getUserInfo) {
return options.getUserInfo(token);
}
const { data: profile, error } = await betterFetch<SpotifyProfile>(
"https://api.spotify.com/v1/me",
{
method: "GET",
headers: {
Authorization: `Bearer ${token.accessToken}`,
},
},
);
if (error) {
return null;
}
const userMap = await options.mapProfileToUser?.(profile);
return {
user: {
id: profile.id,
name: profile.display_name,
email: profile.email,
image: profile.images[0]?.url,
emailVerified: false,
...userMap,
},
data: profile,
};
},
options,
} satisfies OAuthProvider<SpotifyProfile>;
};
```
--------------------------------------------------------------------------------
/docs/app/page.tsx:
--------------------------------------------------------------------------------
```typescript
import Section from "@/components/landing/section";
import Hero from "@/components/landing/hero";
import Features from "@/components/features";
import Link from "next/link";
async function getGitHubStars() {
try {
const response = await fetch(
"https://api.github.com/repos/better-auth/better-auth",
{
next: {
revalidate: 60,
},
},
);
if (!response?.ok) {
return null;
}
const json = await response.json();
const stars = parseInt(json.stargazers_count).toLocaleString();
return stars;
} catch {
return null;
}
}
export default async function HomePage() {
const stars = await getGitHubStars();
return (
<main className="h-min mx-auto overflow-x-hidden">
<div className="w-full bg-gradient-to-br from-zinc-50 to-zinc-100 dark:from-zinc-950 dark:via-black dark:to-zinc-950 border-b border-dashed border-zinc-200 dark:border-zinc-800">
<div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
<div className="w-full h-full">
<div className="flex flex-col md:flex-row items-center justify-center h-12">
<span className="font-medium flex gap-2 text-sm text-zinc-700 dark:text-zinc-300">
<span className=" text-zinc-900 dark:text-white/90 hover:text-zinc-950 text-xs md:text-sm dark:hover:text-zinc-100 transition-colors">
Introducing{" "}
<span className="font-semibold">
Better Auth Infrastructure
</span>
</span>
<span className=" text-zinc-400 hidden md:block">|</span>
<Link
href="https://better-auth.build"
className="font-semibold text-blue-600 dark:text-blue-400 hover:text-blue-700 hidden dark:hover:text-blue-300 transition-colors md:block"
>
Join the waitlist →
</Link>
</span>
<Link
href="https://better-auth.build"
className="font-semibold text-blue-600 dark:text-blue-400 hover:text-blue-700 text-xs dark:hover:text-blue-300 transition-colors md:hidden"
>
Join the waitlist →
</Link>
</div>
</div>
</div>
</div>
<Section
className="mb-1 overflow-y-clip"
crosses
crossesOffset="lg:translate-y-[5.25rem]"
customPaddings
id="hero"
>
<Hero />
<Features stars={stars} />
<hr className="h-px bg-gray-200" />
</Section>
</main>
);
}
```
--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
```yaml
version: '3.8'
services:
mongodb:
image: mongo:latest
container_name: mongodb
ports:
- "27017:27017"
volumes:
- mongodb_data:/data/db
# drizzle
postgres:
image: postgres:latest
container_name: postgres
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: better_auth
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
postgres-kysely:
image: postgres:latest
container_name: postgres-kysely
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: better_auth
ports:
- "5433:5432"
volumes:
- postgres-kysely_data:/var/lib/postgresql/data
postgres-prisma:
image: postgres:latest
container_name: postgres-prisma
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: better_auth
ports:
- "5434:5432"
volumes:
- postgres-prisma_data:/var/lib/postgresql/data
# Drizzle tests
mysql:
image: mysql:latest
container_name: mysql
environment:
MYSQL_ROOT_PASSWORD: root_password
MYSQL_DATABASE: better_auth
MYSQL_USER: user
MYSQL_PASSWORD: password
ports:
- "3306:3306"
volumes:
- mysql_data:/var/lib/mysql
mysql-kysely:
image: mysql:latest
container_name: mysql-kysely
environment:
MYSQL_ROOT_PASSWORD: root_password
MYSQL_DATABASE: better_auth
MYSQL_USER: user
MYSQL_PASSWORD: password
ports:
- "3307:3306"
volumes:
- mysql-kysely_data:/var/lib/mysql
mysql-prisma:
image: mysql:latest
container_name: mysql-prisma
environment:
MYSQL_ROOT_PASSWORD: root_password
MYSQL_DATABASE: better_auth
MYSQL_USER: user
MYSQL_PASSWORD: password
ports:
- "3308:3306"
volumes:
- mysql-prisma_data:/var/lib/mysql
mssql:
image: mcr.microsoft.com/mssql/server:latest
container_name: mssql
environment:
SA_PASSWORD: "Password123!"
ACCEPT_EULA: "Y"
ports:
- "1433:1433"
volumes:
- mssql_data:/var/opt/mssql
volumes:
mongodb_data:
postgres_data:
postgres-kysely_data:
postgres-prisma_data:
mysql_data:
mssql_data:
mysql-kysely_data:
mysql-prisma_data:
```
--------------------------------------------------------------------------------
/packages/telemetry/src/utils/package-json.ts:
--------------------------------------------------------------------------------
```typescript
import type { PackageJson } from "type-fest";
let packageJSONCache: PackageJson | undefined;
async function readRootPackageJson() {
if (packageJSONCache) return packageJSONCache;
try {
const cwd =
typeof process !== "undefined" && typeof process.cwd === "function"
? process.cwd()
: "";
if (!cwd) return undefined;
// Lazily import Node built-ins only when available (Node/Bun/Deno) and
// avoid static analyzer/bundler resolution by obfuscating module names
const importRuntime = (m: string) =>
(Function("mm", "return import(mm)") as any)(m);
const [{ default: fs }, { default: path }] = await Promise.all([
importRuntime("fs/promises"),
importRuntime("path"),
]);
const raw = await fs.readFile(path.join(cwd, "package.json"), "utf-8");
packageJSONCache = JSON.parse(raw);
return packageJSONCache as PackageJson;
} catch {}
return undefined;
}
export async function getPackageVersion(pkg: string) {
if (packageJSONCache) {
return (packageJSONCache.dependencies?.[pkg] ||
packageJSONCache.devDependencies?.[pkg] ||
packageJSONCache.peerDependencies?.[pkg]) as string | undefined;
}
try {
const cwd =
typeof process !== "undefined" && typeof process.cwd === "function"
? process.cwd()
: "";
if (!cwd) throw new Error("no-cwd");
const importRuntime = (m: string) =>
(Function("mm", "return import(mm)") as any)(m);
const [{ default: fs }, { default: path }] = await Promise.all([
importRuntime("fs/promises"),
importRuntime("path"),
]);
const pkgJsonPath = path.join(cwd, "node_modules", pkg, "package.json");
const raw = await fs.readFile(pkgJsonPath, "utf-8");
const json = JSON.parse(raw);
const resolved =
(json.version as string) ||
(await getVersionFromLocalPackageJson(pkg)) ||
undefined;
return resolved;
} catch {}
const fromRoot = await getVersionFromLocalPackageJson(pkg);
return fromRoot;
}
async function getVersionFromLocalPackageJson(pkg: string) {
const json = await readRootPackageJson();
if (!json) return undefined;
const allDeps = {
...json.dependencies,
...json.devDependencies,
...json.peerDependencies,
} as Record<string, string | undefined>;
return allDeps[pkg];
}
export async function getNameFromLocalPackageJson() {
const json = await readRootPackageJson();
return json?.name as string | undefined;
}
```
--------------------------------------------------------------------------------
/packages/better-auth/src/client/vanilla.ts:
--------------------------------------------------------------------------------
```typescript
import { getClientConfig } from "./config";
import { capitalizeFirstLetter } from "../utils/misc";
import type {
InferActions,
InferClientAPI,
InferErrorCodes,
IsSignal,
} from "./types";
import type {
BetterAuthClientPlugin,
BetterAuthClientOptions,
} from "@better-auth/core";
import { createDynamicPathProxy } from "./proxy";
import type { PrettifyDeep, UnionToIntersection } from "../types/helper";
import type { Atom } from "nanostores";
import type {
BetterFetchError,
BetterFetchResponse,
} from "@better-fetch/fetch";
import type { BASE_ERROR_CODES } from "@better-auth/core/error";
type InferResolvedHooks<O extends BetterAuthClientOptions> = O extends {
plugins: Array<infer Plugin>;
}
? UnionToIntersection<
Plugin extends BetterAuthClientPlugin
? Plugin["getAtoms"] extends (fetch: any) => infer Atoms
? Atoms extends Record<string, any>
? {
[key in keyof Atoms as IsSignal<key> extends true
? never
: key extends string
? `use${Capitalize<key>}`
: never]: Atoms[key];
}
: {}
: {}
: {}
>
: {};
export function createAuthClient<Option extends BetterAuthClientOptions>(
options?: Option,
) {
const {
pluginPathMethods,
pluginsActions,
pluginsAtoms,
$fetch,
atomListeners,
$store,
} = getClientConfig(options);
let resolvedHooks: Record<string, any> = {};
for (const [key, value] of Object.entries(pluginsAtoms)) {
resolvedHooks[`use${capitalizeFirstLetter(key)}`] = value;
}
const routes = {
...pluginsActions,
...resolvedHooks,
$fetch,
$store,
};
const proxy = createDynamicPathProxy(
routes,
$fetch,
pluginPathMethods,
pluginsAtoms,
atomListeners,
);
type ClientAPI = InferClientAPI<Option>;
type Session = ClientAPI extends {
getSession: () => Promise<infer Res>;
}
? Res extends BetterFetchResponse<infer S>
? S
: Res extends Record<string, any>
? Res
: never
: never;
return proxy as UnionToIntersection<InferResolvedHooks<Option>> &
ClientAPI &
InferActions<Option> & {
useSession: Atom<{
data: Session;
error: BetterFetchError | null;
isPending: boolean;
}>;
$fetch: typeof $fetch;
$store: typeof $store;
$Infer: {
Session: NonNullable<Session>;
};
$ERROR_CODES: PrettifyDeep<
InferErrorCodes<Option> & typeof BASE_ERROR_CODES
>;
};
}
```
--------------------------------------------------------------------------------
/packages/core/src/oauth2/client-credentials-token.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
import { base64Url } from "@better-auth/utils/base64";
import type { OAuth2Tokens, ProviderOptions } from "./oauth-provider";
export function createClientCredentialsTokenRequest({
options,
scope,
authentication,
resource,
}: {
options: ProviderOptions & { clientSecret: string };
scope?: string;
authentication?: "basic" | "post";
resource?: string | string[];
}) {
const body = new URLSearchParams();
const headers: Record<string, any> = {
"content-type": "application/x-www-form-urlencoded",
accept: "application/json",
};
body.set("grant_type", "client_credentials");
scope && body.set("scope", scope);
if (resource) {
if (typeof resource === "string") {
body.append("resource", resource);
} else {
for (const _resource of resource) {
body.append("resource", _resource);
}
}
}
if (authentication === "basic") {
const primaryClientId = Array.isArray(options.clientId)
? options.clientId[0]
: options.clientId;
const encodedCredentials = base64Url.encode(
`${primaryClientId}:${options.clientSecret}`,
);
headers["authorization"] = `Basic ${encodedCredentials}`;
} else {
const primaryClientId = Array.isArray(options.clientId)
? options.clientId[0]
: options.clientId;
body.set("client_id", primaryClientId);
body.set("client_secret", options.clientSecret);
}
return {
body,
headers,
};
}
export async function clientCredentialsToken({
options,
tokenEndpoint,
scope,
authentication,
resource,
}: {
options: ProviderOptions & { clientSecret: string };
tokenEndpoint: string;
scope: string;
authentication?: "basic" | "post";
resource?: string | string[];
}): Promise<OAuth2Tokens> {
const { body, headers } = createClientCredentialsTokenRequest({
options,
scope,
authentication,
resource,
});
const { data, error } = await betterFetch<{
access_token: string;
expires_in?: number;
token_type?: string;
scope?: string;
}>(tokenEndpoint, {
method: "POST",
body,
headers,
});
if (error) {
throw error;
}
const tokens: OAuth2Tokens = {
accessToken: data.access_token,
tokenType: data.token_type,
scopes: data.scope?.split(" "),
};
if (data.expires_in) {
const now = new Date();
tokens.accessTokenExpiresAt = new Date(
now.getTime() + data.expires_in * 1000,
);
}
return tokens;
}
```