releases.shpreview
Better Auth/better-auth/v1.7.0-beta.3

v1.7.0-beta.3

May 9, 2026better-authView original ↗
$npx @buildinternet/releases get rel_1dO34bzK1ToGu75h20YnT

better-auth

Features

  • Made the Auth instance directly fetchable (#9431)
  • Added hydrateSession to seed the client with a server-fetched session so useSession returns data on the first render (#8733)
  • Added an immutable username option that locks a username after it is first set, while still allowing other profile fields to be updated (#9240)

Bug Fixes

  • Fixed organization invitation roles to support dynamic values (#9437)
  • Fixed link accessibility issues (#9521)
  • Fixed incorrect email casing in one-tap, email-OTP, and email-verification flows (#9369)
  • Fixed the OpenAPI schema for POST /sign-in/social which incorrectly declared required fields (#9268)
  • Added a warning when the cookie plugin is placed last in the plugins array (#9484)
  • Fixed useSession to revalidate correctly after admin impersonation (#9402)
  • Fixed duplicate Set-Cookie headers being sent on redirect responses (#9497)
  • Fixed the bearer plugin to write only one entry per cookie name when merging session tokens (#9387)
  • Fixed the captcha plugin breaking the email-OTP flow (#8339)
  • Fixed instrumentation resolution in the adapter factory via package self-reference (#9340)
  • Fixed instrumentation to use the pure entry point in Cloudflare Workers environments (#9395)
  • Fixed enumeration protection to apply correctly when autoSignIn is disabled (#8839)
  • Fixed a TypeError caused by non-ASCII characters in an OAuth error_description during redirect (#9065)
  • Fixed the deleteAccount parameter name from accountId to id in the internal adapter (#9503)
  • Fixed OAuth callbacks to reject responses that are missing a provider account ID (#9456)
  • Fixed mapProfileToUser to serve as a fallback for OAuth providers that may omit the email field (#9331)
  • Fixed beforeCreateTeam and beforeCreateInvitation hooks to allow passing a custom id (#9253)
  • Fixed cancelPendingInvitationsOnReInvite being unreachable because re-invite incorrectly returned 400 (#9453)
  • Fixed a TS2742 error by re-exporting field types when using additionalFields (#9349)
  • Fixed the active organization role not being refreshed on sign-out (#9440)
  • Fixed setActiveTeam to correctly scope team selection to the active organization (#9239)
  • Fixed a missing getNonce client alias in the SIWE plugin (#9461)
  • Fixed the username plugin to respect callbackURL on sign-in (#9475)

For detailed changes, see CHANGELOG

@better-auth/stripe

Bug Fixes

  • Fixed onSubscriptionUpdate to expose the stripeSubscription object and corrected a stale snapshot issue (#9354)
  • Fixed library-owned Checkout Session fields to no longer be overridable via getCheckoutSessionParams (#9481)
  • Fixed onSubscriptionDeleted and trial callbacks to receive the post-update subscription instead of the stale one (#9356)
  • Fixed getCheckoutSessionParams to preserve freeTrial and internal metadata during merging (#9474)
  • Renamed internal subscription webhook variables for improved clarity (#9355)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Bug Fixes

  • Fixed authorization flows to work correctly when no state parameter is provided (#9328)
  • Fixed missing exports for declaration helper types (#9406)
  • Fixed prompt=login to be honored correctly throughout the consent continuation flow (#9344)
  • Fixed missing database indexes on OAuth foreign keys (#9389)

For detailed changes, see CHANGELOG

@better-auth/passkey

Bug Fixes

  • Fixed unhandled failures during the passkey autofill ceremony (#9429)
  • Fixed a TypeScript exactOptionalPropertyTypes incompatibility in the passkey plugin (#9270)

For detailed changes, see CHANGELOG

auth

Bug Fixes

  • Fixed the CLI to emit valid Kysely initialization configs (#9455)
  • Improved CLI auth config loading by using c12 v4's resolveModule for more reliable module resolution (#9477)

For detailed changes, see CHANGELOG

@better-auth/api-key

Bug Fixes

  • Fixed api.verifyApiKey to correctly validate keys against the configId (#9393)

For detailed changes, see CHANGELOG

@better-auth/i18n

Features

  • Added built-in translations for 22 languages (#9157)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

  • Fixed spMetadata to use findSAMLProvider so that the default SSO configuration works correctly (#9398)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@adrianmxb, @baptisteArno, @bytaesu, @Craga89, @cyphercodes, @dipan-ck, @erquhart, @GautamBytes, @gustavovalverde, @IcanDivideBy0, @jaydeep-pipaliya, @mausic, @onmax, @pi0, @ping-maxwell, @sovetski, @zllovesuki

Full changelog: v1.7.0-beta.2...v1.7.0-beta.3

Fetched May 9, 2026