chore: sync upstream v1.6.11 + bump @btst to v2.3.0#43
Draft
cursor[bot] wants to merge 188 commits into
Draft
Conversation
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
…ter-auth#9072) Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
…r-auth#8389) Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com> Co-authored-by: ping-maxwell <maxwell.multinite@gmail.com>
Co-authored-by: leonardo2204 <1509421+leonardo2204@users.noreply.github.com> Co-authored-by: better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
…gin (better-auth#8982) Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com> Co-authored-by: Taesu <bytaesu@gmail.com> Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
better-auth#8926) Co-authored-by: better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
…lidation grep -coP outputs "0" to stdout on no matches but exits 1, causing the || echo 0 fallback to append a second "0". The resulting "0\n0" value fails the -lt integer comparison. Use || true instead since grep -c already outputs the correct count.
…orization code validation (better-auth#9118)
…on (better-auth#7231) Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
…h#9109) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Taesu <bytaesu@gmail.com> Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
…etter-auth#9548) Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
…th#9220) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Taesu <bytaesu@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
…& extend gate to get/list (better-auth#9577)
…nd update (better-auth#9574) Co-authored-by: vaadata-poyetont <poyetont@vaadata.com>
Signed-off-by: Gautam Manchandani <manchandanigautam@gmail.com>
The `authorization_code`-grant rotation in `createRefreshToken` and the explicit `revokeRefreshToken` path both updated the parent `oauthRefreshToken` row using an `id`-only predicate, so two concurrent rotations (or a rotation racing a revoke) both pass the `revoked` check and last-write-wins. Each surviving request mints a fresh refresh token, producing a forked family from one parent. Both call sites now perform a compare-and-swap (`UPDATE ... WHERE id = ? AND revoked IS NULL`) and short-circuit with `invalid_grant` when the row was already consumed. The parent stays marked revoked, so any subsequent replay trips the existing family-invalidation guard in `handleRefreshTokenGrant`. The shared family-delete is centralized in `invalidateRefreshFamily`, which clears child access tokens before refresh rows to honor the schema's foreign-key direction; the `oauthRefreshToken.token` column also gains a `unique` constraint for parity with `oauthAccessToken.token`. Strict family invalidation on contested rotations (RFC 9700 §4.14) is tracked in a FIXME for a follow-up minor that opts into transactional rotation in the adapter contract. Closes GHSA-392p-2q2v-4372. Co-authored-by: chdanielmueller <4051999+chdanielmueller@users.noreply.github.com>
The `authorization_code` grant's verification step was a `findOne` + `deleteOne` pair, so two concurrent `POST /oauth2/token` requests sharing the same `code` both pass the find, both delete, and both mint independent access/refresh/id token sets: a CAS gap that lets an authorization code be redeemed twice. The legacy `oidc-provider` and `mcp` plugins in `better-auth` share the same primitive on their `authorization_code` paths and have the same gap. All three call sites now use `internalAdapter.consumeVerificationValue` (the atomic primitive added in better-auth#9560 and renamed in better-auth#9568): the first concurrent caller receives the row and mints tokens, subsequent racers receive `null`. The consumed and expired paths return RFC 6749 §5.2 `invalid_grant` instead of the better-auth-internal `invalid_verification`, so spec-compliant clients can branch on the standard code. The redundant second `deleteVerificationByIdentifier` call after PKCE validation in the legacy paths is removed. Closes GHSA-7w99-5wm4-3g79. Co-authored-by: chdanielmueller <4051999+chdanielmueller@users.noreply.github.com>
…ect missing PKCE method (better-auth#9575)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Syncs our fork with upstream
better-authtag v1.6.11 (from v1.6.2 → v1.6.11), vendors updated adapter files into@btst/*packages, and bumps all@btst/*versions to v2.3.0.Upstream changes (v1.6.3–v1.6.11)
Key changes included in this sync:
consumeOneatomic adapter primitive (formerlyclaimOne, renamed in v1.6.11) — new adapter API surface → minor bumprequireEmailVerificationOnInvitationubuntu-24.04runner for fork CI (replaces need for manual runner substitution)What changed in
@btstsync-upstream.ts(drizzle, prisma, memory, mongodb, kysely + supporting files)scripts/sync-upstream.tsHEADER_COMMENT fixed (trailing whitespace causing Biome lint failures).cspell/custom-words.txtfixed (corruptedCIBAbtstentry split back toCIBA+btst/BTST)Version bump
2.2.1→2.3.0(minor bump — newconsumeOneadapter primitive is meaningful new functionality)Peer dependency constraints unchanged (
>=1.6.0still valid).CI checks passed locally
pnpm lint(Biome)pnpm lint:dependencies(knip)pnpm lint:packagespnpm lint:spell(cspell)pnpm format:checkpnpm lint:typespnpm --filter "@btst/*" exec tsc --noEmit@btst/dbtests (28 passed)@btst/adapter-memorytests (11 passed)@btst/clischema-conversion tests (7 passed)@btst/cligenerate-all-orms tests (20 passed, no snapshot changes)@btst/clie2e-cli tests (expected CI-only failure — needs live Postgres + MySQL)Post-merge release
After merging, tag and release: