CHANGELOG.md

Changelog

Unreleased

Minor Changes

• Always register better-auth's bearer() plugin so cross-origin browsers (where third-party cookies are blocked) and native mobile clients can authenticate via Authorization: Bearer <token> headers and pick up rotated tokens from the set-auth-token response header (fixes #1172).

4.0.4

Patch Changes

• Updated dependencies [326b66b]
  • @objectstack/spec@4.0.4
  • @objectstack/core@4.0.4

4.0.3

Patch Changes

• @objectstack/spec@4.0.3
• @objectstack/core@4.0.3

4.0.2

Patch Changes

• Updated dependencies [5f659e9]
  • @objectstack/spec@4.0.2
  • @objectstack/core@4.0.2

4.0.0

Patch Changes

• e0b0a78: Deprecate DataEngineQueryOptions in favor of QueryAST-aligned EngineQueryOptions.

  Engine, Protocol, and Client now use standard QueryAST parameter names:

  • filter → where
  • select → fields
  • sort → orderBy
  • skip → offset
  • populate → expand
  • top → limit

  The old DataEngine* schemas and types are preserved with @deprecated markers for backward compatibility.

• Updated dependencies [f08ffc3]

• Updated dependencies [e0b0a78]

  • @objectstack/spec@4.0.0
  • @objectstack/core@4.0.0

3.3.1

Patch Changes

• @objectstack/spec@3.3.1
• @objectstack/core@3.3.1

3.3.0

Minor Changes

• 814a6c4: sql driver

Patch Changes

• @objectstack/spec@3.3.0
• @objectstack/core@3.3.0

3.2.9

Patch Changes

• @objectstack/spec@3.2.9
• @objectstack/core@3.2.9

3.2.8

Patch Changes

• 1fe5612: fix vercel
  • @objectstack/spec@3.2.8
  • @objectstack/core@3.2.8

3.2.7

Patch Changes

• 35a1ebb: fix auth
  • @objectstack/spec@3.2.7
  • @objectstack/core@3.2.7

3.2.6

Patch Changes

• @objectstack/spec@3.2.6
• @objectstack/core@3.2.6

3.2.5

Patch Changes

• e854538: fix beyyer-auth
  • @objectstack/spec@3.2.5
  • @objectstack/core@3.2.5

3.2.4

Patch Changes

• f490991: fix better-auth
  • @objectstack/spec@3.2.4
  • @objectstack/core@3.2.4

3.2.3

Patch Changes

• 0b1d7c9: fix auth
  • @objectstack/spec@3.2.3
  • @objectstack/core@3.2.3

3.2.2

Patch Changes

• cfaabbb: fix: AuthPlugin error handling & database adapter config

  • AuthManager.handleRequest() now inspects response.status >= 500 and logs the error body via console.error, since better-auth catches internal errors and returns 500 Responses without throwing.
  • AuthPlugin.registerAuthRoutes() also logs 500+ responses via ctx.logger.error for structured plugin logging.
  • createDatabaseConfig() now wraps the ObjectQL adapter as a DBAdapterInstance factory function so better-auth's getBaseAdapter() correctly recognises it (via typeof database === "function" check) instead of falling through to the Kysely adapter path.

• Updated dependencies [46defbb]

  • @objectstack/spec@3.2.2
  • @objectstack/core@3.2.2

3.2.1

Patch Changes

• Updated dependencies [850b546]
  • @objectstack/spec@3.2.1
  • @objectstack/core@3.2.1

3.2.0

Patch Changes

• Updated dependencies [5901c29]
  • @objectstack/spec@3.2.0
  • @objectstack/core@3.2.0

3.1.1

Patch Changes

• Updated dependencies [953d667]
  • @objectstack/spec@3.1.1
  • @objectstack/core@3.1.1

3.1.0

Patch Changes

• Updated dependencies [0088830]
  • @objectstack/spec@3.1.0
  • @objectstack/core@3.1.0

3.0.11

Patch Changes

• Updated dependencies [92d9d99]
  • @objectstack/spec@3.0.11
  • @objectstack/core@3.0.11

3.0.10

Patch Changes

• Updated dependencies [d1e5d31]
  • @objectstack/spec@3.0.10
  • @objectstack/core@3.0.10

3.0.9

Patch Changes

• Updated dependencies [15e0df6]
  • @objectstack/spec@3.0.9
  • @objectstack/core@3.0.9

3.0.8

Patch Changes

• Updated dependencies [5a968a2]
  • @objectstack/spec@3.0.8
  • @objectstack/core@3.0.8

3.0.7

Patch Changes

• Updated dependencies [0119bd7]
• Updated dependencies [5426bdf]
  • @objectstack/spec@3.0.7
  • @objectstack/core@3.0.7

3.0.6

Patch Changes

• Updated dependencies [5df254c]
  • @objectstack/spec@3.0.6
  • @objectstack/core@3.0.6

3.0.5

Patch Changes

• Updated dependencies [23a4a68]
  • @objectstack/spec@3.0.5
  • @objectstack/core@3.0.5

3.0.4

Patch Changes

• Updated dependencies [d738987]
  • @objectstack/spec@3.0.4
  • @objectstack/core@3.0.4

3.0.3

Patch Changes

• c7267f6: Patch release for maintenance updates and improvements.
• Updated dependencies [c7267f6]
  • @objectstack/spec@3.0.3
  • @objectstack/core@3.0.3

3.0.2

Patch Changes

• Updated dependencies [28985f5]
  • @objectstack/spec@3.0.2
  • @objectstack/core@3.0.2

3.0.1

Patch Changes

• Updated dependencies [389725a]
  • @objectstack/spec@3.0.1
  • @objectstack/core@3.0.1

3.0.0

Major Changes

• Release v3.0.0 — unified version bump for all ObjectStack packages.

Patch Changes

• Updated dependencies
  • @objectstack/spec@3.0.0
  • @objectstack/core@3.0.0

2.0.7

Patch Changes

• Updated dependencies
  • @objectstack/spec@2.0.7
  • @objectstack/core@2.0.7

2.0.6

Patch Changes

• Patch release for maintenance and stability improvements
• Updated dependencies
  • @objectstack/spec@2.0.6
  • @objectstack/core@2.0.6

2.0.5

Patch Changes

• Unify all package versions with a patch release
• Updated dependencies
  • @objectstack/spec@2.0.5
  • @objectstack/core@2.0.5

2.0.3

Patch Changes

• Updated dependencies
  • @objectstack/spec@2.0.4
  • @objectstack/core@2.0.4

All notable changes to @objectstack/plugin-auth will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

2.0.2 - 2026-02-10

Added

• Initial release of Auth Plugin
• Integration with better-auth library for robust authentication
• Session management and user authentication
• Support for OAuth providers (Google, GitHub, Microsoft, etc.)
• Organization/team support for multi-tenant applications
• Two-factor authentication (2FA)
• Passkey support
• Magic link authentication
• Configurable session expiry and refresh
• Automatic HTTP route registration
• Comprehensive test coverage

Security

• Secure session token management
• Encrypted secrets support
• Rate limiting capabilities
• CSRF protection