https://github.com/alyldas/uniauth-better-auth-bridge
Better Auth bridge helpers for UniAuth provider sign-in assertions.
https://github.com/alyldas/uniauth-better-auth-bridge
auth authentication better-auth bridge oauth typescript uniauth
Last synced: 2 days ago
JSON representation
Better Auth bridge helpers for UniAuth provider sign-in assertions.
- Host: GitHub
- URL: https://github.com/alyldas/uniauth-better-auth-bridge
- Owner: alyldas
- License: other
- Created: 2026-05-26T15:13:16.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-05-27T14:22:10.000Z (about 1 month ago)
- Last Synced: 2026-05-27T15:15:38.073Z (about 1 month ago)
- Topics: auth, authentication, better-auth, bridge, oauth, typescript, uniauth
- Language: TypeScript
- Homepage: https://github.com/alyldas/uniauth-better-auth-bridge#readme
- Size: 42 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Security: SECURITY.md
- Notice: NOTICE
- Agents: AGENTS.md
Awesome Lists containing this project
README
# UniAuth Better Auth Bridge
[](https://github.com/users/alyldas/packages/npm/package/uniauth-better-auth-bridge)
`@alyldas/uniauth-better-auth-bridge` maps Better Auth OAuth account and profile data into a UniAuth
`ProviderIdentityAssertion`.
## Runtime Boundary
This package does not own Better Auth setup, routes, callbacks, cookies, framework sessions, token
storage, token refresh, or provider SDK runtime. Use it only after Better Auth has already validated
the provider response.
## Install
Configure the GitHub Packages registry for the package scope before installing:
```ini
@alyldas:registry=https://npm.pkg.github.com
```
GitHub Packages can require authentication for package reads. Use a token with `read:packages` in local npm config or CI secrets; do not commit tokens.
```bash
npm install @alyldas/uniauth-core @alyldas/uniauth-better-auth-bridge
```
## Usage
```ts
import { mapBetterAuthOAuthToAssertion } from '@alyldas/uniauth-better-auth-bridge'
const assertion = mapBetterAuthOAuthToAssertion({
providerId: 'discord-app',
account: {
providerId: account.providerId,
accountId: account.accountId,
},
profile: oauthProfile
? {
id: oauthProfile.id,
email: oauthProfile.email,
emailVerified: oauthProfile.emailVerified,
name: oauthProfile.name,
image: oauthProfile.image,
}
: undefined,
user: frameworkUser
? {
email: frameworkUser.email,
emailVerified: frameworkUser.emailVerified,
name: frameworkUser.name,
image: frameworkUser.image,
}
: undefined,
metadata: {
tenantId,
},
})
await auth.public.provider.signIn({ assertion })
```
The helper accepts either `account.accountId` or `profile.id`. If both are present and disagree, the
helper rejects the input.
Pass `providerId` when the UniAuth provider namespace should differ from the Better Auth provider
id. The original Better Auth provider id is then kept as `metadata.frameworkProviderId`.
## Security Notes
- Do not pass raw Better Auth account, profile, token, request, or session objects as metadata.
- Access tokens, refresh tokens, and ID tokens are never copied by this bridge.
- Token storage remains application-owned.
- UniAuth policy invariants still apply after mapping.
## Local Checks
```bash
npm run check
```