better-auth icon indicating copy to clipboard operation
better-auth copied to clipboard
verified publisher icon better-auth

feat: added device binding Fixes PR: #4274

Open walosha opened this issue 3 months ago • 4 comments

Summary by cubic

Add device binding to verify and trust user devices, block sign-ins from unknown devices, and manage trusted devices. Includes new server endpoints, a client plugin with helpers, cookie-based trust, and schema updates.

  • New Features

    • Server endpoints: /device-binding/register (OTP flow), /device-binding/trust, /device-binding/list, /device-binding/remove, /device-binding/status.
    • Strict mode: block login on untrusted devices; first device can auto-trust; limits and expiry for trusted devices.
    • Options: trustDuration, maxTrustedDevices, autoRegisterDevice, custom fingerprint, sendOTP, verifyTOTP/OTP.
    • Cookie-based trust (better_auth_device_binding) tied to deviceId and fingerprint; auto-renewed on login.
    • Fingerprinting combines headers and provided deviceInfo; rate limits added for all device-binding routes.
    • Client plugin and helpers for register, request/verify OTP, trust, list, remove, and status checks.

  • Migration

    • Apply schema changes: add user fields (deviceBindingEnabled, hasRegisteredDevice) and create deviceBinding and deviceVerificationOTP tables.
    • Configure sendOTP and 2FA verification functions in plugin options.
    • Initialize deviceBindingClient and handle onDeviceVerificationRequired/OTP flows in the app; ensure first-device registration if strict mode is enabled.

walosha avatar Sep 23 '25 14:09 walosha

Open in StackBlitz

better-auth

npm i https://pkg.pr.new/better-auth/better-auth@4847
@better-auth/cli

npm i https://pkg.pr.new/better-auth/better-auth/@better-auth/cli@4847
@better-auth/core

npm i https://pkg.pr.new/better-auth/better-auth/@better-auth/core@4847
@better-auth/expo

npm i https://pkg.pr.new/better-auth/better-auth/@better-auth/expo@4847
@better-auth/sso

npm i https://pkg.pr.new/better-auth/better-auth/@better-auth/sso@4847
@better-auth/stripe

npm i https://pkg.pr.new/better-auth/better-auth/@better-auth/stripe@4847
@better-auth/telemetry

npm i https://pkg.pr.new/better-auth/better-auth/@better-auth/telemetry@4847

commit: 719f0d1

pkg-pr-new[bot] avatar Sep 23 '25 14:09 pkg-pr-new[bot]

@walosha4 is attempting to deploy a commit to the better-auth Team on Vercel.

A member of the Team first needs to authorize it.

vercel[bot] avatar Sep 23 '25 15:09 vercel[bot]

This is an amazing plugin! Great work thus far! When you have a chance, can you add some docs

Also linking it to this PR: #4274

dvanmali avatar Sep 23 '25 17:09 dvanmali

This is an amazing plugin! Great work thus far! When you have a chance, can you add some docs

Also linking it to this PR: #4274

Sure i will

walosha avatar Sep 23 '25 18:09 walosha