Skip to content

docs: update OAuth / social login documentation for Better Auth 1.5.6 and img-forge MCP #28

Description

@stackbilt-admin

Summary

Two related OAuth changes shipped in edge-auth v0.7.25 that need documentation updates:

1. Better Auth 1.5.6 — GET shim behavior change (edge-auth)

Better Auth 1.5.6 changed GET /auth/sign-in/social (internal POST) to return a direct Response.redirect() (immutable headers) instead of 200 JSON { url, redirect: true }.

The edge-auth GET shim at app.ts:/auth/sign-in/:provider was updated (commit 278f7eb) to:

  • Handle the 302 case by reconstructing a mutable new Response(null, { headers: new Headers(...) }) so Hono middleware can safely append security headers
  • Copy all Set-Cookie headers via getSetCookie() (multi-value safe)
  • Fall back to JSON { url } check for older Better Auth versions

Why it matters for docs: Any integration guide that describes the social sign-in response format or suggests consuming { url, redirect: true } is now incorrect. The redirect: true field is dropped in 1.5.6+.

2. img-forge MCP — OAuth 2.1/PKCE state_mismatch on reconnect

All error paths in handleSocialOAuthCallback (oauth.ts, commit 42c5a1b) now return RFC 6749-compliant error redirects (redirect_uri?error=access_denied&state=<original>) instead of falling through to / or a dead-end login page. This is required for MCP clients (Claude.ai) to recover gracefully on reconnect.

Also: handleAuthorize identity token expiry now redirects to redirect_uri?error=access_denied instead of returning 400.

Docs to update

  • Any page describing the social OAuth sign-in flow / response format
  • Any page describing the img-forge MCP OAuth AS / reconnect behavior
  • Any "integrate with edge-auth" guide that references { url, redirect: true }

References

  • Wiki: edge-auth-social-oauth-login-flow (new, 2026-06-23)
  • Wiki: img-forge-mcp-oauth-pkce (updated, 2026-06-23)
  • edge-auth commit: 278f7eb
  • img-forge commit: 42c5a1b

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions