@lingala-composiochecks…chore/remove-better-auth-prod → master37 files · +327 −3309review: @rohanprabhureview: @sohamganatrareview: @sarthakreview: @acsrujanreview: @anshugarg15updated 2d agoComposio has migrated dashboard authentication to WorkOS. This PR removes the Better Auth library integration — the dashboard auth system that briefly replaced the legacy GitHub/Google OAuth flow before WorkOS.
This is PR 3 of 3 in a WorkOS migration cleanup series:
BetterAuthSession, BetterAuthAccount, BetterAuthVerification, BetterAuthJwks, BetterAuthOAuth*) and the Liquibase migration 20260311000000_better_auth_tables are intentionally left in place for a follow-up migration PR after this code is deployed.AUTH_METHODS.BETTER_AUTH constant is preserved in constants.ts because the postgres enum on OrgMember.sessionAuthMethod still references it.apps/apollo/src/lib/better_auth/ (entire directory)/api/v3/auth/dash/* (catch-all + OAuth metadata)/api/v3/auth/session/info, PATCH /api/v3/auth/session/metadata (Better-Auth-driven)BETTER_AUTH_SECRET, BETTER_AUTH_GITHUB_CLIENT_ID, BETTER_AUTH_GITHUB_CLIENT_SECRETbetter-auth, @better-auth/oauth-provider, @dub/better-authBetterAuthOAuthRefreshToken grace-period cascade guard/api/rerouted/v1/client/auth/client_info (sole consumer of session/info)BetterAuthError class and SERVICES.BETTER_AUTH enum entry/.well-known/oauth-authorization-serverconnected_accounts/resume_marketplace_install (Shopify/Pipedrive/Klaviyo/Xero marketplace install) and supporting testsapps/apollo/CLAUDE.md, src/lib/CLAUDE.md, src/pages/api/CLAUDE.md, legacy-v3-endpoints.json, oxlint.config.mjs allowed-directories)GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET — these env vars are still consumed by the legacy /api/v3/auth/[provider_name]/{login,callback,one-tap} routes (Google sign-in) on production. They should ship out with PR 2 (#10338) which removes those routes; leaving them here so this PR does not introduce a build break against the unmerged PR 2 baseline.apps/apollo/oxlint-rules/package.json with { "type": "module" }. The plugin files in oxlint-rules/ are written as native ESM modules (top-level import statements). Without the local type: module, Node treats them as CJS and loadPlugin() fails with SyntaxError: Cannot use import statement outside a module. This bites in newer Node versions; the marker makes plugin loading consistent.GET /api/v3/auth/session/info and PATCH /api/v3/auth/session/metadata were part of the dashboard's session API. Confirm the dashboard now reads session state through /api/internal-dashboard/auth/workos/* exclusively and no caller (frontend, browser extension, internal tool) still hits these v3 paths.composio-dash.session_token cookie is removed from docs. Confirm no production code still writes or reads this cookie..well-known/oauth-authorization-server discovery endpoint is removed alongside the Better Auth oauth-provider plugin. Confirm no MCP client in production depends on dashboard-issued OAuth tokens (this discovery surface was only ever wired through Better Auth).pnpm check-types in apps/apollo: 273 errors before, 273 after — zero new type errors vs. production baselinepnpm lint in apps/apollo: 640 warnings / 131 errors before, 640 warnings / 131 errors after — zero new lint issues vs. baselinelookup/org_project.test.ts to read org/project names directly from Prisma instead of via /auth/session/info (now gone)🤖 Generated with Claude Code