feat: Implement OIDC Single Sign-On support with configuration options

[edwin-anne]

❗ Important Announcements

Click here for more details:

⚠️ Please Note: We do not accept all types of pull requests, and we want to ensure we don’t waste your time. Before submitting, make sure you have read our pull request guidelines: Pull Request Rules

🚫 Please Avoid Unnecessary Pinging of Maintainers

We kindly ask you to refrain from pinging maintainers unless absolutely necessary. Pings are for critical/urgent pull requests that require immediate attention.

📋 Overview

• What problem does this pull request address?

  • Uptime Kuma previously lacked centralized authentication, making it difficult to integrate with enterprise identity systems. Users had to manage local credentials manually within the application.

• What features or functionality does this pull request introduce or enhance?

This pull request adds OpenID Connect (OIDC) authentication support.
With this integration, users can now log in to Uptime Kuma through an external identity provider (such as Keycloak, Auth0, or any other OIDC-compatible IdP).

Key features:

1. OIDC provider configuration via environment variables or configuration file.
2. Automatic redirection to the provider’s login page.
3. Retrieval and validation of access and ID tokens.
4. Automatic local user creation or synchronization after successful authentication.
5. Proper handling of logout and session refresh.

• Relates to User Management: OpenID support (or SAML) #553
• Resolves User Management: OpenID support (or SAML) #553

🛠️ Type of change

• 🐛 Bugfix (a non-breaking change that resolves an issue)
• ✨ New feature (a non-breaking change that adds new functionality)
• ⚠️ Breaking change (a fix or feature that alters existing functionality in a way that could cause issues)
• 🎨 User Interface (UI) updates
• 📄 New Documentation (addition of new documentation)
• 📄 Documentation Update (modification of existing documentation)
• 📄 Documentation Update Required (the change requires updates to related documentation)
• 🔧 Other (please specify):
  • Provide additional details here.

📄 Checklist

• 🔍 My code adheres to the style guidelines of this project.
• 🦿 I have indicated where (if any) I used an LLM for the contributions
• ✅ I ran ESLint and other code linters for modified files.
• 🛠️ I have reviewed and tested my code.
• 📝 I have commented my code, especially in hard-to-understand areas (e.g., using JSDoc for methods).
• ⚠️ My changes generate no new warnings.
• 🤖 My code needed automated testing. I have added them (this is an optional task).
• 📄 Documentation updates are included (if applicable).
• 🔒 I have considered potential security impacts and mitigated risks.
• 🧰 Dependency updates are listed and explained.
• 📚 I have read and understood the Pull Request guidelines.

📷 Screenshots or Visual Changes

• UI Modifications: Highlight any changes made to the user interface.

[CommanderStorm]

Code looks quite nice and reasonable (See #6155 for similar PRs why I am commenting on this 😉)

I am mostly concerned how this will interact with:

• #3571

Would this PR make it harder or simpler to add this?

CC @M1CK431

[edwin-anne]

Thank you for your feedback.

During authentication, if the user does not exist, they are then created in the users table. So I think with PR #3571 there won’t be any issues — they will show up in the list.

The accounts just don’t have a password.

[louislam]

As always, I hope this kind of pull requests should be discussed first, before coding.

Since I have no knowledge of OIDC, it would be difficult for me to test and ensure the pull request whether it is 100% safe. I will not be able to maintain it in the future due to my skill issue.

Also since I was casually created the auth logic at the beginning, my appoarch is acutally not following the best practice. Instead of fixing it, I am thinking maybe we should move to a better solution.

Recently I have studied some Node.js auth libraries, one of them is Better Auth (20K+ starts).

It basically provides many useful apis for further development like:

• Basic user features
• Mutiple users
• Roles / Permissions

Also it provides a lot of plugins, one of them is OIDC:
https://www.better-auth.com/docs/plugins/oidc-provider

I have tried this library in my another project, I would say it is really better and easier to use. I kind of want to migrate it in Uptime Kuma too.

[lol768]

@louislam

@edwin-anne has not re-invented the wheel, the diff leans on the openid-client NPM package (which is OpenID Certified) to do the "scary" (read: security critical) things.

I would suggest here that perfection is the enemy of good (and the enemy of .. actually shipping features).

If you have long-term ambitions to migrate to a more powerful auth library, great - but can we please have a patch release which includes community contributions like this first?

[CommanderStorm]

@lol768 while your sentiment might be right in a company where moving fast and breaking things is acceptable, in OSS we don't really have this advantage.
Given the new facts that changing strategies towards user auth might be sensible, we likely should consider this.

I don't have a refactoring/engineering budget for this project, so everything in master kind of stays the way it got merged.
If you want to help out... 😉

"does this make future changes harder" is thus critical.
It looks like the better auth would be harder if we accept this feature.
We would need to migrate you off that "patch release which includes community contributions like this"

I am also not an expert on security, but CodeQL has found one hole above, so 🤷🏻‍♂️
-> This likely needs a pass from this side.
Since you according to your bio worked in this area, why don't you adit it..

[lol768]

The Semmle/CodeQL warning here is nonsense.

You can see the intent behind the rule is to flag cases where:

• Expensive computation is being done
• Authorisation logic occurs - mostly with username/password auth in mind, see the fairly primitive regexp here: https://github.com/github/codeql/blob/ab9f78fee25a686eb5133ec708e665be847e4517/javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll#L153-L162
• No rate-limiting is applied

The flagged code:

• Redirects to the Identity Provier/OIDC server (by calling client.authorizationUrl on the openid-client library's client)
• Crucially: Doesn't handle any sort of credentials or attempted authentication that would classically warrant rate-limiting or "brute force protection". This is handled by the OIDC provider which is the whole draw of OIDC in the first place.
• Doesn't do anything remotely computationally expensive (unless you count the nonce-generation w/ Crypto.getRandomValues() / /dev/urandom as "expensive"!)

There would be little-to-no benefit from trying to introduce rate-limiting here, and a number of potential problems that it could cause (imagine if e.g. a user closes their browser tab by accident and then restores it).

SAST tools like CodeQL do have their place, but their output needs to be taken with a pinch of salt and a bit of common sense applied to what is going on.

[lol768]

It looks like the better auth would be harder if we accept this feature.
We would need to migrate you off that "patch release which includes community contributions like this"

As long as a stable username is resolved from the claims in the ID token in the same way as this PR does, you could bin-off all of the code in this PR a week after releasing it, pull in your preferred auth library, and ship a new release that allows all of the existing users to login in exactly the same way, without any sort of interruption to user's workflows. That is the beauty of OpenID Connect.

[rwjack]

As long as a stable username is resolved from the claims in the ID token in the same way as this PR does, you could bin-off all of the code in this PR a week after releasing it, pull in your preferred auth library, and ship a new release that allows all of the existing users to login in exactly the same way, without any sort of interruption to user's workflows. That is the beauty of OpenID Connect.

Exactly, so the only thing we need to discuss here is where in the UI would the OIDC settings be (I'm perfectly fine with how this PR does it) - and when the decision is made to change the underlying library, everything will work as it did.

From everything I'm seeing so far, Kuma is suffering from crippling release/feature fear and is stagnating - but to put my money where my mouth is - @edwin-anne could you build an image from your branch so we can test it out? (ghcr please, not dockerhub)

.. Even though I really agree that it would be like 15 times easier just migrating to Better-Auth first, and then working on child changes (such as oidc)

[CommanderStorm]

As long as a stable username is resolved from the claims in the ID token in the same way as this PR does

That is a big if. I don't feel comfortable accepting this risk, sorry.

[rwjack]

My guy, you're acting as if the fate of humanity depends on Kuma being bug free (which is not inherently bad, but live a little). Unsure where this is coming from, but it's definitely something to dwell about.

Anyways, as lol explained, this way of getting the username is the de-facto standard and literally how oidc works - but then again, let's wait for an image from edwin, test it out, and see how it goes.

[edwin-anne]

@rwjack If you want to test Uptime Kuma with OIDC authentication, you can run the following Docker image:

docker run --rm -it \
  -p 3000:3000 -p 3001:3001 \
  --pull always \
  -e UPTIME_KUMA_GH_REPO="edwin-anne:master" \
  louislam/uptime-kuma:pr-test2

👉 This image will automatically pull the latest code from my edwin-anne:master branch to include the OIDC connection changes.

[rwjack]

Now this is exactly why you don't space out releases over a year whilst making major changes, so now instead of testing oidc I have to waste time debugging dumb issues.

> [email protected] start-pr-test
> node extra/checkout-pr.mjs && npm install && npm run dev
Checking out PR from edwin-anne:master
From https://github.com/edwin-anne/uptime-kuma
 * branch              master     -> FETCH_HEAD
 * [new branch]        master     -> edwin-anne/master
HEAD is now at e2b6b3fb Merge branch 'master' of https://github.com/edwin-anne/uptime-kuma
added 7 packages, removed 5 packages, changed 184 packages, and audited 1330 packages in 28s
285 packages are looking for funding
  run `npm fund` for details
11 vulnerabilities (2 low, 3 moderate, 6 high)
To address issues that do not require attention, run:
  npm audit fix
To address all issues possible (including breaking changes), run:
  npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
> [email protected] dev
> concurrently -k -r "wait-on tcp:3000 && npm run start-server-dev " "npm run start-frontend-dev"
> [email protected] start-frontend-dev
> cross-env NODE_ENV=development vite --host --config ./config/vite.config.js
The CJS build of Vite's Node API is deprecated. See https://vite.dev/guide/troubleshooting.html#vite-cjs-node-api-deprecated for more details.
  VITE v5.4.19  ready in 499 ms
  ➜  Local:   http://localhost:3000/
  ➜  Network: http://172.20.7.2:3000/
  ➜  Vue DevTools: Open http://localhost:3000/__devtools__/ as a separate window
  ➜  Vue DevTools: Press Alt(⌥)+Shift(⇧)+D in App to toggle the Vue DevTools
> [email protected] start-server-dev
> cross-env NODE_ENV=development node server/server.js
Welcome to Uptime Kuma
Your Node.js version: 20.19.2
2025-10-17T11:25:04Z [SERVER] DEBUG: Arguments
2025-10-17T11:25:04Z [SERVER] DEBUG: {}
2025-10-17T11:25:04Z [SERVER] INFO: Env: development
2025-10-17T11:25:04Z [SERVER] DEBUG: Inside Container: false
2025-10-17T11:25:05Z [SERVER] INFO: Uptime Kuma Version: 2.0.0-beta.4
2025-10-17T11:25:05Z [SERVER] INFO: Loading modules
2025-10-17T11:25:05Z [SERVER] DEBUG: Importing express
2025-10-17T11:25:05Z [SERVER] DEBUG: Importing redbean-node
2025-10-17T11:25:05Z [SERVER] DEBUG: Importing jsonwebtoken
2025-10-17T11:25:05Z [SERVER] DEBUG: Importing http-graceful-shutdown
2025-10-17T11:25:05Z [SERVER] DEBUG: Importing prometheus-api-metrics
2025-10-17T11:25:05Z [SERVER] DEBUG: Importing 2FA Modules
2025-10-17T11:25:06Z [SERVER] INFO: Creating express and socket.io instance
2025-10-17T11:25:06Z [SERVER] INFO: Server Type: HTTP
2025-10-17T11:25:06Z [SERVER] DEBUG: Importing Monitor
2025-10-17T11:25:06Z [SERVER] DEBUG: Importing Settings
2025-10-17T11:25:06Z [SERVER] DEBUG: Importing Notification
2025-10-17T11:25:06Z [NOTIFICATION] DEBUG: Prepare Notification Providers
2025-10-17T11:25:06Z [SERVER] DEBUG: Importing Database
2025-10-17T11:25:06Z [SERVER] DEBUG: Importing Background Jobs
Trace: Error: EACCES: permission denied, mkdir 'data/upload/'
    at Object.mkdirSync (node:fs:1372:26)
    at Database.initDataDir (/app/server/database.js:148:16)
    at /app/server/server.js:173:14
    at Object.<anonymous> (/app/server/server.js:1647:3)
    at Module._compile (node:internal/modules/cjs/loader:1529:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1613:10)
    at Module.load (node:internal/modules/cjs/loader:1275:32)
    at Module._load (node:internal/modules/cjs/loader:1096:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:164:12)
    at node:internal/main/run_main_module:28:49 {
  errno: -13,
  code: 'EACCES',
  syscall: 'mkdir',
  path: 'data/upload/'
}
    at process.unexpectedErrorHandler (/app/server/server.js:1895:13)
    at process.emit (node:events:524:28)
    at emitUnhandledRejection (node:internal/process/promises:250:13)
    at throwUnhandledRejectionsMode (node:internal/process/promises:385:19)
    at processPromiseRejections (node:internal/process/promises:470:17)
    at process.processTicksAndRejections (node:internal/process/task_queues:96:32)
If you keep encountering errors, please report to https://github.com/louislam/uptime-kuma/issues
2025-10-17T11:25:06Z [] INFO: Cannot write to error.log
npm notice
npm notice New major version of npm available! 10.8.2 -> 11.6.2
npm notice Changelog: https://github.com/npm/cli/releases/tag/v11.6.2
npm notice To update run: npm install -g [email protected]
npm notice
> [email protected] start-pr-test
> node extra/checkout-pr.mjs && npm install && npm run dev
Checking out PR from edwin-anne:master
error: remote edwin-anne already exists.
Failed to add remote repository.
> [email protected] start-pr-test
... truncated loop...

---

For some reason the container cannot create any folder within the data directory. If I create "/data/upload" manually, after a restart, it then asks for "screenshots", then "docker-tls" - you get the idea.

And once all that is done:

... truncated ...
2025-10-17T11:37:34Z [SERVER] INFO: Data Dir: ./data/
2025-10-17T11:37:34Z [SETUP-DATABASE] INFO: db-config.json is not found or invalid: ENOENT: no such file or directory, open 'data/db-config.json'
2025-10-17T11:37:34Z [SETUP-DATABASE] INFO: Starting Setup Database on 3001
2025-10-17T11:37:34Z [SETUP-DATABASE] INFO: Open http://localhost:3001 in your browser
2025-10-17T11:37:34Z [SETUP-DATABASE] INFO: Waiting for user action...

---

Even though the permissions are fine on my end (if it's a docker volume, docker manages the perms itself), but for clarity:

root in wall-e in /opt/kuma-test took 4s ❯ docker exec -it kuma sh
$ cd /app/data
$ ls -la
total 24
drwxr-xr-x 5 node node 4096 Oct 17 11:37 .
drwxr-xr-x 1 node root 4096 Oct 17 11:38 ..
drwxr-xr-x 2 node node 4096 Oct 17 11:37 docker-tls
drwxr-xr-x 2 node node 4096 Oct 17 11:36 screenshots
drwxr-xr-x 2 node node 4096 Oct 17 11:36 upload
$ touch db-config.json
$ ls -la
total 24
drwxr-xr-x 5 node node 4096 Oct 17 11:40 .
drwxr-xr-x 1 node root 4096 Oct 17 11:38 ..
-rw-r--r-- 1 node node    0 Oct 17 11:40 db-config.json
drwxr-xr-x 2 node node 4096 Oct 17 11:37 docker-tls
drwxr-xr-x 2 node node 4096 Oct 17 11:36 screenshots
drwxr-xr-x 2 node node 4096 Oct 17 11:36 upload
$
root in wall-e in /opt/kuma-test took 16s ❯ cd -
/var/lib/docker/volumes
root in wall-e in lib/docker/volumes ❯ ll kuma-test_data/_data
drwxr-xr-x - server server 17 Oct 13:37 docker-tls
drwxr-xr-x - server server 17 Oct 13:36 screenshots
drwxr-xr-x - server server 17 Oct 13:36 upload
.rw-r--r-- 0 server server 17 Oct 13:40 db-config.json
root in wall-e in lib/docker/volumes ❯ ll kuma-test_data
drwxr-xr-x - server server 17 Oct 13:40 _data
$ id
uid=1000(node) gid=1000(node) groups=1000(node)
root in wall-e in lib/docker/volumes ❯ id server
uid=1000(server) gid=1000(server) groups=1000(server),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev)

---

volumes:
  data:

services:

  kuma:
    image: louislam/uptime-kuma:pr-test2
    restart: unless-stopped

    container_name: kuma
    hostname: kuma

    environment:
      - PUID=1000
      - PGID=1000
      - NODE_EXTRA_CA_CERTS=/certs/HQ-ca.pem
      - UPTIME_KUMA_GH_REPO=edwin-anne:master

    ports:
      - "127.0.0.1:15001:3001"

    volumes:
      - data:/app/data
      - /etc/ssl/HQ-ca.pem:/certs/HQ-ca.pem:ro

[rwjack]

We skip the permissions issue if I don't use docker compose and run directly, but the issue with db-config. json persists:

root in wall-e in /opt/kuma-test ❯ docker run --rm -it -p 127.0.0.1:15001:3001 -e UPTIME_KUMA_GH_REPO="edwin-anne:master" louislam/uptime-kuma:pr-test2

> [email protected] start-pr-test
> node extra/checkout-pr.mjs && npm install && npm run dev

Checking out PR from edwin-anne:master
remote: Enumerating objects: 727, done.
remote: Counting objects: 100% (559/559), done.
remote: Total 727 (delta 559), reused 559 (delta 559), pack-reused 168 (from 1)
Receiving objects: 100% (727/727), 667.72 KiB | 3.55 MiB/s, done.
Resolving deltas: 100% (609/609), completed with 139 local objects.
From https://github.com/edwin-anne/uptime-kuma
 * branch              master     -> FETCH_HEAD
 * [new branch]        master     -> edwin-anne/master
HEAD is now at e2b6b3fb Merge branch 'master' of https://github.com/edwin-anne/uptime-kuma

added 7 packages, removed 5 packages, changed 184 packages, and audited 1330 packages in 17s

285 packages are looking for funding
  run `npm fund` for details

11 vulnerabilities (2 low, 3 moderate, 6 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

> [email protected] dev
> concurrently -k -r "wait-on tcp:3000 && npm run start-server-dev " "npm run start-frontend-dev"


> [email protected] start-frontend-dev
> cross-env NODE_ENV=development vite --host --config ./config/vite.config.js

The CJS build of Vite's Node API is deprecated. See https://vite.dev/guide/troubleshooting.html#vite-cjs-node-api-deprecated for more details.

  VITE v5.4.19  ready in 494 ms

  ➜  Local:   http://localhost:3000/
  ➜  Network: http://172.20.0.2:3000/
  ➜  Vue DevTools: Open http://localhost:3000/__devtools__/ as a separate window
  ➜  Vue DevTools: Press Alt(⌥)+Shift(⇧)+D in App to toggle the Vue DevTools
  ➜  press h + enter to show help

> [email protected] start-server-dev
> cross-env NODE_ENV=development node server/server.js

Welcome to Uptime Kuma
Your Node.js version: 20.19.2
2025-10-17T11:53:14Z [SERVER] DEBUG: Arguments
2025-10-17T11:53:14Z [SERVER] DEBUG: {}
2025-10-17T11:53:14Z [SERVER] INFO: Env: development
2025-10-17T11:53:14Z [SERVER] DEBUG: Inside Container: false
2025-10-17T11:53:14Z [SERVER] INFO: Uptime Kuma Version: 2.0.0-beta.4
2025-10-17T11:53:14Z [SERVER] INFO: Loading modules
2025-10-17T11:53:14Z [SERVER] DEBUG: Importing express
2025-10-17T11:53:14Z [SERVER] DEBUG: Importing redbean-node
2025-10-17T11:53:14Z [SERVER] DEBUG: Importing jsonwebtoken
2025-10-17T11:53:14Z [SERVER] DEBUG: Importing http-graceful-shutdown
2025-10-17T11:53:14Z [SERVER] DEBUG: Importing prometheus-api-metrics
2025-10-17T11:53:14Z [SERVER] DEBUG: Importing 2FA Modules
2025-10-17T11:53:15Z [SERVER] INFO: Creating express and socket.io instance
2025-10-17T11:53:15Z [SERVER] INFO: Server Type: HTTP
2025-10-17T11:53:15Z [SERVER] DEBUG: Importing Monitor
2025-10-17T11:53:15Z [SERVER] DEBUG: Importing Settings
2025-10-17T11:53:15Z [SERVER] DEBUG: Importing Notification
2025-10-17T11:53:15Z [NOTIFICATION] DEBUG: Prepare Notification Providers
2025-10-17T11:53:15Z [SERVER] DEBUG: Importing Database
2025-10-17T11:53:15Z [SERVER] DEBUG: Importing Background Jobs
2025-10-17T11:53:15Z [SERVER] INFO: Data Dir: ./data/
2025-10-17T11:53:15Z [SETUP-DATABASE] INFO: db-config.json is not found or invalid: ENOENT: no such file or directory, open 'data/db-config.json'
2025-10-17T11:53:15Z [SETUP-DATABASE] INFO: Starting Setup Database on 3001
2025-10-17T11:53:15Z [SETUP-DATABASE] INFO: Open http://localhost:3001 in your browser
2025-10-17T11:53:15Z [SETUP-DATABASE] INFO: Waiting for user action...

[CommanderStorm]

Sorry that you are having a bad time with that releases test infrastructure @rwjack
The issue with docker-compose are the data dir bindings with the UID GUID env vars.
We don't set either in the testing image, so if you want persistance please delete the data directoriy which you are testing with just the options documented here.

db-config.json not being found means that you have not set up the database. Please see the frontend as instructed for the choices you need to make.
It is an info message, but its wording could be a bit better.

[CommanderStorm]

Sorry to say, but the manual openidc implementation in this PR has currently no chance of getting merged.

Keeping it open is bad, sorry for you having wasted your time @edwin-anne
Some parts (like the frontend) will be quite usefull still, even if going with BetterButh.
Maybe we might even reopen and merge if BetterAuth would turn out to not be better.

I don't think I would be doing us a favor long term by merging if we are aligned that BetterAuth is the way we should go.

Here are the things:

• I don't know enough about SSO to know if there are any security bugs here
• Given that we likely should move to BetterAuth (different PR, nobody has invested the time yet), this is unlikely to work consistently with that world.
• Given the test coverage of this feature I would not be confident that this will not extremely break users down the line.

Could we make it work by marking it as "this feature is experimental with planned breaking changes, unadited and not tested in CI" and adding small e2e test?
Maybe?

Not sure if we want to move into this direction though.
I am concretly worried about this risk:

• we merge
• we migrate to betterauth
• A stable username is NOT resolved from the claims in the ID token in the same way as this PR does
• users now depending on the feature cannot login

Not being able to login is extremely anoying and given how technical our users usually are (measured in issue quality) I do think a larger part could not recover from this.

The v2.0 release (which was my fault for getting so delayed) has shown me that the "we fix it in main" really does not work in this OSS project.

[adrianipopescu]

due note, you can always approach it like jellyseerr (now seerr) does, have some long lived branches of experimental features that get periodically brought into alignment with :latest, but latest is stable, whereas these are explicitly marked as "for-testing"

[CommanderStorm]

We don't have capacity for this strategy and that would not really solve the core issue for this PR.

[Stylee32]

As per #6276, it seems "BetterAuth" isn't going to be the... better choice given the incompatibilities with the current project - when is version 3.0.0 expected to be released?

[CommanderStorm]

If i is just to bump the node version, that should be doable very soon-ish.
Maybe in half a year? Maybe sooner.
@louislam is the one of us two who decides when to cut what release.

We currently have lots of things on our plate.
If you want to help us burn down that plate faster, we can do that much quicker 😉
Lots of testing of new features that needs to happen...

• Please help with pull request reviews! #6260

[louislam]

Maybe in half a year? Maybe sooner.

I think so. Maybe 2.1 -> 2.2 -> 3.0, I guess. I will mainly focus on #6276.

For pull request reviews, it pretty much depends on community's help.

I saw many pull requests was set in the 2.1.0 milestones, but also many of them are stalled at maybe 70-90% progress.

If you would like to help:

• If the original contributor does not seem to come back, you can fork it and continue his/her work.
• If the pull request is not tested, you can help to test and comment. If you think it is stable enough to merge, feel free to ping me or @CommanderStorm to merge it.

https://github.com/louislam/uptime-kuma/pulls?q=is%3Aopen+is%3Apr+milestone%3A2.1.0

If pull requests that are eventually no one to help, I will postpone them in order to not blocking the release.

[M1CK431]

So I guess #3571 will be merged to provide basic multi-admin support for the 2.x series, allowing anyone to use this feature and report any issues. This way, when v3.x arrives, a potential implementation using BetterAuth (or another lib) will benefit from that experience. wdyt @CommanderStorm @louislam?

[CommanderStorm]

I would like to defer to @louislam on that merge decision if this makes betterauth harder/simpler