From 74d72f14947cf25c0d72bf2303b256cfa56fb71f Mon Sep 17 00:00:00 2001
From: Mauricio Siu <siumauricio@icloud.com>
Date: Tue, 10 Feb 2026 23:47:21 -0600
Subject: [PATCH] feat(auth): dynamically add trusted providers for account
 linking

- Updated the account linking configuration to include trusted providers fetched from the database, enhancing flexibility in managing SSO integrations.
---
 packages/server/src/lib/auth.ts | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/packages/server/src/lib/auth.ts b/packages/server/src/lib/auth.ts
index 3d993e692..7f7f2eba3 100644
--- a/packages/server/src/lib/auth.ts
+++ b/packages/server/src/lib/auth.ts
@@ -18,6 +18,10 @@ import { getHubSpotUTK, submitToHubSpot } from "../utils/tracking/hubspot";
 import { sendEmail } from "../verification/send-verification-email";
 import { getPublicIpWithFallback } from "../wss/utils";
 
+const query = await db.query.ssoProvider.findMany();
+
+const trustedProviders = query.map((provider) => provider.providerId);
+
 const { handler, api } = betterAuth({
 	database: drizzleAdapter(db, {
 		provider: "pg",
@@ -43,17 +47,14 @@ const { handler, api } = betterAuth({
 				},
 			}
 		: {}),
-	...(IS_CLOUD
-		? {
-				account: {
-					accountLinking: {
-						enabled: true,
-						trustedProviders: ["github", "google"],
-						allowDifferentEmails: true,
-					},
-				},
-			}
-		: {}),
+
+	account: {
+		accountLinking: {
+			enabled: true,
+			trustedProviders: ["github", "google", ...(trustedProviders || [])],
+			allowDifferentEmails: true,
+		},
+	},
 	appName: "Dokploy",
 	socialProviders: {
 		github: {