@better-auth/scim 1.5.0-beta.9 → 1.5.1-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/README.md +17 -0
  2. package/dist/client.d.mts +2 -1
  3. package/dist/client.mjs +2 -1
  4. package/dist/client.mjs.map +1 -0
  5. package/dist/index.d.mts +257 -36
  6. package/dist/index.mjs +222 -50
  7. package/dist/index.mjs.map +1 -0
  8. package/package.json +26 -20
  9. package/.turbo/turbo-build.log +0 -15
  10. package/src/client.ts +0 -9
  11. package/src/index.ts +0 -76
  12. package/src/mappings.ts +0 -38
  13. package/src/middlewares.ts +0 -89
  14. package/src/patch-operations.ts +0 -148
  15. package/src/routes.ts +0 -984
  16. package/src/scim-error.ts +0 -99
  17. package/src/scim-filters.ts +0 -69
  18. package/src/scim-metadata.ts +0 -128
  19. package/src/scim-resources.ts +0 -35
  20. package/src/scim-tokens.ts +0 -71
  21. package/src/scim.test.ts +0 -2525
  22. package/src/types.ts +0 -70
  23. package/src/user-schemas.ts +0 -213
  24. package/src/utils.ts +0 -5
  25. package/tsconfig.json +0 -11
  26. package/tsdown.config.ts +0 -7
  27. package/vitest.config.ts +0 -3
package/README.md ADDED
@@ -0,0 +1,17 @@
1
+ # Better Auth SCIM Plugin
2
+
3
+ SCIM (System for Cross-domain Identity Management) plugin for [Better Auth](https://www.better-auth.com) — enable enterprise user provisioning.
4
+
5
+ ## Installation
6
+
7
+ ```bash
8
+ npm install @better-auth/scim
9
+ ```
10
+
11
+ ## Documentation
12
+
13
+ For full documentation, visit [better-auth.com/docs/plugins/scim](https://www.better-auth.com/docs/plugins/scim).
14
+
15
+ ## License
16
+
17
+ MIT
package/dist/client.d.mts CHANGED
@@ -6,4 +6,5 @@ declare const scimClient: () => {
6
6
  $InferServerPlugin: ReturnType<typeof scim>;
7
7
  };
8
8
  //#endregion
9
- export { scimClient };
9
+ export { scimClient };
10
+ //# sourceMappingURL=client.d.mts.map
package/dist/client.mjs CHANGED
@@ -7,4 +7,5 @@ const scimClient = () => {
7
7
  };
8
8
 
9
9
  //#endregion
10
- export { scimClient };
10
+ export { scimClient };
11
+ //# sourceMappingURL=client.mjs.map
package/dist/client.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"client.mjs","names":[],"sources":["../src/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"better-auth/client\";\nimport type { scim } from \"./index\";\n\nexport const scimClient = () => {\n\treturn {\n\t\tid: \"scim-client\",\n\t\t$InferServerPlugin: {} as ReturnType<typeof scim>,\n\t} satisfies BetterAuthClientPlugin;\n};\n"],"mappings":";AAGA,MAAa,mBAAmB;AAC/B,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EACtB"}
package/dist/index.d.mts CHANGED
@@ -1,8 +1,8 @@
1
- import { Member } from "better-auth/plugins";
2
1
  import * as better_auth0 from "better-auth";
3
2
  import { User } from "better-auth";
4
3
  import * as better_call0 from "better-call";
5
- import * as zod0 from "zod";
4
+ import * as zod from "zod";
5
+ import { Member } from "better-auth/plugins";
6
6
 
7
7
  //#region src/types.d.ts
8
8
  interface SCIMProvider {
@@ -10,6 +10,7 @@ interface SCIMProvider {
10
10
  providerId: string;
11
11
  scimToken: string;
12
12
  organizationId?: string;
13
+ userId?: string;
13
14
  }
14
15
  type SCIMName = {
15
16
  formatted?: string;
@@ -21,6 +22,13 @@ type SCIMEmail = {
21
22
  primary?: boolean;
22
23
  };
23
24
  type SCIMOptions = {
25
+ /**
26
+ * SCIM provider ownership configuration. When enabled, each provider
27
+ * connection is linked to the user who generated its token
28
+ */
29
+ providerOwnership?: {
30
+ enabled: boolean;
31
+ };
24
32
  /**
25
33
  * Default list of SCIM providers for testing
26
34
  * These will take precedence over the database when present
@@ -68,7 +76,7 @@ type SCIMOptions = {
68
76
  //#endregion
69
77
  //#region src/index.d.ts
70
78
  declare module "@better-auth/core" {
71
- interface BetterAuthPluginRegistry<Auth, Context> {
79
+ interface BetterAuthPluginRegistry<AuthOptions, Options> {
72
80
  scim: {
73
81
  creator: typeof scim;
74
82
  };
@@ -79,9 +87,9 @@ declare const scim: (options?: SCIMOptions) => {
79
87
  endpoints: {
80
88
  generateSCIMToken: better_call0.StrictEndpoint<"/scim/generate-token", {
81
89
  method: "POST";
82
- body: zod0.ZodObject<{
83
- providerId: zod0.ZodString;
84
- organizationId: zod0.ZodOptional<zod0.ZodString>;
90
+ body: zod.ZodObject<{
91
+ providerId: zod.ZodString;
92
+ organizationId: zod.ZodOptional<zod.ZodString>;
85
93
  }, better_auth0.$strip>;
86
94
  metadata: {
87
95
  openapi: {
@@ -133,6 +141,208 @@ declare const scim: (options?: SCIMOptions) => {
133
141
  }, {
134
142
  scimToken: string;
135
143
  }>;
144
+ listSCIMProviderConnections: better_call0.StrictEndpoint<"/scim/list-provider-connections", {
145
+ method: "GET";
146
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
147
+ session: {
148
+ session: Record<string, any> & {
149
+ id: string;
150
+ createdAt: Date;
151
+ updatedAt: Date;
152
+ userId: string;
153
+ expiresAt: Date;
154
+ token: string;
155
+ ipAddress?: string | null | undefined;
156
+ userAgent?: string | null | undefined;
157
+ };
158
+ user: Record<string, any> & {
159
+ id: string;
160
+ createdAt: Date;
161
+ updatedAt: Date;
162
+ email: string;
163
+ emailVerified: boolean;
164
+ name: string;
165
+ image?: string | null | undefined;
166
+ };
167
+ };
168
+ }>)[];
169
+ metadata: {
170
+ openapi: {
171
+ operationId: string;
172
+ summary: string;
173
+ description: string;
174
+ responses: {
175
+ "200": {
176
+ description: string;
177
+ content: {
178
+ "application/json": {
179
+ schema: {
180
+ type: "object";
181
+ properties: {
182
+ providers: {
183
+ type: string;
184
+ items: {
185
+ type: string;
186
+ properties: {
187
+ id: {
188
+ type: string;
189
+ };
190
+ providerId: {
191
+ type: string;
192
+ };
193
+ organizationId: {
194
+ type: string;
195
+ nullable: boolean;
196
+ };
197
+ };
198
+ };
199
+ };
200
+ };
201
+ };
202
+ };
203
+ };
204
+ };
205
+ };
206
+ };
207
+ };
208
+ }, {
209
+ providers: {
210
+ id: string;
211
+ providerId: string;
212
+ organizationId: string | null;
213
+ }[];
214
+ }>;
215
+ getSCIMProviderConnection: better_call0.StrictEndpoint<"/scim/get-provider-connection", {
216
+ method: "GET";
217
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
218
+ session: {
219
+ session: Record<string, any> & {
220
+ id: string;
221
+ createdAt: Date;
222
+ updatedAt: Date;
223
+ userId: string;
224
+ expiresAt: Date;
225
+ token: string;
226
+ ipAddress?: string | null | undefined;
227
+ userAgent?: string | null | undefined;
228
+ };
229
+ user: Record<string, any> & {
230
+ id: string;
231
+ createdAt: Date;
232
+ updatedAt: Date;
233
+ email: string;
234
+ emailVerified: boolean;
235
+ name: string;
236
+ image?: string | null | undefined;
237
+ };
238
+ };
239
+ }>)[];
240
+ query: zod.ZodObject<{
241
+ providerId: zod.ZodString;
242
+ }, better_auth0.$strip>;
243
+ metadata: {
244
+ openapi: {
245
+ operationId: string;
246
+ summary: string;
247
+ description: string;
248
+ responses: {
249
+ "200": {
250
+ description: string;
251
+ content: {
252
+ "application/json": {
253
+ schema: {
254
+ type: "object";
255
+ properties: {
256
+ id: {
257
+ type: string;
258
+ };
259
+ providerId: {
260
+ type: string;
261
+ };
262
+ organizationId: {
263
+ type: string;
264
+ nullable: boolean;
265
+ };
266
+ };
267
+ };
268
+ };
269
+ };
270
+ };
271
+ "404": {
272
+ description: string;
273
+ };
274
+ "403": {
275
+ description: string;
276
+ };
277
+ };
278
+ };
279
+ };
280
+ }, {
281
+ id: string;
282
+ providerId: string;
283
+ organizationId: string | null;
284
+ }>;
285
+ deleteSCIMProviderConnection: better_call0.StrictEndpoint<"/scim/delete-provider-connection", {
286
+ method: "POST";
287
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
288
+ session: {
289
+ session: Record<string, any> & {
290
+ id: string;
291
+ createdAt: Date;
292
+ updatedAt: Date;
293
+ userId: string;
294
+ expiresAt: Date;
295
+ token: string;
296
+ ipAddress?: string | null | undefined;
297
+ userAgent?: string | null | undefined;
298
+ };
299
+ user: Record<string, any> & {
300
+ id: string;
301
+ createdAt: Date;
302
+ updatedAt: Date;
303
+ email: string;
304
+ emailVerified: boolean;
305
+ name: string;
306
+ image?: string | null | undefined;
307
+ };
308
+ };
309
+ }>)[];
310
+ body: zod.ZodObject<{
311
+ providerId: zod.ZodString;
312
+ }, better_auth0.$strip>;
313
+ metadata: {
314
+ openapi: {
315
+ operationId: string;
316
+ summary: string;
317
+ description: string;
318
+ responses: {
319
+ "200": {
320
+ description: string;
321
+ content: {
322
+ "application/json": {
323
+ schema: {
324
+ type: "object";
325
+ properties: {
326
+ success: {
327
+ type: string;
328
+ };
329
+ };
330
+ };
331
+ };
332
+ };
333
+ };
334
+ "404": {
335
+ description: string;
336
+ };
337
+ "403": {
338
+ description: string;
339
+ };
340
+ };
341
+ };
342
+ };
343
+ }, {
344
+ success: boolean;
345
+ }>;
136
346
  getSCIMUser: better_call0.StrictEndpoint<"/scim/v2/Users/:userId", {
137
347
  method: "GET";
138
348
  metadata: {
@@ -411,17 +621,17 @@ declare const scim: (options?: SCIMOptions) => {
411
621
  }>;
412
622
  createSCIMUser: better_call0.StrictEndpoint<"/scim/v2/Users", {
413
623
  method: "POST";
414
- body: zod0.ZodObject<{
415
- userName: zod0.ZodString;
416
- externalId: zod0.ZodOptional<zod0.ZodString>;
417
- name: zod0.ZodOptional<zod0.ZodObject<{
418
- formatted: zod0.ZodOptional<zod0.ZodString>;
419
- givenName: zod0.ZodOptional<zod0.ZodString>;
420
- familyName: zod0.ZodOptional<zod0.ZodString>;
624
+ body: zod.ZodObject<{
625
+ userName: zod.ZodString;
626
+ externalId: zod.ZodOptional<zod.ZodString>;
627
+ name: zod.ZodOptional<zod.ZodObject<{
628
+ formatted: zod.ZodOptional<zod.ZodString>;
629
+ givenName: zod.ZodOptional<zod.ZodString>;
630
+ familyName: zod.ZodOptional<zod.ZodString>;
421
631
  }, better_auth0.$strip>>;
422
- emails: zod0.ZodOptional<zod0.ZodArray<zod0.ZodObject<{
423
- value: zod0.ZodEmail;
424
- primary: zod0.ZodOptional<zod0.ZodBoolean>;
632
+ emails: zod.ZodOptional<zod.ZodArray<zod.ZodObject<{
633
+ value: zod.ZodEmail;
634
+ primary: zod.ZodOptional<zod.ZodBoolean>;
425
635
  }, better_auth0.$strip>>>;
426
636
  }, better_auth0.$strip>;
427
637
  metadata: {
@@ -700,16 +910,16 @@ declare const scim: (options?: SCIMOptions) => {
700
910
  }>;
701
911
  patchSCIMUser: better_call0.StrictEndpoint<"/scim/v2/Users/:userId", {
702
912
  method: "PATCH";
703
- body: zod0.ZodObject<{
704
- schemas: zod0.ZodArray<zod0.ZodString>;
705
- Operations: zod0.ZodArray<zod0.ZodObject<{
706
- op: zod0.ZodPipe<zod0.ZodDefault<zod0.ZodString>, zod0.ZodEnum<{
913
+ body: zod.ZodObject<{
914
+ schemas: zod.ZodArray<zod.ZodString>;
915
+ Operations: zod.ZodArray<zod.ZodObject<{
916
+ op: zod.ZodPipe<zod.ZodDefault<zod.ZodString>, zod.ZodEnum<{
917
+ replace: "replace";
707
918
  add: "add";
708
919
  remove: "remove";
709
- replace: "replace";
710
920
  }>>;
711
- path: zod0.ZodOptional<zod0.ZodString>;
712
- value: zod0.ZodAny;
921
+ path: zod.ZodOptional<zod.ZodString>;
922
+ value: zod.ZodAny;
713
923
  }, better_auth0.$strip>>;
714
924
  }, better_auth0.$strip>;
715
925
  metadata: {
@@ -1076,17 +1286,17 @@ declare const scim: (options?: SCIMOptions) => {
1076
1286
  }, void>;
1077
1287
  updateSCIMUser: better_call0.StrictEndpoint<"/scim/v2/Users/:userId", {
1078
1288
  method: "PUT";
1079
- body: zod0.ZodObject<{
1080
- userName: zod0.ZodString;
1081
- externalId: zod0.ZodOptional<zod0.ZodString>;
1082
- name: zod0.ZodOptional<zod0.ZodObject<{
1083
- formatted: zod0.ZodOptional<zod0.ZodString>;
1084
- givenName: zod0.ZodOptional<zod0.ZodString>;
1085
- familyName: zod0.ZodOptional<zod0.ZodString>;
1289
+ body: zod.ZodObject<{
1290
+ userName: zod.ZodString;
1291
+ externalId: zod.ZodOptional<zod.ZodString>;
1292
+ name: zod.ZodOptional<zod.ZodObject<{
1293
+ formatted: zod.ZodOptional<zod.ZodString>;
1294
+ givenName: zod.ZodOptional<zod.ZodString>;
1295
+ familyName: zod.ZodOptional<zod.ZodString>;
1086
1296
  }, better_auth0.$strip>>;
1087
- emails: zod0.ZodOptional<zod0.ZodArray<zod0.ZodObject<{
1088
- value: zod0.ZodEmail;
1089
- primary: zod0.ZodOptional<zod0.ZodBoolean>;
1297
+ emails: zod.ZodOptional<zod.ZodArray<zod.ZodObject<{
1298
+ value: zod.ZodEmail;
1299
+ primary: zod.ZodOptional<zod.ZodBoolean>;
1090
1300
  }, better_auth0.$strip>>>;
1091
1301
  }, better_auth0.$strip>;
1092
1302
  metadata: {
@@ -1365,8 +1575,8 @@ declare const scim: (options?: SCIMOptions) => {
1365
1575
  }>;
1366
1576
  listSCIMUsers: better_call0.StrictEndpoint<"/scim/v2/Users", {
1367
1577
  method: "GET";
1368
- query: zod0.ZodOptional<zod0.ZodObject<{
1369
- filter: zod0.ZodOptional<zod0.ZodString>;
1578
+ query: zod.ZodOptional<zod.ZodObject<{
1579
+ filter: zod.ZodOptional<zod.ZodString>;
1370
1580
  }, better_auth0.$strip>>;
1371
1581
  metadata: {
1372
1582
  allowedMediaTypes: string[];
@@ -1639,6 +1849,12 @@ declare const scim: (options?: SCIMOptions) => {
1639
1849
  scimProvider: Omit<SCIMProvider, "id">;
1640
1850
  }>)[];
1641
1851
  }, {
1852
+ readonly schemas: readonly ["urn:ietf:params:scim:api:messages:2.0:ListResponse"];
1853
+ readonly totalResults: 0;
1854
+ readonly startIndex: 1;
1855
+ readonly itemsPerPage: 0;
1856
+ readonly Resources: readonly [];
1857
+ } | {
1642
1858
  schemas: string[];
1643
1859
  totalResults: number;
1644
1860
  startIndex: number;
@@ -3199,6 +3415,10 @@ declare const scim: (options?: SCIMOptions) => {
3199
3415
  schema: {
3200
3416
  scimProvider: {
3201
3417
  fields: {
3418
+ userId?: {
3419
+ type: "string";
3420
+ required: false;
3421
+ } | undefined;
3202
3422
  providerId: {
3203
3423
  type: "string";
3204
3424
  required: true;
@@ -3219,4 +3439,5 @@ declare const scim: (options?: SCIMOptions) => {
3219
3439
  options: SCIMOptions | undefined;
3220
3440
  };
3221
3441
  //#endregion
3222
- export { SCIMEmail, SCIMName, SCIMOptions, SCIMProvider, scim };
3442
+ export { SCIMEmail, SCIMName, SCIMOptions, SCIMProvider, scim };
3443
+ //# sourceMappingURL=index.d.mts.map