@better-auth/scim 1.7.0-beta.3 → 1.7.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/client.mjs +1 -1
  2. package/dist/index.d.mts +4 -11
  3. package/dist/index.mjs +16 -10
  4. package/dist/{version-CLqkeI3u.mjs → version-5EiO_U3Z.mjs} +1 -1
  5. package/package.json +6 -6
package/dist/client.mjs CHANGED
@@ -1,4 +1,4 @@
1
- import { t as PACKAGE_VERSION } from "./version-CLqkeI3u.mjs";
1
+ import { t as PACKAGE_VERSION } from "./version-5EiO_U3Z.mjs";
2
2
  //#region src/client.ts
3
3
  const scimClient = () => {
4
4
  return {
package/dist/index.d.mts CHANGED
@@ -22,13 +22,6 @@ type SCIMEmail = {
22
22
  primary?: boolean;
23
23
  };
24
24
  type SCIMOptions = {
25
- /**
26
- * SCIM provider ownership configuration. When enabled, each provider
27
- * connection is linked to the user who generated its token.
28
- */
29
- providerOwnership?: {
30
- enabled: boolean;
31
- };
32
25
  /**
33
26
  * Minimum organization role(s) required for SCIM management operations
34
27
  * (generate-token, list/get/delete provider connections).
@@ -3415,10 +3408,6 @@ declare const scim: (options?: SCIMOptions) => {
3415
3408
  schema: {
3416
3409
  scimProvider: {
3417
3410
  fields: {
3418
- userId?: {
3419
- type: "string";
3420
- required: false;
3421
- } | undefined;
3422
3411
  providerId: {
3423
3412
  type: "string";
3424
3413
  required: true;
@@ -3433,6 +3422,10 @@ declare const scim: (options?: SCIMOptions) => {
3433
3422
  type: "string";
3434
3423
  required: false;
3435
3424
  };
3425
+ userId: {
3426
+ type: "string";
3427
+ required: false;
3428
+ };
3436
3429
  };
3437
3430
  };
3438
3431
  };
package/dist/index.mjs CHANGED
@@ -1,4 +1,4 @@
1
- import { t as PACKAGE_VERSION } from "./version-CLqkeI3u.mjs";
1
+ import { t as PACKAGE_VERSION } from "./version-5EiO_U3Z.mjs";
2
2
  import { base64Url } from "@better-auth/utils/base64";
3
3
  import { APIError, createAuthEndpoint, createAuthMiddleware, sessionMiddleware } from "better-auth/api";
4
4
  import { APIError as APIError$1, HIDE_METADATA } from "better-auth";
@@ -625,9 +625,6 @@ function resolveRequiredRoles(ctx, opts) {
625
625
  const creatorRole = ctx.context.getPlugin("organization")?.options?.creatorRole;
626
626
  return Array.from(new Set(["admin", creatorRole ?? "owner"]));
627
627
  }
628
- function isProviderOwnershipEnabled(opts) {
629
- return opts.providerOwnership?.enabled ?? false;
630
- }
631
628
  async function getSCIMUserOrgMemberships(ctx, userId) {
632
629
  const members = await ctx.context.adapter.findMany({
633
630
  model: "member",
@@ -663,7 +660,7 @@ async function assertSCIMProviderAccess(ctx, userId, provider, requiredRole) {
663
660
  const member = await findOrganizationMember(ctx, userId, provider.organizationId);
664
661
  if (!member) throw new APIError("FORBIDDEN", { message: "You must be a member of the organization to access this provider" });
665
662
  if (!hasRequiredRole(member.role, requiredRole)) throw new APIError("FORBIDDEN", { message: "Insufficient role for this operation" });
666
- } else if (provider.userId && provider.userId !== userId) throw new APIError("FORBIDDEN", { message: "You must be the owner to access this provider" });
663
+ } else if (provider.userId !== userId) throw new APIError("FORBIDDEN", { message: "You must be the owner to access this provider" });
667
664
  }
668
665
  async function checkSCIMProviderAccess(ctx, userId, providerId, requiredRole) {
669
666
  const provider = await ctx.context.adapter.findOne({
@@ -700,6 +697,15 @@ const generateSCIMToken = (opts) => createAuthEndpoint("/scim/generate-token", {
700
697
  const user = ctx.context.session.user;
701
698
  const requiredRole = resolveRequiredRoles(ctx, opts);
702
699
  if (providerId.includes(":")) throw new APIError("BAD_REQUEST", { message: "Provider id contains forbidden characters" });
700
+ if (new Set([
701
+ "credential",
702
+ "email-otp",
703
+ "magic-link",
704
+ "phone-number",
705
+ "anonymous",
706
+ "siwe",
707
+ ...Object.keys(ctx.context.options.socialProviders ?? {})
708
+ ]).has(providerId)) throw new APIError("BAD_REQUEST", { message: "Provider id collides with a built-in account provider and cannot be used for SCIM" });
703
709
  if (organizationId && !ctx.context.hasPlugin("organization")) throw new APIError("BAD_REQUEST", { message: "Restricting a token to an organization requires the organization plugin" });
704
710
  let member = null;
705
711
  if (organizationId) {
@@ -740,7 +746,7 @@ const generateSCIMToken = (opts) => createAuthEndpoint("/scim/generate-token", {
740
746
  providerId,
741
747
  organizationId,
742
748
  scimToken: await storeSCIMToken(ctx, opts, baseToken),
743
- ...isProviderOwnershipEnabled(opts) ? { userId: user.id } : {}
749
+ userId: user.id
744
750
  }
745
751
  });
746
752
  if (opts.afterSCIMTokenGenerated) await opts.afterSCIMTokenGenerated({
@@ -789,7 +795,7 @@ const listSCIMProviderConnections = (opts) => createAuthEndpoint("/scim/list-pro
789
795
  const roles = orgMemberships.get(p.organizationId);
790
796
  return roles ? !requiredRole.length || roles.some((role) => requiredRole.includes(role)) : false;
791
797
  }
792
- return p.userId === userId || !p.userId;
798
+ return p.userId === userId;
793
799
  }).map((p) => normalizeSCIMProvider(p));
794
800
  return ctx.json({ providers });
795
801
  });
@@ -1198,6 +1204,7 @@ const deleteSCIMUser = (authMiddleware) => createAuthEndpoint("/scim/v2/Users/:u
1198
1204
  organizationId
1199
1205
  });
1200
1206
  if (!user) throw new SCIMAPIError("NOT_FOUND", { detail: "User not found" });
1207
+ await ctx.context.internalAdapter.deleteUserSessions(userId);
1201
1208
  await ctx.context.internalAdapter.deleteUser(userId);
1202
1209
  ctx.setStatus(204);
1203
1210
  });
@@ -1440,7 +1447,6 @@ const scim = (options) => {
1440
1447
  storeSCIMToken: "plain",
1441
1448
  ...options
1442
1449
  };
1443
- const providerOwnershipEnabled = options?.providerOwnership?.enabled ?? false;
1444
1450
  const authMiddleware = authMiddlewareFactory(opts);
1445
1451
  return {
1446
1452
  id: "scim",
@@ -1477,10 +1483,10 @@ const scim = (options) => {
1477
1483
  type: "string",
1478
1484
  required: false
1479
1485
  },
1480
- ...providerOwnershipEnabled ? { userId: {
1486
+ userId: {
1481
1487
  type: "string",
1482
1488
  required: false
1483
- } } : {}
1489
+ }
1484
1490
  } } },
1485
1491
  options
1486
1492
  };
package/dist/{version-CLqkeI3u.mjs → version-5EiO_U3Z.mjs} RENAMED
@@ -1,5 +1,5 @@
1
1
  //#endregion
2
2
  //#region src/version.ts
3
- const PACKAGE_VERSION = "1.7.0-beta.3";
3
+ const PACKAGE_VERSION = "1.7.0-beta.4";
4
4
  //#endregion
5
5
  export { PACKAGE_VERSION as t };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@better-auth/scim",
3
- "version": "1.7.0-beta.3",
3
+ "version": "1.7.0-beta.4",
4
4
  "description": "SCIM plugin for Better Auth",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -54,14 +54,14 @@
54
54
  },
55
55
  "devDependencies": {
56
56
  "tsdown": "0.21.1",
57
- "@better-auth/core": "1.7.0-beta.3",
58
- "@better-auth/sso": "1.7.0-beta.3"
57
+ "@better-auth/core": "1.7.0-beta.4",
58
+ "@better-auth/sso": "1.7.0-beta.4"
59
59
  },
60
60
  "peerDependencies": {
61
- "@better-auth/utils": "0.4.0",
61
+ "@better-auth/utils": "0.4.1",
62
62
  "better-call": "1.3.5",
63
- "better-auth": "^1.7.0-beta.3",
64
- "@better-auth/core": "^1.7.0-beta.3"
63
+ "@better-auth/core": "^1.7.0-beta.4",
64
+ "better-auth": "^1.7.0-beta.4"
65
65
  },
66
66
  "scripts": {
67
67
  "build": "tsdown",