@better-auth/sso 1.3.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/.turbo/turbo-build.log +17 -0
  2. package/LICENSE.md +17 -0
  3. package/build.config.ts +12 -0
  4. package/dist/client.cjs +10 -0
  5. package/dist/client.d.cts +11 -0
  6. package/dist/client.d.mts +11 -0
  7. package/dist/client.d.ts +11 -0
  8. package/dist/client.mjs +8 -0
  9. package/dist/index.cjs +1066 -0
  10. package/dist/index.d.cts +1061 -0
  11. package/dist/index.d.mts +1061 -0
  12. package/dist/index.d.ts +1061 -0
  13. package/dist/index.mjs +1050 -0
  14. package/package.json +64 -0
  15. package/src/client.ts +8 -0
  16. package/src/index.ts +1377 -0
  17. package/src/oidc.test.ts +488 -0
  18. package/src/saml.test.ts +733 -0
  19. package/tsconfig.json +20 -0
package/dist/index.d.ts ADDED
@@ -0,0 +1,1061 @@
1
+ import * as better_call from 'better-call';
2
+ import { User, OAuth2Tokens } from 'better-auth';
3
+ import { z } from 'zod';
4
+
5
+ interface OIDCConfig {
6
+ issuer: string;
7
+ pkce: boolean;
8
+ clientId: string;
9
+ clientSecret: string;
10
+ authorizationEndpoint?: string;
11
+ discoveryEndpoint: string;
12
+ userInfoEndpoint?: string;
13
+ scopes?: string[];
14
+ overrideUserInfo?: boolean;
15
+ tokenEndpoint?: string;
16
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
17
+ jwksEndpoint?: string;
18
+ mapping?: {
19
+ id?: string;
20
+ email?: string;
21
+ emailVerified?: string;
22
+ name?: string;
23
+ image?: string;
24
+ extraFields?: Record<string, string>;
25
+ };
26
+ }
27
+ interface SAMLConfig {
28
+ issuer: string;
29
+ entryPoint: string;
30
+ signingKey: string;
31
+ certificate: string;
32
+ attributeConsumingServiceIndex: number;
33
+ }
34
+ interface SSOProvider {
35
+ issuer: string;
36
+ oidcConfig?: OIDCConfig;
37
+ samlConfig?: SAMLConfig;
38
+ userId: string;
39
+ providerId: string;
40
+ organizationId?: string;
41
+ }
42
+ interface SSOOptions {
43
+ /**
44
+ * custom function to provision a user when they sign in with an SSO provider.
45
+ */
46
+ provisionUser?: (data: {
47
+ /**
48
+ * The user object from the database
49
+ */
50
+ user: User & Record<string, any>;
51
+ /**
52
+ * The user info object from the provider
53
+ */
54
+ userInfo: Record<string, any>;
55
+ /**
56
+ * The OAuth2 tokens from the provider
57
+ */
58
+ token?: OAuth2Tokens;
59
+ /**
60
+ * The SSO provider
61
+ */
62
+ provider: SSOProvider;
63
+ }) => Promise<void>;
64
+ /**
65
+ * Organization provisioning options
66
+ */
67
+ organizationProvisioning?: {
68
+ disabled?: boolean;
69
+ defaultRole?: "member" | "admin";
70
+ getRole?: (data: {
71
+ /**
72
+ * The user object from the database
73
+ */
74
+ user: User & Record<string, any>;
75
+ /**
76
+ * The user info object from the provider
77
+ */
78
+ userInfo: Record<string, any>;
79
+ /**
80
+ * The OAuth2 tokens from the provider
81
+ */
82
+ token?: OAuth2Tokens;
83
+ /**
84
+ * The SSO provider
85
+ */
86
+ provider: SSOProvider;
87
+ }) => Promise<"member" | "admin">;
88
+ };
89
+ /**
90
+ * Override user info with the provider info.
91
+ * @default false
92
+ */
93
+ defaultOverrideUserInfo?: boolean;
94
+ /**
95
+ * Disable implicit sign up for new users. When set to true for the provider,
96
+ * sign-in need to be called with with requestSignUp as true to create new users.
97
+ */
98
+ disableImplicitSignUp?: boolean;
99
+ }
100
+ declare const sso: (options?: SSOOptions) => {
101
+ id: "sso";
102
+ endpoints: {
103
+ spMetadata: {
104
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
105
+ body?: undefined;
106
+ } & {
107
+ method?: "GET" | undefined;
108
+ } & {
109
+ query: {
110
+ providerId: string;
111
+ format?: "xml" | "json" | undefined;
112
+ };
113
+ } & {
114
+ params?: Record<string, any>;
115
+ } & {
116
+ request?: Request;
117
+ } & {
118
+ headers?: HeadersInit;
119
+ } & {
120
+ asResponse?: boolean;
121
+ returnHeaders?: boolean;
122
+ use?: better_call.Middleware[];
123
+ path?: string;
124
+ } & {
125
+ asResponse?: AsResponse | undefined;
126
+ returnHeaders?: ReturnHeaders | undefined;
127
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
128
+ headers: Headers;
129
+ response: Response;
130
+ } : Response>;
131
+ options: {
132
+ method: "GET";
133
+ query: z.ZodObject<{
134
+ providerId: z.ZodString;
135
+ format: z.ZodDefault<z.ZodEnum<["xml", "json"]>>;
136
+ }, "strip", z.ZodTypeAny, {
137
+ providerId: string;
138
+ format: "xml" | "json";
139
+ }, {
140
+ providerId: string;
141
+ format?: "xml" | "json" | undefined;
142
+ }>;
143
+ metadata: {
144
+ openapi: {
145
+ summary: string;
146
+ description: string;
147
+ responses: {
148
+ "200": {
149
+ description: string;
150
+ };
151
+ };
152
+ };
153
+ };
154
+ } & {
155
+ use: any[];
156
+ };
157
+ path: "/sso/saml2/sp/metadata";
158
+ };
159
+ registerSSOProvider: {
160
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
161
+ body: {
162
+ providerId: string;
163
+ issuer: string;
164
+ domain: string;
165
+ oidcConfig?: {
166
+ clientId: string;
167
+ clientSecret: string;
168
+ authorizationEndpoint?: string | undefined;
169
+ tokenEndpoint?: string | undefined;
170
+ userInfoEndpoint?: string | undefined;
171
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
172
+ jwksEndpoint?: string | undefined;
173
+ discoveryEndpoint?: string | undefined;
174
+ scopes?: string[] | undefined;
175
+ pkce?: boolean | undefined;
176
+ } | undefined;
177
+ samlConfig?: {
178
+ spMetadata: {
179
+ metadata: string;
180
+ privateKey?: string | undefined;
181
+ privateKeyPass?: string | undefined;
182
+ isAssertionEncrypted?: boolean | undefined;
183
+ encPrivateKey?: string | undefined;
184
+ encPrivateKeyPass?: string | undefined;
185
+ binding?: string | undefined;
186
+ };
187
+ entryPoint: string;
188
+ cert: string;
189
+ callbackUrl: string;
190
+ audience?: string | undefined;
191
+ privateKey?: string | undefined;
192
+ idpMetadata?: {
193
+ metadata: string;
194
+ privateKey?: string | undefined;
195
+ privateKeyPass?: string | undefined;
196
+ isAssertionEncrypted?: boolean | undefined;
197
+ encPrivateKey?: string | undefined;
198
+ encPrivateKeyPass?: string | undefined;
199
+ } | undefined;
200
+ wantAssertionsSigned?: boolean | undefined;
201
+ signatureAlgorithm?: string | undefined;
202
+ digestAlgorithm?: string | undefined;
203
+ identifierFormat?: string | undefined;
204
+ decryptionPvk?: string | undefined;
205
+ additionalParams?: Record<string, string> | undefined;
206
+ } | undefined;
207
+ mapping?: {
208
+ id: string;
209
+ email: string;
210
+ name: string;
211
+ emailVerified?: string | undefined;
212
+ image?: string | undefined;
213
+ extraFields?: Record<string, string> | undefined;
214
+ } | undefined;
215
+ organizationId?: string | undefined;
216
+ overrideUserInfo?: boolean | undefined;
217
+ };
218
+ } & {
219
+ method?: "POST" | undefined;
220
+ } & {
221
+ query?: Record<string, any> | undefined;
222
+ } & {
223
+ params?: Record<string, any>;
224
+ } & {
225
+ request?: Request;
226
+ } & {
227
+ headers?: HeadersInit;
228
+ } & {
229
+ asResponse?: boolean;
230
+ returnHeaders?: boolean;
231
+ use?: better_call.Middleware[];
232
+ path?: string;
233
+ } & {
234
+ asResponse?: AsResponse | undefined;
235
+ returnHeaders?: ReturnHeaders | undefined;
236
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
237
+ headers: Headers;
238
+ response: {
239
+ oidcConfig: OIDCConfig;
240
+ samlConfig: SAMLConfig;
241
+ redirectURI: string;
242
+ issuer: string;
243
+ userId: string;
244
+ providerId: string;
245
+ organizationId?: string;
246
+ };
247
+ } : {
248
+ oidcConfig: OIDCConfig;
249
+ samlConfig: SAMLConfig;
250
+ redirectURI: string;
251
+ issuer: string;
252
+ userId: string;
253
+ providerId: string;
254
+ organizationId?: string;
255
+ }>;
256
+ options: {
257
+ method: "POST";
258
+ body: z.ZodObject<{
259
+ providerId: z.ZodString;
260
+ issuer: z.ZodString;
261
+ domain: z.ZodString;
262
+ oidcConfig: z.ZodOptional<z.ZodObject<{
263
+ clientId: z.ZodString;
264
+ clientSecret: z.ZodString;
265
+ authorizationEndpoint: z.ZodOptional<z.ZodString>;
266
+ tokenEndpoint: z.ZodOptional<z.ZodString>;
267
+ userInfoEndpoint: z.ZodOptional<z.ZodString>;
268
+ tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<["client_secret_post", "client_secret_basic"]>>;
269
+ jwksEndpoint: z.ZodOptional<z.ZodString>;
270
+ discoveryEndpoint: z.ZodOptional<z.ZodString>;
271
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
272
+ pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
273
+ }, "strip", z.ZodTypeAny, {
274
+ clientId: string;
275
+ clientSecret: string;
276
+ authorizationEndpoint?: string | undefined;
277
+ tokenEndpoint?: string | undefined;
278
+ userInfoEndpoint?: string | undefined;
279
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
280
+ jwksEndpoint?: string | undefined;
281
+ discoveryEndpoint?: string | undefined;
282
+ scopes?: string[] | undefined;
283
+ pkce?: boolean | undefined;
284
+ }, {
285
+ clientId: string;
286
+ clientSecret: string;
287
+ authorizationEndpoint?: string | undefined;
288
+ tokenEndpoint?: string | undefined;
289
+ userInfoEndpoint?: string | undefined;
290
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
291
+ jwksEndpoint?: string | undefined;
292
+ discoveryEndpoint?: string | undefined;
293
+ scopes?: string[] | undefined;
294
+ pkce?: boolean | undefined;
295
+ }>>;
296
+ samlConfig: z.ZodOptional<z.ZodObject<{
297
+ entryPoint: z.ZodString;
298
+ cert: z.ZodString;
299
+ callbackUrl: z.ZodString;
300
+ audience: z.ZodOptional<z.ZodString>;
301
+ idpMetadata: z.ZodOptional<z.ZodObject<{
302
+ metadata: z.ZodString;
303
+ privateKey: z.ZodOptional<z.ZodString>;
304
+ privateKeyPass: z.ZodOptional<z.ZodString>;
305
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
306
+ encPrivateKey: z.ZodOptional<z.ZodString>;
307
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
308
+ }, "strip", z.ZodTypeAny, {
309
+ metadata: string;
310
+ privateKey?: string | undefined;
311
+ privateKeyPass?: string | undefined;
312
+ isAssertionEncrypted?: boolean | undefined;
313
+ encPrivateKey?: string | undefined;
314
+ encPrivateKeyPass?: string | undefined;
315
+ }, {
316
+ metadata: string;
317
+ privateKey?: string | undefined;
318
+ privateKeyPass?: string | undefined;
319
+ isAssertionEncrypted?: boolean | undefined;
320
+ encPrivateKey?: string | undefined;
321
+ encPrivateKeyPass?: string | undefined;
322
+ }>>;
323
+ spMetadata: z.ZodObject<{
324
+ metadata: z.ZodString;
325
+ binding: z.ZodOptional<z.ZodString>;
326
+ privateKey: z.ZodOptional<z.ZodString>;
327
+ privateKeyPass: z.ZodOptional<z.ZodString>;
328
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
329
+ encPrivateKey: z.ZodOptional<z.ZodString>;
330
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
331
+ }, "strip", z.ZodTypeAny, {
332
+ metadata: string;
333
+ privateKey?: string | undefined;
334
+ privateKeyPass?: string | undefined;
335
+ isAssertionEncrypted?: boolean | undefined;
336
+ encPrivateKey?: string | undefined;
337
+ encPrivateKeyPass?: string | undefined;
338
+ binding?: string | undefined;
339
+ }, {
340
+ metadata: string;
341
+ privateKey?: string | undefined;
342
+ privateKeyPass?: string | undefined;
343
+ isAssertionEncrypted?: boolean | undefined;
344
+ encPrivateKey?: string | undefined;
345
+ encPrivateKeyPass?: string | undefined;
346
+ binding?: string | undefined;
347
+ }>;
348
+ wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
349
+ signatureAlgorithm: z.ZodOptional<z.ZodString>;
350
+ digestAlgorithm: z.ZodOptional<z.ZodString>;
351
+ identifierFormat: z.ZodOptional<z.ZodString>;
352
+ privateKey: z.ZodOptional<z.ZodString>;
353
+ decryptionPvk: z.ZodOptional<z.ZodString>;
354
+ additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
355
+ }, "strip", z.ZodTypeAny, {
356
+ spMetadata: {
357
+ metadata: string;
358
+ privateKey?: string | undefined;
359
+ privateKeyPass?: string | undefined;
360
+ isAssertionEncrypted?: boolean | undefined;
361
+ encPrivateKey?: string | undefined;
362
+ encPrivateKeyPass?: string | undefined;
363
+ binding?: string | undefined;
364
+ };
365
+ entryPoint: string;
366
+ cert: string;
367
+ callbackUrl: string;
368
+ audience?: string | undefined;
369
+ privateKey?: string | undefined;
370
+ idpMetadata?: {
371
+ metadata: string;
372
+ privateKey?: string | undefined;
373
+ privateKeyPass?: string | undefined;
374
+ isAssertionEncrypted?: boolean | undefined;
375
+ encPrivateKey?: string | undefined;
376
+ encPrivateKeyPass?: string | undefined;
377
+ } | undefined;
378
+ wantAssertionsSigned?: boolean | undefined;
379
+ signatureAlgorithm?: string | undefined;
380
+ digestAlgorithm?: string | undefined;
381
+ identifierFormat?: string | undefined;
382
+ decryptionPvk?: string | undefined;
383
+ additionalParams?: Record<string, string> | undefined;
384
+ }, {
385
+ spMetadata: {
386
+ metadata: string;
387
+ privateKey?: string | undefined;
388
+ privateKeyPass?: string | undefined;
389
+ isAssertionEncrypted?: boolean | undefined;
390
+ encPrivateKey?: string | undefined;
391
+ encPrivateKeyPass?: string | undefined;
392
+ binding?: string | undefined;
393
+ };
394
+ entryPoint: string;
395
+ cert: string;
396
+ callbackUrl: string;
397
+ audience?: string | undefined;
398
+ privateKey?: string | undefined;
399
+ idpMetadata?: {
400
+ metadata: string;
401
+ privateKey?: string | undefined;
402
+ privateKeyPass?: string | undefined;
403
+ isAssertionEncrypted?: boolean | undefined;
404
+ encPrivateKey?: string | undefined;
405
+ encPrivateKeyPass?: string | undefined;
406
+ } | undefined;
407
+ wantAssertionsSigned?: boolean | undefined;
408
+ signatureAlgorithm?: string | undefined;
409
+ digestAlgorithm?: string | undefined;
410
+ identifierFormat?: string | undefined;
411
+ decryptionPvk?: string | undefined;
412
+ additionalParams?: Record<string, string> | undefined;
413
+ }>>;
414
+ mapping: z.ZodOptional<z.ZodObject<{
415
+ id: z.ZodString;
416
+ email: z.ZodString;
417
+ emailVerified: z.ZodOptional<z.ZodString>;
418
+ name: z.ZodString;
419
+ image: z.ZodOptional<z.ZodString>;
420
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
421
+ }, "strip", z.ZodTypeAny, {
422
+ id: string;
423
+ email: string;
424
+ name: string;
425
+ emailVerified?: string | undefined;
426
+ image?: string | undefined;
427
+ extraFields?: Record<string, string> | undefined;
428
+ }, {
429
+ id: string;
430
+ email: string;
431
+ name: string;
432
+ emailVerified?: string | undefined;
433
+ image?: string | undefined;
434
+ extraFields?: Record<string, string> | undefined;
435
+ }>>;
436
+ organizationId: z.ZodOptional<z.ZodString>;
437
+ overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
438
+ }, "strip", z.ZodTypeAny, {
439
+ providerId: string;
440
+ issuer: string;
441
+ domain: string;
442
+ oidcConfig?: {
443
+ clientId: string;
444
+ clientSecret: string;
445
+ authorizationEndpoint?: string | undefined;
446
+ tokenEndpoint?: string | undefined;
447
+ userInfoEndpoint?: string | undefined;
448
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
449
+ jwksEndpoint?: string | undefined;
450
+ discoveryEndpoint?: string | undefined;
451
+ scopes?: string[] | undefined;
452
+ pkce?: boolean | undefined;
453
+ } | undefined;
454
+ samlConfig?: {
455
+ spMetadata: {
456
+ metadata: string;
457
+ privateKey?: string | undefined;
458
+ privateKeyPass?: string | undefined;
459
+ isAssertionEncrypted?: boolean | undefined;
460
+ encPrivateKey?: string | undefined;
461
+ encPrivateKeyPass?: string | undefined;
462
+ binding?: string | undefined;
463
+ };
464
+ entryPoint: string;
465
+ cert: string;
466
+ callbackUrl: string;
467
+ audience?: string | undefined;
468
+ privateKey?: string | undefined;
469
+ idpMetadata?: {
470
+ metadata: string;
471
+ privateKey?: string | undefined;
472
+ privateKeyPass?: string | undefined;
473
+ isAssertionEncrypted?: boolean | undefined;
474
+ encPrivateKey?: string | undefined;
475
+ encPrivateKeyPass?: string | undefined;
476
+ } | undefined;
477
+ wantAssertionsSigned?: boolean | undefined;
478
+ signatureAlgorithm?: string | undefined;
479
+ digestAlgorithm?: string | undefined;
480
+ identifierFormat?: string | undefined;
481
+ decryptionPvk?: string | undefined;
482
+ additionalParams?: Record<string, string> | undefined;
483
+ } | undefined;
484
+ mapping?: {
485
+ id: string;
486
+ email: string;
487
+ name: string;
488
+ emailVerified?: string | undefined;
489
+ image?: string | undefined;
490
+ extraFields?: Record<string, string> | undefined;
491
+ } | undefined;
492
+ organizationId?: string | undefined;
493
+ overrideUserInfo?: boolean | undefined;
494
+ }, {
495
+ providerId: string;
496
+ issuer: string;
497
+ domain: string;
498
+ oidcConfig?: {
499
+ clientId: string;
500
+ clientSecret: string;
501
+ authorizationEndpoint?: string | undefined;
502
+ tokenEndpoint?: string | undefined;
503
+ userInfoEndpoint?: string | undefined;
504
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
505
+ jwksEndpoint?: string | undefined;
506
+ discoveryEndpoint?: string | undefined;
507
+ scopes?: string[] | undefined;
508
+ pkce?: boolean | undefined;
509
+ } | undefined;
510
+ samlConfig?: {
511
+ spMetadata: {
512
+ metadata: string;
513
+ privateKey?: string | undefined;
514
+ privateKeyPass?: string | undefined;
515
+ isAssertionEncrypted?: boolean | undefined;
516
+ encPrivateKey?: string | undefined;
517
+ encPrivateKeyPass?: string | undefined;
518
+ binding?: string | undefined;
519
+ };
520
+ entryPoint: string;
521
+ cert: string;
522
+ callbackUrl: string;
523
+ audience?: string | undefined;
524
+ privateKey?: string | undefined;
525
+ idpMetadata?: {
526
+ metadata: string;
527
+ privateKey?: string | undefined;
528
+ privateKeyPass?: string | undefined;
529
+ isAssertionEncrypted?: boolean | undefined;
530
+ encPrivateKey?: string | undefined;
531
+ encPrivateKeyPass?: string | undefined;
532
+ } | undefined;
533
+ wantAssertionsSigned?: boolean | undefined;
534
+ signatureAlgorithm?: string | undefined;
535
+ digestAlgorithm?: string | undefined;
536
+ identifierFormat?: string | undefined;
537
+ decryptionPvk?: string | undefined;
538
+ additionalParams?: Record<string, string> | undefined;
539
+ } | undefined;
540
+ mapping?: {
541
+ id: string;
542
+ email: string;
543
+ name: string;
544
+ emailVerified?: string | undefined;
545
+ image?: string | undefined;
546
+ extraFields?: Record<string, string> | undefined;
547
+ } | undefined;
548
+ organizationId?: string | undefined;
549
+ overrideUserInfo?: boolean | undefined;
550
+ }>;
551
+ use: ((inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<{
552
+ session: {
553
+ session: Record<string, any> & {
554
+ id: string;
555
+ token: string;
556
+ userId: string;
557
+ expiresAt: Date;
558
+ createdAt: Date;
559
+ updatedAt: Date;
560
+ ipAddress?: string | null | undefined;
561
+ userAgent?: string | null | undefined;
562
+ };
563
+ user: Record<string, any> & {
564
+ id: string;
565
+ name: string;
566
+ emailVerified: boolean;
567
+ email: string;
568
+ createdAt: Date;
569
+ updatedAt: Date;
570
+ image?: string | null | undefined;
571
+ };
572
+ };
573
+ }>)[];
574
+ metadata: {
575
+ openapi: {
576
+ summary: string;
577
+ description: string;
578
+ responses: {
579
+ "200": {
580
+ description: string;
581
+ content: {
582
+ "application/json": {
583
+ schema: {
584
+ type: "object";
585
+ properties: {
586
+ issuer: {
587
+ type: string;
588
+ format: string;
589
+ description: string;
590
+ };
591
+ domain: {
592
+ type: string;
593
+ description: string;
594
+ };
595
+ oidcConfig: {
596
+ type: string;
597
+ properties: {
598
+ issuer: {
599
+ type: string;
600
+ format: string;
601
+ description: string;
602
+ };
603
+ pkce: {
604
+ type: string;
605
+ description: string;
606
+ };
607
+ clientId: {
608
+ type: string;
609
+ description: string;
610
+ };
611
+ clientSecret: {
612
+ type: string;
613
+ description: string;
614
+ };
615
+ authorizationEndpoint: {
616
+ type: string;
617
+ format: string;
618
+ nullable: boolean;
619
+ description: string;
620
+ };
621
+ discoveryEndpoint: {
622
+ type: string;
623
+ format: string;
624
+ description: string;
625
+ };
626
+ userInfoEndpoint: {
627
+ type: string;
628
+ format: string;
629
+ nullable: boolean;
630
+ description: string;
631
+ };
632
+ scopes: {
633
+ type: string;
634
+ items: {
635
+ type: string;
636
+ };
637
+ nullable: boolean;
638
+ description: string;
639
+ };
640
+ tokenEndpoint: {
641
+ type: string;
642
+ format: string;
643
+ nullable: boolean;
644
+ description: string;
645
+ };
646
+ tokenEndpointAuthentication: {
647
+ type: string;
648
+ enum: string[];
649
+ nullable: boolean;
650
+ description: string;
651
+ };
652
+ jwksEndpoint: {
653
+ type: string;
654
+ format: string;
655
+ nullable: boolean;
656
+ description: string;
657
+ };
658
+ mapping: {
659
+ type: string;
660
+ nullable: boolean;
661
+ properties: {
662
+ id: {
663
+ type: string;
664
+ description: string;
665
+ };
666
+ email: {
667
+ type: string;
668
+ description: string;
669
+ };
670
+ emailVerified: {
671
+ type: string;
672
+ nullable: boolean;
673
+ description: string;
674
+ };
675
+ name: {
676
+ type: string;
677
+ description: string;
678
+ };
679
+ image: {
680
+ type: string;
681
+ nullable: boolean;
682
+ description: string;
683
+ };
684
+ extraFields: {
685
+ type: string;
686
+ additionalProperties: {
687
+ type: string;
688
+ };
689
+ nullable: boolean;
690
+ description: string;
691
+ };
692
+ };
693
+ required: string[];
694
+ };
695
+ };
696
+ required: string[];
697
+ description: string;
698
+ };
699
+ organizationId: {
700
+ type: string;
701
+ nullable: boolean;
702
+ description: string;
703
+ };
704
+ userId: {
705
+ type: string;
706
+ description: string;
707
+ };
708
+ providerId: {
709
+ type: string;
710
+ description: string;
711
+ };
712
+ redirectURI: {
713
+ type: string;
714
+ format: string;
715
+ description: string;
716
+ };
717
+ };
718
+ required: string[];
719
+ };
720
+ };
721
+ };
722
+ };
723
+ };
724
+ };
725
+ };
726
+ } & {
727
+ use: any[];
728
+ };
729
+ path: "/sso/register";
730
+ };
731
+ signInSSO: {
732
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
733
+ body: {
734
+ callbackURL: string;
735
+ providerId?: string | undefined;
736
+ domain?: string | undefined;
737
+ scopes?: string[] | undefined;
738
+ email?: string | undefined;
739
+ organizationSlug?: string | undefined;
740
+ errorCallbackURL?: string | undefined;
741
+ newUserCallbackURL?: string | undefined;
742
+ requestSignUp?: boolean | undefined;
743
+ providerType?: "oidc" | "saml" | undefined;
744
+ };
745
+ } & {
746
+ method?: "POST" | undefined;
747
+ } & {
748
+ query?: Record<string, any> | undefined;
749
+ } & {
750
+ params?: Record<string, any>;
751
+ } & {
752
+ request?: Request;
753
+ } & {
754
+ headers?: HeadersInit;
755
+ } & {
756
+ asResponse?: boolean;
757
+ returnHeaders?: boolean;
758
+ use?: better_call.Middleware[];
759
+ path?: string;
760
+ } & {
761
+ asResponse?: AsResponse | undefined;
762
+ returnHeaders?: ReturnHeaders | undefined;
763
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
764
+ headers: Headers;
765
+ response: {
766
+ url: string;
767
+ redirect: boolean;
768
+ };
769
+ } : {
770
+ url: string;
771
+ redirect: boolean;
772
+ }>;
773
+ options: {
774
+ method: "POST";
775
+ body: z.ZodObject<{
776
+ email: z.ZodOptional<z.ZodString>;
777
+ organizationSlug: z.ZodOptional<z.ZodString>;
778
+ providerId: z.ZodOptional<z.ZodString>;
779
+ domain: z.ZodOptional<z.ZodString>;
780
+ callbackURL: z.ZodString;
781
+ errorCallbackURL: z.ZodOptional<z.ZodString>;
782
+ newUserCallbackURL: z.ZodOptional<z.ZodString>;
783
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
784
+ requestSignUp: z.ZodOptional<z.ZodBoolean>;
785
+ providerType: z.ZodOptional<z.ZodEnum<["oidc", "saml"]>>;
786
+ }, "strip", z.ZodTypeAny, {
787
+ callbackURL: string;
788
+ providerId?: string | undefined;
789
+ domain?: string | undefined;
790
+ scopes?: string[] | undefined;
791
+ email?: string | undefined;
792
+ organizationSlug?: string | undefined;
793
+ errorCallbackURL?: string | undefined;
794
+ newUserCallbackURL?: string | undefined;
795
+ requestSignUp?: boolean | undefined;
796
+ providerType?: "oidc" | "saml" | undefined;
797
+ }, {
798
+ callbackURL: string;
799
+ providerId?: string | undefined;
800
+ domain?: string | undefined;
801
+ scopes?: string[] | undefined;
802
+ email?: string | undefined;
803
+ organizationSlug?: string | undefined;
804
+ errorCallbackURL?: string | undefined;
805
+ newUserCallbackURL?: string | undefined;
806
+ requestSignUp?: boolean | undefined;
807
+ providerType?: "oidc" | "saml" | undefined;
808
+ }>;
809
+ metadata: {
810
+ openapi: {
811
+ summary: string;
812
+ description: string;
813
+ requestBody: {
814
+ content: {
815
+ "application/json": {
816
+ schema: {
817
+ type: "object";
818
+ properties: {
819
+ email: {
820
+ type: string;
821
+ description: string;
822
+ };
823
+ issuer: {
824
+ type: string;
825
+ description: string;
826
+ };
827
+ providerId: {
828
+ type: string;
829
+ description: string;
830
+ };
831
+ callbackURL: {
832
+ type: string;
833
+ description: string;
834
+ };
835
+ errorCallbackURL: {
836
+ type: string;
837
+ description: string;
838
+ };
839
+ newUserCallbackURL: {
840
+ type: string;
841
+ description: string;
842
+ };
843
+ };
844
+ required: string[];
845
+ };
846
+ };
847
+ };
848
+ };
849
+ responses: {
850
+ "200": {
851
+ description: string;
852
+ content: {
853
+ "application/json": {
854
+ schema: {
855
+ type: "object";
856
+ properties: {
857
+ url: {
858
+ type: string;
859
+ format: string;
860
+ description: string;
861
+ };
862
+ redirect: {
863
+ type: string;
864
+ description: string;
865
+ enum: boolean[];
866
+ };
867
+ };
868
+ required: string[];
869
+ };
870
+ };
871
+ };
872
+ };
873
+ };
874
+ };
875
+ };
876
+ } & {
877
+ use: any[];
878
+ };
879
+ path: "/sign-in/sso";
880
+ };
881
+ callbackSSO: {
882
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
883
+ body?: undefined;
884
+ } & {
885
+ method?: "GET" | undefined;
886
+ } & {
887
+ query: {
888
+ state: string;
889
+ code?: string | undefined;
890
+ error?: string | undefined;
891
+ error_description?: string | undefined;
892
+ };
893
+ } & {
894
+ params: {
895
+ providerId: string;
896
+ };
897
+ } & {
898
+ request?: Request;
899
+ } & {
900
+ headers?: HeadersInit;
901
+ } & {
902
+ asResponse?: boolean;
903
+ returnHeaders?: boolean;
904
+ use?: better_call.Middleware[];
905
+ path?: string;
906
+ } & {
907
+ asResponse?: AsResponse | undefined;
908
+ returnHeaders?: ReturnHeaders | undefined;
909
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
910
+ headers: Headers;
911
+ response: never;
912
+ } : never>;
913
+ options: {
914
+ method: "GET";
915
+ query: z.ZodObject<{
916
+ code: z.ZodOptional<z.ZodString>;
917
+ state: z.ZodString;
918
+ error: z.ZodOptional<z.ZodString>;
919
+ error_description: z.ZodOptional<z.ZodString>;
920
+ }, "strip", z.ZodTypeAny, {
921
+ state: string;
922
+ code?: string | undefined;
923
+ error?: string | undefined;
924
+ error_description?: string | undefined;
925
+ }, {
926
+ state: string;
927
+ code?: string | undefined;
928
+ error?: string | undefined;
929
+ error_description?: string | undefined;
930
+ }>;
931
+ metadata: {
932
+ isAction: boolean;
933
+ openapi: {
934
+ summary: string;
935
+ description: string;
936
+ responses: {
937
+ "302": {
938
+ description: string;
939
+ };
940
+ };
941
+ };
942
+ };
943
+ } & {
944
+ use: any[];
945
+ };
946
+ path: "/sso/callback/:providerId";
947
+ };
948
+ callbackSSOSAML: {
949
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
950
+ body: {
951
+ SAMLResponse: string;
952
+ RelayState?: string | undefined;
953
+ };
954
+ } & {
955
+ method?: "POST" | undefined;
956
+ } & {
957
+ query?: Record<string, any> | undefined;
958
+ } & {
959
+ params: {
960
+ providerId: string;
961
+ };
962
+ } & {
963
+ request?: Request;
964
+ } & {
965
+ headers?: HeadersInit;
966
+ } & {
967
+ asResponse?: boolean;
968
+ returnHeaders?: boolean;
969
+ use?: better_call.Middleware[];
970
+ path?: string;
971
+ } & {
972
+ asResponse?: AsResponse | undefined;
973
+ returnHeaders?: ReturnHeaders | undefined;
974
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
975
+ headers: Headers;
976
+ response: {
977
+ redirect: boolean;
978
+ url: string;
979
+ };
980
+ } : {
981
+ redirect: boolean;
982
+ url: string;
983
+ }>;
984
+ options: {
985
+ method: "POST";
986
+ body: z.ZodObject<{
987
+ SAMLResponse: z.ZodString;
988
+ RelayState: z.ZodOptional<z.ZodString>;
989
+ }, "strip", z.ZodTypeAny, {
990
+ SAMLResponse: string;
991
+ RelayState?: string | undefined;
992
+ }, {
993
+ SAMLResponse: string;
994
+ RelayState?: string | undefined;
995
+ }>;
996
+ metadata: {
997
+ isAction: boolean;
998
+ openapi: {
999
+ summary: string;
1000
+ description: string;
1001
+ responses: {
1002
+ "302": {
1003
+ description: string;
1004
+ };
1005
+ "400": {
1006
+ description: string;
1007
+ };
1008
+ "401": {
1009
+ description: string;
1010
+ };
1011
+ };
1012
+ };
1013
+ };
1014
+ } & {
1015
+ use: any[];
1016
+ };
1017
+ path: "/sso/saml2/callback/:providerId";
1018
+ };
1019
+ };
1020
+ schema: {
1021
+ ssoProvider: {
1022
+ fields: {
1023
+ issuer: {
1024
+ type: "string";
1025
+ required: true;
1026
+ };
1027
+ oidcConfig: {
1028
+ type: "string";
1029
+ required: false;
1030
+ };
1031
+ samlConfig: {
1032
+ type: "string";
1033
+ required: false;
1034
+ };
1035
+ userId: {
1036
+ type: "string";
1037
+ references: {
1038
+ model: string;
1039
+ field: string;
1040
+ };
1041
+ };
1042
+ providerId: {
1043
+ type: "string";
1044
+ required: true;
1045
+ unique: true;
1046
+ };
1047
+ organizationId: {
1048
+ type: "string";
1049
+ required: false;
1050
+ };
1051
+ domain: {
1052
+ type: "string";
1053
+ required: true;
1054
+ };
1055
+ };
1056
+ };
1057
+ };
1058
+ };
1059
+
1060
+ export { sso };
1061
+ export type { OIDCConfig, SAMLConfig, SSOOptions, SSOProvider };