@better-auth/sso 1.3.17 → 1.3.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/.turbo/turbo-build.log +4 -4
  2. package/dist/index.cjs +117 -53
  3. package/dist/index.mjs +117 -53
  4. package/package.json +3 -3
  5. package/src/index.ts +135 -65
package/.turbo/turbo-build.log CHANGED
@@ -1,17 +1,17 @@
1
1
 
2
- > @better-auth/sso@1.3.17 build /home/runner/work/better-auth/better-auth/packages/sso
2
+ > @better-auth/sso@1.3.22 build /home/runner/work/better-auth/better-auth/packages/sso
3
3
  > unbuild
4
4
 
5
5
  [info] Automatically detected entries: src/index, src/client [esm] [cjs] [dts]
6
6
  [info] Building sso
7
7
  [success] Build succeeded for sso
8
- [log] dist/index.cjs (total size: 65.4 kB, chunk size: 65.4 kB, exports: sso)
8
+ [log] dist/index.cjs (total size: 67.2 kB, chunk size: 67.2 kB, exports: sso)
9
9
 
10
10
  [log] dist/client.cjs (total size: 141 B, chunk size: 141 B, exports: ssoClient)
11
11
 
12
- [log] dist/index.mjs (total size: 63.7 kB, chunk size: 63.7 kB, exports: sso)
12
+ [log] dist/index.mjs (total size: 65.5 kB, chunk size: 65.5 kB, exports: sso)
13
13
 
14
14
  [log] dist/client.mjs (total size: 117 B, chunk size: 117 B, exports: ssoClient)
15
15
 
16
- Σ Total dist size (byte size): 256 kB
16
+ Σ Total dist size (byte size): 260 kB
17
17
  [log]
package/dist/index.cjs CHANGED
@@ -101,37 +101,71 @@ const sso = (options) => {
101
101
  {
102
102
  method: "POST",
103
103
  body: z__namespace.object({
104
- providerId: z__namespace.string({}).describe(
105
- "The ID of the provider. This is used to identify the provider during login and callback"
106
- ),
107
- issuer: z__namespace.string({}).describe("The issuer of the provider"),
108
- domain: z__namespace.string({}).describe(
109
- "The domain of the provider. This is used for email matching"
110
- ),
104
+ providerId: z__namespace.string({}).meta({
105
+ description: "The ID of the provider. This is used to identify the provider during login and callback"
106
+ }),
107
+ issuer: z__namespace.string({}).meta({
108
+ description: "The issuer of the provider"
109
+ }),
110
+ domain: z__namespace.string({}).meta({
111
+ description: "The domain of the provider. This is used for email matching"
112
+ }),
111
113
  oidcConfig: z__namespace.object({
112
- clientId: z__namespace.string({}).describe("The client ID"),
113
- clientSecret: z__namespace.string({}).describe("The client secret"),
114
- authorizationEndpoint: z__namespace.string({}).describe("The authorization endpoint").optional(),
115
- tokenEndpoint: z__namespace.string({}).describe("The token endpoint").optional(),
116
- userInfoEndpoint: z__namespace.string({}).describe("The user info endpoint").optional(),
114
+ clientId: z__namespace.string({}).meta({
115
+ description: "The client ID"
116
+ }),
117
+ clientSecret: z__namespace.string({}).meta({
118
+ description: "The client secret"
119
+ }),
120
+ authorizationEndpoint: z__namespace.string({}).meta({
121
+ description: "The authorization endpoint"
122
+ }).optional(),
123
+ tokenEndpoint: z__namespace.string({}).meta({
124
+ description: "The token endpoint"
125
+ }).optional(),
126
+ userInfoEndpoint: z__namespace.string({}).meta({
127
+ description: "The user info endpoint"
128
+ }).optional(),
117
129
  tokenEndpointAuthentication: z__namespace.enum(["client_secret_post", "client_secret_basic"]).optional(),
118
- jwksEndpoint: z__namespace.string({}).describe("The JWKS endpoint").optional(),
130
+ jwksEndpoint: z__namespace.string({}).meta({
131
+ description: "The JWKS endpoint"
132
+ }).optional(),
119
133
  discoveryEndpoint: z__namespace.string().optional(),
120
- scopes: z__namespace.array(z__namespace.string(), {}).describe("The scopes to request. ").optional(),
121
- pkce: z__namespace.boolean({}).describe("Whether to use PKCE for the authorization flow").default(true).optional(),
134
+ scopes: z__namespace.array(z__namespace.string(), {}).meta({
135
+ description: "The scopes to request. Defaults to ['openid', 'email', 'profile', 'offline_access']"
136
+ }).optional(),
137
+ pkce: z__namespace.boolean({}).meta({
138
+ description: "Whether to use PKCE for the authorization flow"
139
+ }).default(true).optional(),
122
140
  mapping: z__namespace.object({
123
- id: z__namespace.string({}).describe("Field mapping for user ID ("),
124
- email: z__namespace.string({}).describe("Field mapping for email ("),
125
- emailVerified: z__namespace.string({}).describe("Field mapping for email verification (").optional(),
126
- name: z__namespace.string({}).describe("Field mapping for name ("),
127
- image: z__namespace.string({}).describe("Field mapping for image (").optional(),
141
+ id: z__namespace.string({}).meta({
142
+ description: "Field mapping for user ID (defaults to 'sub')"
143
+ }),
144
+ email: z__namespace.string({}).meta({
145
+ description: "Field mapping for email (defaults to 'email')"
146
+ }),
147
+ emailVerified: z__namespace.string({}).meta({
148
+ description: "Field mapping for email verification (defaults to 'email_verified')"
149
+ }).optional(),
150
+ name: z__namespace.string({}).meta({
151
+ description: "Field mapping for name (defaults to 'name')"
152
+ }),
153
+ image: z__namespace.string({}).meta({
154
+ description: "Field mapping for image (defaults to 'picture')"
155
+ }).optional(),
128
156
  extraFields: z__namespace.record(z__namespace.string(), z__namespace.any()).optional()
129
157
  }).optional()
130
158
  }).optional(),
131
159
  samlConfig: z__namespace.object({
132
- entryPoint: z__namespace.string({}).describe("The entry point of the provider"),
133
- cert: z__namespace.string({}).describe("The certificate of the provider"),
134
- callbackUrl: z__namespace.string({}).describe("The callback URL of the provider"),
160
+ entryPoint: z__namespace.string({}).meta({
161
+ description: "The entry point of the provider"
162
+ }),
163
+ cert: z__namespace.string({}).meta({
164
+ description: "The certificate of the provider"
165
+ }),
166
+ callbackUrl: z__namespace.string({}).meta({
167
+ description: "The callback URL of the provider"
168
+ }),
135
169
  audience: z__namespace.string().optional(),
136
170
  idpMetadata: z__namespace.object({
137
171
  metadata: z__namespace.string().optional(),
@@ -144,10 +178,16 @@ const sso = (options) => {
144
178
  encPrivateKeyPass: z__namespace.string().optional(),
145
179
  singleSignOnService: z__namespace.array(
146
180
  z__namespace.object({
147
- Binding: z__namespace.string().describe("The binding type for the SSO service"),
148
- Location: z__namespace.string().describe("The URL for the SSO service")
181
+ Binding: z__namespace.string().meta({
182
+ description: "The binding type for the SSO service"
183
+ }),
184
+ Location: z__namespace.string().meta({
185
+ description: "The URL for the SSO service"
186
+ })
149
187
  })
150
- ).optional().describe("Single Sign-On service configuration")
188
+ ).optional().meta({
189
+ description: "Single Sign-On service configuration"
190
+ })
151
191
  }).optional(),
152
192
  spMetadata: z__namespace.object({
153
193
  metadata: z__namespace.string().optional(),
@@ -167,21 +207,33 @@ const sso = (options) => {
167
207
  decryptionPvk: z__namespace.string().optional(),
168
208
  additionalParams: z__namespace.record(z__namespace.string(), z__namespace.any()).optional(),
169
209
  mapping: z__namespace.object({
170
- id: z__namespace.string({}).describe("Field mapping for user ID ("),
171
- email: z__namespace.string({}).describe("Field mapping for email ("),
172
- emailVerified: z__namespace.string({}).describe("Field mapping for email verification").optional(),
173
- name: z__namespace.string({}).describe("Field mapping for name ("),
174
- firstName: z__namespace.string({}).describe("Field mapping for first name (").optional(),
175
- lastName: z__namespace.string({}).describe("Field mapping for last name (").optional(),
210
+ id: z__namespace.string({}).meta({
211
+ description: "Field mapping for user ID (defaults to 'nameID')"
212
+ }),
213
+ email: z__namespace.string({}).meta({
214
+ description: "Field mapping for email (defaults to 'email')"
215
+ }),
216
+ emailVerified: z__namespace.string({}).meta({
217
+ description: "Field mapping for email verification"
218
+ }).optional(),
219
+ name: z__namespace.string({}).meta({
220
+ description: "Field mapping for name (defaults to 'displayName')"
221
+ }),
222
+ firstName: z__namespace.string({}).meta({
223
+ description: "Field mapping for first name (defaults to 'givenName')"
224
+ }).optional(),
225
+ lastName: z__namespace.string({}).meta({
226
+ description: "Field mapping for last name (defaults to 'surname')"
227
+ }).optional(),
176
228
  extraFields: z__namespace.record(z__namespace.string(), z__namespace.any()).optional()
177
229
  }).optional()
178
230
  }).optional(),
179
- organizationId: z__namespace.string({}).describe(
180
- "If organization plugin is enabled, the organization id to link the provider to"
181
- ).optional(),
182
- overrideUserInfo: z__namespace.boolean({}).describe(
183
- "Override user info with the provider info. Defaults to false"
184
- ).default(false).optional()
231
+ organizationId: z__namespace.string({}).meta({
232
+ description: "If organization plugin is enabled, the organization id to link the provider to"
233
+ }).optional(),
234
+ overrideUserInfo: z__namespace.boolean({}).meta({
235
+ description: "Override user info with the provider info. Defaults to false"
236
+ }).default(false).optional()
185
237
  }),
186
238
  use: [api.sessionMiddleware],
187
239
  metadata: {
@@ -455,21 +507,33 @@ const sso = (options) => {
455
507
  {
456
508
  method: "POST",
457
509
  body: z__namespace.object({
458
- email: z__namespace.string({}).describe(
459
- "The email address to sign in with. This is used to identify the issuer to sign in with"
460
- ).optional(),
461
- organizationSlug: z__namespace.string({}).describe("The slug of the organization to sign in with").optional(),
462
- providerId: z__namespace.string({}).describe(
463
- "The ID of the provider to sign in with. This can be provided instead of email or issuer"
464
- ).optional(),
465
- domain: z__namespace.string({}).describe("The domain of the provider.").optional(),
466
- callbackURL: z__namespace.string({}).describe("The URL to redirect to after login"),
467
- errorCallbackURL: z__namespace.string({}).describe("The URL to redirect to after login").optional(),
468
- newUserCallbackURL: z__namespace.string({}).describe("The URL to redirect to after login if the user is new").optional(),
469
- scopes: z__namespace.array(z__namespace.string(), {}).describe("Scopes to request from the provider.").optional(),
470
- requestSignUp: z__namespace.boolean({}).describe(
471
- "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider"
472
- ).optional(),
510
+ email: z__namespace.string({}).meta({
511
+ description: "The email address to sign in with. This is used to identify the issuer to sign in with. It's optional if the issuer is provided"
512
+ }).optional(),
513
+ organizationSlug: z__namespace.string({}).meta({
514
+ description: "The slug of the organization to sign in with"
515
+ }).optional(),
516
+ providerId: z__namespace.string({}).meta({
517
+ description: "The ID of the provider to sign in with. This can be provided instead of email or issuer"
518
+ }).optional(),
519
+ domain: z__namespace.string({}).meta({
520
+ description: "The domain of the provider."
521
+ }).optional(),
522
+ callbackURL: z__namespace.string({}).meta({
523
+ description: "The URL to redirect to after login"
524
+ }),
525
+ errorCallbackURL: z__namespace.string({}).meta({
526
+ description: "The URL to redirect to after login"
527
+ }).optional(),
528
+ newUserCallbackURL: z__namespace.string({}).meta({
529
+ description: "The URL to redirect to after login if the user is new"
530
+ }).optional(),
531
+ scopes: z__namespace.array(z__namespace.string(), {}).meta({
532
+ description: "Scopes to request from the provider."
533
+ }).optional(),
534
+ requestSignUp: z__namespace.boolean({}).meta({
535
+ description: "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider"
536
+ }).optional(),
473
537
  providerType: z__namespace.enum(["oidc", "saml"]).optional()
474
538
  }),
475
539
  metadata: {
package/dist/index.mjs CHANGED
@@ -84,37 +84,71 @@ const sso = (options) => {
84
84
  {
85
85
  method: "POST",
86
86
  body: z.object({
87
- providerId: z.string({}).describe(
88
- "The ID of the provider. This is used to identify the provider during login and callback"
89
- ),
90
- issuer: z.string({}).describe("The issuer of the provider"),
91
- domain: z.string({}).describe(
92
- "The domain of the provider. This is used for email matching"
93
- ),
87
+ providerId: z.string({}).meta({
88
+ description: "The ID of the provider. This is used to identify the provider during login and callback"
89
+ }),
90
+ issuer: z.string({}).meta({
91
+ description: "The issuer of the provider"
92
+ }),
93
+ domain: z.string({}).meta({
94
+ description: "The domain of the provider. This is used for email matching"
95
+ }),
94
96
  oidcConfig: z.object({
95
- clientId: z.string({}).describe("The client ID"),
96
- clientSecret: z.string({}).describe("The client secret"),
97
- authorizationEndpoint: z.string({}).describe("The authorization endpoint").optional(),
98
- tokenEndpoint: z.string({}).describe("The token endpoint").optional(),
99
- userInfoEndpoint: z.string({}).describe("The user info endpoint").optional(),
97
+ clientId: z.string({}).meta({
98
+ description: "The client ID"
99
+ }),
100
+ clientSecret: z.string({}).meta({
101
+ description: "The client secret"
102
+ }),
103
+ authorizationEndpoint: z.string({}).meta({
104
+ description: "The authorization endpoint"
105
+ }).optional(),
106
+ tokenEndpoint: z.string({}).meta({
107
+ description: "The token endpoint"
108
+ }).optional(),
109
+ userInfoEndpoint: z.string({}).meta({
110
+ description: "The user info endpoint"
111
+ }).optional(),
100
112
  tokenEndpointAuthentication: z.enum(["client_secret_post", "client_secret_basic"]).optional(),
101
- jwksEndpoint: z.string({}).describe("The JWKS endpoint").optional(),
113
+ jwksEndpoint: z.string({}).meta({
114
+ description: "The JWKS endpoint"
115
+ }).optional(),
102
116
  discoveryEndpoint: z.string().optional(),
103
- scopes: z.array(z.string(), {}).describe("The scopes to request. ").optional(),
104
- pkce: z.boolean({}).describe("Whether to use PKCE for the authorization flow").default(true).optional(),
117
+ scopes: z.array(z.string(), {}).meta({
118
+ description: "The scopes to request. Defaults to ['openid', 'email', 'profile', 'offline_access']"
119
+ }).optional(),
120
+ pkce: z.boolean({}).meta({
121
+ description: "Whether to use PKCE for the authorization flow"
122
+ }).default(true).optional(),
105
123
  mapping: z.object({
106
- id: z.string({}).describe("Field mapping for user ID ("),
107
- email: z.string({}).describe("Field mapping for email ("),
108
- emailVerified: z.string({}).describe("Field mapping for email verification (").optional(),
109
- name: z.string({}).describe("Field mapping for name ("),
110
- image: z.string({}).describe("Field mapping for image (").optional(),
124
+ id: z.string({}).meta({
125
+ description: "Field mapping for user ID (defaults to 'sub')"
126
+ }),
127
+ email: z.string({}).meta({
128
+ description: "Field mapping for email (defaults to 'email')"
129
+ }),
130
+ emailVerified: z.string({}).meta({
131
+ description: "Field mapping for email verification (defaults to 'email_verified')"
132
+ }).optional(),
133
+ name: z.string({}).meta({
134
+ description: "Field mapping for name (defaults to 'name')"
135
+ }),
136
+ image: z.string({}).meta({
137
+ description: "Field mapping for image (defaults to 'picture')"
138
+ }).optional(),
111
139
  extraFields: z.record(z.string(), z.any()).optional()
112
140
  }).optional()
113
141
  }).optional(),
114
142
  samlConfig: z.object({
115
- entryPoint: z.string({}).describe("The entry point of the provider"),
116
- cert: z.string({}).describe("The certificate of the provider"),
117
- callbackUrl: z.string({}).describe("The callback URL of the provider"),
143
+ entryPoint: z.string({}).meta({
144
+ description: "The entry point of the provider"
145
+ }),
146
+ cert: z.string({}).meta({
147
+ description: "The certificate of the provider"
148
+ }),
149
+ callbackUrl: z.string({}).meta({
150
+ description: "The callback URL of the provider"
151
+ }),
118
152
  audience: z.string().optional(),
119
153
  idpMetadata: z.object({
120
154
  metadata: z.string().optional(),
@@ -127,10 +161,16 @@ const sso = (options) => {
127
161
  encPrivateKeyPass: z.string().optional(),
128
162
  singleSignOnService: z.array(
129
163
  z.object({
130
- Binding: z.string().describe("The binding type for the SSO service"),
131
- Location: z.string().describe("The URL for the SSO service")
164
+ Binding: z.string().meta({
165
+ description: "The binding type for the SSO service"
166
+ }),
167
+ Location: z.string().meta({
168
+ description: "The URL for the SSO service"
169
+ })
132
170
  })
133
- ).optional().describe("Single Sign-On service configuration")
171
+ ).optional().meta({
172
+ description: "Single Sign-On service configuration"
173
+ })
134
174
  }).optional(),
135
175
  spMetadata: z.object({
136
176
  metadata: z.string().optional(),
@@ -150,21 +190,33 @@ const sso = (options) => {
150
190
  decryptionPvk: z.string().optional(),
151
191
  additionalParams: z.record(z.string(), z.any()).optional(),
152
192
  mapping: z.object({
153
- id: z.string({}).describe("Field mapping for user ID ("),
154
- email: z.string({}).describe("Field mapping for email ("),
155
- emailVerified: z.string({}).describe("Field mapping for email verification").optional(),
156
- name: z.string({}).describe("Field mapping for name ("),
157
- firstName: z.string({}).describe("Field mapping for first name (").optional(),
158
- lastName: z.string({}).describe("Field mapping for last name (").optional(),
193
+ id: z.string({}).meta({
194
+ description: "Field mapping for user ID (defaults to 'nameID')"
195
+ }),
196
+ email: z.string({}).meta({
197
+ description: "Field mapping for email (defaults to 'email')"
198
+ }),
199
+ emailVerified: z.string({}).meta({
200
+ description: "Field mapping for email verification"
201
+ }).optional(),
202
+ name: z.string({}).meta({
203
+ description: "Field mapping for name (defaults to 'displayName')"
204
+ }),
205
+ firstName: z.string({}).meta({
206
+ description: "Field mapping for first name (defaults to 'givenName')"
207
+ }).optional(),
208
+ lastName: z.string({}).meta({
209
+ description: "Field mapping for last name (defaults to 'surname')"
210
+ }).optional(),
159
211
  extraFields: z.record(z.string(), z.any()).optional()
160
212
  }).optional()
161
213
  }).optional(),
162
- organizationId: z.string({}).describe(
163
- "If organization plugin is enabled, the organization id to link the provider to"
164
- ).optional(),
165
- overrideUserInfo: z.boolean({}).describe(
166
- "Override user info with the provider info. Defaults to false"
167
- ).default(false).optional()
214
+ organizationId: z.string({}).meta({
215
+ description: "If organization plugin is enabled, the organization id to link the provider to"
216
+ }).optional(),
217
+ overrideUserInfo: z.boolean({}).meta({
218
+ description: "Override user info with the provider info. Defaults to false"
219
+ }).default(false).optional()
168
220
  }),
169
221
  use: [sessionMiddleware],
170
222
  metadata: {
@@ -438,21 +490,33 @@ const sso = (options) => {
438
490
  {
439
491
  method: "POST",
440
492
  body: z.object({
441
- email: z.string({}).describe(
442
- "The email address to sign in with. This is used to identify the issuer to sign in with"
443
- ).optional(),
444
- organizationSlug: z.string({}).describe("The slug of the organization to sign in with").optional(),
445
- providerId: z.string({}).describe(
446
- "The ID of the provider to sign in with. This can be provided instead of email or issuer"
447
- ).optional(),
448
- domain: z.string({}).describe("The domain of the provider.").optional(),
449
- callbackURL: z.string({}).describe("The URL to redirect to after login"),
450
- errorCallbackURL: z.string({}).describe("The URL to redirect to after login").optional(),
451
- newUserCallbackURL: z.string({}).describe("The URL to redirect to after login if the user is new").optional(),
452
- scopes: z.array(z.string(), {}).describe("Scopes to request from the provider.").optional(),
453
- requestSignUp: z.boolean({}).describe(
454
- "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider"
455
- ).optional(),
493
+ email: z.string({}).meta({
494
+ description: "The email address to sign in with. This is used to identify the issuer to sign in with. It's optional if the issuer is provided"
495
+ }).optional(),
496
+ organizationSlug: z.string({}).meta({
497
+ description: "The slug of the organization to sign in with"
498
+ }).optional(),
499
+ providerId: z.string({}).meta({
500
+ description: "The ID of the provider to sign in with. This can be provided instead of email or issuer"
501
+ }).optional(),
502
+ domain: z.string({}).meta({
503
+ description: "The domain of the provider."
504
+ }).optional(),
505
+ callbackURL: z.string({}).meta({
506
+ description: "The URL to redirect to after login"
507
+ }),
508
+ errorCallbackURL: z.string({}).meta({
509
+ description: "The URL to redirect to after login"
510
+ }).optional(),
511
+ newUserCallbackURL: z.string({}).meta({
512
+ description: "The URL to redirect to after login if the user is new"
513
+ }).optional(),
514
+ scopes: z.array(z.string(), {}).meta({
515
+ description: "Scopes to request from the provider."
516
+ }).optional(),
517
+ requestSignUp: z.boolean({}).meta({
518
+ description: "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider"
519
+ }).optional(),
456
520
  providerType: z.enum(["oidc", "saml"]).optional()
457
521
  }),
458
522
  metadata: {
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@better-auth/sso",
3
3
  "author": "Bereket Engida",
4
- "version": "1.3.17",
4
+ "version": "1.3.22",
5
5
  "main": "dist/index.cjs",
6
6
  "license": "MIT",
7
7
  "keywords": [
@@ -58,10 +58,10 @@
58
58
  "body-parser": "^2.2.0",
59
59
  "express": "^5.1.0",
60
60
  "unbuild": "3.6.1",
61
- "better-auth": "^1.3.17"
61
+ "better-auth": "^1.3.22"
62
62
  },
63
63
  "peerDependencies": {
64
- "better-auth": "1.3.17"
64
+ "better-auth": "1.3.22"
65
65
  },
66
66
  "scripts": {
67
67
  "test": "vitest",
package/src/index.ts CHANGED
@@ -304,62 +304,95 @@ export const sso = (options?: SSOOptions) => {
304
304
  {
305
305
  method: "POST",
306
306
  body: z.object({
307
- providerId: z
308
- .string({})
309
- .describe(
307
+ providerId: z.string({}).meta({
308
+ description:
310
309
  "The ID of the provider. This is used to identify the provider during login and callback",
311
- ),
312
- issuer: z.string({}).describe("The issuer of the provider"),
313
- domain: z
314
- .string({})
315
- .describe(
310
+ }),
311
+ issuer: z.string({}).meta({
312
+ description: "The issuer of the provider",
313
+ }),
314
+ domain: z.string({}).meta({
315
+ description:
316
316
  "The domain of the provider. This is used for email matching",
317
- ),
317
+ }),
318
318
  oidcConfig: z
319
319
  .object({
320
- clientId: z.string({}).describe("The client ID"),
321
- clientSecret: z.string({}).describe("The client secret"),
320
+ clientId: z.string({}).meta({
321
+ description: "The client ID",
322
+ }),
323
+ clientSecret: z.string({}).meta({
324
+ description: "The client secret",
325
+ }),
322
326
  authorizationEndpoint: z
323
327
  .string({})
324
- .describe("The authorization endpoint")
328
+ .meta({
329
+ description: "The authorization endpoint",
330
+ })
325
331
  .optional(),
326
332
  tokenEndpoint: z
327
333
  .string({})
328
- .describe("The token endpoint")
334
+ .meta({
335
+ description: "The token endpoint",
336
+ })
329
337
  .optional(),
330
338
  userInfoEndpoint: z
331
339
  .string({})
332
- .describe("The user info endpoint")
340
+ .meta({
341
+ description: "The user info endpoint",
342
+ })
333
343
  .optional(),
334
344
  tokenEndpointAuthentication: z
335
345
  .enum(["client_secret_post", "client_secret_basic"])
336
346
  .optional(),
337
347
  jwksEndpoint: z
338
348
  .string({})
339
- .describe("The JWKS endpoint")
349
+ .meta({
350
+ description: "The JWKS endpoint",
351
+ })
340
352
  .optional(),
341
353
  discoveryEndpoint: z.string().optional(),
342
354
  scopes: z
343
355
  .array(z.string(), {})
344
- .describe("The scopes to request. ")
356
+ .meta({
357
+ description:
358
+ "The scopes to request. Defaults to ['openid', 'email', 'profile', 'offline_access']",
359
+ })
345
360
  .optional(),
346
361
  pkce: z
347
362
  .boolean({})
348
- .describe("Whether to use PKCE for the authorization flow")
363
+ .meta({
364
+ description:
365
+ "Whether to use PKCE for the authorization flow",
366
+ })
349
367
  .default(true)
350
368
  .optional(),
351
369
  mapping: z
352
370
  .object({
353
- id: z.string({}).describe("Field mapping for user ID ("),
354
- email: z.string({}).describe("Field mapping for email ("),
371
+ id: z.string({}).meta({
372
+ description:
373
+ "Field mapping for user ID (defaults to 'sub')",
374
+ }),
375
+ email: z.string({}).meta({
376
+ description:
377
+ "Field mapping for email (defaults to 'email')",
378
+ }),
355
379
  emailVerified: z
356
380
  .string({})
357
- .describe("Field mapping for email verification (")
381
+ .meta({
382
+ description:
383
+ "Field mapping for email verification (defaults to 'email_verified')",
384
+ })
358
385
  .optional(),
359
- name: z.string({}).describe("Field mapping for name ("),
386
+ name: z.string({}).meta({
387
+ description:
388
+ "Field mapping for name (defaults to 'name')",
389
+ }),
360
390
  image: z
361
391
  .string({})
362
- .describe("Field mapping for image (")
392
+ .meta({
393
+ description:
394
+ "Field mapping for image (defaults to 'picture')",
395
+ })
363
396
  .optional(),
364
397
  extraFields: z.record(z.string(), z.any()).optional(),
365
398
  })
@@ -368,13 +401,15 @@ export const sso = (options?: SSOOptions) => {
368
401
  .optional(),
369
402
  samlConfig: z
370
403
  .object({
371
- entryPoint: z
372
- .string({})
373
- .describe("The entry point of the provider"),
374
- cert: z.string({}).describe("The certificate of the provider"),
375
- callbackUrl: z
376
- .string({})
377
- .describe("The callback URL of the provider"),
404
+ entryPoint: z.string({}).meta({
405
+ description: "The entry point of the provider",
406
+ }),
407
+ cert: z.string({}).meta({
408
+ description: "The certificate of the provider",
409
+ }),
410
+ callbackUrl: z.string({}).meta({
411
+ description: "The callback URL of the provider",
412
+ }),
378
413
  audience: z.string().optional(),
379
414
  idpMetadata: z
380
415
  .object({
@@ -389,16 +424,18 @@ export const sso = (options?: SSOOptions) => {
389
424
  singleSignOnService: z
390
425
  .array(
391
426
  z.object({
392
- Binding: z
393
- .string()
394
- .describe("The binding type for the SSO service"),
395
- Location: z
396
- .string()
397
- .describe("The URL for the SSO service"),
427
+ Binding: z.string().meta({
428
+ description: "The binding type for the SSO service",
429
+ }),
430
+ Location: z.string().meta({
431
+ description: "The URL for the SSO service",
432
+ }),
398
433
  }),
399
434
  )
400
435
  .optional()
401
- .describe("Single Sign-On service configuration"),
436
+ .meta({
437
+ description: "Single Sign-On service configuration",
438
+ }),
402
439
  })
403
440
  .optional(),
404
441
  spMetadata: z.object({
@@ -420,20 +457,37 @@ export const sso = (options?: SSOOptions) => {
420
457
  additionalParams: z.record(z.string(), z.any()).optional(),
421
458
  mapping: z
422
459
  .object({
423
- id: z.string({}).describe("Field mapping for user ID ("),
424
- email: z.string({}).describe("Field mapping for email ("),
460
+ id: z.string({}).meta({
461
+ description:
462
+ "Field mapping for user ID (defaults to 'nameID')",
463
+ }),
464
+ email: z.string({}).meta({
465
+ description:
466
+ "Field mapping for email (defaults to 'email')",
467
+ }),
425
468
  emailVerified: z
426
469
  .string({})
427
- .describe("Field mapping for email verification")
470
+ .meta({
471
+ description: "Field mapping for email verification",
472
+ })
428
473
  .optional(),
429
- name: z.string({}).describe("Field mapping for name ("),
474
+ name: z.string({}).meta({
475
+ description:
476
+ "Field mapping for name (defaults to 'displayName')",
477
+ }),
430
478
  firstName: z
431
479
  .string({})
432
- .describe("Field mapping for first name (")
480
+ .meta({
481
+ description:
482
+ "Field mapping for first name (defaults to 'givenName')",
483
+ })
433
484
  .optional(),
434
485
  lastName: z
435
486
  .string({})
436
- .describe("Field mapping for last name (")
487
+ .meta({
488
+ description:
489
+ "Field mapping for last name (defaults to 'surname')",
490
+ })
437
491
  .optional(),
438
492
  extraFields: z.record(z.string(), z.any()).optional(),
439
493
  })
@@ -442,15 +496,17 @@ export const sso = (options?: SSOOptions) => {
442
496
  .optional(),
443
497
  organizationId: z
444
498
  .string({})
445
- .describe(
446
- "If organization plugin is enabled, the organization id to link the provider to",
447
- )
499
+ .meta({
500
+ description:
501
+ "If organization plugin is enabled, the organization id to link the provider to",
502
+ })
448
503
  .optional(),
449
504
  overrideUserInfo: z
450
505
  .boolean({})
451
- .describe(
452
- "Override user info with the provider info. Defaults to false",
453
- )
506
+ .meta({
507
+ description:
508
+ "Override user info with the provider info. Defaults to false",
509
+ })
454
510
  .default(false)
455
511
  .optional(),
456
512
  }),
@@ -765,44 +821,58 @@ export const sso = (options?: SSOOptions) => {
765
821
  body: z.object({
766
822
  email: z
767
823
  .string({})
768
- .describe(
769
- "The email address to sign in with. This is used to identify the issuer to sign in with",
770
- )
824
+ .meta({
825
+ description:
826
+ "The email address to sign in with. This is used to identify the issuer to sign in with. It's optional if the issuer is provided",
827
+ })
771
828
  .optional(),
772
829
  organizationSlug: z
773
830
  .string({})
774
- .describe("The slug of the organization to sign in with")
831
+ .meta({
832
+ description: "The slug of the organization to sign in with",
833
+ })
775
834
  .optional(),
776
835
  providerId: z
777
836
  .string({})
778
- .describe(
779
- "The ID of the provider to sign in with. This can be provided instead of email or issuer",
780
- )
837
+ .meta({
838
+ description:
839
+ "The ID of the provider to sign in with. This can be provided instead of email or issuer",
840
+ })
781
841
  .optional(),
782
842
  domain: z
783
843
  .string({})
784
- .describe("The domain of the provider.")
844
+ .meta({
845
+ description: "The domain of the provider.",
846
+ })
785
847
  .optional(),
786
- callbackURL: z
787
- .string({})
788
- .describe("The URL to redirect to after login"),
848
+ callbackURL: z.string({}).meta({
849
+ description: "The URL to redirect to after login",
850
+ }),
789
851
  errorCallbackURL: z
790
852
  .string({})
791
- .describe("The URL to redirect to after login")
853
+ .meta({
854
+ description: "The URL to redirect to after login",
855
+ })
792
856
  .optional(),
793
857
  newUserCallbackURL: z
794
858
  .string({})
795
- .describe("The URL to redirect to after login if the user is new")
859
+ .meta({
860
+ description:
861
+ "The URL to redirect to after login if the user is new",
862
+ })
796
863
  .optional(),
797
864
  scopes: z
798
865
  .array(z.string(), {})
799
- .describe("Scopes to request from the provider.")
866
+ .meta({
867
+ description: "Scopes to request from the provider.",
868
+ })
800
869
  .optional(),
801
870
  requestSignUp: z
802
871
  .boolean({})
803
- .describe(
804
- "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider",
805
- )
872
+ .meta({
873
+ description:
874
+ "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider",
875
+ })
806
876
  .optional(),
807
877
  providerType: z.enum(["oidc", "saml"]).optional(),
808
878
  }),