@better-auth/sso 1.3.17 → 1.4.0-beta.1

package/src/oidc.test.ts

@@ -84,13 +84,13 @@ describe("SSO", async () => {
 					tokenEndpoint: `${server.issuer.url}/token`,
 					jwksEndpoint: `${server.issuer.url}/jwks`,
 					discoveryEndpoint: `${server.issuer.url}/.well-known/openid-configuration`,
-					mapping: {
-						id: "sub",
-						email: "email",
-						emailVerified: "email_verified",
-						name: "name",
-						image: "picture",
-					},
+				},
+				mapping: {
+					id: "sub",
+					email: "email",
+					emailVerified: "email_verified",
+					name: "name",
+					image: "picture",
 				},
 				providerId: "test",
 			},
@@ -196,67 +196,6 @@ describe("SSO", async () => {
 	});
 });
 
-describe("SSO with defaultSSO array", async () => {
-	const { auth, signInWithTestUser, customFetchImpl } =
-		await getTestInstanceMemory({
-			plugins: [
-				sso({
-					defaultSSO: [
-						{
-							domain: "localhost.com",
-							providerId: "default-test",
-							oidcConfig: {
-								issuer: "http://localhost:8080",
-								clientId: "test",
-								clientSecret: "test",
-								authorizationEndpoint: "http://localhost:8080/authorize",
-								tokenEndpoint: "http://localhost:8080/token",
-								jwksEndpoint: "http://localhost:8080/jwks",
-								discoveryEndpoint:
-									"http://localhost:8080/.well-known/openid-configuration",
-								pkce: true,
-								mapping: {
-									id: "sub",
-									email: "email",
-									emailVerified: "email_verified",
-									name: "name",
-									image: "picture",
-								},
-							},
-						},
-					],
-				}),
-				organization(),
-			],
-		});
-
-	it("should use default SSO provider from array when no provider found in database using providerId", async () => {
-		const res = await auth.api.signInSSO({
-			body: {
-				providerId: "default-test",
-				callbackURL: "/dashboard",
-			},
-		});
-		expect(res.url).toContain("http://localhost:8080/authorize");
-		expect(res.url).toContain(
-			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fdefault-test",
-		);
-	});
-
-	it("should use default SSO provider from array when no provider found in database using domain fallback", async () => {
-		const res = await auth.api.signInSSO({
-			body: {
-				email: "test@localhost.com",
-				callbackURL: "/dashboard",
-			},
-		});
-		expect(res.url).toContain("http://localhost:8080/authorize");
-		expect(res.url).toContain(
-			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fdefault-test",
-		);
-	});
-});
-
 describe("SSO disable implicit sign in", async () => {
 	const { auth, signInWithTestUser, customFetchImpl } =
 		await getTestInstanceMemory({
@@ -333,14 +272,13 @@ describe("SSO disable implicit sign in", async () => {
 					authorizationEndpoint: `${server.issuer.url}/authorize`,
 					tokenEndpoint: `${server.issuer.url}/token`,
 					jwksEndpoint: `${server.issuer.url}/jwks`,
-					discoveryEndpoint: `${server.issuer.url}/.well-known/openid-configuration`,
-					mapping: {
-						id: "sub",
-						email: "email",
-						emailVerified: "email_verified",
-						name: "name",
-						image: "picture",
-					},
+				},
+				mapping: {
+					id: "sub",
+					email: "email",
+					emailVerified: "email_verified",
+					name: "name",
+					image: "picture",
 				},
 				providerId: "test",
 			},
@@ -588,14 +526,13 @@ describe("provisioning", async (ctx) => {
 					authorizationEndpoint: `${server.issuer.url}/authorize`,
 					tokenEndpoint: `${server.issuer.url}/token`,
 					jwksEndpoint: `${server.issuer.url}/jwks`,
-					discoveryEndpoint: `${server.issuer.url}/.well-known/openid-configuration`,
-					mapping: {
-						id: "sub",
-						email: "email",
-						emailVerified: "email_verified",
-						name: "name",
-						image: "picture",
-					},
+				},
+				mapping: {
+					id: "sub",
+					email: "email",
+					emailVerified: "email_verified",
+					name: "name",
+					image: "picture",
 				},
 				providerId: "test2",
 				organizationId: organization?.id,

package/src/saml.test.ts

@@ -242,7 +242,7 @@ const certificate = `
     yyoWAJDUHiAmvFA=
     -----END CERTIFICATE-----
     `;
-const idpEncryptionKey = `
+const idpEncyptionKey = `
     -----BEGIN RSA PRIVATE KEY-----
     Proc-Type: 4,ENCRYPTED
     DEK-Info: DES-EDE3-CBC,860FDB9F3BE14699
@@ -274,7 +274,7 @@ const idpEncryptionKey = `
     ISbutnQPUN5fsaIsgKDIV3T7n6519t6brobcW5bdigmf5ebFeZJ16/lYy6V77UM5
     -----END RSA PRIVATE KEY-----
     `;
-const spEncryptionKey = `
+const spEncyptionKey = `
     -----BEGIN RSA PRIVATE KEY-----
     Proc-Type: 4,ENCRYPTED
     DEK-Info: DES-EDE3-CBC,860FDB9F3BE14699
@@ -493,98 +493,6 @@ const createMockSAMLIdP = (port: number) => {
 	return { start, stop, metadataUrl };
 };
 
-describe("SAML SSO with defaultSSO array", async () => {
-	const data = {
-		user: [],
-		session: [],
-		verification: [],
-		account: [],
-		ssoProvider: [],
-	};
-
-	const memory = memoryAdapter(data);
-	const mockIdP = createMockSAMLIdP(8081); // Different port from your main app
-
-	const ssoOptions = {
-		defaultSSO: [
-			{
-				domain: "localhost:8081",
-				providerId: "default-saml",
-				samlConfig: {
-					issuer: "http://localhost:8081",
-					entryPoint: "http://localhost:8081/api/sso/saml2/idp/post",
-					cert: certificate,
-					callbackUrl: "http://localhost:8081/dashboard",
-					wantAssertionsSigned: false,
-					signatureAlgorithm: "sha256",
-					digestAlgorithm: "sha256",
-					idpMetadata: {
-						metadata: idpMetadata,
-					},
-					spMetadata: {
-						metadata: spMetadata,
-					},
-					identifierFormat:
-						"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
-				},
-			},
-		],
-		provisionUser: vi
-			.fn()
-			.mockImplementation(async ({ user, userInfo, token, provider }) => {
-				return {
-					id: "provisioned-user-id",
-					email: userInfo.email,
-					name: userInfo.name,
-					attributes: userInfo.attributes,
-				};
-			}),
-	};
-
-	const auth = betterAuth({
-		database: memory,
-		baseURL: "http://localhost:3000",
-		emailAndPassword: {
-			enabled: true,
-		},
-		plugins: [sso(ssoOptions)],
-	});
-
-	const ctx = await auth.$context;
-
-	const authClient = createAuthClient({
-		baseURL: "http://localhost:3000",
-		plugins: [bearer(), ssoClient()],
-		fetchOptions: {
-			customFetchImpl: async (url, init) => {
-				return auth.handler(new Request(url, init));
-			},
-		},
-	});
-
-	beforeAll(async () => {
-		await mockIdP.start();
-	});
-
-	afterAll(async () => {
-		await mockIdP.stop();
-	});
-
-	it("should use default SAML SSO provider from array when no provider found in database", async () => {
-		const signInResponse = await auth.api.signInSSO({
-			body: {
-				providerId: "default-saml",
-				callbackURL: "http://localhost:3000/dashboard",
-			},
-		});
-
-		expect(signInResponse).toEqual({
-			url: expect.stringContaining("http://localhost:8081"),
-			redirect: true,
-		});
-	});
-});
-
 describe("SAML SSO", async () => {
 	const data = {
 		user: [],
@@ -698,7 +606,7 @@ describe("SAML SSO", async () => {
 						privateKey: idpPrivateKey,
 						privateKeyPass: "q9ALNhGT5EhfcRmp8Pg7e9zTQeP2x1bW",
 						isAssertionEncrypted: true,
-						encPrivateKey: idpEncryptionKey,
+						encPrivateKey: idpEncyptionKey,
 						encPrivateKeyPass: "g7hGcRmp8PxT5QeP2q9Ehf1bWe9zTALN",
 					},
 					spMetadata: {
@@ -707,7 +615,7 @@ describe("SAML SSO", async () => {
 						privateKey: spPrivateKey,
 						privateKeyPass: "VHOSp5RUiBcrsjrcAuXFwU1NKCkGA8px",
 						isAssertionEncrypted: true,
-						encPrivateKey: spEncryptionKey,
+						encPrivateKey: spEncyptionKey,
 						encPrivateKeyPass: "BXFNKpxrsjrCkGA8cAu5wUVHOSpci1RU",
 					},
 					identifierFormat:
@@ -754,7 +662,7 @@ describe("SAML SSO", async () => {
 						privateKey: idpPrivateKey,
 						privateKeyPass: "q9ALNhGT5EhfcRmp8Pg7e9zTQeP2x1bW",
 						isAssertionEncrypted: true,
-						encPrivateKey: idpEncryptionKey,
+						encPrivateKey: idpEncyptionKey,
 						encPrivateKeyPass: "g7hGcRmp8PxT5QeP2q9Ehf1bWe9zTALN",
 					},
 					spMetadata: {
@@ -763,7 +671,7 @@ describe("SAML SSO", async () => {
 						privateKey: spPrivateKey,
 						privateKeyPass: "VHOSp5RUiBcrsjrcAuXFwU1NKCkGA8px",
 						isAssertionEncrypted: true,
-						encPrivateKey: spEncryptionKey,
+						encPrivateKey: spEncyptionKey,
 						encPrivateKeyPass: "BXFNKpxrsjrCkGA8cAu5wUVHOSpci1RU",
 					},
 					identifierFormat:
@@ -782,69 +690,6 @@ describe("SAML SSO", async () => {
 		expect(spMetadataRes.status).toBe(200);
 		expect(spMetadataResResValue).toBe(spMetadata);
 	});
-	it("Should fetch sp metadata", async () => {
-		const headers = await getAuthHeaders();
-		await authClient.signIn.email(testUser, {
-			throw: true,
-			onSuccess: setCookieToHeader(headers),
-		});
-		const issuer = "http://localhost:8081";
-		const provider = await auth.api.registerSSOProvider({
-			body: {
-				providerId: "saml-provider-1",
-				issuer: issuer,
-				domain: issuer,
-				samlConfig: {
-					entryPoint: mockIdP.metadataUrl,
-					cert: certificate,
-					callbackUrl: `${issuer}/api/sso/saml2/sp/acs`,
-					wantAssertionsSigned: false,
-					signatureAlgorithm: "sha256",
-					digestAlgorithm: "sha256",
-					idpMetadata: {
-						metadata: idpMetadata,
-						privateKey: idpPrivateKey,
-						privateKeyPass: "q9ALNhGT5EhfcRmp8Pg7e9zTQeP2x1bW",
-						isAssertionEncrypted: true,
-						encPrivateKey: idpEncryptionKey,
-						encPrivateKeyPass: "g7hGcRmp8PxT5QeP2q9Ehf1bWe9zTALN",
-					},
-					spMetadata: {
-						binding: "post",
-						privateKey: spPrivateKey,
-						privateKeyPass: "VHOSp5RUiBcrsjrcAuXFwU1NKCkGA8px",
-						isAssertionEncrypted: true,
-						encPrivateKey: spEncryptionKey,
-						encPrivateKeyPass: "BXFNKpxrsjrCkGA8cAu5wUVHOSpci1RU",
-					},
-					identifierFormat:
-						"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
-				},
-			},
-			headers,
-		});
-
-		const spMetadataRes = await auth.api.spMetadata({
-			query: {
-				providerId: provider.providerId,
-			},
-		});
-		const spMetadataResResValue = await spMetadataRes.text();
-		expect(spMetadataRes.status).toBe(200);
-		expect(spMetadataResResValue).toBeDefined();
-		expect(spMetadataResResValue).toContain(
-			"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
-		);
-		expect(spMetadataResResValue).toContain(
-			"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-		);
-		expect(spMetadataResResValue).toContain(
-			`<EntityDescriptor entityID="${issuer}"`,
-		);
-		expect(spMetadataResResValue).toContain(
-			`Location="${issuer}/api/sso/saml2/sp/acs"`,
-		);
-	});
 	it("should initiate SAML login and handle response", async () => {
 		const headers = await getAuthHeaders();
 		const res = await authClient.signIn.email(testUser, {
@@ -868,7 +713,7 @@ describe("SAML SSO", async () => {
 						privateKey: idpPrivateKey,
 						privateKeyPass: "q9ALNhGT5EhfcRmp8Pg7e9zTQeP2x1bW",
 						isAssertionEncrypted: true,
-						encPrivateKey: idpEncryptionKey,
+						encPrivateKey: idpEncyptionKey,
 						encPrivateKeyPass: "g7hGcRmp8PxT5QeP2q9Ehf1bWe9zTALN",
 					},
 					spMetadata: {
@@ -877,7 +722,7 @@ describe("SAML SSO", async () => {
 						privateKey: spPrivateKey,
 						privateKeyPass: "VHOSp5RUiBcrsjrcAuXFwU1NKCkGA8px",
 						isAssertionEncrypted: true,
-						encPrivateKey: spEncryptionKey,
+						encPrivateKey: spEncyptionKey,
 						encPrivateKeyPass: "BXFNKpxrsjrCkGA8cAu5wUVHOSpci1RU",
 					},
 					identifierFormat:

package/tsconfig.json

@@ -1,14 +1,20 @@
 {
-  "extends": "../../tsconfig.json",
   "compilerOptions": {
-    "rootDir": "./src",
-    "outDir": "./dist",
-    "lib": ["esnext", "dom", "dom.iterable"]
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "target": "es2022",
+    "allowJs": true,
+    "resolveJsonModule": true,
+    "module": "ESNext",
+    "noEmit": true,
+    "moduleResolution": "Bundler",
+    "moduleDetection": "force",
+    "isolatedModules": true,
+    "verbatimModuleSyntax": true,
+    "strict": true,
+    "noImplicitOverride": true,
+    "noFallthroughCasesInSwitch": true
   },
-  "references": [
-    {
-      "path": "../better-auth/tsconfig.json"
-    }
-  ],
+  "exclude": ["node_modules", "dist"],
   "include": ["src"]
 }