@better-auth/sso 1.3.18 → 1.4.0-beta.2

package/.turbo/turbo-build.log

@@ -1,17 +1,17 @@
 
-> @better-auth/sso@1.3.18 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.0-beta.2 build /home/runner/work/better-auth/better-auth/packages/sso
 > unbuild
 
 [info] Automatically detected entries: src/index, src/client [esm] [cjs] [dts]
 [info] Building sso
 [success] Build succeeded for sso
-[log]   dist/index.cjs (total size: 67.2 kB, chunk size: 67.2 kB, exports: sso)
+[log]   dist/index.cjs (total size: 66.4 kB, chunk size: 66.4 kB, exports: sso)
 
 [log]   dist/client.cjs (total size: 141 B, chunk size: 141 B, exports: ssoClient)
 
-[log]   dist/index.mjs (total size: 65.5 kB, chunk size: 65.5 kB, exports: sso)
+[log]   dist/index.mjs (total size: 64.7 kB, chunk size: 64.7 kB, exports: sso)
 
 [log]   dist/client.mjs (total size: 117 B, chunk size: 117 B, exports: ssoClient)
 
-Σ Total dist size (byte size): 260 kB
+Σ Total dist size (byte size): 258 kB
 [log]

package/dist/index.cjs

@@ -76,18 +76,8 @@ const sso = (options) => {
             });
           }
           const parsedSamlConfig = JSON.parse(provider.samlConfig);
-          const sp = parsedSamlConfig.spMetadata.metadata ? saml__namespace.ServiceProvider({
+          const sp = saml__namespace.ServiceProvider({
             metadata: parsedSamlConfig.spMetadata.metadata
-          }) : saml__namespace.SPMetadata({
-            entityID: parsedSamlConfig.spMetadata?.entityID || parsedSamlConfig.issuer,
-            assertionConsumerService: [
-              {
-                Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-                Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.id}`
-              }
-            ],
-            wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
-            nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0
           });
           return new Response(sp.getMetadata(), {
             headers: {
@@ -721,10 +711,10 @@ const sso = (options) => {
               allowCreate: true
             });
             const idp = saml__namespace.IdentityProvider({
-              metadata: parsedSamlConfig.idpMetadata?.metadata,
-              entityID: parsedSamlConfig.idpMetadata?.entityID,
-              encryptCert: parsedSamlConfig.idpMetadata?.cert,
-              singleSignOnService: parsedSamlConfig.idpMetadata?.singleSignOnService
+              metadata: parsedSamlConfig.idpMetadata.metadata,
+              entityID: parsedSamlConfig.idpMetadata.entityID,
+              encryptCert: parsedSamlConfig.idpMetadata.cert,
+              singleSignOnService: parsedSamlConfig.idpMetadata.singleSignOnService
             });
             const loginRequest = sp.createLoginRequest(
               idp,
@@ -1113,8 +1103,7 @@ const sso = (options) => {
             isAssertionEncrypted: spData?.isAssertionEncrypted || false,
             encPrivateKey: spData?.encPrivateKey,
             encPrivateKeyPass: spData?.encPrivateKeyPass,
-            wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
-            nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0
+            wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false
           });
           let parsedResponse;
           try {
@@ -1348,14 +1337,13 @@ const sso = (options) => {
             assertionConsumerService: [
               {
                 Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-                Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`
+                Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs`
               }
             ],
             wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
             metadata: parsedSamlConfig.spMetadata?.metadata,
             privateKey: parsedSamlConfig.spMetadata?.privateKey || parsedSamlConfig.privateKey,
-            privateKeyPass: parsedSamlConfig.spMetadata?.privateKeyPass,
-            nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0
+            privateKeyPass: parsedSamlConfig.spMetadata?.privateKeyPass
           });
           const idpData = parsedSamlConfig.idpMetadata;
           const idp = !idpData?.metadata ? saml__namespace.IdentityProvider({

package/dist/index.mjs

@@ -59,18 +59,8 @@ const sso = (options) => {
             });
           }
           const parsedSamlConfig = JSON.parse(provider.samlConfig);
-          const sp = parsedSamlConfig.spMetadata.metadata ? saml.ServiceProvider({
+          const sp = saml.ServiceProvider({
             metadata: parsedSamlConfig.spMetadata.metadata
-          }) : saml.SPMetadata({
-            entityID: parsedSamlConfig.spMetadata?.entityID || parsedSamlConfig.issuer,
-            assertionConsumerService: [
-              {
-                Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-                Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.id}`
-              }
-            ],
-            wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
-            nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0
           });
           return new Response(sp.getMetadata(), {
             headers: {
@@ -704,10 +694,10 @@ const sso = (options) => {
               allowCreate: true
             });
             const idp = saml.IdentityProvider({
-              metadata: parsedSamlConfig.idpMetadata?.metadata,
-              entityID: parsedSamlConfig.idpMetadata?.entityID,
-              encryptCert: parsedSamlConfig.idpMetadata?.cert,
-              singleSignOnService: parsedSamlConfig.idpMetadata?.singleSignOnService
+              metadata: parsedSamlConfig.idpMetadata.metadata,
+              entityID: parsedSamlConfig.idpMetadata.entityID,
+              encryptCert: parsedSamlConfig.idpMetadata.cert,
+              singleSignOnService: parsedSamlConfig.idpMetadata.singleSignOnService
             });
             const loginRequest = sp.createLoginRequest(
               idp,
@@ -1096,8 +1086,7 @@ const sso = (options) => {
             isAssertionEncrypted: spData?.isAssertionEncrypted || false,
             encPrivateKey: spData?.encPrivateKey,
             encPrivateKeyPass: spData?.encPrivateKeyPass,
-            wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
-            nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0
+            wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false
           });
           let parsedResponse;
           try {
@@ -1331,14 +1320,13 @@ const sso = (options) => {
             assertionConsumerService: [
               {
                 Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-                Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`
+                Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs`
               }
             ],
             wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
             metadata: parsedSamlConfig.spMetadata?.metadata,
             privateKey: parsedSamlConfig.spMetadata?.privateKey || parsedSamlConfig.privateKey,
-            privateKeyPass: parsedSamlConfig.spMetadata?.privateKeyPass,
-            nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0
+            privateKeyPass: parsedSamlConfig.spMetadata?.privateKeyPass
           });
           const idpData = parsedSamlConfig.idpMetadata;
           const idp = !idpData?.metadata ? saml.IdentityProvider({

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@better-auth/sso",
   "author": "Bereket Engida",
-  "version": "1.3.18",
+  "version": "1.4.0-beta.2",
   "main": "dist/index.cjs",
   "license": "MIT",
   "keywords": [
@@ -58,15 +58,15 @@
     "body-parser": "^2.2.0",
     "express": "^5.1.0",
     "unbuild": "3.6.1",
-    "better-auth": "^1.3.18"
+    "better-auth": "^1.4.0-beta.2"
   },
   "peerDependencies": {
-    "better-auth": "1.3.18"
+    "better-auth": "1.4.0-beta.2"
   },
   "scripts": {
     "test": "vitest",
     "build": "unbuild",
-    "dev": "unbuild --watch",
-    "typecheck": "tsc --project tsconfig.json"
+    "typecheck": "tsc --noEmit",
+    "dev": "unbuild --watch"
   }
 }

package/src/index.ts

@@ -252,7 +252,6 @@ export const sso = (options?: SSOOptions) => {
 				},
 				async (ctx) => {
 					const provider = await ctx.context.adapter.findOne<{
-						id: string;
 						samlConfig: string;
 					}>({
 						model: "ssoProvider",
@@ -269,29 +268,10 @@ export const sso = (options?: SSOOptions) => {
 						});
 					}
 
-					const parsedSamlConfig: SAMLConfig = JSON.parse(provider.samlConfig);
-					const sp = parsedSamlConfig.spMetadata.metadata
-						? saml.ServiceProvider({
-								metadata: parsedSamlConfig.spMetadata.metadata,
-							})
-						: saml.SPMetadata({
-								entityID:
-									parsedSamlConfig.spMetadata?.entityID ||
-									parsedSamlConfig.issuer,
-								assertionConsumerService: [
-									{
-										Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-										Location:
-											parsedSamlConfig.callbackUrl ||
-											`${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.id}`,
-									},
-								],
-								wantMessageSigned:
-									parsedSamlConfig.wantAssertionsSigned || false,
-								nameIDFormat: parsedSamlConfig.identifierFormat
-									? [parsedSamlConfig.identifierFormat]
-									: undefined,
-							});
+					const parsedSamlConfig = JSON.parse(provider.samlConfig);
+					const sp = saml.ServiceProvider({
+						metadata: parsedSamlConfig.spMetadata.metadata,
+					});
 					return new Response(sp.getMetadata(), {
 						headers: {
 							"Content-Type": "application/xml",
@@ -1094,7 +1074,7 @@ export const sso = (options?: SSOOptions) => {
 						});
 					}
 					if (provider.samlConfig) {
-						const parsedSamlConfig: SAMLConfig =
+						const parsedSamlConfig =
 							typeof provider.samlConfig === "object"
 								? provider.samlConfig
 								: JSON.parse(provider.samlConfig as unknown as string);
@@ -1104,11 +1084,11 @@ export const sso = (options?: SSOOptions) => {
 						});
 
 						const idp = saml.IdentityProvider({
-							metadata: parsedSamlConfig.idpMetadata?.metadata,
-							entityID: parsedSamlConfig.idpMetadata?.entityID,
-							encryptCert: parsedSamlConfig.idpMetadata?.cert,
+							metadata: parsedSamlConfig.idpMetadata.metadata,
+							entityID: parsedSamlConfig.idpMetadata.entityID,
+							encryptCert: parsedSamlConfig.idpMetadata.cert,
 							singleSignOnService:
-								parsedSamlConfig.idpMetadata?.singleSignOnService,
+								parsedSamlConfig.idpMetadata.singleSignOnService,
 						});
 						const loginRequest = sp.createLoginRequest(
 							idp,
@@ -1597,9 +1577,6 @@ export const sso = (options?: SSOOptions) => {
 						encPrivateKey: spData?.encPrivateKey,
 						encPrivateKeyPass: spData?.encPrivateKeyPass,
 						wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
-						nameIDFormat: parsedSamlConfig.identifierFormat
-							? [parsedSamlConfig.identifierFormat]
-							: undefined,
 					});
 
 					let parsedResponse: FlowResult;
@@ -1887,7 +1864,7 @@ export const sso = (options?: SSOOptions) => {
 								Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
 								Location:
 									parsedSamlConfig.callbackUrl ||
-									`${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`,
+									`${ctx.context.baseURL}/sso/saml2/sp/acs`,
 							},
 						],
 						wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
@@ -1896,9 +1873,6 @@ export const sso = (options?: SSOOptions) => {
 							parsedSamlConfig.spMetadata?.privateKey ||
 							parsedSamlConfig.privateKey,
 						privateKeyPass: parsedSamlConfig.spMetadata?.privateKeyPass,
-						nameIDFormat: parsedSamlConfig.identifierFormat
-							? [parsedSamlConfig.identifierFormat]
-							: undefined,
 					});
 
 					// Update where we construct the IdP

package/src/saml.test.ts

@@ -242,7 +242,7 @@ const certificate = `
     yyoWAJDUHiAmvFA=
     -----END CERTIFICATE-----
     `;
-const idpEncryptionKey = `
+const idpEncyptionKey = `
     -----BEGIN RSA PRIVATE KEY-----
     Proc-Type: 4,ENCRYPTED
     DEK-Info: DES-EDE3-CBC,860FDB9F3BE14699
@@ -274,7 +274,7 @@ const idpEncryptionKey = `
     ISbutnQPUN5fsaIsgKDIV3T7n6519t6brobcW5bdigmf5ebFeZJ16/lYy6V77UM5
     -----END RSA PRIVATE KEY-----
     `;
-const spEncryptionKey = `
+const spEncyptionKey = `
     -----BEGIN RSA PRIVATE KEY-----
     Proc-Type: 4,ENCRYPTED
     DEK-Info: DES-EDE3-CBC,860FDB9F3BE14699
@@ -698,7 +698,7 @@ describe("SAML SSO", async () => {
 						privateKey: idpPrivateKey,
 						privateKeyPass: "q9ALNhGT5EhfcRmp8Pg7e9zTQeP2x1bW",
 						isAssertionEncrypted: true,
-						encPrivateKey: idpEncryptionKey,
+						encPrivateKey: idpEncyptionKey,
 						encPrivateKeyPass: "g7hGcRmp8PxT5QeP2q9Ehf1bWe9zTALN",
 					},
 					spMetadata: {
@@ -707,7 +707,7 @@ describe("SAML SSO", async () => {
 						privateKey: spPrivateKey,
 						privateKeyPass: "VHOSp5RUiBcrsjrcAuXFwU1NKCkGA8px",
 						isAssertionEncrypted: true,
-						encPrivateKey: spEncryptionKey,
+						encPrivateKey: spEncyptionKey,
 						encPrivateKeyPass: "BXFNKpxrsjrCkGA8cAu5wUVHOSpci1RU",
 					},
 					identifierFormat:
@@ -754,7 +754,7 @@ describe("SAML SSO", async () => {
 						privateKey: idpPrivateKey,
 						privateKeyPass: "q9ALNhGT5EhfcRmp8Pg7e9zTQeP2x1bW",
 						isAssertionEncrypted: true,
-						encPrivateKey: idpEncryptionKey,
+						encPrivateKey: idpEncyptionKey,
 						encPrivateKeyPass: "g7hGcRmp8PxT5QeP2q9Ehf1bWe9zTALN",
 					},
 					spMetadata: {
@@ -763,7 +763,7 @@ describe("SAML SSO", async () => {
 						privateKey: spPrivateKey,
 						privateKeyPass: "VHOSp5RUiBcrsjrcAuXFwU1NKCkGA8px",
 						isAssertionEncrypted: true,
-						encPrivateKey: spEncryptionKey,
+						encPrivateKey: spEncyptionKey,
 						encPrivateKeyPass: "BXFNKpxrsjrCkGA8cAu5wUVHOSpci1RU",
 					},
 					identifierFormat:
@@ -782,69 +782,6 @@ describe("SAML SSO", async () => {
 		expect(spMetadataRes.status).toBe(200);
 		expect(spMetadataResResValue).toBe(spMetadata);
 	});
-	it("Should fetch sp metadata", async () => {
-		const headers = await getAuthHeaders();
-		await authClient.signIn.email(testUser, {
-			throw: true,
-			onSuccess: setCookieToHeader(headers),
-		});
-		const issuer = "http://localhost:8081";
-		const provider = await auth.api.registerSSOProvider({
-			body: {
-				providerId: "saml-provider-1",
-				issuer: issuer,
-				domain: issuer,
-				samlConfig: {
-					entryPoint: mockIdP.metadataUrl,
-					cert: certificate,
-					callbackUrl: `${issuer}/api/sso/saml2/sp/acs`,
-					wantAssertionsSigned: false,
-					signatureAlgorithm: "sha256",
-					digestAlgorithm: "sha256",
-					idpMetadata: {
-						metadata: idpMetadata,
-						privateKey: idpPrivateKey,
-						privateKeyPass: "q9ALNhGT5EhfcRmp8Pg7e9zTQeP2x1bW",
-						isAssertionEncrypted: true,
-						encPrivateKey: idpEncryptionKey,
-						encPrivateKeyPass: "g7hGcRmp8PxT5QeP2q9Ehf1bWe9zTALN",
-					},
-					spMetadata: {
-						binding: "post",
-						privateKey: spPrivateKey,
-						privateKeyPass: "VHOSp5RUiBcrsjrcAuXFwU1NKCkGA8px",
-						isAssertionEncrypted: true,
-						encPrivateKey: spEncryptionKey,
-						encPrivateKeyPass: "BXFNKpxrsjrCkGA8cAu5wUVHOSpci1RU",
-					},
-					identifierFormat:
-						"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
-				},
-			},
-			headers,
-		});
-
-		const spMetadataRes = await auth.api.spMetadata({
-			query: {
-				providerId: provider.providerId,
-			},
-		});
-		const spMetadataResResValue = await spMetadataRes.text();
-		expect(spMetadataRes.status).toBe(200);
-		expect(spMetadataResResValue).toBeDefined();
-		expect(spMetadataResResValue).toContain(
-			"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
-		);
-		expect(spMetadataResResValue).toContain(
-			"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-		);
-		expect(spMetadataResResValue).toContain(
-			`<EntityDescriptor entityID="${issuer}"`,
-		);
-		expect(spMetadataResResValue).toContain(
-			`Location="${issuer}/api/sso/saml2/sp/acs"`,
-		);
-	});
 	it("should initiate SAML login and handle response", async () => {
 		const headers = await getAuthHeaders();
 		const res = await authClient.signIn.email(testUser, {
@@ -868,7 +805,7 @@ describe("SAML SSO", async () => {
 						privateKey: idpPrivateKey,
 						privateKeyPass: "q9ALNhGT5EhfcRmp8Pg7e9zTQeP2x1bW",
 						isAssertionEncrypted: true,
-						encPrivateKey: idpEncryptionKey,
+						encPrivateKey: idpEncyptionKey,
 						encPrivateKeyPass: "g7hGcRmp8PxT5QeP2q9Ehf1bWe9zTALN",
 					},
 					spMetadata: {
@@ -877,7 +814,7 @@ describe("SAML SSO", async () => {
 						privateKey: spPrivateKey,
 						privateKeyPass: "VHOSp5RUiBcrsjrcAuXFwU1NKCkGA8px",
 						isAssertionEncrypted: true,
-						encPrivateKey: spEncryptionKey,
+						encPrivateKey: spEncyptionKey,
 						encPrivateKeyPass: "BXFNKpxrsjrCkGA8cAu5wUVHOSpci1RU",
 					},
 					identifierFormat:

package/tsconfig.json

@@ -1,14 +1,20 @@
 {
-  "extends": "../../tsconfig.json",
   "compilerOptions": {
-    "rootDir": "./src",
-    "outDir": "./dist",
-    "lib": ["esnext", "dom", "dom.iterable"]
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "target": "es2022",
+    "allowJs": true,
+    "resolveJsonModule": true,
+    "module": "ESNext",
+    "noEmit": true,
+    "moduleResolution": "Bundler",
+    "moduleDetection": "force",
+    "isolatedModules": true,
+    "verbatimModuleSyntax": true,
+    "strict": true,
+    "noImplicitOverride": true,
+    "noFallthroughCasesInSwitch": true
   },
-  "references": [
-    {
-      "path": "../better-auth/tsconfig.json"
-    }
-  ],
+  "exclude": ["node_modules", "dist"],
   "include": ["src"]
 }