@better-auth/sso 1.3.27 → 1.4.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/.turbo/turbo-build.log +23 -15
  2. package/dist/client.cjs +8 -6
  3. package/dist/client.d.cts +6 -8
  4. package/dist/client.d.ts +6 -8
  5. package/dist/client.js +12 -0
  6. package/dist/index-D0i1jHBp.d.cts +959 -0
  7. package/dist/index-Drgwy6ZL.d.ts +959 -0
  8. package/dist/index.cjs +2 -1671
  9. package/dist/index.d.cts +2 -959
  10. package/dist/index.d.ts +2 -959
  11. package/dist/index.js +3 -0
  12. package/dist/src-DLLHZrD9.cjs +1250 -0
  13. package/dist/src-DrA9mJEu.js +1212 -0
  14. package/package.json +11 -10
  15. package/tsdown.config.ts +8 -0
  16. package/build.config.ts +0 -12
  17. package/dist/client.d.mts +0 -11
  18. package/dist/client.mjs +0 -8
  19. package/dist/index.d.mts +0 -959
  20. package/dist/index.mjs +0 -1655
package/dist/index-Drgwy6ZL.d.ts ADDED
@@ -0,0 +1,959 @@
1
+ import { OAuth2Tokens, User } from "better-auth";
2
+ import * as z from "zod/v4";
3
+ import * as better_call0 from "better-call";
4
+
5
+ //#region src/index.d.ts
6
+ interface OIDCMapping {
7
+ id?: string;
8
+ email?: string;
9
+ emailVerified?: string;
10
+ name?: string;
11
+ image?: string;
12
+ extraFields?: Record<string, string>;
13
+ }
14
+ interface SAMLMapping {
15
+ id?: string;
16
+ email?: string;
17
+ emailVerified?: string;
18
+ name?: string;
19
+ firstName?: string;
20
+ lastName?: string;
21
+ extraFields?: Record<string, string>;
22
+ }
23
+ interface OIDCConfig {
24
+ issuer: string;
25
+ pkce: boolean;
26
+ clientId: string;
27
+ clientSecret: string;
28
+ authorizationEndpoint?: string;
29
+ discoveryEndpoint: string;
30
+ userInfoEndpoint?: string;
31
+ scopes?: string[];
32
+ overrideUserInfo?: boolean;
33
+ tokenEndpoint?: string;
34
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
35
+ jwksEndpoint?: string;
36
+ mapping?: OIDCMapping;
37
+ }
38
+ interface SAMLConfig {
39
+ issuer: string;
40
+ entryPoint: string;
41
+ cert: string;
42
+ callbackUrl: string;
43
+ audience?: string;
44
+ idpMetadata?: {
45
+ metadata?: string;
46
+ entityID?: string;
47
+ entityURL?: string;
48
+ redirectURL?: string;
49
+ cert?: string;
50
+ privateKey?: string;
51
+ privateKeyPass?: string;
52
+ isAssertionEncrypted?: boolean;
53
+ encPrivateKey?: string;
54
+ encPrivateKeyPass?: string;
55
+ singleSignOnService?: Array<{
56
+ Binding: string;
57
+ Location: string;
58
+ }>;
59
+ };
60
+ spMetadata: {
61
+ metadata?: string;
62
+ entityID?: string;
63
+ binding?: string;
64
+ privateKey?: string;
65
+ privateKeyPass?: string;
66
+ isAssertionEncrypted?: boolean;
67
+ encPrivateKey?: string;
68
+ encPrivateKeyPass?: string;
69
+ };
70
+ wantAssertionsSigned?: boolean;
71
+ signatureAlgorithm?: string;
72
+ digestAlgorithm?: string;
73
+ identifierFormat?: string;
74
+ privateKey?: string;
75
+ decryptionPvk?: string;
76
+ additionalParams?: Record<string, any>;
77
+ mapping?: SAMLMapping;
78
+ }
79
+ interface SSOProvider {
80
+ issuer: string;
81
+ oidcConfig?: OIDCConfig;
82
+ samlConfig?: SAMLConfig;
83
+ userId: string;
84
+ providerId: string;
85
+ organizationId?: string;
86
+ }
87
+ interface SSOOptions {
88
+ /**
89
+ * custom function to provision a user when they sign in with an SSO provider.
90
+ */
91
+ provisionUser?: (data: {
92
+ /**
93
+ * The user object from the database
94
+ */
95
+ user: User & Record<string, any>;
96
+ /**
97
+ * The user info object from the provider
98
+ */
99
+ userInfo: Record<string, any>;
100
+ /**
101
+ * The OAuth2 tokens from the provider
102
+ */
103
+ token?: OAuth2Tokens;
104
+ /**
105
+ * The SSO provider
106
+ */
107
+ provider: SSOProvider;
108
+ }) => Promise<void>;
109
+ /**
110
+ * Organization provisioning options
111
+ */
112
+ organizationProvisioning?: {
113
+ disabled?: boolean;
114
+ defaultRole?: "member" | "admin";
115
+ getRole?: (data: {
116
+ /**
117
+ * The user object from the database
118
+ */
119
+ user: User & Record<string, any>;
120
+ /**
121
+ * The user info object from the provider
122
+ */
123
+ userInfo: Record<string, any>;
124
+ /**
125
+ * The OAuth2 tokens from the provider
126
+ */
127
+ token?: OAuth2Tokens;
128
+ /**
129
+ * The SSO provider
130
+ */
131
+ provider: SSOProvider;
132
+ }) => Promise<"member" | "admin">;
133
+ };
134
+ /**
135
+ * Default SSO provider configurations for testing.
136
+ * These will take the precedence over the database providers.
137
+ */
138
+ defaultSSO?: Array<{
139
+ /**
140
+ * The domain to match for this default provider.
141
+ * This is only used to match incoming requests to this default provider.
142
+ */
143
+ domain: string;
144
+ /**
145
+ * The provider ID to use
146
+ */
147
+ providerId: string;
148
+ /**
149
+ * SAML configuration
150
+ */
151
+ samlConfig?: SAMLConfig;
152
+ /**
153
+ * OIDC configuration
154
+ */
155
+ oidcConfig?: OIDCConfig;
156
+ }>;
157
+ /**
158
+ * Override user info with the provider info.
159
+ * @default false
160
+ */
161
+ defaultOverrideUserInfo?: boolean;
162
+ /**
163
+ * Disable implicit sign up for new users. When set to true for the provider,
164
+ * sign-in need to be called with with requestSignUp as true to create new users.
165
+ */
166
+ disableImplicitSignUp?: boolean;
167
+ /**
168
+ * Configure the maximum number of SSO providers a user can register.
169
+ * You can also pass a function that returns a number.
170
+ * Set to 0 to disable SSO provider registration.
171
+ *
172
+ * @example
173
+ * ```ts
174
+ * providersLimit: async (user) => {
175
+ * const plan = await getUserPlan(user);
176
+ * return plan.name === "pro" ? 10 : 1;
177
+ * }
178
+ * ```
179
+ * @default 10
180
+ */
181
+ providersLimit?: number | ((user: User) => Promise<number> | number);
182
+ /**
183
+ * Trust the email verified flag from the provider.
184
+ * @default false
185
+ */
186
+ trustEmailVerified?: boolean;
187
+ }
188
+ declare const sso: (options?: SSOOptions) => {
189
+ id: "sso";
190
+ endpoints: {
191
+ spMetadata: {
192
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
193
+ body?: undefined;
194
+ } & {
195
+ method?: "GET" | undefined;
196
+ } & {
197
+ query: {
198
+ providerId: string;
199
+ format?: "xml" | "json" | undefined;
200
+ };
201
+ } & {
202
+ params?: Record<string, any>;
203
+ } & {
204
+ request?: Request;
205
+ } & {
206
+ headers?: HeadersInit;
207
+ } & {
208
+ asResponse?: boolean;
209
+ returnHeaders?: boolean;
210
+ use?: better_call0.Middleware[];
211
+ path?: string;
212
+ } & {
213
+ asResponse?: AsResponse | undefined;
214
+ returnHeaders?: ReturnHeaders | undefined;
215
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
216
+ headers: Headers;
217
+ response: Response;
218
+ } : Response>;
219
+ options: {
220
+ method: "GET";
221
+ query: z.ZodObject<{
222
+ providerId: z.ZodString;
223
+ format: z.ZodDefault<z.ZodEnum<{
224
+ xml: "xml";
225
+ json: "json";
226
+ }>>;
227
+ }, z.core.$strip>;
228
+ metadata: {
229
+ openapi: {
230
+ summary: string;
231
+ description: string;
232
+ responses: {
233
+ "200": {
234
+ description: string;
235
+ };
236
+ };
237
+ };
238
+ };
239
+ } & {
240
+ use: any[];
241
+ };
242
+ path: "/sso/saml2/sp/metadata";
243
+ };
244
+ registerSSOProvider: {
245
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
246
+ body: {
247
+ providerId: string;
248
+ issuer: string;
249
+ domain: string;
250
+ oidcConfig?: {
251
+ clientId: string;
252
+ clientSecret: string;
253
+ authorizationEndpoint?: string | undefined;
254
+ tokenEndpoint?: string | undefined;
255
+ userInfoEndpoint?: string | undefined;
256
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
257
+ jwksEndpoint?: string | undefined;
258
+ discoveryEndpoint?: string | undefined;
259
+ scopes?: string[] | undefined;
260
+ pkce?: boolean | undefined;
261
+ mapping?: {
262
+ id: string;
263
+ email: string;
264
+ name: string;
265
+ emailVerified?: string | undefined;
266
+ image?: string | undefined;
267
+ extraFields?: Record<string, any> | undefined;
268
+ } | undefined;
269
+ } | undefined;
270
+ samlConfig?: {
271
+ entryPoint: string;
272
+ cert: string;
273
+ callbackUrl: string;
274
+ spMetadata: {
275
+ metadata?: string | undefined;
276
+ entityID?: string | undefined;
277
+ binding?: string | undefined;
278
+ privateKey?: string | undefined;
279
+ privateKeyPass?: string | undefined;
280
+ isAssertionEncrypted?: boolean | undefined;
281
+ encPrivateKey?: string | undefined;
282
+ encPrivateKeyPass?: string | undefined;
283
+ };
284
+ audience?: string | undefined;
285
+ idpMetadata?: {
286
+ metadata?: string | undefined;
287
+ entityID?: string | undefined;
288
+ cert?: string | undefined;
289
+ privateKey?: string | undefined;
290
+ privateKeyPass?: string | undefined;
291
+ isAssertionEncrypted?: boolean | undefined;
292
+ encPrivateKey?: string | undefined;
293
+ encPrivateKeyPass?: string | undefined;
294
+ singleSignOnService?: {
295
+ Binding: string;
296
+ Location: string;
297
+ }[] | undefined;
298
+ } | undefined;
299
+ wantAssertionsSigned?: boolean | undefined;
300
+ signatureAlgorithm?: string | undefined;
301
+ digestAlgorithm?: string | undefined;
302
+ identifierFormat?: string | undefined;
303
+ privateKey?: string | undefined;
304
+ decryptionPvk?: string | undefined;
305
+ additionalParams?: Record<string, any> | undefined;
306
+ mapping?: {
307
+ id: string;
308
+ email: string;
309
+ name: string;
310
+ emailVerified?: string | undefined;
311
+ firstName?: string | undefined;
312
+ lastName?: string | undefined;
313
+ extraFields?: Record<string, any> | undefined;
314
+ } | undefined;
315
+ } | undefined;
316
+ organizationId?: string | undefined;
317
+ overrideUserInfo?: boolean | undefined;
318
+ };
319
+ } & {
320
+ method?: "POST" | undefined;
321
+ } & {
322
+ query?: Record<string, any> | undefined;
323
+ } & {
324
+ params?: Record<string, any>;
325
+ } & {
326
+ request?: Request;
327
+ } & {
328
+ headers?: HeadersInit;
329
+ } & {
330
+ asResponse?: boolean;
331
+ returnHeaders?: boolean;
332
+ use?: better_call0.Middleware[];
333
+ path?: string;
334
+ } & {
335
+ asResponse?: AsResponse | undefined;
336
+ returnHeaders?: ReturnHeaders | undefined;
337
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
338
+ headers: Headers;
339
+ response: {
340
+ oidcConfig: OIDCConfig;
341
+ samlConfig: SAMLConfig;
342
+ redirectURI: string;
343
+ issuer: string;
344
+ userId: string;
345
+ providerId: string;
346
+ organizationId?: string;
347
+ };
348
+ } : {
349
+ oidcConfig: OIDCConfig;
350
+ samlConfig: SAMLConfig;
351
+ redirectURI: string;
352
+ issuer: string;
353
+ userId: string;
354
+ providerId: string;
355
+ organizationId?: string;
356
+ }>;
357
+ options: {
358
+ method: "POST";
359
+ body: z.ZodObject<{
360
+ providerId: z.ZodString;
361
+ issuer: z.ZodString;
362
+ domain: z.ZodString;
363
+ oidcConfig: z.ZodOptional<z.ZodObject<{
364
+ clientId: z.ZodString;
365
+ clientSecret: z.ZodString;
366
+ authorizationEndpoint: z.ZodOptional<z.ZodString>;
367
+ tokenEndpoint: z.ZodOptional<z.ZodString>;
368
+ userInfoEndpoint: z.ZodOptional<z.ZodString>;
369
+ tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
370
+ client_secret_post: "client_secret_post";
371
+ client_secret_basic: "client_secret_basic";
372
+ }>>;
373
+ jwksEndpoint: z.ZodOptional<z.ZodString>;
374
+ discoveryEndpoint: z.ZodOptional<z.ZodString>;
375
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
376
+ pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
377
+ mapping: z.ZodOptional<z.ZodObject<{
378
+ id: z.ZodString;
379
+ email: z.ZodString;
380
+ emailVerified: z.ZodOptional<z.ZodString>;
381
+ name: z.ZodString;
382
+ image: z.ZodOptional<z.ZodString>;
383
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
384
+ }, z.core.$strip>>;
385
+ }, z.core.$strip>>;
386
+ samlConfig: z.ZodOptional<z.ZodObject<{
387
+ entryPoint: z.ZodString;
388
+ cert: z.ZodString;
389
+ callbackUrl: z.ZodString;
390
+ audience: z.ZodOptional<z.ZodString>;
391
+ idpMetadata: z.ZodOptional<z.ZodObject<{
392
+ metadata: z.ZodOptional<z.ZodString>;
393
+ entityID: z.ZodOptional<z.ZodString>;
394
+ cert: z.ZodOptional<z.ZodString>;
395
+ privateKey: z.ZodOptional<z.ZodString>;
396
+ privateKeyPass: z.ZodOptional<z.ZodString>;
397
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
398
+ encPrivateKey: z.ZodOptional<z.ZodString>;
399
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
400
+ singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
401
+ Binding: z.ZodString;
402
+ Location: z.ZodString;
403
+ }, z.core.$strip>>>;
404
+ }, z.core.$strip>>;
405
+ spMetadata: z.ZodObject<{
406
+ metadata: z.ZodOptional<z.ZodString>;
407
+ entityID: z.ZodOptional<z.ZodString>;
408
+ binding: z.ZodOptional<z.ZodString>;
409
+ privateKey: z.ZodOptional<z.ZodString>;
410
+ privateKeyPass: z.ZodOptional<z.ZodString>;
411
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
412
+ encPrivateKey: z.ZodOptional<z.ZodString>;
413
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
414
+ }, z.core.$strip>;
415
+ wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
416
+ signatureAlgorithm: z.ZodOptional<z.ZodString>;
417
+ digestAlgorithm: z.ZodOptional<z.ZodString>;
418
+ identifierFormat: z.ZodOptional<z.ZodString>;
419
+ privateKey: z.ZodOptional<z.ZodString>;
420
+ decryptionPvk: z.ZodOptional<z.ZodString>;
421
+ additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
422
+ mapping: z.ZodOptional<z.ZodObject<{
423
+ id: z.ZodString;
424
+ email: z.ZodString;
425
+ emailVerified: z.ZodOptional<z.ZodString>;
426
+ name: z.ZodString;
427
+ firstName: z.ZodOptional<z.ZodString>;
428
+ lastName: z.ZodOptional<z.ZodString>;
429
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
430
+ }, z.core.$strip>>;
431
+ }, z.core.$strip>>;
432
+ organizationId: z.ZodOptional<z.ZodString>;
433
+ overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
434
+ }, z.core.$strip>;
435
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
436
+ session: {
437
+ session: Record<string, any> & {
438
+ id: string;
439
+ createdAt: Date;
440
+ updatedAt: Date;
441
+ userId: string;
442
+ expiresAt: Date;
443
+ token: string;
444
+ ipAddress?: string | null | undefined;
445
+ userAgent?: string | null | undefined;
446
+ };
447
+ user: Record<string, any> & {
448
+ id: string;
449
+ createdAt: Date;
450
+ updatedAt: Date;
451
+ email: string;
452
+ emailVerified: boolean;
453
+ name: string;
454
+ image?: string | null | undefined;
455
+ };
456
+ };
457
+ }>)[];
458
+ metadata: {
459
+ openapi: {
460
+ summary: string;
461
+ description: string;
462
+ responses: {
463
+ "200": {
464
+ description: string;
465
+ content: {
466
+ "application/json": {
467
+ schema: {
468
+ type: "object";
469
+ properties: {
470
+ issuer: {
471
+ type: string;
472
+ format: string;
473
+ description: string;
474
+ };
475
+ domain: {
476
+ type: string;
477
+ description: string;
478
+ };
479
+ oidcConfig: {
480
+ type: string;
481
+ properties: {
482
+ issuer: {
483
+ type: string;
484
+ format: string;
485
+ description: string;
486
+ };
487
+ pkce: {
488
+ type: string;
489
+ description: string;
490
+ };
491
+ clientId: {
492
+ type: string;
493
+ description: string;
494
+ };
495
+ clientSecret: {
496
+ type: string;
497
+ description: string;
498
+ };
499
+ authorizationEndpoint: {
500
+ type: string;
501
+ format: string;
502
+ nullable: boolean;
503
+ description: string;
504
+ };
505
+ discoveryEndpoint: {
506
+ type: string;
507
+ format: string;
508
+ description: string;
509
+ };
510
+ userInfoEndpoint: {
511
+ type: string;
512
+ format: string;
513
+ nullable: boolean;
514
+ description: string;
515
+ };
516
+ scopes: {
517
+ type: string;
518
+ items: {
519
+ type: string;
520
+ };
521
+ nullable: boolean;
522
+ description: string;
523
+ };
524
+ tokenEndpoint: {
525
+ type: string;
526
+ format: string;
527
+ nullable: boolean;
528
+ description: string;
529
+ };
530
+ tokenEndpointAuthentication: {
531
+ type: string;
532
+ enum: string[];
533
+ nullable: boolean;
534
+ description: string;
535
+ };
536
+ jwksEndpoint: {
537
+ type: string;
538
+ format: string;
539
+ nullable: boolean;
540
+ description: string;
541
+ };
542
+ mapping: {
543
+ type: string;
544
+ nullable: boolean;
545
+ properties: {
546
+ id: {
547
+ type: string;
548
+ description: string;
549
+ };
550
+ email: {
551
+ type: string;
552
+ description: string;
553
+ };
554
+ emailVerified: {
555
+ type: string;
556
+ nullable: boolean;
557
+ description: string;
558
+ };
559
+ name: {
560
+ type: string;
561
+ description: string;
562
+ };
563
+ image: {
564
+ type: string;
565
+ nullable: boolean;
566
+ description: string;
567
+ };
568
+ extraFields: {
569
+ type: string;
570
+ additionalProperties: {
571
+ type: string;
572
+ };
573
+ nullable: boolean;
574
+ description: string;
575
+ };
576
+ };
577
+ required: string[];
578
+ };
579
+ };
580
+ required: string[];
581
+ description: string;
582
+ };
583
+ organizationId: {
584
+ type: string;
585
+ nullable: boolean;
586
+ description: string;
587
+ };
588
+ userId: {
589
+ type: string;
590
+ description: string;
591
+ };
592
+ providerId: {
593
+ type: string;
594
+ description: string;
595
+ };
596
+ redirectURI: {
597
+ type: string;
598
+ format: string;
599
+ description: string;
600
+ };
601
+ };
602
+ required: string[];
603
+ };
604
+ };
605
+ };
606
+ };
607
+ };
608
+ };
609
+ };
610
+ } & {
611
+ use: any[];
612
+ };
613
+ path: "/sso/register";
614
+ };
615
+ signInSSO: {
616
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
617
+ body: {
618
+ callbackURL: string;
619
+ email?: string | undefined;
620
+ organizationSlug?: string | undefined;
621
+ providerId?: string | undefined;
622
+ domain?: string | undefined;
623
+ errorCallbackURL?: string | undefined;
624
+ newUserCallbackURL?: string | undefined;
625
+ scopes?: string[] | undefined;
626
+ requestSignUp?: boolean | undefined;
627
+ providerType?: "oidc" | "saml" | undefined;
628
+ };
629
+ } & {
630
+ method?: "POST" | undefined;
631
+ } & {
632
+ query?: Record<string, any> | undefined;
633
+ } & {
634
+ params?: Record<string, any>;
635
+ } & {
636
+ request?: Request;
637
+ } & {
638
+ headers?: HeadersInit;
639
+ } & {
640
+ asResponse?: boolean;
641
+ returnHeaders?: boolean;
642
+ use?: better_call0.Middleware[];
643
+ path?: string;
644
+ } & {
645
+ asResponse?: AsResponse | undefined;
646
+ returnHeaders?: ReturnHeaders | undefined;
647
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
648
+ headers: Headers;
649
+ response: {
650
+ url: string;
651
+ redirect: boolean;
652
+ };
653
+ } : {
654
+ url: string;
655
+ redirect: boolean;
656
+ }>;
657
+ options: {
658
+ method: "POST";
659
+ body: z.ZodObject<{
660
+ email: z.ZodOptional<z.ZodString>;
661
+ organizationSlug: z.ZodOptional<z.ZodString>;
662
+ providerId: z.ZodOptional<z.ZodString>;
663
+ domain: z.ZodOptional<z.ZodString>;
664
+ callbackURL: z.ZodString;
665
+ errorCallbackURL: z.ZodOptional<z.ZodString>;
666
+ newUserCallbackURL: z.ZodOptional<z.ZodString>;
667
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
668
+ requestSignUp: z.ZodOptional<z.ZodBoolean>;
669
+ providerType: z.ZodOptional<z.ZodEnum<{
670
+ oidc: "oidc";
671
+ saml: "saml";
672
+ }>>;
673
+ }, z.core.$strip>;
674
+ metadata: {
675
+ openapi: {
676
+ summary: string;
677
+ description: string;
678
+ requestBody: {
679
+ content: {
680
+ "application/json": {
681
+ schema: {
682
+ type: "object";
683
+ properties: {
684
+ email: {
685
+ type: string;
686
+ description: string;
687
+ };
688
+ issuer: {
689
+ type: string;
690
+ description: string;
691
+ };
692
+ providerId: {
693
+ type: string;
694
+ description: string;
695
+ };
696
+ callbackURL: {
697
+ type: string;
698
+ description: string;
699
+ };
700
+ errorCallbackURL: {
701
+ type: string;
702
+ description: string;
703
+ };
704
+ newUserCallbackURL: {
705
+ type: string;
706
+ description: string;
707
+ };
708
+ };
709
+ required: string[];
710
+ };
711
+ };
712
+ };
713
+ };
714
+ responses: {
715
+ "200": {
716
+ description: string;
717
+ content: {
718
+ "application/json": {
719
+ schema: {
720
+ type: "object";
721
+ properties: {
722
+ url: {
723
+ type: string;
724
+ format: string;
725
+ description: string;
726
+ };
727
+ redirect: {
728
+ type: string;
729
+ description: string;
730
+ enum: boolean[];
731
+ };
732
+ };
733
+ required: string[];
734
+ };
735
+ };
736
+ };
737
+ };
738
+ };
739
+ };
740
+ };
741
+ } & {
742
+ use: any[];
743
+ };
744
+ path: "/sign-in/sso";
745
+ };
746
+ callbackSSO: {
747
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
748
+ body?: undefined;
749
+ } & {
750
+ method?: "GET" | undefined;
751
+ } & {
752
+ query: {
753
+ state: string;
754
+ code?: string | undefined;
755
+ error?: string | undefined;
756
+ error_description?: string | undefined;
757
+ };
758
+ } & {
759
+ params: {
760
+ providerId: string;
761
+ };
762
+ } & {
763
+ request?: Request;
764
+ } & {
765
+ headers?: HeadersInit;
766
+ } & {
767
+ asResponse?: boolean;
768
+ returnHeaders?: boolean;
769
+ use?: better_call0.Middleware[];
770
+ path?: string;
771
+ } & {
772
+ asResponse?: AsResponse | undefined;
773
+ returnHeaders?: ReturnHeaders | undefined;
774
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
775
+ headers: Headers;
776
+ response: never;
777
+ } : never>;
778
+ options: {
779
+ method: "GET";
780
+ query: z.ZodObject<{
781
+ code: z.ZodOptional<z.ZodString>;
782
+ state: z.ZodString;
783
+ error: z.ZodOptional<z.ZodString>;
784
+ error_description: z.ZodOptional<z.ZodString>;
785
+ }, z.core.$strip>;
786
+ metadata: {
787
+ isAction: boolean;
788
+ openapi: {
789
+ summary: string;
790
+ description: string;
791
+ responses: {
792
+ "302": {
793
+ description: string;
794
+ };
795
+ };
796
+ };
797
+ };
798
+ } & {
799
+ use: any[];
800
+ };
801
+ path: "/sso/callback/:providerId";
802
+ };
803
+ callbackSSOSAML: {
804
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
805
+ body: {
806
+ SAMLResponse: string;
807
+ RelayState?: string | undefined;
808
+ };
809
+ } & {
810
+ method?: "POST" | undefined;
811
+ } & {
812
+ query?: Record<string, any> | undefined;
813
+ } & {
814
+ params: {
815
+ providerId: string;
816
+ };
817
+ } & {
818
+ request?: Request;
819
+ } & {
820
+ headers?: HeadersInit;
821
+ } & {
822
+ asResponse?: boolean;
823
+ returnHeaders?: boolean;
824
+ use?: better_call0.Middleware[];
825
+ path?: string;
826
+ } & {
827
+ asResponse?: AsResponse | undefined;
828
+ returnHeaders?: ReturnHeaders | undefined;
829
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
830
+ headers: Headers;
831
+ response: never;
832
+ } : never>;
833
+ options: {
834
+ method: "POST";
835
+ body: z.ZodObject<{
836
+ SAMLResponse: z.ZodString;
837
+ RelayState: z.ZodOptional<z.ZodString>;
838
+ }, z.core.$strip>;
839
+ metadata: {
840
+ isAction: boolean;
841
+ openapi: {
842
+ summary: string;
843
+ description: string;
844
+ responses: {
845
+ "302": {
846
+ description: string;
847
+ };
848
+ "400": {
849
+ description: string;
850
+ };
851
+ "401": {
852
+ description: string;
853
+ };
854
+ };
855
+ };
856
+ };
857
+ } & {
858
+ use: any[];
859
+ };
860
+ path: "/sso/saml2/callback/:providerId";
861
+ };
862
+ acsEndpoint: {
863
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
864
+ body: {
865
+ SAMLResponse: string;
866
+ RelayState?: string | undefined;
867
+ };
868
+ } & {
869
+ method?: "POST" | undefined;
870
+ } & {
871
+ query?: Record<string, any> | undefined;
872
+ } & {
873
+ params: {
874
+ providerId: string;
875
+ };
876
+ } & {
877
+ request?: Request;
878
+ } & {
879
+ headers?: HeadersInit;
880
+ } & {
881
+ asResponse?: boolean;
882
+ returnHeaders?: boolean;
883
+ use?: better_call0.Middleware[];
884
+ path?: string;
885
+ } & {
886
+ asResponse?: AsResponse | undefined;
887
+ returnHeaders?: ReturnHeaders | undefined;
888
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
889
+ headers: Headers;
890
+ response: never;
891
+ } : never>;
892
+ options: {
893
+ method: "POST";
894
+ params: z.ZodObject<{
895
+ providerId: z.ZodOptional<z.ZodString>;
896
+ }, z.core.$strip>;
897
+ body: z.ZodObject<{
898
+ SAMLResponse: z.ZodString;
899
+ RelayState: z.ZodOptional<z.ZodString>;
900
+ }, z.core.$strip>;
901
+ metadata: {
902
+ isAction: boolean;
903
+ openapi: {
904
+ summary: string;
905
+ description: string;
906
+ responses: {
907
+ "302": {
908
+ description: string;
909
+ };
910
+ };
911
+ };
912
+ };
913
+ } & {
914
+ use: any[];
915
+ };
916
+ path: "/sso/saml2/sp/acs/:providerId";
917
+ };
918
+ };
919
+ schema: {
920
+ ssoProvider: {
921
+ fields: {
922
+ issuer: {
923
+ type: "string";
924
+ required: true;
925
+ };
926
+ oidcConfig: {
927
+ type: "string";
928
+ required: false;
929
+ };
930
+ samlConfig: {
931
+ type: "string";
932
+ required: false;
933
+ };
934
+ userId: {
935
+ type: "string";
936
+ references: {
937
+ model: string;
938
+ field: string;
939
+ };
940
+ };
941
+ providerId: {
942
+ type: "string";
943
+ required: true;
944
+ unique: true;
945
+ };
946
+ organizationId: {
947
+ type: "string";
948
+ required: false;
949
+ };
950
+ domain: {
951
+ type: "string";
952
+ required: true;
953
+ };
954
+ };
955
+ };
956
+ };
957
+ };
958
+ //#endregion
959
+ export { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso };