@better-auth/sso 1.4.0-beta.1 → 1.4.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/.turbo/turbo-build.log +23 -15
  2. package/dist/client.cjs +8 -6
  3. package/dist/client.d.cts +6 -8
  4. package/dist/client.d.ts +6 -8
  5. package/dist/client.js +12 -0
  6. package/dist/index-Cl11-WdU.d.cts +965 -0
  7. package/dist/index-Dtx0Mkqc.d.ts +965 -0
  8. package/dist/index.cjs +2 -1161
  9. package/dist/index.d.cts +2 -812
  10. package/dist/index.d.ts +2 -812
  11. package/dist/index.js +3 -0
  12. package/dist/src-BYOa9Nr6.cjs +1256 -0
  13. package/dist/src-Z1RpfPZt.js +1218 -0
  14. package/package.json +13 -12
  15. package/src/index.ts +896 -150
  16. package/src/oidc.test.ts +156 -172
  17. package/src/saml.test.ts +212 -8
  18. package/tsconfig.json +4 -15
  19. package/tsdown.config.ts +8 -0
  20. package/CHANGELOG.md +0 -20
  21. package/build.config.ts +0 -12
  22. package/dist/client.d.mts +0 -11
  23. package/dist/client.mjs +0 -8
  24. package/dist/index.d.mts +0 -812
  25. package/dist/index.mjs +0 -1145
package/dist/index-Cl11-WdU.d.cts ADDED
@@ -0,0 +1,965 @@
1
+ import * as better_call0 from "better-call";
2
+ import { OAuth2Tokens, User } from "better-auth";
3
+ import * as z from "zod/v4";
4
+
5
+ //#region src/index.d.ts
6
+ interface OIDCMapping {
7
+ id?: string;
8
+ email?: string;
9
+ emailVerified?: string;
10
+ name?: string;
11
+ image?: string;
12
+ extraFields?: Record<string, string>;
13
+ }
14
+ interface SAMLMapping {
15
+ id?: string;
16
+ email?: string;
17
+ emailVerified?: string;
18
+ name?: string;
19
+ firstName?: string;
20
+ lastName?: string;
21
+ extraFields?: Record<string, string>;
22
+ }
23
+ interface OIDCConfig {
24
+ issuer: string;
25
+ pkce: boolean;
26
+ clientId: string;
27
+ clientSecret: string;
28
+ authorizationEndpoint?: string;
29
+ discoveryEndpoint: string;
30
+ userInfoEndpoint?: string;
31
+ scopes?: string[];
32
+ overrideUserInfo?: boolean;
33
+ tokenEndpoint?: string;
34
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
35
+ jwksEndpoint?: string;
36
+ mapping?: OIDCMapping;
37
+ }
38
+ interface SAMLConfig {
39
+ issuer: string;
40
+ entryPoint: string;
41
+ cert: string;
42
+ callbackUrl: string;
43
+ audience?: string;
44
+ idpMetadata?: {
45
+ metadata?: string;
46
+ entityID?: string;
47
+ entityURL?: string;
48
+ redirectURL?: string;
49
+ cert?: string;
50
+ privateKey?: string;
51
+ privateKeyPass?: string;
52
+ isAssertionEncrypted?: boolean;
53
+ encPrivateKey?: string;
54
+ encPrivateKeyPass?: string;
55
+ singleSignOnService?: Array<{
56
+ Binding: string;
57
+ Location: string;
58
+ }>;
59
+ };
60
+ spMetadata: {
61
+ metadata?: string;
62
+ entityID?: string;
63
+ binding?: string;
64
+ privateKey?: string;
65
+ privateKeyPass?: string;
66
+ isAssertionEncrypted?: boolean;
67
+ encPrivateKey?: string;
68
+ encPrivateKeyPass?: string;
69
+ };
70
+ wantAssertionsSigned?: boolean;
71
+ signatureAlgorithm?: string;
72
+ digestAlgorithm?: string;
73
+ identifierFormat?: string;
74
+ privateKey?: string;
75
+ decryptionPvk?: string;
76
+ additionalParams?: Record<string, any>;
77
+ mapping?: SAMLMapping;
78
+ }
79
+ interface SSOProvider {
80
+ issuer: string;
81
+ oidcConfig?: OIDCConfig;
82
+ samlConfig?: SAMLConfig;
83
+ userId: string;
84
+ providerId: string;
85
+ organizationId?: string;
86
+ }
87
+ interface SSOOptions {
88
+ /**
89
+ * custom function to provision a user when they sign in with an SSO provider.
90
+ */
91
+ provisionUser?: (data: {
92
+ /**
93
+ * The user object from the database
94
+ */
95
+ user: User & Record<string, any>;
96
+ /**
97
+ * The user info object from the provider
98
+ */
99
+ userInfo: Record<string, any>;
100
+ /**
101
+ * The OAuth2 tokens from the provider
102
+ */
103
+ token?: OAuth2Tokens;
104
+ /**
105
+ * The SSO provider
106
+ */
107
+ provider: SSOProvider;
108
+ }) => Promise<void>;
109
+ /**
110
+ * Organization provisioning options
111
+ */
112
+ organizationProvisioning?: {
113
+ disabled?: boolean;
114
+ defaultRole?: "member" | "admin";
115
+ getRole?: (data: {
116
+ /**
117
+ * The user object from the database
118
+ */
119
+ user: User & Record<string, any>;
120
+ /**
121
+ * The user info object from the provider
122
+ */
123
+ userInfo: Record<string, any>;
124
+ /**
125
+ * The OAuth2 tokens from the provider
126
+ */
127
+ token?: OAuth2Tokens;
128
+ /**
129
+ * The SSO provider
130
+ */
131
+ provider: SSOProvider;
132
+ }) => Promise<"member" | "admin">;
133
+ };
134
+ /**
135
+ * Default SSO provider configurations for testing.
136
+ * These will take the precedence over the database providers.
137
+ */
138
+ defaultSSO?: Array<{
139
+ /**
140
+ * The domain to match for this default provider.
141
+ * This is only used to match incoming requests to this default provider.
142
+ */
143
+ domain: string;
144
+ /**
145
+ * The provider ID to use
146
+ */
147
+ providerId: string;
148
+ /**
149
+ * SAML configuration
150
+ */
151
+ samlConfig?: SAMLConfig;
152
+ /**
153
+ * OIDC configuration
154
+ */
155
+ oidcConfig?: OIDCConfig;
156
+ }>;
157
+ /**
158
+ * Override user info with the provider info.
159
+ * @default false
160
+ */
161
+ defaultOverrideUserInfo?: boolean;
162
+ /**
163
+ * Disable implicit sign up for new users. When set to true for the provider,
164
+ * sign-in need to be called with with requestSignUp as true to create new users.
165
+ */
166
+ disableImplicitSignUp?: boolean;
167
+ /**
168
+ * Configure the maximum number of SSO providers a user can register.
169
+ * You can also pass a function that returns a number.
170
+ * Set to 0 to disable SSO provider registration.
171
+ *
172
+ * @example
173
+ * ```ts
174
+ * providersLimit: async (user) => {
175
+ * const plan = await getUserPlan(user);
176
+ * return plan.name === "pro" ? 10 : 1;
177
+ * }
178
+ * ```
179
+ * @default 10
180
+ */
181
+ providersLimit?: number | ((user: User) => Promise<number> | number);
182
+ /**
183
+ * Trust the email verified flag from the provider.
184
+ * @default false
185
+ */
186
+ trustEmailVerified?: boolean;
187
+ }
188
+ declare const sso: (options?: SSOOptions) => {
189
+ id: "sso";
190
+ endpoints: {
191
+ spMetadata: {
192
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
193
+ body?: undefined;
194
+ } & {
195
+ method?: "GET" | undefined;
196
+ } & {
197
+ query: {
198
+ providerId: string;
199
+ format?: "xml" | "json" | undefined;
200
+ };
201
+ } & {
202
+ params?: Record<string, any>;
203
+ } & {
204
+ request?: Request;
205
+ } & {
206
+ headers?: HeadersInit;
207
+ } & {
208
+ asResponse?: boolean;
209
+ returnHeaders?: boolean;
210
+ use?: better_call0.Middleware[];
211
+ path?: string;
212
+ } & {
213
+ asResponse?: AsResponse | undefined;
214
+ returnHeaders?: ReturnHeaders | undefined;
215
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
216
+ headers: Headers;
217
+ response: Response;
218
+ } : Response>;
219
+ options: {
220
+ method: "GET";
221
+ query: z.ZodObject<{
222
+ providerId: z.ZodString;
223
+ format: z.ZodDefault<z.ZodEnum<{
224
+ xml: "xml";
225
+ json: "json";
226
+ }>>;
227
+ }, z.core.$strip>;
228
+ metadata: {
229
+ openapi: {
230
+ summary: string;
231
+ description: string;
232
+ responses: {
233
+ "200": {
234
+ description: string;
235
+ };
236
+ };
237
+ };
238
+ };
239
+ } & {
240
+ use: any[];
241
+ };
242
+ path: "/sso/saml2/sp/metadata";
243
+ };
244
+ registerSSOProvider: {
245
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
246
+ body: {
247
+ providerId: string;
248
+ issuer: string;
249
+ domain: string;
250
+ oidcConfig?: {
251
+ clientId: string;
252
+ clientSecret: string;
253
+ authorizationEndpoint?: string | undefined;
254
+ tokenEndpoint?: string | undefined;
255
+ userInfoEndpoint?: string | undefined;
256
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
257
+ jwksEndpoint?: string | undefined;
258
+ discoveryEndpoint?: string | undefined;
259
+ scopes?: string[] | undefined;
260
+ pkce?: boolean | undefined;
261
+ mapping?: {
262
+ id: string;
263
+ email: string;
264
+ name: string;
265
+ emailVerified?: string | undefined;
266
+ image?: string | undefined;
267
+ extraFields?: Record<string, any> | undefined;
268
+ } | undefined;
269
+ } | undefined;
270
+ samlConfig?: {
271
+ entryPoint: string;
272
+ cert: string;
273
+ callbackUrl: string;
274
+ spMetadata: {
275
+ metadata?: string | undefined;
276
+ entityID?: string | undefined;
277
+ binding?: string | undefined;
278
+ privateKey?: string | undefined;
279
+ privateKeyPass?: string | undefined;
280
+ isAssertionEncrypted?: boolean | undefined;
281
+ encPrivateKey?: string | undefined;
282
+ encPrivateKeyPass?: string | undefined;
283
+ };
284
+ audience?: string | undefined;
285
+ idpMetadata?: {
286
+ metadata?: string | undefined;
287
+ entityID?: string | undefined;
288
+ cert?: string | undefined;
289
+ privateKey?: string | undefined;
290
+ privateKeyPass?: string | undefined;
291
+ isAssertionEncrypted?: boolean | undefined;
292
+ encPrivateKey?: string | undefined;
293
+ encPrivateKeyPass?: string | undefined;
294
+ singleSignOnService?: {
295
+ Binding: string;
296
+ Location: string;
297
+ }[] | undefined;
298
+ } | undefined;
299
+ wantAssertionsSigned?: boolean | undefined;
300
+ signatureAlgorithm?: string | undefined;
301
+ digestAlgorithm?: string | undefined;
302
+ identifierFormat?: string | undefined;
303
+ privateKey?: string | undefined;
304
+ decryptionPvk?: string | undefined;
305
+ additionalParams?: Record<string, any> | undefined;
306
+ mapping?: {
307
+ id: string;
308
+ email: string;
309
+ name: string;
310
+ emailVerified?: string | undefined;
311
+ firstName?: string | undefined;
312
+ lastName?: string | undefined;
313
+ extraFields?: Record<string, any> | undefined;
314
+ } | undefined;
315
+ } | undefined;
316
+ organizationId?: string | undefined;
317
+ overrideUserInfo?: boolean | undefined;
318
+ };
319
+ } & {
320
+ method?: "POST" | undefined;
321
+ } & {
322
+ query?: Record<string, any> | undefined;
323
+ } & {
324
+ params?: Record<string, any>;
325
+ } & {
326
+ request?: Request;
327
+ } & {
328
+ headers?: HeadersInit;
329
+ } & {
330
+ asResponse?: boolean;
331
+ returnHeaders?: boolean;
332
+ use?: better_call0.Middleware[];
333
+ path?: string;
334
+ } & {
335
+ asResponse?: AsResponse | undefined;
336
+ returnHeaders?: ReturnHeaders | undefined;
337
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
338
+ headers: Headers;
339
+ response: {
340
+ oidcConfig: OIDCConfig;
341
+ samlConfig: SAMLConfig;
342
+ redirectURI: string;
343
+ issuer: string;
344
+ userId: string;
345
+ providerId: string;
346
+ organizationId?: string;
347
+ };
348
+ } : {
349
+ oidcConfig: OIDCConfig;
350
+ samlConfig: SAMLConfig;
351
+ redirectURI: string;
352
+ issuer: string;
353
+ userId: string;
354
+ providerId: string;
355
+ organizationId?: string;
356
+ }>;
357
+ options: {
358
+ method: "POST";
359
+ body: z.ZodObject<{
360
+ providerId: z.ZodString;
361
+ issuer: z.ZodString;
362
+ domain: z.ZodString;
363
+ oidcConfig: z.ZodOptional<z.ZodObject<{
364
+ clientId: z.ZodString;
365
+ clientSecret: z.ZodString;
366
+ authorizationEndpoint: z.ZodOptional<z.ZodString>;
367
+ tokenEndpoint: z.ZodOptional<z.ZodString>;
368
+ userInfoEndpoint: z.ZodOptional<z.ZodString>;
369
+ tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
370
+ client_secret_post: "client_secret_post";
371
+ client_secret_basic: "client_secret_basic";
372
+ }>>;
373
+ jwksEndpoint: z.ZodOptional<z.ZodString>;
374
+ discoveryEndpoint: z.ZodOptional<z.ZodString>;
375
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
376
+ pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
377
+ mapping: z.ZodOptional<z.ZodObject<{
378
+ id: z.ZodString;
379
+ email: z.ZodString;
380
+ emailVerified: z.ZodOptional<z.ZodString>;
381
+ name: z.ZodString;
382
+ image: z.ZodOptional<z.ZodString>;
383
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
384
+ }, z.core.$strip>>;
385
+ }, z.core.$strip>>;
386
+ samlConfig: z.ZodOptional<z.ZodObject<{
387
+ entryPoint: z.ZodString;
388
+ cert: z.ZodString;
389
+ callbackUrl: z.ZodString;
390
+ audience: z.ZodOptional<z.ZodString>;
391
+ idpMetadata: z.ZodOptional<z.ZodObject<{
392
+ metadata: z.ZodOptional<z.ZodString>;
393
+ entityID: z.ZodOptional<z.ZodString>;
394
+ cert: z.ZodOptional<z.ZodString>;
395
+ privateKey: z.ZodOptional<z.ZodString>;
396
+ privateKeyPass: z.ZodOptional<z.ZodString>;
397
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
398
+ encPrivateKey: z.ZodOptional<z.ZodString>;
399
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
400
+ singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
401
+ Binding: z.ZodString;
402
+ Location: z.ZodString;
403
+ }, z.core.$strip>>>;
404
+ }, z.core.$strip>>;
405
+ spMetadata: z.ZodObject<{
406
+ metadata: z.ZodOptional<z.ZodString>;
407
+ entityID: z.ZodOptional<z.ZodString>;
408
+ binding: z.ZodOptional<z.ZodString>;
409
+ privateKey: z.ZodOptional<z.ZodString>;
410
+ privateKeyPass: z.ZodOptional<z.ZodString>;
411
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
412
+ encPrivateKey: z.ZodOptional<z.ZodString>;
413
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
414
+ }, z.core.$strip>;
415
+ wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
416
+ signatureAlgorithm: z.ZodOptional<z.ZodString>;
417
+ digestAlgorithm: z.ZodOptional<z.ZodString>;
418
+ identifierFormat: z.ZodOptional<z.ZodString>;
419
+ privateKey: z.ZodOptional<z.ZodString>;
420
+ decryptionPvk: z.ZodOptional<z.ZodString>;
421
+ additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
422
+ mapping: z.ZodOptional<z.ZodObject<{
423
+ id: z.ZodString;
424
+ email: z.ZodString;
425
+ emailVerified: z.ZodOptional<z.ZodString>;
426
+ name: z.ZodString;
427
+ firstName: z.ZodOptional<z.ZodString>;
428
+ lastName: z.ZodOptional<z.ZodString>;
429
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
430
+ }, z.core.$strip>>;
431
+ }, z.core.$strip>>;
432
+ organizationId: z.ZodOptional<z.ZodString>;
433
+ overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
434
+ }, z.core.$strip>;
435
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
436
+ session: {
437
+ session: Record<string, any> & {
438
+ id: string;
439
+ createdAt: Date;
440
+ updatedAt: Date;
441
+ userId: string;
442
+ expiresAt: Date;
443
+ token: string;
444
+ ipAddress?: string | null | undefined;
445
+ userAgent?: string | null | undefined;
446
+ };
447
+ user: Record<string, any> & {
448
+ id: string;
449
+ createdAt: Date;
450
+ updatedAt: Date;
451
+ email: string;
452
+ emailVerified: boolean;
453
+ name: string;
454
+ image?: string | null | undefined;
455
+ };
456
+ };
457
+ }>)[];
458
+ metadata: {
459
+ openapi: {
460
+ summary: string;
461
+ description: string;
462
+ responses: {
463
+ "200": {
464
+ description: string;
465
+ content: {
466
+ "application/json": {
467
+ schema: {
468
+ type: "object";
469
+ properties: {
470
+ issuer: {
471
+ type: string;
472
+ format: string;
473
+ description: string;
474
+ };
475
+ domain: {
476
+ type: string;
477
+ description: string;
478
+ };
479
+ oidcConfig: {
480
+ type: string;
481
+ properties: {
482
+ issuer: {
483
+ type: string;
484
+ format: string;
485
+ description: string;
486
+ };
487
+ pkce: {
488
+ type: string;
489
+ description: string;
490
+ };
491
+ clientId: {
492
+ type: string;
493
+ description: string;
494
+ };
495
+ clientSecret: {
496
+ type: string;
497
+ description: string;
498
+ };
499
+ authorizationEndpoint: {
500
+ type: string;
501
+ format: string;
502
+ nullable: boolean;
503
+ description: string;
504
+ };
505
+ discoveryEndpoint: {
506
+ type: string;
507
+ format: string;
508
+ description: string;
509
+ };
510
+ userInfoEndpoint: {
511
+ type: string;
512
+ format: string;
513
+ nullable: boolean;
514
+ description: string;
515
+ };
516
+ scopes: {
517
+ type: string;
518
+ items: {
519
+ type: string;
520
+ };
521
+ nullable: boolean;
522
+ description: string;
523
+ };
524
+ tokenEndpoint: {
525
+ type: string;
526
+ format: string;
527
+ nullable: boolean;
528
+ description: string;
529
+ };
530
+ tokenEndpointAuthentication: {
531
+ type: string;
532
+ enum: string[];
533
+ nullable: boolean;
534
+ description: string;
535
+ };
536
+ jwksEndpoint: {
537
+ type: string;
538
+ format: string;
539
+ nullable: boolean;
540
+ description: string;
541
+ };
542
+ mapping: {
543
+ type: string;
544
+ nullable: boolean;
545
+ properties: {
546
+ id: {
547
+ type: string;
548
+ description: string;
549
+ };
550
+ email: {
551
+ type: string;
552
+ description: string;
553
+ };
554
+ emailVerified: {
555
+ type: string;
556
+ nullable: boolean;
557
+ description: string;
558
+ };
559
+ name: {
560
+ type: string;
561
+ description: string;
562
+ };
563
+ image: {
564
+ type: string;
565
+ nullable: boolean;
566
+ description: string;
567
+ };
568
+ extraFields: {
569
+ type: string;
570
+ additionalProperties: {
571
+ type: string;
572
+ };
573
+ nullable: boolean;
574
+ description: string;
575
+ };
576
+ };
577
+ required: string[];
578
+ };
579
+ };
580
+ required: string[];
581
+ description: string;
582
+ };
583
+ organizationId: {
584
+ type: string;
585
+ nullable: boolean;
586
+ description: string;
587
+ };
588
+ userId: {
589
+ type: string;
590
+ description: string;
591
+ };
592
+ providerId: {
593
+ type: string;
594
+ description: string;
595
+ };
596
+ redirectURI: {
597
+ type: string;
598
+ format: string;
599
+ description: string;
600
+ };
601
+ };
602
+ required: string[];
603
+ };
604
+ };
605
+ };
606
+ };
607
+ };
608
+ };
609
+ };
610
+ } & {
611
+ use: any[];
612
+ };
613
+ path: "/sso/register";
614
+ };
615
+ signInSSO: {
616
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
617
+ body: {
618
+ callbackURL: string;
619
+ email?: string | undefined;
620
+ organizationSlug?: string | undefined;
621
+ providerId?: string | undefined;
622
+ domain?: string | undefined;
623
+ errorCallbackURL?: string | undefined;
624
+ newUserCallbackURL?: string | undefined;
625
+ scopes?: string[] | undefined;
626
+ loginHint?: string | undefined;
627
+ requestSignUp?: boolean | undefined;
628
+ providerType?: "oidc" | "saml" | undefined;
629
+ };
630
+ } & {
631
+ method?: "POST" | undefined;
632
+ } & {
633
+ query?: Record<string, any> | undefined;
634
+ } & {
635
+ params?: Record<string, any>;
636
+ } & {
637
+ request?: Request;
638
+ } & {
639
+ headers?: HeadersInit;
640
+ } & {
641
+ asResponse?: boolean;
642
+ returnHeaders?: boolean;
643
+ use?: better_call0.Middleware[];
644
+ path?: string;
645
+ } & {
646
+ asResponse?: AsResponse | undefined;
647
+ returnHeaders?: ReturnHeaders | undefined;
648
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
649
+ headers: Headers;
650
+ response: {
651
+ url: string;
652
+ redirect: boolean;
653
+ };
654
+ } : {
655
+ url: string;
656
+ redirect: boolean;
657
+ }>;
658
+ options: {
659
+ method: "POST";
660
+ body: z.ZodObject<{
661
+ email: z.ZodOptional<z.ZodString>;
662
+ organizationSlug: z.ZodOptional<z.ZodString>;
663
+ providerId: z.ZodOptional<z.ZodString>;
664
+ domain: z.ZodOptional<z.ZodString>;
665
+ callbackURL: z.ZodString;
666
+ errorCallbackURL: z.ZodOptional<z.ZodString>;
667
+ newUserCallbackURL: z.ZodOptional<z.ZodString>;
668
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
669
+ loginHint: z.ZodOptional<z.ZodString>;
670
+ requestSignUp: z.ZodOptional<z.ZodBoolean>;
671
+ providerType: z.ZodOptional<z.ZodEnum<{
672
+ oidc: "oidc";
673
+ saml: "saml";
674
+ }>>;
675
+ }, z.core.$strip>;
676
+ metadata: {
677
+ openapi: {
678
+ summary: string;
679
+ description: string;
680
+ requestBody: {
681
+ content: {
682
+ "application/json": {
683
+ schema: {
684
+ type: "object";
685
+ properties: {
686
+ email: {
687
+ type: string;
688
+ description: string;
689
+ };
690
+ issuer: {
691
+ type: string;
692
+ description: string;
693
+ };
694
+ providerId: {
695
+ type: string;
696
+ description: string;
697
+ };
698
+ callbackURL: {
699
+ type: string;
700
+ description: string;
701
+ };
702
+ errorCallbackURL: {
703
+ type: string;
704
+ description: string;
705
+ };
706
+ newUserCallbackURL: {
707
+ type: string;
708
+ description: string;
709
+ };
710
+ loginHint: {
711
+ type: string;
712
+ description: string;
713
+ };
714
+ };
715
+ required: string[];
716
+ };
717
+ };
718
+ };
719
+ };
720
+ responses: {
721
+ "200": {
722
+ description: string;
723
+ content: {
724
+ "application/json": {
725
+ schema: {
726
+ type: "object";
727
+ properties: {
728
+ url: {
729
+ type: string;
730
+ format: string;
731
+ description: string;
732
+ };
733
+ redirect: {
734
+ type: string;
735
+ description: string;
736
+ enum: boolean[];
737
+ };
738
+ };
739
+ required: string[];
740
+ };
741
+ };
742
+ };
743
+ };
744
+ };
745
+ };
746
+ };
747
+ } & {
748
+ use: any[];
749
+ };
750
+ path: "/sign-in/sso";
751
+ };
752
+ callbackSSO: {
753
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
754
+ body?: undefined;
755
+ } & {
756
+ method?: "GET" | undefined;
757
+ } & {
758
+ query: {
759
+ state: string;
760
+ code?: string | undefined;
761
+ error?: string | undefined;
762
+ error_description?: string | undefined;
763
+ };
764
+ } & {
765
+ params: {
766
+ providerId: string;
767
+ };
768
+ } & {
769
+ request?: Request;
770
+ } & {
771
+ headers?: HeadersInit;
772
+ } & {
773
+ asResponse?: boolean;
774
+ returnHeaders?: boolean;
775
+ use?: better_call0.Middleware[];
776
+ path?: string;
777
+ } & {
778
+ asResponse?: AsResponse | undefined;
779
+ returnHeaders?: ReturnHeaders | undefined;
780
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
781
+ headers: Headers;
782
+ response: never;
783
+ } : never>;
784
+ options: {
785
+ method: "GET";
786
+ query: z.ZodObject<{
787
+ code: z.ZodOptional<z.ZodString>;
788
+ state: z.ZodString;
789
+ error: z.ZodOptional<z.ZodString>;
790
+ error_description: z.ZodOptional<z.ZodString>;
791
+ }, z.core.$strip>;
792
+ metadata: {
793
+ isAction: boolean;
794
+ openapi: {
795
+ summary: string;
796
+ description: string;
797
+ responses: {
798
+ "302": {
799
+ description: string;
800
+ };
801
+ };
802
+ };
803
+ };
804
+ } & {
805
+ use: any[];
806
+ };
807
+ path: "/sso/callback/:providerId";
808
+ };
809
+ callbackSSOSAML: {
810
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
811
+ body: {
812
+ SAMLResponse: string;
813
+ RelayState?: string | undefined;
814
+ };
815
+ } & {
816
+ method?: "POST" | undefined;
817
+ } & {
818
+ query?: Record<string, any> | undefined;
819
+ } & {
820
+ params: {
821
+ providerId: string;
822
+ };
823
+ } & {
824
+ request?: Request;
825
+ } & {
826
+ headers?: HeadersInit;
827
+ } & {
828
+ asResponse?: boolean;
829
+ returnHeaders?: boolean;
830
+ use?: better_call0.Middleware[];
831
+ path?: string;
832
+ } & {
833
+ asResponse?: AsResponse | undefined;
834
+ returnHeaders?: ReturnHeaders | undefined;
835
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
836
+ headers: Headers;
837
+ response: never;
838
+ } : never>;
839
+ options: {
840
+ method: "POST";
841
+ body: z.ZodObject<{
842
+ SAMLResponse: z.ZodString;
843
+ RelayState: z.ZodOptional<z.ZodString>;
844
+ }, z.core.$strip>;
845
+ metadata: {
846
+ isAction: boolean;
847
+ openapi: {
848
+ summary: string;
849
+ description: string;
850
+ responses: {
851
+ "302": {
852
+ description: string;
853
+ };
854
+ "400": {
855
+ description: string;
856
+ };
857
+ "401": {
858
+ description: string;
859
+ };
860
+ };
861
+ };
862
+ };
863
+ } & {
864
+ use: any[];
865
+ };
866
+ path: "/sso/saml2/callback/:providerId";
867
+ };
868
+ acsEndpoint: {
869
+ <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
870
+ body: {
871
+ SAMLResponse: string;
872
+ RelayState?: string | undefined;
873
+ };
874
+ } & {
875
+ method?: "POST" | undefined;
876
+ } & {
877
+ query?: Record<string, any> | undefined;
878
+ } & {
879
+ params: {
880
+ providerId: string;
881
+ };
882
+ } & {
883
+ request?: Request;
884
+ } & {
885
+ headers?: HeadersInit;
886
+ } & {
887
+ asResponse?: boolean;
888
+ returnHeaders?: boolean;
889
+ use?: better_call0.Middleware[];
890
+ path?: string;
891
+ } & {
892
+ asResponse?: AsResponse | undefined;
893
+ returnHeaders?: ReturnHeaders | undefined;
894
+ }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
895
+ headers: Headers;
896
+ response: never;
897
+ } : never>;
898
+ options: {
899
+ method: "POST";
900
+ params: z.ZodObject<{
901
+ providerId: z.ZodOptional<z.ZodString>;
902
+ }, z.core.$strip>;
903
+ body: z.ZodObject<{
904
+ SAMLResponse: z.ZodString;
905
+ RelayState: z.ZodOptional<z.ZodString>;
906
+ }, z.core.$strip>;
907
+ metadata: {
908
+ isAction: boolean;
909
+ openapi: {
910
+ summary: string;
911
+ description: string;
912
+ responses: {
913
+ "302": {
914
+ description: string;
915
+ };
916
+ };
917
+ };
918
+ };
919
+ } & {
920
+ use: any[];
921
+ };
922
+ path: "/sso/saml2/sp/acs/:providerId";
923
+ };
924
+ };
925
+ schema: {
926
+ ssoProvider: {
927
+ fields: {
928
+ issuer: {
929
+ type: "string";
930
+ required: true;
931
+ };
932
+ oidcConfig: {
933
+ type: "string";
934
+ required: false;
935
+ };
936
+ samlConfig: {
937
+ type: "string";
938
+ required: false;
939
+ };
940
+ userId: {
941
+ type: "string";
942
+ references: {
943
+ model: string;
944
+ field: string;
945
+ };
946
+ };
947
+ providerId: {
948
+ type: "string";
949
+ required: true;
950
+ unique: true;
951
+ };
952
+ organizationId: {
953
+ type: "string";
954
+ required: false;
955
+ };
956
+ domain: {
957
+ type: "string";
958
+ required: true;
959
+ };
960
+ };
961
+ };
962
+ };
963
+ };
964
+ //#endregion
965
+ export { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso };