npm - @better-auth/sso - Versions diffs - 1.4.0-beta.1 → 1.4.0-beta.2 - Mend

@better-auth/sso 1.4.0-beta.1 → 1.4.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -2,6 +2,23 @@ import * as better_call from 'better-call';
 import { User, OAuth2Tokens } from 'better-auth';
 import * as z from 'zod/v4';
+interface OIDCMapping {
+    id?: string;
+    email?: string;
+    emailVerified?: string;
+    name?: string;
+    image?: string;
+    extraFields?: Record<string, string>;
+}
+interface SAMLMapping {
+    id?: string;
+    email?: string;
+    emailVerified?: string;
+    name?: string;
+    firstName?: string;
+    lastName?: string;
+    extraFields?: Record<string, string>;
+}
 interface OIDCConfig {
     issuer: string;
     pkce: boolean;
@@ -15,29 +32,48 @@ interface OIDCConfig {
     tokenEndpoint?: string;
     tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
     jwksEndpoint?: string;
-    mapping?: {
-        id?: string;
-        email?: string;
-        emailVerified?: string;
-        name?: string;
-        image?: string;
-        extraFields?: Record<string, string>;
-    };
+    mapping?: OIDCMapping;
 }
 interface SAMLConfig {
     issuer: string;
     entryPoint: string;
-    signingKey: string;
-    certificate: string;
-    attributeConsumingServiceIndex: number;
-    mapping?: {
-        id?: string;
-        email?: string;
-        name?: string;
-        firstName?: string;
-        lastName?: string;
-        extraFields?: Record<string, string>;
+    cert: string;
+    callbackUrl: string;
+    audience?: string;
+    idpMetadata?: {
+        metadata?: string;
+        entityID?: string;
+        entityURL?: string;
+        redirectURL?: string;
+        cert?: string;
+        privateKey?: string;
+        privateKeyPass?: string;
+        isAssertionEncrypted?: boolean;
+        encPrivateKey?: string;
+        encPrivateKeyPass?: string;
+        singleSignOnService?: Array<{
+            Binding: string;
+            Location: string;
+        }>;
     };
+    spMetadata: {
+        metadata?: string;
+        entityID?: string;
+        binding?: string;
+        privateKey?: string;
+        privateKeyPass?: string;
+        isAssertionEncrypted?: boolean;
+        encPrivateKey?: string;
+        encPrivateKeyPass?: string;
+    };
+    wantAssertionsSigned?: boolean;
+    signatureAlgorithm?: string;
+    digestAlgorithm?: string;
+    identifierFormat?: string;
+    privateKey?: string;
+    decryptionPvk?: string;
+    additionalParams?: Record<string, any>;
+    mapping?: SAMLMapping;
 }
 interface SSOProvider {
     issuer: string;
@@ -94,6 +130,29 @@ interface SSOOptions {
             provider: SSOProvider;
         }) => Promise<"member" | "admin">;
     };
+    /**
+     * Default SSO provider configurations for testing.
+     * These will take the precedence over the database providers.
+     */
+    defaultSSO?: Array<{
+        /**
+         * The domain to match for this default provider.
+         * This is only used to match incoming requests to this default provider.
+         */
+        domain: string;
+        /**
+         * The provider ID to use
+         */
+        providerId: string;
+        /**
+         * SAML configuration
+         */
+        samlConfig?: SAMLConfig;
+        /**
+         * OIDC configuration
+         */
+        oidcConfig?: OIDCConfig;
+    }>;
     /**
      * Override user info with the provider info.
      * @default false
@@ -198,13 +257,22 @@ declare const sso: (options?: SSOOptions) => {
                         discoveryEndpoint?: string | undefined;
                         scopes?: string[] | undefined;
                         pkce?: boolean | undefined;
+                        mapping?: {
+                            id: string;
+                            email: string;
+                            name: string;
+                            emailVerified?: string | undefined;
+                            image?: string | undefined;
+                            extraFields?: Record<string, any> | undefined;
+                        } | undefined;
                     } | undefined;
                     samlConfig?: {
                         entryPoint: string;
                         cert: string;
                         callbackUrl: string;
                         spMetadata: {
-                            metadata: string;
+                            metadata?: string | undefined;
+                            entityID?: string | undefined;
                             binding?: string | undefined;
                             privateKey?: string | undefined;
                             privateKeyPass?: string | undefined;
@@ -214,12 +282,18 @@ declare const sso: (options?: SSOOptions) => {
                         };
                         audience?: string | undefined;
                         idpMetadata?: {
-                            metadata: string;
+                            metadata?: string | undefined;
+                            entityID?: string | undefined;
+                            cert?: string | undefined;
                             privateKey?: string | undefined;
                             privateKeyPass?: string | undefined;
                             isAssertionEncrypted?: boolean | undefined;
                             encPrivateKey?: string | undefined;
                             encPrivateKeyPass?: string | undefined;
+                            singleSignOnService?: {
+                                Binding: string;
+                                Location: string;
+                            }[] | undefined;
                         } | undefined;
                         wantAssertionsSigned?: boolean | undefined;
                         signatureAlgorithm?: string | undefined;
@@ -228,14 +302,15 @@ declare const sso: (options?: SSOOptions) => {
                         privateKey?: string | undefined;
                         decryptionPvk?: string | undefined;
                         additionalParams?: Record<string, any> | undefined;
-                    } | undefined;
-                    mapping?: {
-                        id: string;
-                        email: string;
-                        name: string;
-                        emailVerified?: string | undefined;
-                        image?: string | undefined;
-                        extraFields?: Record<string, any> | undefined;
+                        mapping?: {
+                            id: string;
+                            email: string;
+                            name: string;
+                            emailVerified?: string | undefined;
+                            firstName?: string | undefined;
+                            lastName?: string | undefined;
+                            extraFields?: Record<string, any> | undefined;
+                        } | undefined;
                     } | undefined;
                     organizationId?: string | undefined;
                     overrideUserInfo?: boolean | undefined;
@@ -298,6 +373,14 @@ declare const sso: (options?: SSOOptions) => {
                         discoveryEndpoint: z.ZodOptional<z.ZodString>;
                         scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
                         pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
+                        mapping: z.ZodOptional<z.ZodObject<{
+                            id: z.ZodString;
+                            email: z.ZodString;
+                            emailVerified: z.ZodOptional<z.ZodString>;
+                            name: z.ZodString;
+                            image: z.ZodOptional<z.ZodString>;
+                            extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+                        }, z.core.$strip>>;
                     }, z.core.$strip>>;
                     samlConfig: z.ZodOptional<z.ZodObject<{
                         entryPoint: z.ZodString;
@@ -305,15 +388,22 @@ declare const sso: (options?: SSOOptions) => {
                         callbackUrl: z.ZodString;
                         audience: z.ZodOptional<z.ZodString>;
                         idpMetadata: z.ZodOptional<z.ZodObject<{
-                            metadata: z.ZodString;
+                            metadata: z.ZodOptional<z.ZodString>;
+                            entityID: z.ZodOptional<z.ZodString>;
+                            cert: z.ZodOptional<z.ZodString>;
                             privateKey: z.ZodOptional<z.ZodString>;
                             privateKeyPass: z.ZodOptional<z.ZodString>;
                             isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
                             encPrivateKey: z.ZodOptional<z.ZodString>;
                             encPrivateKeyPass: z.ZodOptional<z.ZodString>;
+                            singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                                Binding: z.ZodString;
+                                Location: z.ZodString;
+                            }, z.core.$strip>>>;
                         }, z.core.$strip>>;
                         spMetadata: z.ZodObject<{
-                            metadata: z.ZodString;
+                            metadata: z.ZodOptional<z.ZodString>;
+                            entityID: z.ZodOptional<z.ZodString>;
                             binding: z.ZodOptional<z.ZodString>;
                             privateKey: z.ZodOptional<z.ZodString>;
                             privateKeyPass: z.ZodOptional<z.ZodString>;
@@ -328,14 +418,15 @@ declare const sso: (options?: SSOOptions) => {
                         privateKey: z.ZodOptional<z.ZodString>;
                         decryptionPvk: z.ZodOptional<z.ZodString>;
                         additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
-                    }, z.core.$strip>>;
-                    mapping: z.ZodOptional<z.ZodObject<{
-                        id: z.ZodString;
-                        email: z.ZodString;
-                        emailVerified: z.ZodOptional<z.ZodString>;
-                        name: z.ZodString;
-                        image: z.ZodOptional<z.ZodString>;
-                        extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+                        mapping: z.ZodOptional<z.ZodObject<{
+                            id: z.ZodString;
+                            email: z.ZodString;
+                            emailVerified: z.ZodOptional<z.ZodString>;
+                            name: z.ZodString;
+                            firstName: z.ZodOptional<z.ZodString>;
+                            lastName: z.ZodOptional<z.ZodString>;
+                            extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+                        }, z.core.$strip>>;
                     }, z.core.$strip>>;
                     organizationId: z.ZodOptional<z.ZodString>;
                     overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
@@ -767,6 +858,62 @@ declare const sso: (options?: SSOOptions) => {
             };
             path: "/sso/saml2/callback/:providerId";
         };
+        acsEndpoint: {
+            <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
+                body: {
+                    SAMLResponse: string;
+                    RelayState?: string | undefined;
+                };
+            } & {
+                method?: "POST" | undefined;
+            } & {
+                query?: Record<string, any> | undefined;
+            } & {
+                params: {
+                    providerId: string;
+                };
+            } & {
+                request?: Request;
+            } & {
+                headers?: HeadersInit;
+            } & {
+                asResponse?: boolean;
+                returnHeaders?: boolean;
+                use?: better_call.Middleware[];
+                path?: string;
+            } & {
+                asResponse?: AsResponse | undefined;
+                returnHeaders?: ReturnHeaders | undefined;
+            }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
+                headers: Headers;
+                response: never;
+            } : never>;
+            options: {
+                method: "POST";
+                params: z.ZodObject<{
+                    providerId: z.ZodOptional<z.ZodString>;
+                }, z.core.$strip>;
+                body: z.ZodObject<{
+                    SAMLResponse: z.ZodString;
+                    RelayState: z.ZodOptional<z.ZodString>;
+                }, z.core.$strip>;
+                metadata: {
+                    isAction: boolean;
+                    openapi: {
+                        summary: string;
+                        description: string;
+                        responses: {
+                            "302": {
+                                description: string;
+                            };
+                        };
+                    };
+                };
+            } & {
+                use: any[];
+            };
+            path: "/sso/saml2/sp/acs/:providerId";
+        };
     };
     schema: {
         ssoProvider: {
@@ -809,4 +956,4 @@ declare const sso: (options?: SSOOptions) => {
 };
 export { sso };
-export type { OIDCConfig, SAMLConfig, SSOOptions, SSOProvider };
+export type { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider };

package/dist/index.d.mts CHANGED Viewed

@@ -2,6 +2,23 @@ import * as better_call from 'better-call';
 import { User, OAuth2Tokens } from 'better-auth';
 import * as z from 'zod/v4';
+interface OIDCMapping {
+    id?: string;
+    email?: string;
+    emailVerified?: string;
+    name?: string;
+    image?: string;
+    extraFields?: Record<string, string>;
+}
+interface SAMLMapping {
+    id?: string;
+    email?: string;
+    emailVerified?: string;
+    name?: string;
+    firstName?: string;
+    lastName?: string;
+    extraFields?: Record<string, string>;
+}
 interface OIDCConfig {
     issuer: string;
     pkce: boolean;
@@ -15,29 +32,48 @@ interface OIDCConfig {
     tokenEndpoint?: string;
     tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
     jwksEndpoint?: string;
-    mapping?: {
-        id?: string;
-        email?: string;
-        emailVerified?: string;
-        name?: string;
-        image?: string;
-        extraFields?: Record<string, string>;
-    };
+    mapping?: OIDCMapping;
 }
 interface SAMLConfig {
     issuer: string;
     entryPoint: string;
-    signingKey: string;
-    certificate: string;
-    attributeConsumingServiceIndex: number;
-    mapping?: {
-        id?: string;
-        email?: string;
-        name?: string;
-        firstName?: string;
-        lastName?: string;
-        extraFields?: Record<string, string>;
+    cert: string;
+    callbackUrl: string;
+    audience?: string;
+    idpMetadata?: {
+        metadata?: string;
+        entityID?: string;
+        entityURL?: string;
+        redirectURL?: string;
+        cert?: string;
+        privateKey?: string;
+        privateKeyPass?: string;
+        isAssertionEncrypted?: boolean;
+        encPrivateKey?: string;
+        encPrivateKeyPass?: string;
+        singleSignOnService?: Array<{
+            Binding: string;
+            Location: string;
+        }>;
     };
+    spMetadata: {
+        metadata?: string;
+        entityID?: string;
+        binding?: string;
+        privateKey?: string;
+        privateKeyPass?: string;
+        isAssertionEncrypted?: boolean;
+        encPrivateKey?: string;
+        encPrivateKeyPass?: string;
+    };
+    wantAssertionsSigned?: boolean;
+    signatureAlgorithm?: string;
+    digestAlgorithm?: string;
+    identifierFormat?: string;
+    privateKey?: string;
+    decryptionPvk?: string;
+    additionalParams?: Record<string, any>;
+    mapping?: SAMLMapping;
 }
 interface SSOProvider {
     issuer: string;
@@ -94,6 +130,29 @@ interface SSOOptions {
             provider: SSOProvider;
         }) => Promise<"member" | "admin">;
     };
+    /**
+     * Default SSO provider configurations for testing.
+     * These will take the precedence over the database providers.
+     */
+    defaultSSO?: Array<{
+        /**
+         * The domain to match for this default provider.
+         * This is only used to match incoming requests to this default provider.
+         */
+        domain: string;
+        /**
+         * The provider ID to use
+         */
+        providerId: string;
+        /**
+         * SAML configuration
+         */
+        samlConfig?: SAMLConfig;
+        /**
+         * OIDC configuration
+         */
+        oidcConfig?: OIDCConfig;
+    }>;
     /**
      * Override user info with the provider info.
      * @default false
@@ -198,13 +257,22 @@ declare const sso: (options?: SSOOptions) => {
                         discoveryEndpoint?: string | undefined;
                         scopes?: string[] | undefined;
                         pkce?: boolean | undefined;
+                        mapping?: {
+                            id: string;
+                            email: string;
+                            name: string;
+                            emailVerified?: string | undefined;
+                            image?: string | undefined;
+                            extraFields?: Record<string, any> | undefined;
+                        } | undefined;
                     } | undefined;
                     samlConfig?: {
                         entryPoint: string;
                         cert: string;
                         callbackUrl: string;
                         spMetadata: {
-                            metadata: string;
+                            metadata?: string | undefined;
+                            entityID?: string | undefined;
                             binding?: string | undefined;
                             privateKey?: string | undefined;
                             privateKeyPass?: string | undefined;
@@ -214,12 +282,18 @@ declare const sso: (options?: SSOOptions) => {
                         };
                         audience?: string | undefined;
                         idpMetadata?: {
-                            metadata: string;
+                            metadata?: string | undefined;
+                            entityID?: string | undefined;
+                            cert?: string | undefined;
                             privateKey?: string | undefined;
                             privateKeyPass?: string | undefined;
                             isAssertionEncrypted?: boolean | undefined;
                             encPrivateKey?: string | undefined;
                             encPrivateKeyPass?: string | undefined;
+                            singleSignOnService?: {
+                                Binding: string;
+                                Location: string;
+                            }[] | undefined;
                         } | undefined;
                         wantAssertionsSigned?: boolean | undefined;
                         signatureAlgorithm?: string | undefined;
@@ -228,14 +302,15 @@ declare const sso: (options?: SSOOptions) => {
                         privateKey?: string | undefined;
                         decryptionPvk?: string | undefined;
                         additionalParams?: Record<string, any> | undefined;
-                    } | undefined;
-                    mapping?: {
-                        id: string;
-                        email: string;
-                        name: string;
-                        emailVerified?: string | undefined;
-                        image?: string | undefined;
-                        extraFields?: Record<string, any> | undefined;
+                        mapping?: {
+                            id: string;
+                            email: string;
+                            name: string;
+                            emailVerified?: string | undefined;
+                            firstName?: string | undefined;
+                            lastName?: string | undefined;
+                            extraFields?: Record<string, any> | undefined;
+                        } | undefined;
                     } | undefined;
                     organizationId?: string | undefined;
                     overrideUserInfo?: boolean | undefined;
@@ -298,6 +373,14 @@ declare const sso: (options?: SSOOptions) => {
                         discoveryEndpoint: z.ZodOptional<z.ZodString>;
                         scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
                         pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
+                        mapping: z.ZodOptional<z.ZodObject<{
+                            id: z.ZodString;
+                            email: z.ZodString;
+                            emailVerified: z.ZodOptional<z.ZodString>;
+                            name: z.ZodString;
+                            image: z.ZodOptional<z.ZodString>;
+                            extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+                        }, z.core.$strip>>;
                     }, z.core.$strip>>;
                     samlConfig: z.ZodOptional<z.ZodObject<{
                         entryPoint: z.ZodString;
@@ -305,15 +388,22 @@ declare const sso: (options?: SSOOptions) => {
                         callbackUrl: z.ZodString;
                         audience: z.ZodOptional<z.ZodString>;
                         idpMetadata: z.ZodOptional<z.ZodObject<{
-                            metadata: z.ZodString;
+                            metadata: z.ZodOptional<z.ZodString>;
+                            entityID: z.ZodOptional<z.ZodString>;
+                            cert: z.ZodOptional<z.ZodString>;
                             privateKey: z.ZodOptional<z.ZodString>;
                             privateKeyPass: z.ZodOptional<z.ZodString>;
                             isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
                             encPrivateKey: z.ZodOptional<z.ZodString>;
                             encPrivateKeyPass: z.ZodOptional<z.ZodString>;
+                            singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                                Binding: z.ZodString;
+                                Location: z.ZodString;
+                            }, z.core.$strip>>>;
                         }, z.core.$strip>>;
                         spMetadata: z.ZodObject<{
-                            metadata: z.ZodString;
+                            metadata: z.ZodOptional<z.ZodString>;
+                            entityID: z.ZodOptional<z.ZodString>;
                             binding: z.ZodOptional<z.ZodString>;
                             privateKey: z.ZodOptional<z.ZodString>;
                             privateKeyPass: z.ZodOptional<z.ZodString>;
@@ -328,14 +418,15 @@ declare const sso: (options?: SSOOptions) => {
                         privateKey: z.ZodOptional<z.ZodString>;
                         decryptionPvk: z.ZodOptional<z.ZodString>;
                         additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
-                    }, z.core.$strip>>;
-                    mapping: z.ZodOptional<z.ZodObject<{
-                        id: z.ZodString;
-                        email: z.ZodString;
-                        emailVerified: z.ZodOptional<z.ZodString>;
-                        name: z.ZodString;
-                        image: z.ZodOptional<z.ZodString>;
-                        extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+                        mapping: z.ZodOptional<z.ZodObject<{
+                            id: z.ZodString;
+                            email: z.ZodString;
+                            emailVerified: z.ZodOptional<z.ZodString>;
+                            name: z.ZodString;
+                            firstName: z.ZodOptional<z.ZodString>;
+                            lastName: z.ZodOptional<z.ZodString>;
+                            extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+                        }, z.core.$strip>>;
                     }, z.core.$strip>>;
                     organizationId: z.ZodOptional<z.ZodString>;
                     overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
@@ -767,6 +858,62 @@ declare const sso: (options?: SSOOptions) => {
             };
             path: "/sso/saml2/callback/:providerId";
         };
+        acsEndpoint: {
+            <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
+                body: {
+                    SAMLResponse: string;
+                    RelayState?: string | undefined;
+                };
+            } & {
+                method?: "POST" | undefined;
+            } & {
+                query?: Record<string, any> | undefined;
+            } & {
+                params: {
+                    providerId: string;
+                };
+            } & {
+                request?: Request;
+            } & {
+                headers?: HeadersInit;
+            } & {
+                asResponse?: boolean;
+                returnHeaders?: boolean;
+                use?: better_call.Middleware[];
+                path?: string;
+            } & {
+                asResponse?: AsResponse | undefined;
+                returnHeaders?: ReturnHeaders | undefined;
+            }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
+                headers: Headers;
+                response: never;
+            } : never>;
+            options: {
+                method: "POST";
+                params: z.ZodObject<{
+                    providerId: z.ZodOptional<z.ZodString>;
+                }, z.core.$strip>;
+                body: z.ZodObject<{
+                    SAMLResponse: z.ZodString;
+                    RelayState: z.ZodOptional<z.ZodString>;
+                }, z.core.$strip>;
+                metadata: {
+                    isAction: boolean;
+                    openapi: {
+                        summary: string;
+                        description: string;
+                        responses: {
+                            "302": {
+                                description: string;
+                            };
+                        };
+                    };
+                };
+            } & {
+                use: any[];
+            };
+            path: "/sso/saml2/sp/acs/:providerId";
+        };
     };
     schema: {
         ssoProvider: {
@@ -809,4 +956,4 @@ declare const sso: (options?: SSOOptions) => {
 };
 export { sso };
-export type { OIDCConfig, SAMLConfig, SSOOptions, SSOProvider };
+export type { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider };