@better-auth/sso 1.4.0-beta.10 → 1.4.0-beta.11

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @better-auth/sso@1.4.0-beta.10 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.0-beta.11 build /home/runner/work/better-auth/better-auth/packages/sso
 > tsdown
 
 ℹ tsdown v0.15.6 powered by rolldown v1.0.0-beta.43
@@ -9,17 +9,17 @@
 ℹ Build start
 ℹ [CJS] dist/client.cjs         0.19 kB │ gzip: 0.17 kB
 ℹ [CJS] dist/index.cjs          0.08 kB │ gzip: 0.08 kB
-ℹ [CJS] dist/src-DLLHZrD9.cjs  51.93 kB │ gzip: 9.06 kB
-ℹ [CJS] 3 files, total: 52.20 kB
+ℹ [CJS] dist/src-BYOa9Nr6.cjs  52.34 kB │ gzip: 9.21 kB
+ℹ [CJS] 3 files, total: 52.61 kB
 ℹ [ESM] dist/client.js             0.18 kB │ gzip: 0.16 kB
 ℹ [ESM] dist/index.js              0.06 kB │ gzip: 0.07 kB
-ℹ [ESM] dist/src-DrA9mJEu.js      49.17 kB │ gzip: 8.42 kB
+ℹ [ESM] dist/src-Z1RpfPZt.js      49.58 kB │ gzip: 8.54 kB
 ℹ [ESM] dist/index.d.ts            0.21 kB │ gzip: 0.12 kB
 ℹ [ESM] dist/client.d.ts           0.21 kB │ gzip: 0.18 kB
-ℹ [ESM] dist/index-Drgwy6ZL.d.ts  30.79 kB │ gzip: 3.70 kB
-ℹ [ESM] 6 files, total: 80.61 kB
+ℹ [ESM] dist/index-Dtx0Mkqc.d.ts  31.02 kB │ gzip: 3.72 kB
+ℹ [ESM] 6 files, total: 81.25 kB
 ℹ [CJS] dist/index.d.cts            0.21 kB │ gzip: 0.12 kB
 ℹ [CJS] dist/client.d.cts           0.21 kB │ gzip: 0.18 kB
-ℹ [CJS] dist/index-D0i1jHBp.d.cts  30.79 kB │ gzip: 3.70 kB
-ℹ [CJS] 3 files, total: 31.20 kB
-✔ Build complete in 5583ms
+ℹ [CJS] dist/index-Cl11-WdU.d.cts  31.02 kB │ gzip: 3.72 kB
+ℹ [CJS] 3 files, total: 31.44 kB
+✔ Build complete in 5245ms

package/dist/client.cjs

@@ -1,4 +1,4 @@
-require('./src-DLLHZrD9.cjs');
+require('./src-BYOa9Nr6.cjs');
 
 //#region src/client.ts
 const ssoClient = () => {

package/dist/client.d.cts

@@ -1,4 +1,4 @@
-import { sso } from "./index-D0i1jHBp.cjs";
+import { sso } from "./index-Cl11-WdU.cjs";
 
 //#region src/client.d.ts
 declare const ssoClient: () => {

package/dist/client.d.ts

@@ -1,4 +1,4 @@
-import { sso } from "./index-Drgwy6ZL.js";
+import { sso } from "./index-Dtx0Mkqc.js";
 
 //#region src/client.d.ts
 declare const ssoClient: () => {

package/dist/client.js

@@ -1,4 +1,4 @@
-import "./src-DrA9mJEu.js";
+import "./src-Z1RpfPZt.js";
 
 //#region src/client.ts
 const ssoClient = () => {

package/dist/{index-D0i1jHBp.d.cts → index-Cl11-WdU.d.cts}

@@ -623,6 +623,7 @@ declare const sso: (options?: SSOOptions) => {
           errorCallbackURL?: string | undefined;
           newUserCallbackURL?: string | undefined;
           scopes?: string[] | undefined;
+          loginHint?: string | undefined;
           requestSignUp?: boolean | undefined;
           providerType?: "oidc" | "saml" | undefined;
         };
@@ -665,6 +666,7 @@ declare const sso: (options?: SSOOptions) => {
           errorCallbackURL: z.ZodOptional<z.ZodString>;
           newUserCallbackURL: z.ZodOptional<z.ZodString>;
           scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+          loginHint: z.ZodOptional<z.ZodString>;
           requestSignUp: z.ZodOptional<z.ZodBoolean>;
           providerType: z.ZodOptional<z.ZodEnum<{
             oidc: "oidc";
@@ -705,6 +707,10 @@ declare const sso: (options?: SSOOptions) => {
                         type: string;
                         description: string;
                       };
+                      loginHint: {
+                        type: string;
+                        description: string;
+                      };
                     };
                     required: string[];
                   };

package/dist/{index-Drgwy6ZL.d.ts → index-Dtx0Mkqc.d.ts}

@@ -623,6 +623,7 @@ declare const sso: (options?: SSOOptions) => {
           errorCallbackURL?: string | undefined;
           newUserCallbackURL?: string | undefined;
           scopes?: string[] | undefined;
+          loginHint?: string | undefined;
           requestSignUp?: boolean | undefined;
           providerType?: "oidc" | "saml" | undefined;
         };
@@ -665,6 +666,7 @@ declare const sso: (options?: SSOOptions) => {
           errorCallbackURL: z.ZodOptional<z.ZodString>;
           newUserCallbackURL: z.ZodOptional<z.ZodString>;
           scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+          loginHint: z.ZodOptional<z.ZodString>;
           requestSignUp: z.ZodOptional<z.ZodBoolean>;
           providerType: z.ZodOptional<z.ZodEnum<{
             oidc: "oidc";
@@ -705,6 +707,10 @@ declare const sso: (options?: SSOOptions) => {
                         type: string;
                         description: string;
                       };
+                      loginHint: {
+                        type: string;
+                        description: string;
+                      };
                     };
                     required: string[];
                   };

package/dist/index.cjs

@@ -1,3 +1,3 @@
-const require_src = require('./src-DLLHZrD9.cjs');
+const require_src = require('./src-BYOa9Nr6.cjs');
 
 exports.sso = require_src.sso;

package/dist/index.d.cts

@@ -1,2 +1,2 @@
-import { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso } from "./index-D0i1jHBp.cjs";
+import { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso } from "./index-Cl11-WdU.cjs";
 export { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso };

package/dist/index.d.ts

@@ -1,2 +1,2 @@
-import { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso } from "./index-Drgwy6ZL.js";
+import { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso } from "./index-Dtx0Mkqc.js";
 export { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso };

package/dist/index.js

@@ -1,3 +1,3 @@
-import { sso } from "./src-DrA9mJEu.js";
+import { sso } from "./src-Z1RpfPZt.js";
 
 export { sso };

package/dist/{src-DLLHZrD9.cjs → src-BYOa9Nr6.cjs}

@@ -428,6 +428,7 @@ const sso = (options) => {
 					errorCallbackURL: zod_v4.string({}).meta({ description: "The URL to redirect to after login" }).optional(),
 					newUserCallbackURL: zod_v4.string({}).meta({ description: "The URL to redirect to after login if the user is new" }).optional(),
 					scopes: zod_v4.array(zod_v4.string(), {}).meta({ description: "Scopes to request from the provider." }).optional(),
+					loginHint: zod_v4.string({}).meta({ description: "Login hint to send to the identity provider (e.g., email or identifier). If supported, will be sent as 'login_hint'." }).optional(),
 					requestSignUp: zod_v4.boolean({}).meta({ description: "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider" }).optional(),
 					providerType: zod_v4.enum(["oidc", "saml"]).optional()
 				}),
@@ -460,6 +461,10 @@ const sso = (options) => {
 							newUserCallbackURL: {
 								type: "string",
 								description: "The URL to redirect to after login if the user is new"
+							},
+							loginHint: {
+								type: "string",
+								description: "Login hint to send to the identity provider (e.g., email or identifier). If supported, sent as 'login_hint'."
 							}
 						},
 						required: ["callbackURL"]
@@ -549,6 +554,7 @@ const sso = (options) => {
 							"profile",
 							"offline_access"
 						],
+						loginHint: ctx.body.loginHint || email,
 						authorizationEndpoint: provider.oidcConfig.authorizationEndpoint
 					});
 					return ctx.json({
@@ -972,7 +978,7 @@ const sso = (options) => {
 					}
 				}
 				await (0, better_auth_cookies.setSessionCookie)(ctx, {
-					session: await ctx.context.internalAdapter.createSession(user.id, ctx),
+					session: await ctx.context.internalAdapter.createSession(user.id),
 					user
 				});
 				const callbackUrl = RelayState || parsedSamlConfig.callbackUrl || ctx.context.baseURL;
@@ -1197,7 +1203,7 @@ const sso = (options) => {
 					}
 				}
 				await (0, better_auth_cookies.setSessionCookie)(ctx, {
-					session: await ctx.context.internalAdapter.createSession(user.id, ctx),
+					session: await ctx.context.internalAdapter.createSession(user.id),
 					user
 				});
 				const callbackUrl = RelayState || parsedSamlConfig.callbackUrl || ctx.context.baseURL;

package/dist/{src-DrA9mJEu.js → src-Z1RpfPZt.js}

@@ -395,6 +395,7 @@ const sso = (options) => {
 					errorCallbackURL: z.string({}).meta({ description: "The URL to redirect to after login" }).optional(),
 					newUserCallbackURL: z.string({}).meta({ description: "The URL to redirect to after login if the user is new" }).optional(),
 					scopes: z.array(z.string(), {}).meta({ description: "Scopes to request from the provider." }).optional(),
+					loginHint: z.string({}).meta({ description: "Login hint to send to the identity provider (e.g., email or identifier). If supported, will be sent as 'login_hint'." }).optional(),
 					requestSignUp: z.boolean({}).meta({ description: "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider" }).optional(),
 					providerType: z.enum(["oidc", "saml"]).optional()
 				}),
@@ -427,6 +428,10 @@ const sso = (options) => {
 							newUserCallbackURL: {
 								type: "string",
 								description: "The URL to redirect to after login if the user is new"
+							},
+							loginHint: {
+								type: "string",
+								description: "Login hint to send to the identity provider (e.g., email or identifier). If supported, sent as 'login_hint'."
 							}
 						},
 						required: ["callbackURL"]
@@ -516,6 +521,7 @@ const sso = (options) => {
 							"profile",
 							"offline_access"
 						],
+						loginHint: ctx.body.loginHint || email,
 						authorizationEndpoint: provider.oidcConfig.authorizationEndpoint
 					});
 					return ctx.json({
@@ -939,7 +945,7 @@ const sso = (options) => {
 					}
 				}
 				await setSessionCookie(ctx, {
-					session: await ctx.context.internalAdapter.createSession(user.id, ctx),
+					session: await ctx.context.internalAdapter.createSession(user.id),
 					user
 				});
 				const callbackUrl = RelayState || parsedSamlConfig.callbackUrl || ctx.context.baseURL;
@@ -1164,7 +1170,7 @@ const sso = (options) => {
 					}
 				}
 				await setSessionCookie(ctx, {
-					session: await ctx.context.internalAdapter.createSession(user.id, ctx),
+					session: await ctx.context.internalAdapter.createSession(user.id),
 					user
 				});
 				const callbackUrl = RelayState || parsedSamlConfig.callbackUrl || ctx.context.baseURL;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@better-auth/sso",
   "author": "Bereket Engida",
-  "version": "1.4.0-beta.10",
+  "version": "1.4.0-beta.11",
   "type": "module",
   "main": "dist/index.js",
   "license": "MIT",
@@ -59,10 +59,10 @@
     "body-parser": "^2.2.0",
     "express": "^5.1.0",
     "tsdown": "^0.15.6",
-    "better-auth": "^1.4.0-beta.10"
+    "better-auth": "^1.4.0-beta.11"
   },
   "peerDependencies": {
-    "better-auth": "1.4.0-beta.10"
+    "better-auth": "1.4.0-beta.11"
   },
   "scripts": {
     "test": "vitest",

package/src/index.ts

@@ -922,6 +922,13 @@ export const sso = (options?: SSOOptions) => {
 								description: "Scopes to request from the provider.",
 							})
 							.optional(),
+						loginHint: z
+							.string({})
+							.meta({
+								description:
+									"Login hint to send to the identity provider (e.g., email or identifier). If supported, will be sent as 'login_hint'.",
+							})
+							.optional(),
 						requestSignUp: z
 							.boolean({})
 							.meta({
@@ -970,6 +977,11 @@ export const sso = (options?: SSOOptions) => {
 													description:
 														"The URL to redirect to after login if the user is new",
 												},
+												loginHint: {
+													type: "string",
+													description:
+														"Login hint to send to the identity provider (e.g., email or identifier). If supported, sent as 'login_hint'.",
+												},
 											},
 											required: ["callbackURL"],
 										},
@@ -1146,6 +1158,7 @@ export const sso = (options?: SSOOptions) => {
 									"profile",
 									"offline_access",
 								],
+							loginHint: ctx.body.loginHint || email,
 							authorizationEndpoint: provider.oidcConfig.authorizationEndpoint!,
 						});
 						return ctx.json({
@@ -1865,7 +1878,7 @@ export const sso = (options?: SSOOptions) => {
 
 					// Create session and set cookie
 					let session: Session =
-						await ctx.context.internalAdapter.createSession(user.id, ctx);
+						await ctx.context.internalAdapter.createSession(user.id);
 					await setSessionCookie(ctx, { session, user });
 
 					// Redirect to callback URL
@@ -2224,7 +2237,7 @@ export const sso = (options?: SSOOptions) => {
 					}
 
 					let session: Session =
-						await ctx.context.internalAdapter.createSession(user.id, ctx);
+						await ctx.context.internalAdapter.createSession(user.id);
 					await setSessionCookie(ctx, { session, user });
 
 					const callbackUrl =

package/src/oidc.test.ts

@@ -208,6 +208,7 @@ describe("SSO", async () => {
 		expect(res.url).toContain(
 			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Ftest",
 		);
+		expect(res.url).toContain("login_hint=my-email%40localhost.com");
 		const { callbackURL } = await simulateOAuthFlow(res.url, headers);
 		expect(callbackURL).toContain("/dashboard");
 	});
@@ -235,6 +236,7 @@ describe("SSO", async () => {
 		const headers = new Headers();
 		const res = await authClient.signIn.sso({
 			providerId: "test",
+			loginHint: "user@example.com",
 			callbackURL: "/dashboard",
 			fetchOptions: {
 				throw: true,
@@ -245,6 +247,7 @@ describe("SSO", async () => {
 		expect(res.url).toContain(
 			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Ftest",
 		);
+		expect(res.url).toContain("login_hint=user%40example.com");
 
 		const { callbackURL } = await simulateOAuthFlow(res.url, headers);
 		expect(callbackURL).toContain("/dashboard");