npm - @better-auth/sso - Versions diffs - 1.4.0-beta.13 → 1.4.0-beta.15 - Mend

@better-auth/sso 1.4.0-beta.13 → 1.4.0-beta.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/.turbo/turbo-build.log +10 -10
package/dist/client.cjs +1 -1
package/dist/client.d.cts +1 -1
package/dist/client.d.ts +1 -1
package/dist/client.js +1 -1
package/dist/{index-CL9gq2xe.d.ts → index-CdeDxbNh.d.ts} +52 -52
package/dist/{index-N2GvRGik.d.cts → index-DJAIa5j3.d.cts} +52 -52
package/dist/index.cjs +1 -1
package/dist/index.d.cts +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +1 -1
package/dist/{src-KQzfNIm4.js → src-BEPbgggK.js} +5 -5
package/dist/{src-BYOa9Nr6.cjs → src-BsLnNXTo.cjs} +10 -10
package/package.json +11 -5
package/src/index.ts +140 -129
package/src/oidc.test.ts +5 -5
package/src/saml.test.ts +17 -17

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,25 +1,25 @@
-> @better-auth/sso@1.4.0-beta.13 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.0-beta.15 build /home/runner/work/better-auth/better-auth/packages/sso
 > tsdown
-[34mℹ[39m tsdown [2mv0.15.9[22m powered by rolldown [2mv1.0.0-beta.44[22m
+[34mℹ[39m tsdown [2mv0.15.11[22m powered by rolldown [2mv1.0.0-beta.45[22m
 [34mℹ[39m Using tsdown config: [4m/home/runner/work/better-auth/better-auth/packages/sso/tsdown.config.ts[24m
 [34mℹ[39m entry: [34msrc/client.ts, src/index.ts[39m
 [34mℹ[39m tsconfig: [34mtsconfig.json[39m
 [34mℹ[39m Build start
-[34mℹ[39m [33m[CJS][39m [2mdist/[22m[1mclient.cjs[22m        [2m 0.19 kB[22m [2m│ gzip: 0.17 kB[22m
+[34mℹ[39m [33m[CJS][39m [2mdist/[22m[1mclient.cjs[22m        [2m 0.19 kB[22m [2m│ gzip: 0.16 kB[22m
 [34mℹ[39m [33m[CJS][39m [2mdist/[22m[1mindex.cjs[22m         [2m 0.08 kB[22m [2m│ gzip: 0.08 kB[22m
-[34mℹ[39m [33m[CJS][39m [2mdist/[22msrc-BYOa9Nr6.cjs  [2m52.34 kB[22m [2m│ gzip: 9.21 kB[22m
+[34mℹ[39m [33m[CJS][39m [2mdist/[22msrc-BsLnNXTo.cjs  [2m52.34 kB[22m [2m│ gzip: 9.21 kB[22m
 [34mℹ[39m [33m[CJS][39m 3 files, total: 52.61 kB
 [34mℹ[39m [34m[ESM][39m [2mdist/[22m[1mclient.js[22m            [2m 0.18 kB[22m [2m│ gzip: 0.16 kB[22m
 [34mℹ[39m [34m[ESM][39m [2mdist/[22m[1mindex.js[22m             [2m 0.06 kB[22m [2m│ gzip: 0.07 kB[22m
-[34mℹ[39m [34m[ESM][39m [2mdist/[22msrc-KQzfNIm4.js      [2m49.59 kB[22m [2m│ gzip: 8.54 kB[22m
+[34mℹ[39m [34m[ESM][39m [2mdist/[22msrc-BEPbgggK.js      [2m49.59 kB[22m [2m│ gzip: 8.54 kB[22m
 [34mℹ[39m [34m[ESM][39m [2mdist/[22m[32m[1mindex.d.ts[22m[39m           [2m 0.24 kB[22m [2m│ gzip: 0.16 kB[22m
 [34mℹ[39m [34m[ESM][39m [2mdist/[22m[32m[1mclient.d.ts[22m[39m          [2m 0.21 kB[22m [2m│ gzip: 0.18 kB[22m
-[34mℹ[39m [34m[ESM][39m [2mdist/[22m[32mindex-CL9gq2xe.d.ts[39m  [2m21.42 kB[22m [2m│ gzip: 3.10 kB[22m
-[34mℹ[39m [34m[ESM][39m 6 files, total: 71.70 kB
+[34mℹ[39m [34m[ESM][39m [2mdist/[22m[32mindex-CdeDxbNh.d.ts[39m  [2m22.04 kB[22m [2m│ gzip: 3.15 kB[22m
+[34mℹ[39m [34m[ESM][39m 6 files, total: 72.32 kB
 [34mℹ[39m [33m[CJS][39m [2mdist/[22m[32m[1mindex.d.cts[22m[39m           [2m 0.24 kB[22m [2m│ gzip: 0.16 kB[22m
 [34mℹ[39m [33m[CJS][39m [2mdist/[22m[32m[1mclient.d.cts[22m[39m          [2m 0.21 kB[22m [2m│ gzip: 0.18 kB[22m
-[34mℹ[39m [33m[CJS][39m [2mdist/[22m[32mindex-N2GvRGik.d.cts[39m  [2m21.42 kB[22m [2m│ gzip: 3.10 kB[22m
-[34mℹ[39m [33m[CJS][39m 3 files, total: 21.88 kB
-[32m✔[39m Build complete in [32m8810ms[39m
+[34mℹ[39m [33m[CJS][39m [2mdist/[22m[32mindex-DJAIa5j3.d.cts[39m  [2m22.04 kB[22m [2m│ gzip: 3.16 kB[22m
+[34mℹ[39m [33m[CJS][39m 3 files, total: 22.50 kB
+[32m✔[39m Build complete in [32m9377ms[39m

package/dist/client.cjs CHANGED Viewed

@@ -1,4 +1,4 @@
-require('./src-BYOa9Nr6.cjs');
+require('./src-BsLnNXTo.cjs');
 //#region src/client.ts
 const ssoClient = () => {

package/dist/client.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { s as sso } from "./index-N2GvRGik.cjs";
+import { s as sso } from "./index-DJAIa5j3.cjs";
 //#region src/client.d.ts
 declare const ssoClient: () => {

package/dist/client.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { s as sso } from "./index-CL9gq2xe.js";
+import { s as sso } from "./index-CdeDxbNh.js";
 //#region src/client.d.ts
 declare const ssoClient: () => {

package/dist/client.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import "./src-KQzfNIm4.js";
+import "./src-BEPbgggK.js";
 //#region src/client.ts
 const ssoClient = () => {

package/dist/{index-CL9gq2xe.d.ts → index-CdeDxbNh.d.ts} RENAMED Viewed

@@ -4,43 +4,43 @@ import * as better_call0 from "better-call";
 //#region src/index.d.ts
 interface OIDCMapping {
-  id?: string;
-  email?: string;
-  emailVerified?: string;
-  name?: string;
-  image?: string;
-  extraFields?: Record<string, string>;
+  id?: string | undefined;
+  email?: string | undefined;
+  emailVerified?: string | undefined;
+  name?: string | undefined;
+  image?: string | undefined;
+  extraFields?: Record<string, string> | undefined;
 }
 interface SAMLMapping {
-  id?: string;
-  email?: string;
-  emailVerified?: string;
-  name?: string;
-  firstName?: string;
-  lastName?: string;
-  extraFields?: Record<string, string>;
+  id?: string | undefined;
+  email?: string | undefined;
+  emailVerified?: string | undefined;
+  name?: string | undefined;
+  firstName?: string | undefined;
+  lastName?: string | undefined;
+  extraFields?: Record<string, string> | undefined;
 }
 interface OIDCConfig {
   issuer: string;
   pkce: boolean;
   clientId: string;
   clientSecret: string;
-  authorizationEndpoint?: string;
+  authorizationEndpoint?: string | undefined;
   discoveryEndpoint: string;
-  userInfoEndpoint?: string;
-  scopes?: string[];
-  overrideUserInfo?: boolean;
-  tokenEndpoint?: string;
-  tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
-  jwksEndpoint?: string;
-  mapping?: OIDCMapping;
+  userInfoEndpoint?: string | undefined;
+  scopes?: string[] | undefined;
+  overrideUserInfo?: boolean | undefined;
+  tokenEndpoint?: string | undefined;
+  tokenEndpointAuthentication?: ("client_secret_post" | "client_secret_basic") | undefined;
+  jwksEndpoint?: string | undefined;
+  mapping?: OIDCMapping | undefined;
 }
 interface SAMLConfig {
   issuer: string;
   entryPoint: string;
   cert: string;
   callbackUrl: string;
-  audience?: string;
+  audience?: string | undefined;
   idpMetadata?: {
     metadata?: string;
     entityID?: string;
@@ -56,39 +56,39 @@ interface SAMLConfig {
       Binding: string;
       Location: string;
     }>;
-  };
+  } | undefined;
   spMetadata: {
-    metadata?: string;
-    entityID?: string;
-    binding?: string;
-    privateKey?: string;
-    privateKeyPass?: string;
-    isAssertionEncrypted?: boolean;
-    encPrivateKey?: string;
-    encPrivateKeyPass?: string;
+    metadata?: string | undefined;
+    entityID?: string | undefined;
+    binding?: string | undefined;
+    privateKey?: string | undefined;
+    privateKeyPass?: string | undefined;
+    isAssertionEncrypted?: boolean | undefined;
+    encPrivateKey?: string | undefined;
+    encPrivateKeyPass?: string | undefined;
   };
-  wantAssertionsSigned?: boolean;
-  signatureAlgorithm?: string;
-  digestAlgorithm?: string;
-  identifierFormat?: string;
-  privateKey?: string;
-  decryptionPvk?: string;
-  additionalParams?: Record<string, any>;
-  mapping?: SAMLMapping;
+  wantAssertionsSigned?: boolean | undefined;
+  signatureAlgorithm?: string | undefined;
+  digestAlgorithm?: string | undefined;
+  identifierFormat?: string | undefined;
+  privateKey?: string | undefined;
+  decryptionPvk?: string | undefined;
+  additionalParams?: Record<string, any> | undefined;
+  mapping?: SAMLMapping | undefined;
 }
 interface SSOProvider {
   issuer: string;
-  oidcConfig?: OIDCConfig;
-  samlConfig?: SAMLConfig;
+  oidcConfig?: OIDCConfig | undefined;
+  samlConfig?: SAMLConfig | undefined;
   userId: string;
   providerId: string;
-  organizationId?: string;
+  organizationId?: string | undefined;
 }
 interface SSOOptions {
   /**
    * custom function to provision a user when they sign in with an SSO provider.
    */
-  provisionUser?: (data: {
+  provisionUser?: ((data: {
     /**
      * The user object from the database
      */
@@ -105,7 +105,7 @@ interface SSOOptions {
      * The SSO provider
      */
     provider: SSOProvider;
-  }) => Promise<void>;
+  }) => Promise<void>) | undefined;
   /**
    * Organization provisioning options
    */
@@ -130,7 +130,7 @@ interface SSOOptions {
        */
       provider: SSOProvider;
     }) => Promise<"member" | "admin">;
-  };
+  } | undefined;
   /**
    * Default SSO provider configurations for testing.
    * These will take the precedence over the database providers.
@@ -153,17 +153,17 @@ interface SSOOptions {
      * OIDC configuration
      */
     oidcConfig?: OIDCConfig;
-  }>;
+  }> | undefined;
   /**
    * Override user info with the provider info.
    * @default false
    */
-  defaultOverrideUserInfo?: boolean;
+  defaultOverrideUserInfo?: boolean | undefined;
   /**
    * Disable implicit sign up for new users. When set to true for the provider,
    * sign-in need to be called with with requestSignUp as true to create new users.
    */
-  disableImplicitSignUp?: boolean;
+  disableImplicitSignUp?: boolean | undefined;
   /**
    * Configure the maximum number of SSO providers a user can register.
    * You can also pass a function that returns a number.
@@ -178,14 +178,14 @@ interface SSOOptions {
    * ```
    * @default 10
    */
-  providersLimit?: number | ((user: User) => Promise<number> | number);
+  providersLimit?: (number | ((user: User) => Promise<number> | number)) | undefined;
   /**
    * Trust the email verified flag from the provider.
    * @default false
    */
-  trustEmailVerified?: boolean;
+  trustEmailVerified?: boolean | undefined;
 }
-declare const sso: (options?: SSOOptions) => {
+declare const sso: (options?: SSOOptions | undefined) => {
   id: "sso";
   endpoints: {
     spMetadata: better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
@@ -473,7 +473,7 @@ declare const sso: (options?: SSOOptions) => {
       issuer: string;
       userId: string;
       providerId: string;
-      organizationId?: string;
+      organizationId?: string | undefined;
     }>;
     signInSSO: better_call0.StrictEndpoint<"/sign-in/sso", {
       method: "POST";

package/dist/{index-N2GvRGik.d.cts → index-DJAIa5j3.d.cts} RENAMED Viewed

@@ -4,43 +4,43 @@ import * as z from "zod/v4";
 //#region src/index.d.ts
 interface OIDCMapping {
-  id?: string;
-  email?: string;
-  emailVerified?: string;
-  name?: string;
-  image?: string;
-  extraFields?: Record<string, string>;
+  id?: string | undefined;
+  email?: string | undefined;
+  emailVerified?: string | undefined;
+  name?: string | undefined;
+  image?: string | undefined;
+  extraFields?: Record<string, string> | undefined;
 }
 interface SAMLMapping {
-  id?: string;
-  email?: string;
-  emailVerified?: string;
-  name?: string;
-  firstName?: string;
-  lastName?: string;
-  extraFields?: Record<string, string>;
+  id?: string | undefined;
+  email?: string | undefined;
+  emailVerified?: string | undefined;
+  name?: string | undefined;
+  firstName?: string | undefined;
+  lastName?: string | undefined;
+  extraFields?: Record<string, string> | undefined;
 }
 interface OIDCConfig {
   issuer: string;
   pkce: boolean;
   clientId: string;
   clientSecret: string;
-  authorizationEndpoint?: string;
+  authorizationEndpoint?: string | undefined;
   discoveryEndpoint: string;
-  userInfoEndpoint?: string;
-  scopes?: string[];
-  overrideUserInfo?: boolean;
-  tokenEndpoint?: string;
-  tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
-  jwksEndpoint?: string;
-  mapping?: OIDCMapping;
+  userInfoEndpoint?: string | undefined;
+  scopes?: string[] | undefined;
+  overrideUserInfo?: boolean | undefined;
+  tokenEndpoint?: string | undefined;
+  tokenEndpointAuthentication?: ("client_secret_post" | "client_secret_basic") | undefined;
+  jwksEndpoint?: string | undefined;
+  mapping?: OIDCMapping | undefined;
 }
 interface SAMLConfig {
   issuer: string;
   entryPoint: string;
   cert: string;
   callbackUrl: string;
-  audience?: string;
+  audience?: string | undefined;
   idpMetadata?: {
     metadata?: string;
     entityID?: string;
@@ -56,39 +56,39 @@ interface SAMLConfig {
       Binding: string;
       Location: string;
     }>;
-  };
+  } | undefined;
   spMetadata: {
-    metadata?: string;
-    entityID?: string;
-    binding?: string;
-    privateKey?: string;
-    privateKeyPass?: string;
-    isAssertionEncrypted?: boolean;
-    encPrivateKey?: string;
-    encPrivateKeyPass?: string;
+    metadata?: string | undefined;
+    entityID?: string | undefined;
+    binding?: string | undefined;
+    privateKey?: string | undefined;
+    privateKeyPass?: string | undefined;
+    isAssertionEncrypted?: boolean | undefined;
+    encPrivateKey?: string | undefined;
+    encPrivateKeyPass?: string | undefined;
   };
-  wantAssertionsSigned?: boolean;
-  signatureAlgorithm?: string;
-  digestAlgorithm?: string;
-  identifierFormat?: string;
-  privateKey?: string;
-  decryptionPvk?: string;
-  additionalParams?: Record<string, any>;
-  mapping?: SAMLMapping;
+  wantAssertionsSigned?: boolean | undefined;
+  signatureAlgorithm?: string | undefined;
+  digestAlgorithm?: string | undefined;
+  identifierFormat?: string | undefined;
+  privateKey?: string | undefined;
+  decryptionPvk?: string | undefined;
+  additionalParams?: Record<string, any> | undefined;
+  mapping?: SAMLMapping | undefined;
 }
 interface SSOProvider {
   issuer: string;
-  oidcConfig?: OIDCConfig;
-  samlConfig?: SAMLConfig;
+  oidcConfig?: OIDCConfig | undefined;
+  samlConfig?: SAMLConfig | undefined;
   userId: string;
   providerId: string;
-  organizationId?: string;
+  organizationId?: string | undefined;
 }
 interface SSOOptions {
   /**
    * custom function to provision a user when they sign in with an SSO provider.
    */
-  provisionUser?: (data: {
+  provisionUser?: ((data: {
     /**
      * The user object from the database
      */
@@ -105,7 +105,7 @@ interface SSOOptions {
      * The SSO provider
      */
     provider: SSOProvider;
-  }) => Promise<void>;
+  }) => Promise<void>) | undefined;
   /**
    * Organization provisioning options
    */
@@ -130,7 +130,7 @@ interface SSOOptions {
        */
       provider: SSOProvider;
     }) => Promise<"member" | "admin">;
-  };
+  } | undefined;
   /**
    * Default SSO provider configurations for testing.
    * These will take the precedence over the database providers.
@@ -153,17 +153,17 @@ interface SSOOptions {
      * OIDC configuration
      */
     oidcConfig?: OIDCConfig;
-  }>;
+  }> | undefined;
   /**
    * Override user info with the provider info.
    * @default false
    */
-  defaultOverrideUserInfo?: boolean;
+  defaultOverrideUserInfo?: boolean | undefined;
   /**
    * Disable implicit sign up for new users. When set to true for the provider,
    * sign-in need to be called with with requestSignUp as true to create new users.
    */
-  disableImplicitSignUp?: boolean;
+  disableImplicitSignUp?: boolean | undefined;
   /**
    * Configure the maximum number of SSO providers a user can register.
    * You can also pass a function that returns a number.
@@ -178,14 +178,14 @@ interface SSOOptions {
    * ```
    * @default 10
    */
-  providersLimit?: number | ((user: User) => Promise<number> | number);
+  providersLimit?: (number | ((user: User) => Promise<number> | number)) | undefined;
   /**
    * Trust the email verified flag from the provider.
    * @default false
    */
-  trustEmailVerified?: boolean;
+  trustEmailVerified?: boolean | undefined;
 }
-declare const sso: (options?: SSOOptions) => {
+declare const sso: (options?: SSOOptions | undefined) => {
   id: "sso";
   endpoints: {
     spMetadata: better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
@@ -473,7 +473,7 @@ declare const sso: (options?: SSOOptions) => {
       issuer: string;
       userId: string;
       providerId: string;
-      organizationId?: string;
+      organizationId?: string | undefined;
     }>;
     signInSSO: better_call0.StrictEndpoint<"/sign-in/sso", {
       method: "POST";

package/dist/index.cjs CHANGED Viewed

@@ -1,3 +1,3 @@
-const require_src = require('./src-BYOa9Nr6.cjs');
+const require_src = require('./src-BsLnNXTo.cjs');
 exports.sso = require_src.sso;

package/dist/index.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { a as SSOOptions, i as SAMLMapping, n as OIDCMapping, o as SSOProvider, r as SAMLConfig, s as sso, t as OIDCConfig } from "./index-N2GvRGik.cjs";
+import { a as SSOOptions, i as SAMLMapping, n as OIDCMapping, o as SSOProvider, r as SAMLConfig, s as sso, t as OIDCConfig } from "./index-DJAIa5j3.cjs";
 export { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso };

package/dist/index.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { a as SSOOptions, i as SAMLMapping, n as OIDCMapping, o as SSOProvider, r as SAMLConfig, s as sso, t as OIDCConfig } from "./index-CL9gq2xe.js";
+import { a as SSOOptions, i as SAMLMapping, n as OIDCMapping, o as SSOProvider, r as SAMLConfig, s as sso, t as OIDCConfig } from "./index-CdeDxbNh.js";
 export { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso };

package/dist/index.js CHANGED Viewed

@@ -1,3 +1,3 @@
-import { t as sso } from "./src-KQzfNIm4.js";
+import { t as sso } from "./src-BEPbgggK.js";
 export { sso };

package/dist/{src-KQzfNIm4.js → src-BEPbgggK.js} RENAMED Viewed

@@ -1,13 +1,13 @@
+import { BetterFetchError, betterFetch } from "@better-fetch/fetch";
 import { generateState } from "better-auth";
 import { APIError, sessionMiddleware } from "better-auth/api";
+import { setSessionCookie } from "better-auth/cookies";
 import { createAuthorizationURL, handleOAuthUserInfo, parseState, validateAuthorizationCode, validateToken } from "better-auth/oauth2";
 import { createAuthEndpoint } from "better-auth/plugins";
-import * as z from "zod/v4";
-import * as saml from "samlify";
-import { BetterFetchError, betterFetch } from "@better-fetch/fetch";
-import { decodeJwt } from "jose";
-import { setSessionCookie } from "better-auth/cookies";
 import { XMLValidator } from "fast-xml-parser";
+import { decodeJwt } from "jose";
+import * as saml from "samlify";
+import * as z from "zod/v4";
 //#region src/index.ts
 saml.setSchemaValidator({ async validate(xml) {

package/dist/{src-BYOa9Nr6.cjs → src-BsLnNXTo.cjs} RENAMED Viewed

@@ -21,26 +21,26 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 }) : target, mod));
 //#endregion
+let __better_fetch_fetch = require("@better-fetch/fetch");
+__better_fetch_fetch = __toESM(__better_fetch_fetch);
 let better_auth = require("better-auth");
 better_auth = __toESM(better_auth);
 let better_auth_api = require("better-auth/api");
 better_auth_api = __toESM(better_auth_api);
+let better_auth_cookies = require("better-auth/cookies");
+better_auth_cookies = __toESM(better_auth_cookies);
 let better_auth_oauth2 = require("better-auth/oauth2");
 better_auth_oauth2 = __toESM(better_auth_oauth2);
 let better_auth_plugins = require("better-auth/plugins");
 better_auth_plugins = __toESM(better_auth_plugins);
-let zod_v4 = require("zod/v4");
-zod_v4 = __toESM(zod_v4);
-let samlify = require("samlify");
-samlify = __toESM(samlify);
-let __better_fetch_fetch = require("@better-fetch/fetch");
-__better_fetch_fetch = __toESM(__better_fetch_fetch);
-let jose = require("jose");
-jose = __toESM(jose);
-let better_auth_cookies = require("better-auth/cookies");
-better_auth_cookies = __toESM(better_auth_cookies);
 let fast_xml_parser = require("fast-xml-parser");
 fast_xml_parser = __toESM(fast_xml_parser);
+let jose = require("jose");
+jose = __toESM(jose);
+let samlify = require("samlify");
+samlify = __toESM(samlify);
+let zod_v4 = require("zod/v4");
+zod_v4 = __toESM(zod_v4);
 //#region src/index.ts
 samlify.setSchemaValidator({ async validate(xml) {

package/package.json CHANGED Viewed

@@ -1,9 +1,15 @@
 {
   "name": "@better-auth/sso",
   "author": "Bereket Engida",
-  "version": "1.4.0-beta.13",
+  "version": "1.4.0-beta.15",
   "type": "module",
   "main": "dist/index.js",
+  "homepage": "https://www.better-auth.com/docs/plugins/sso",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/better-auth/better-auth",
+    "directory": "packages/sso"
+  },
   "license": "MIT",
   "keywords": [
     "sso",
@@ -56,15 +62,15 @@
   },
   "devDependencies": {
     "@types/body-parser": "^1.19.6",
-    "@types/express": "^5.0.3",
+    "@types/express": "^5.0.5",
     "better-call": "1.0.24",
     "body-parser": "^2.2.0",
     "express": "^5.1.0",
-    "tsdown": "^0.15.9",
-    "better-auth": "^1.4.0-beta.13"
+    "tsdown": "^0.15.11",
+    "better-auth": "^1.4.0-beta.15"
   },
   "peerDependencies": {
-    "better-auth": "1.4.0-beta.13"
+    "better-auth": "1.4.0-beta.15"
   },
   "scripts": {
     "test": "vitest",

package/src/index.ts CHANGED Viewed

@@ -1,12 +1,14 @@
+import { BetterFetchError, betterFetch } from "@better-fetch/fetch";
 import {
-	generateState,
 	type Account,
 	type BetterAuthPlugin,
+	generateState,
 	type OAuth2Tokens,
 	type Session,
 	type User,
 } from "better-auth";
 import { APIError, sessionMiddleware } from "better-auth/api";
+import { setSessionCookie } from "better-auth/cookies";
 import {
 	createAuthorizationURL,
 	handleOAuthUserInfo,
@@ -14,17 +16,14 @@ import {
 	validateAuthorizationCode,
 	validateToken,
 } from "better-auth/oauth2";
 import { createAuthEndpoint } from "better-auth/plugins";
-import * as z from "zod/v4";
+import { XMLValidator } from "fast-xml-parser";
+import { decodeJwt } from "jose";
 import * as saml from "samlify";
 import type { BindingContext } from "samlify/types/src/entity";
-import { betterFetch, BetterFetchError } from "@better-fetch/fetch";
-import { decodeJwt } from "jose";
-import { setSessionCookie } from "better-auth/cookies";
-import type { FlowResult } from "samlify/types/src/flow";
-import { XMLValidator } from "fast-xml-parser";
 import type { IdentityProvider } from "samlify/types/src/entity-idp";
+import type { FlowResult } from "samlify/types/src/flow";
+import * as z from "zod/v4";
 const fastValidator = {
 	async validate(xml: string) {
@@ -67,22 +66,22 @@ function safeJsonParse<T>(value: string | T | null | undefined): T | null {
 }
 export interface OIDCMapping {
-	id?: string;
-	email?: string;
-	emailVerified?: string;
-	name?: string;
-	image?: string;
-	extraFields?: Record<string, string>;
+	id?: string | undefined;
+	email?: string | undefined;
+	emailVerified?: string | undefined;
+	name?: string | undefined;
+	image?: string | undefined;
+	extraFields?: Record<string, string> | undefined;
 }
 export interface SAMLMapping {
-	id?: string;
-	email?: string;
-	emailVerified?: string;
-	name?: string;
-	firstName?: string;
-	lastName?: string;
-	extraFields?: Record<string, string>;
+	id?: string | undefined;
+	email?: string | undefined;
+	emailVerified?: string | undefined;
+	name?: string | undefined;
+	firstName?: string | undefined;
+	lastName?: string | undefined;
+	extraFields?: Record<string, string> | undefined;
 }
 export interface OIDCConfig {
@@ -90,15 +89,17 @@ export interface OIDCConfig {
 	pkce: boolean;
 	clientId: string;
 	clientSecret: string;
-	authorizationEndpoint?: string;
+	authorizationEndpoint?: string | undefined;
 	discoveryEndpoint: string;
-	userInfoEndpoint?: string;
-	scopes?: string[];
-	overrideUserInfo?: boolean;
-	tokenEndpoint?: string;
-	tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
-	jwksEndpoint?: string;
-	mapping?: OIDCMapping;
+	userInfoEndpoint?: string | undefined;
+	scopes?: string[] | undefined;
+	overrideUserInfo?: boolean | undefined;
+	tokenEndpoint?: string | undefined;
+	tokenEndpointAuthentication?:
+		| ("client_secret_post" | "client_secret_basic")
+		| undefined;
+	jwksEndpoint?: string | undefined;
+	mapping?: OIDCMapping | undefined;
 }
 export interface SAMLConfig {
@@ -106,132 +107,140 @@ export interface SAMLConfig {
 	entryPoint: string;
 	cert: string;
 	callbackUrl: string;
-	audience?: string;
-	idpMetadata?: {
-		metadata?: string;
-		entityID?: string;
-		entityURL?: string;
-		redirectURL?: string;
-		cert?: string;
-		privateKey?: string;
-		privateKeyPass?: string;
-		isAssertionEncrypted?: boolean;
-		encPrivateKey?: string;
-		encPrivateKeyPass?: string;
-		singleSignOnService?: Array<{
-			Binding: string;
-			Location: string;
-		}>;
-	};
+	audience?: string | undefined;
+	idpMetadata?:
+		| {
+				metadata?: string;
+				entityID?: string;
+				entityURL?: string;
+				redirectURL?: string;
+				cert?: string;
+				privateKey?: string;
+				privateKeyPass?: string;
+				isAssertionEncrypted?: boolean;
+				encPrivateKey?: string;
+				encPrivateKeyPass?: string;
+				singleSignOnService?: Array<{
+					Binding: string;
+					Location: string;
+				}>;
+		  }
+		| undefined;
 	spMetadata: {
-		metadata?: string;
-		entityID?: string;
-		binding?: string;
-		privateKey?: string;
-		privateKeyPass?: string;
-		isAssertionEncrypted?: boolean;
-		encPrivateKey?: string;
-		encPrivateKeyPass?: string;
+		metadata?: string | undefined;
+		entityID?: string | undefined;
+		binding?: string | undefined;
+		privateKey?: string | undefined;
+		privateKeyPass?: string | undefined;
+		isAssertionEncrypted?: boolean | undefined;
+		encPrivateKey?: string | undefined;
+		encPrivateKeyPass?: string | undefined;
 	};
-	wantAssertionsSigned?: boolean;
-	signatureAlgorithm?: string;
-	digestAlgorithm?: string;
-	identifierFormat?: string;
-	privateKey?: string;
-	decryptionPvk?: string;
-	additionalParams?: Record<string, any>;
-	mapping?: SAMLMapping;
+	wantAssertionsSigned?: boolean | undefined;
+	signatureAlgorithm?: string | undefined;
+	digestAlgorithm?: string | undefined;
+	identifierFormat?: string | undefined;
+	privateKey?: string | undefined;
+	decryptionPvk?: string | undefined;
+	additionalParams?: Record<string, any> | undefined;
+	mapping?: SAMLMapping | undefined;
 }
 export interface SSOProvider {
 	issuer: string;
-	oidcConfig?: OIDCConfig;
-	samlConfig?: SAMLConfig;
+	oidcConfig?: OIDCConfig | undefined;
+	samlConfig?: SAMLConfig | undefined;
 	userId: string;
 	providerId: string;
-	organizationId?: string;
+	organizationId?: string | undefined;
 }
 export interface SSOOptions {
 	/**
 	 * custom function to provision a user when they sign in with an SSO provider.
 	 */
-	provisionUser?: (data: {
-		/**
-		 * The user object from the database
-		 */
-		user: User & Record<string, any>;
-		/**
-		 * The user info object from the provider
-		 */
-		userInfo: Record<string, any>;
-		/**
-		 * The OAuth2 tokens from the provider
-		 */
-		token?: OAuth2Tokens;
-		/**
-		 * The SSO provider
-		 */
-		provider: SSOProvider;
-	}) => Promise<void>;
+	provisionUser?:
+		| ((data: {
+				/**
+				 * The user object from the database
+				 */
+				user: User & Record<string, any>;
+				/**
+				 * The user info object from the provider
+				 */
+				userInfo: Record<string, any>;
+				/**
+				 * The OAuth2 tokens from the provider
+				 */
+				token?: OAuth2Tokens;
+				/**
+				 * The SSO provider
+				 */
+				provider: SSOProvider;
+		  }) => Promise<void>)
+		| undefined;
 	/**
 	 * Organization provisioning options
 	 */
-	organizationProvisioning?: {
-		disabled?: boolean;
-		defaultRole?: "member" | "admin";
-		getRole?: (data: {
-			/**
-			 * The user object from the database
-			 */
-			user: User & Record<string, any>;
-			/**
-			 * The user info object from the provider
-			 */
-			userInfo: Record<string, any>;
-			/**
-			 * The OAuth2 tokens from the provider
-			 */
-			token?: OAuth2Tokens;
-			/**
-			 * The SSO provider
-			 */
-			provider: SSOProvider;
-		}) => Promise<"member" | "admin">;
-	};
+	organizationProvisioning?:
+		| {
+				disabled?: boolean;
+				defaultRole?: "member" | "admin";
+				getRole?: (data: {
+					/**
+					 * The user object from the database
+					 */
+					user: User & Record<string, any>;
+					/**
+					 * The user info object from the provider
+					 */
+					userInfo: Record<string, any>;
+					/**
+					 * The OAuth2 tokens from the provider
+					 */
+					token?: OAuth2Tokens;
+					/**
+					 * The SSO provider
+					 */
+					provider: SSOProvider;
+				}) => Promise<"member" | "admin">;
+		  }
+		| undefined;
 	/**
 	 * Default SSO provider configurations for testing.
 	 * These will take the precedence over the database providers.
 	 */
-	defaultSSO?: Array<{
-		/**
-		 * The domain to match for this default provider.
-		 * This is only used to match incoming requests to this default provider.
-		 */
-		domain: string;
-		/**
-		 * The provider ID to use
-		 */
-		providerId: string;
-		/**
-		 * SAML configuration
-		 */
-		samlConfig?: SAMLConfig;
-		/**
-		 * OIDC configuration
-		 */
-		oidcConfig?: OIDCConfig;
-	}>;
+	defaultSSO?:
+		| Array<{
+				/**
+				 * The domain to match for this default provider.
+				 * This is only used to match incoming requests to this default provider.
+				 */
+				domain: string;
+				/**
+				 * The provider ID to use
+				 */
+				providerId: string;
+				/**
+				 * SAML configuration
+				 */
+				samlConfig?: SAMLConfig;
+				/**
+				 * OIDC configuration
+				 */
+				oidcConfig?: OIDCConfig;
+		  }>
+		| undefined;
 	/**
 	 * Override user info with the provider info.
 	 * @default false
 	 */
-	defaultOverrideUserInfo?: boolean;
+	defaultOverrideUserInfo?: boolean | undefined;
 	/**
 	 * Disable implicit sign up for new users. When set to true for the provider,
 	 * sign-in need to be called with with requestSignUp as true to create new users.
 	 */
-	disableImplicitSignUp?: boolean;
+	disableImplicitSignUp?: boolean | undefined;
 	/**
 	 * Configure the maximum number of SSO providers a user can register.
 	 * You can also pass a function that returns a number.
@@ -246,15 +255,17 @@ export interface SSOOptions {
 	 * ```
 	 * @default 10
 	 */
-	providersLimit?: number | ((user: User) => Promise<number> | number);
+	providersLimit?:
+		| (number | ((user: User) => Promise<number> | number))
+		| undefined;
 	/**
 	 * Trust the email verified flag from the provider.
 	 * @default false
 	 */
-	trustEmailVerified?: boolean;
+	trustEmailVerified?: boolean | undefined;
 }
-export const sso = (options?: SSOOptions) => {
+export const sso = (options?: SSOOptions | undefined) => {
 	return {
 		id: "sso",
 		endpoints: {

package/src/oidc.test.ts CHANGED Viewed

@@ -1,10 +1,10 @@
-import { afterAll, beforeAll, describe, expect, it } from "vitest";
-import { getTestInstanceMemory as getTestInstance } from "better-auth/test";
-import { sso } from ".";
-import { OAuth2Server } from "oauth2-mock-server";
 import { betterFetch } from "@better-fetch/fetch";
-import { organization } from "better-auth/plugins";
 import { createAuthClient } from "better-auth/client";
+import { organization } from "better-auth/plugins";
+import { getTestInstanceMemory as getTestInstance } from "better-auth/test";
+import { OAuth2Server } from "oauth2-mock-server";
+import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import { sso } from ".";
 import { ssoClient } from "./client";
 let server = new OAuth2Server();

package/src/saml.test.ts CHANGED Viewed

@@ -1,31 +1,31 @@
-import {
-	afterAll,
-	beforeAll,
-	beforeEach,
-	describe,
-	expect,
-	it,
-	vi,
-} from "vitest";
+import { betterFetch } from "@better-fetch/fetch";
 import { betterAuth } from "better-auth";
 import { memoryAdapter } from "better-auth/adapters/memory";
 import { createAuthClient } from "better-auth/client";
-import { betterFetch } from "@better-fetch/fetch";
 import { setCookieToHeader } from "better-auth/cookies";
 import { bearer } from "better-auth/plugins";
-import { sso } from ".";
-import { ssoClient } from "./client";
-import { createServer } from "http";
-import * as saml from "samlify";
+import { getTestInstanceMemory } from "better-auth/test";
+import bodyParser from "body-parser";
+import { randomUUID } from "crypto";
 import type {
 	Application as ExpressApp,
 	Request as ExpressRequest,
 	Response as ExpressResponse,
 } from "express";
 import express from "express";
-import bodyParser from "body-parser";
-import { randomUUID } from "crypto";
-import { getTestInstanceMemory } from "better-auth/test";
+import { createServer } from "http";
+import * as saml from "samlify";
+import {
+	afterAll,
+	beforeAll,
+	beforeEach,
+	describe,
+	expect,
+	it,
+	vi,
+} from "vitest";
+import { sso } from ".";
+import { ssoClient } from "./client";
 const spMetadata = `
     <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://localhost:3001/api/sso/saml2/sp/metadata">