@better-auth/sso 1.4.0-beta.14 → 1.4.0-beta.15

package/.turbo/turbo-build.log

@@ -1,8 +1,8 @@
 
-> @better-auth/sso@1.4.0-beta.14 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.0-beta.15 build /home/runner/work/better-auth/better-auth/packages/sso
 > tsdown
 
-ℹ tsdown v0.15.10 powered by rolldown v1.0.0-beta.44
+ℹ tsdown v0.15.11 powered by rolldown v1.0.0-beta.45
 ℹ Using tsdown config: /home/runner/work/better-auth/better-auth/packages/sso/tsdown.config.ts
 ℹ entry: src/client.ts, src/index.ts
 ℹ tsconfig: tsconfig.json
@@ -16,10 +16,10 @@
 ℹ [ESM] dist/src-BEPbgggK.js      49.59 kB │ gzip: 8.54 kB
 ℹ [ESM] dist/index.d.ts            0.24 kB │ gzip: 0.16 kB
 ℹ [ESM] dist/client.d.ts           0.21 kB │ gzip: 0.18 kB
-ℹ [ESM] dist/index-CL9gq2xe.d.ts  21.42 kB │ gzip: 3.10 kB
-ℹ [ESM] 6 files, total: 71.70 kB
+ℹ [ESM] dist/index-CdeDxbNh.d.ts  22.04 kB │ gzip: 3.15 kB
+ℹ [ESM] 6 files, total: 72.32 kB
 ℹ [CJS] dist/index.d.cts            0.24 kB │ gzip: 0.16 kB
 ℹ [CJS] dist/client.d.cts           0.21 kB │ gzip: 0.18 kB
-ℹ [CJS] dist/index-N2GvRGik.d.cts  21.42 kB │ gzip: 3.10 kB
-ℹ [CJS] 3 files, total: 21.88 kB
-✔ Build complete in 8609ms
+ℹ [CJS] dist/index-DJAIa5j3.d.cts  22.04 kB │ gzip: 3.16 kB
+ℹ [CJS] 3 files, total: 22.50 kB
+✔ Build complete in 9377ms

package/dist/client.d.cts

@@ -1,4 +1,4 @@
-import { s as sso } from "./index-N2GvRGik.cjs";
+import { s as sso } from "./index-DJAIa5j3.cjs";
 
 //#region src/client.d.ts
 declare const ssoClient: () => {

package/dist/client.d.ts

@@ -1,4 +1,4 @@
-import { s as sso } from "./index-CL9gq2xe.js";
+import { s as sso } from "./index-CdeDxbNh.js";
 
 //#region src/client.d.ts
 declare const ssoClient: () => {

package/dist/{index-CL9gq2xe.d.ts → index-CdeDxbNh.d.ts}

@@ -4,43 +4,43 @@ import * as better_call0 from "better-call";
 
 //#region src/index.d.ts
 interface OIDCMapping {
-  id?: string;
-  email?: string;
-  emailVerified?: string;
-  name?: string;
-  image?: string;
-  extraFields?: Record<string, string>;
+  id?: string | undefined;
+  email?: string | undefined;
+  emailVerified?: string | undefined;
+  name?: string | undefined;
+  image?: string | undefined;
+  extraFields?: Record<string, string> | undefined;
 }
 interface SAMLMapping {
-  id?: string;
-  email?: string;
-  emailVerified?: string;
-  name?: string;
-  firstName?: string;
-  lastName?: string;
-  extraFields?: Record<string, string>;
+  id?: string | undefined;
+  email?: string | undefined;
+  emailVerified?: string | undefined;
+  name?: string | undefined;
+  firstName?: string | undefined;
+  lastName?: string | undefined;
+  extraFields?: Record<string, string> | undefined;
 }
 interface OIDCConfig {
   issuer: string;
   pkce: boolean;
   clientId: string;
   clientSecret: string;
-  authorizationEndpoint?: string;
+  authorizationEndpoint?: string | undefined;
   discoveryEndpoint: string;
-  userInfoEndpoint?: string;
-  scopes?: string[];
-  overrideUserInfo?: boolean;
-  tokenEndpoint?: string;
-  tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
-  jwksEndpoint?: string;
-  mapping?: OIDCMapping;
+  userInfoEndpoint?: string | undefined;
+  scopes?: string[] | undefined;
+  overrideUserInfo?: boolean | undefined;
+  tokenEndpoint?: string | undefined;
+  tokenEndpointAuthentication?: ("client_secret_post" | "client_secret_basic") | undefined;
+  jwksEndpoint?: string | undefined;
+  mapping?: OIDCMapping | undefined;
 }
 interface SAMLConfig {
   issuer: string;
   entryPoint: string;
   cert: string;
   callbackUrl: string;
-  audience?: string;
+  audience?: string | undefined;
   idpMetadata?: {
     metadata?: string;
     entityID?: string;
@@ -56,39 +56,39 @@ interface SAMLConfig {
       Binding: string;
       Location: string;
     }>;
-  };
+  } | undefined;
   spMetadata: {
-    metadata?: string;
-    entityID?: string;
-    binding?: string;
-    privateKey?: string;
-    privateKeyPass?: string;
-    isAssertionEncrypted?: boolean;
-    encPrivateKey?: string;
-    encPrivateKeyPass?: string;
+    metadata?: string | undefined;
+    entityID?: string | undefined;
+    binding?: string | undefined;
+    privateKey?: string | undefined;
+    privateKeyPass?: string | undefined;
+    isAssertionEncrypted?: boolean | undefined;
+    encPrivateKey?: string | undefined;
+    encPrivateKeyPass?: string | undefined;
   };
-  wantAssertionsSigned?: boolean;
-  signatureAlgorithm?: string;
-  digestAlgorithm?: string;
-  identifierFormat?: string;
-  privateKey?: string;
-  decryptionPvk?: string;
-  additionalParams?: Record<string, any>;
-  mapping?: SAMLMapping;
+  wantAssertionsSigned?: boolean | undefined;
+  signatureAlgorithm?: string | undefined;
+  digestAlgorithm?: string | undefined;
+  identifierFormat?: string | undefined;
+  privateKey?: string | undefined;
+  decryptionPvk?: string | undefined;
+  additionalParams?: Record<string, any> | undefined;
+  mapping?: SAMLMapping | undefined;
 }
 interface SSOProvider {
   issuer: string;
-  oidcConfig?: OIDCConfig;
-  samlConfig?: SAMLConfig;
+  oidcConfig?: OIDCConfig | undefined;
+  samlConfig?: SAMLConfig | undefined;
   userId: string;
   providerId: string;
-  organizationId?: string;
+  organizationId?: string | undefined;
 }
 interface SSOOptions {
   /**
    * custom function to provision a user when they sign in with an SSO provider.
    */
-  provisionUser?: (data: {
+  provisionUser?: ((data: {
     /**
      * The user object from the database
      */
@@ -105,7 +105,7 @@ interface SSOOptions {
      * The SSO provider
      */
     provider: SSOProvider;
-  }) => Promise<void>;
+  }) => Promise<void>) | undefined;
   /**
    * Organization provisioning options
    */
@@ -130,7 +130,7 @@ interface SSOOptions {
        */
       provider: SSOProvider;
     }) => Promise<"member" | "admin">;
-  };
+  } | undefined;
   /**
    * Default SSO provider configurations for testing.
    * These will take the precedence over the database providers.
@@ -153,17 +153,17 @@ interface SSOOptions {
      * OIDC configuration
      */
     oidcConfig?: OIDCConfig;
-  }>;
+  }> | undefined;
   /**
    * Override user info with the provider info.
    * @default false
    */
-  defaultOverrideUserInfo?: boolean;
+  defaultOverrideUserInfo?: boolean | undefined;
   /**
    * Disable implicit sign up for new users. When set to true for the provider,
    * sign-in need to be called with with requestSignUp as true to create new users.
    */
-  disableImplicitSignUp?: boolean;
+  disableImplicitSignUp?: boolean | undefined;
   /**
    * Configure the maximum number of SSO providers a user can register.
    * You can also pass a function that returns a number.
@@ -178,14 +178,14 @@ interface SSOOptions {
    * ```
    * @default 10
    */
-  providersLimit?: number | ((user: User) => Promise<number> | number);
+  providersLimit?: (number | ((user: User) => Promise<number> | number)) | undefined;
   /**
    * Trust the email verified flag from the provider.
    * @default false
    */
-  trustEmailVerified?: boolean;
+  trustEmailVerified?: boolean | undefined;
 }
-declare const sso: (options?: SSOOptions) => {
+declare const sso: (options?: SSOOptions | undefined) => {
   id: "sso";
   endpoints: {
     spMetadata: better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
@@ -473,7 +473,7 @@ declare const sso: (options?: SSOOptions) => {
       issuer: string;
       userId: string;
       providerId: string;
-      organizationId?: string;
+      organizationId?: string | undefined;
     }>;
     signInSSO: better_call0.StrictEndpoint<"/sign-in/sso", {
       method: "POST";

package/dist/{index-N2GvRGik.d.cts → index-DJAIa5j3.d.cts}

@@ -4,43 +4,43 @@ import * as z from "zod/v4";
 
 //#region src/index.d.ts
 interface OIDCMapping {
-  id?: string;
-  email?: string;
-  emailVerified?: string;
-  name?: string;
-  image?: string;
-  extraFields?: Record<string, string>;
+  id?: string | undefined;
+  email?: string | undefined;
+  emailVerified?: string | undefined;
+  name?: string | undefined;
+  image?: string | undefined;
+  extraFields?: Record<string, string> | undefined;
 }
 interface SAMLMapping {
-  id?: string;
-  email?: string;
-  emailVerified?: string;
-  name?: string;
-  firstName?: string;
-  lastName?: string;
-  extraFields?: Record<string, string>;
+  id?: string | undefined;
+  email?: string | undefined;
+  emailVerified?: string | undefined;
+  name?: string | undefined;
+  firstName?: string | undefined;
+  lastName?: string | undefined;
+  extraFields?: Record<string, string> | undefined;
 }
 interface OIDCConfig {
   issuer: string;
   pkce: boolean;
   clientId: string;
   clientSecret: string;
-  authorizationEndpoint?: string;
+  authorizationEndpoint?: string | undefined;
   discoveryEndpoint: string;
-  userInfoEndpoint?: string;
-  scopes?: string[];
-  overrideUserInfo?: boolean;
-  tokenEndpoint?: string;
-  tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
-  jwksEndpoint?: string;
-  mapping?: OIDCMapping;
+  userInfoEndpoint?: string | undefined;
+  scopes?: string[] | undefined;
+  overrideUserInfo?: boolean | undefined;
+  tokenEndpoint?: string | undefined;
+  tokenEndpointAuthentication?: ("client_secret_post" | "client_secret_basic") | undefined;
+  jwksEndpoint?: string | undefined;
+  mapping?: OIDCMapping | undefined;
 }
 interface SAMLConfig {
   issuer: string;
   entryPoint: string;
   cert: string;
   callbackUrl: string;
-  audience?: string;
+  audience?: string | undefined;
   idpMetadata?: {
     metadata?: string;
     entityID?: string;
@@ -56,39 +56,39 @@ interface SAMLConfig {
       Binding: string;
       Location: string;
     }>;
-  };
+  } | undefined;
   spMetadata: {
-    metadata?: string;
-    entityID?: string;
-    binding?: string;
-    privateKey?: string;
-    privateKeyPass?: string;
-    isAssertionEncrypted?: boolean;
-    encPrivateKey?: string;
-    encPrivateKeyPass?: string;
+    metadata?: string | undefined;
+    entityID?: string | undefined;
+    binding?: string | undefined;
+    privateKey?: string | undefined;
+    privateKeyPass?: string | undefined;
+    isAssertionEncrypted?: boolean | undefined;
+    encPrivateKey?: string | undefined;
+    encPrivateKeyPass?: string | undefined;
   };
-  wantAssertionsSigned?: boolean;
-  signatureAlgorithm?: string;
-  digestAlgorithm?: string;
-  identifierFormat?: string;
-  privateKey?: string;
-  decryptionPvk?: string;
-  additionalParams?: Record<string, any>;
-  mapping?: SAMLMapping;
+  wantAssertionsSigned?: boolean | undefined;
+  signatureAlgorithm?: string | undefined;
+  digestAlgorithm?: string | undefined;
+  identifierFormat?: string | undefined;
+  privateKey?: string | undefined;
+  decryptionPvk?: string | undefined;
+  additionalParams?: Record<string, any> | undefined;
+  mapping?: SAMLMapping | undefined;
 }
 interface SSOProvider {
   issuer: string;
-  oidcConfig?: OIDCConfig;
-  samlConfig?: SAMLConfig;
+  oidcConfig?: OIDCConfig | undefined;
+  samlConfig?: SAMLConfig | undefined;
   userId: string;
   providerId: string;
-  organizationId?: string;
+  organizationId?: string | undefined;
 }
 interface SSOOptions {
   /**
    * custom function to provision a user when they sign in with an SSO provider.
    */
-  provisionUser?: (data: {
+  provisionUser?: ((data: {
     /**
      * The user object from the database
      */
@@ -105,7 +105,7 @@ interface SSOOptions {
      * The SSO provider
      */
     provider: SSOProvider;
-  }) => Promise<void>;
+  }) => Promise<void>) | undefined;
   /**
    * Organization provisioning options
    */
@@ -130,7 +130,7 @@ interface SSOOptions {
        */
       provider: SSOProvider;
     }) => Promise<"member" | "admin">;
-  };
+  } | undefined;
   /**
    * Default SSO provider configurations for testing.
    * These will take the precedence over the database providers.
@@ -153,17 +153,17 @@ interface SSOOptions {
      * OIDC configuration
      */
     oidcConfig?: OIDCConfig;
-  }>;
+  }> | undefined;
   /**
    * Override user info with the provider info.
    * @default false
    */
-  defaultOverrideUserInfo?: boolean;
+  defaultOverrideUserInfo?: boolean | undefined;
   /**
    * Disable implicit sign up for new users. When set to true for the provider,
    * sign-in need to be called with with requestSignUp as true to create new users.
    */
-  disableImplicitSignUp?: boolean;
+  disableImplicitSignUp?: boolean | undefined;
   /**
    * Configure the maximum number of SSO providers a user can register.
    * You can also pass a function that returns a number.
@@ -178,14 +178,14 @@ interface SSOOptions {
    * ```
    * @default 10
    */
-  providersLimit?: number | ((user: User) => Promise<number> | number);
+  providersLimit?: (number | ((user: User) => Promise<number> | number)) | undefined;
   /**
    * Trust the email verified flag from the provider.
    * @default false
    */
-  trustEmailVerified?: boolean;
+  trustEmailVerified?: boolean | undefined;
 }
-declare const sso: (options?: SSOOptions) => {
+declare const sso: (options?: SSOOptions | undefined) => {
   id: "sso";
   endpoints: {
     spMetadata: better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
@@ -473,7 +473,7 @@ declare const sso: (options?: SSOOptions) => {
       issuer: string;
       userId: string;
       providerId: string;
-      organizationId?: string;
+      organizationId?: string | undefined;
     }>;
     signInSSO: better_call0.StrictEndpoint<"/sign-in/sso", {
       method: "POST";

package/dist/index.d.cts

@@ -1,2 +1,2 @@
-import { a as SSOOptions, i as SAMLMapping, n as OIDCMapping, o as SSOProvider, r as SAMLConfig, s as sso, t as OIDCConfig } from "./index-N2GvRGik.cjs";
+import { a as SSOOptions, i as SAMLMapping, n as OIDCMapping, o as SSOProvider, r as SAMLConfig, s as sso, t as OIDCConfig } from "./index-DJAIa5j3.cjs";
 export { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso };

package/dist/index.d.ts

@@ -1,2 +1,2 @@
-import { a as SSOOptions, i as SAMLMapping, n as OIDCMapping, o as SSOProvider, r as SAMLConfig, s as sso, t as OIDCConfig } from "./index-CL9gq2xe.js";
+import { a as SSOOptions, i as SAMLMapping, n as OIDCMapping, o as SSOProvider, r as SAMLConfig, s as sso, t as OIDCConfig } from "./index-CdeDxbNh.js";
 export { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@better-auth/sso",
   "author": "Bereket Engida",
-  "version": "1.4.0-beta.14",
+  "version": "1.4.0-beta.15",
   "type": "module",
   "main": "dist/index.js",
   "homepage": "https://www.better-auth.com/docs/plugins/sso",
@@ -62,15 +62,15 @@
   },
   "devDependencies": {
     "@types/body-parser": "^1.19.6",
-    "@types/express": "^5.0.3",
+    "@types/express": "^5.0.5",
     "better-call": "1.0.24",
     "body-parser": "^2.2.0",
     "express": "^5.1.0",
-    "tsdown": "^0.15.10",
-    "better-auth": "^1.4.0-beta.14"
+    "tsdown": "^0.15.11",
+    "better-auth": "^1.4.0-beta.15"
   },
   "peerDependencies": {
-    "better-auth": "1.4.0-beta.14"
+    "better-auth": "1.4.0-beta.15"
   },
   "scripts": {
     "test": "vitest",

package/src/index.ts

@@ -66,22 +66,22 @@ function safeJsonParse<T>(value: string | T | null | undefined): T | null {
 }
 
 export interface OIDCMapping {
-	id?: string;
-	email?: string;
-	emailVerified?: string;
-	name?: string;
-	image?: string;
-	extraFields?: Record<string, string>;
+	id?: string | undefined;
+	email?: string | undefined;
+	emailVerified?: string | undefined;
+	name?: string | undefined;
+	image?: string | undefined;
+	extraFields?: Record<string, string> | undefined;
 }
 
 export interface SAMLMapping {
-	id?: string;
-	email?: string;
-	emailVerified?: string;
-	name?: string;
-	firstName?: string;
-	lastName?: string;
-	extraFields?: Record<string, string>;
+	id?: string | undefined;
+	email?: string | undefined;
+	emailVerified?: string | undefined;
+	name?: string | undefined;
+	firstName?: string | undefined;
+	lastName?: string | undefined;
+	extraFields?: Record<string, string> | undefined;
 }
 
 export interface OIDCConfig {
@@ -89,15 +89,17 @@ export interface OIDCConfig {
 	pkce: boolean;
 	clientId: string;
 	clientSecret: string;
-	authorizationEndpoint?: string;
+	authorizationEndpoint?: string | undefined;
 	discoveryEndpoint: string;
-	userInfoEndpoint?: string;
-	scopes?: string[];
-	overrideUserInfo?: boolean;
-	tokenEndpoint?: string;
-	tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
-	jwksEndpoint?: string;
-	mapping?: OIDCMapping;
+	userInfoEndpoint?: string | undefined;
+	scopes?: string[] | undefined;
+	overrideUserInfo?: boolean | undefined;
+	tokenEndpoint?: string | undefined;
+	tokenEndpointAuthentication?:
+		| ("client_secret_post" | "client_secret_basic")
+		| undefined;
+	jwksEndpoint?: string | undefined;
+	mapping?: OIDCMapping | undefined;
 }
 
 export interface SAMLConfig {
@@ -105,132 +107,140 @@ export interface SAMLConfig {
 	entryPoint: string;
 	cert: string;
 	callbackUrl: string;
-	audience?: string;
-	idpMetadata?: {
-		metadata?: string;
-		entityID?: string;
-		entityURL?: string;
-		redirectURL?: string;
-		cert?: string;
-		privateKey?: string;
-		privateKeyPass?: string;
-		isAssertionEncrypted?: boolean;
-		encPrivateKey?: string;
-		encPrivateKeyPass?: string;
-		singleSignOnService?: Array<{
-			Binding: string;
-			Location: string;
-		}>;
-	};
+	audience?: string | undefined;
+	idpMetadata?:
+		| {
+				metadata?: string;
+				entityID?: string;
+				entityURL?: string;
+				redirectURL?: string;
+				cert?: string;
+				privateKey?: string;
+				privateKeyPass?: string;
+				isAssertionEncrypted?: boolean;
+				encPrivateKey?: string;
+				encPrivateKeyPass?: string;
+				singleSignOnService?: Array<{
+					Binding: string;
+					Location: string;
+				}>;
+		  }
+		| undefined;
 	spMetadata: {
-		metadata?: string;
-		entityID?: string;
-		binding?: string;
-		privateKey?: string;
-		privateKeyPass?: string;
-		isAssertionEncrypted?: boolean;
-		encPrivateKey?: string;
-		encPrivateKeyPass?: string;
+		metadata?: string | undefined;
+		entityID?: string | undefined;
+		binding?: string | undefined;
+		privateKey?: string | undefined;
+		privateKeyPass?: string | undefined;
+		isAssertionEncrypted?: boolean | undefined;
+		encPrivateKey?: string | undefined;
+		encPrivateKeyPass?: string | undefined;
 	};
-	wantAssertionsSigned?: boolean;
-	signatureAlgorithm?: string;
-	digestAlgorithm?: string;
-	identifierFormat?: string;
-	privateKey?: string;
-	decryptionPvk?: string;
-	additionalParams?: Record<string, any>;
-	mapping?: SAMLMapping;
+	wantAssertionsSigned?: boolean | undefined;
+	signatureAlgorithm?: string | undefined;
+	digestAlgorithm?: string | undefined;
+	identifierFormat?: string | undefined;
+	privateKey?: string | undefined;
+	decryptionPvk?: string | undefined;
+	additionalParams?: Record<string, any> | undefined;
+	mapping?: SAMLMapping | undefined;
 }
 
 export interface SSOProvider {
 	issuer: string;
-	oidcConfig?: OIDCConfig;
-	samlConfig?: SAMLConfig;
+	oidcConfig?: OIDCConfig | undefined;
+	samlConfig?: SAMLConfig | undefined;
 	userId: string;
 	providerId: string;
-	organizationId?: string;
+	organizationId?: string | undefined;
 }
 
 export interface SSOOptions {
 	/**
 	 * custom function to provision a user when they sign in with an SSO provider.
 	 */
-	provisionUser?: (data: {
-		/**
-		 * The user object from the database
-		 */
-		user: User & Record<string, any>;
-		/**
-		 * The user info object from the provider
-		 */
-		userInfo: Record<string, any>;
-		/**
-		 * The OAuth2 tokens from the provider
-		 */
-		token?: OAuth2Tokens;
-		/**
-		 * The SSO provider
-		 */
-		provider: SSOProvider;
-	}) => Promise<void>;
+	provisionUser?:
+		| ((data: {
+				/**
+				 * The user object from the database
+				 */
+				user: User & Record<string, any>;
+				/**
+				 * The user info object from the provider
+				 */
+				userInfo: Record<string, any>;
+				/**
+				 * The OAuth2 tokens from the provider
+				 */
+				token?: OAuth2Tokens;
+				/**
+				 * The SSO provider
+				 */
+				provider: SSOProvider;
+		  }) => Promise<void>)
+		| undefined;
 	/**
 	 * Organization provisioning options
 	 */
-	organizationProvisioning?: {
-		disabled?: boolean;
-		defaultRole?: "member" | "admin";
-		getRole?: (data: {
-			/**
-			 * The user object from the database
-			 */
-			user: User & Record<string, any>;
-			/**
-			 * The user info object from the provider
-			 */
-			userInfo: Record<string, any>;
-			/**
-			 * The OAuth2 tokens from the provider
-			 */
-			token?: OAuth2Tokens;
-			/**
-			 * The SSO provider
-			 */
-			provider: SSOProvider;
-		}) => Promise<"member" | "admin">;
-	};
+	organizationProvisioning?:
+		| {
+				disabled?: boolean;
+				defaultRole?: "member" | "admin";
+				getRole?: (data: {
+					/**
+					 * The user object from the database
+					 */
+					user: User & Record<string, any>;
+					/**
+					 * The user info object from the provider
+					 */
+					userInfo: Record<string, any>;
+					/**
+					 * The OAuth2 tokens from the provider
+					 */
+					token?: OAuth2Tokens;
+					/**
+					 * The SSO provider
+					 */
+					provider: SSOProvider;
+				}) => Promise<"member" | "admin">;
+		  }
+		| undefined;
 	/**
 	 * Default SSO provider configurations for testing.
 	 * These will take the precedence over the database providers.
 	 */
-	defaultSSO?: Array<{
-		/**
-		 * The domain to match for this default provider.
-		 * This is only used to match incoming requests to this default provider.
-		 */
-		domain: string;
-		/**
-		 * The provider ID to use
-		 */
-		providerId: string;
-		/**
-		 * SAML configuration
-		 */
-		samlConfig?: SAMLConfig;
-		/**
-		 * OIDC configuration
-		 */
-		oidcConfig?: OIDCConfig;
-	}>;
+	defaultSSO?:
+		| Array<{
+				/**
+				 * The domain to match for this default provider.
+				 * This is only used to match incoming requests to this default provider.
+				 */
+				domain: string;
+				/**
+				 * The provider ID to use
+				 */
+				providerId: string;
+				/**
+				 * SAML configuration
+				 */
+				samlConfig?: SAMLConfig;
+				/**
+				 * OIDC configuration
+				 */
+				oidcConfig?: OIDCConfig;
+		  }>
+		| undefined;
 	/**
 	 * Override user info with the provider info.
 	 * @default false
 	 */
-	defaultOverrideUserInfo?: boolean;
+	defaultOverrideUserInfo?: boolean | undefined;
 	/**
 	 * Disable implicit sign up for new users. When set to true for the provider,
 	 * sign-in need to be called with with requestSignUp as true to create new users.
 	 */
-	disableImplicitSignUp?: boolean;
+	disableImplicitSignUp?: boolean | undefined;
 	/**
 	 * Configure the maximum number of SSO providers a user can register.
 	 * You can also pass a function that returns a number.
@@ -245,15 +255,17 @@ export interface SSOOptions {
 	 * ```
 	 * @default 10
 	 */
-	providersLimit?: number | ((user: User) => Promise<number> | number);
+	providersLimit?:
+		| (number | ((user: User) => Promise<number> | number))
+		| undefined;
 	/**
 	 * Trust the email verified flag from the provider.
 	 * @default false
 	 */
-	trustEmailVerified?: boolean;
+	trustEmailVerified?: boolean | undefined;
 }
 
-export const sso = (options?: SSOOptions) => {
+export const sso = (options?: SSOOptions | undefined) => {
 	return {
 		id: "sso",
 		endpoints: {