@better-auth/sso 1.4.0-beta.14 → 1.4.0-beta.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/.turbo/turbo-build.log +10 -18
  2. package/dist/client.d.ts +1 -1
  3. package/dist/client.js +1 -1
  4. package/dist/{index-CL9gq2xe.d.ts → index-U95aRHHN.d.ts} +58 -52
  5. package/dist/index.d.ts +1 -1
  6. package/dist/index.js +1 -1
  7. package/dist/{src-BEPbgggK.js → src-BrnaMP1W.js} +1 -1
  8. package/package.json +8 -10
  9. package/src/index.ts +140 -122
  10. package/tsdown.config.ts +1 -1
  11. package/dist/client.cjs +0 -12
  12. package/dist/client.d.cts +0 -9
  13. package/dist/index-N2GvRGik.d.cts +0 -688
  14. package/dist/index.cjs +0 -3
  15. package/dist/index.d.cts +0 -2
  16. package/dist/src-BsLnNXTo.cjs +0 -1256
package/dist/client.cjs DELETED
@@ -1,12 +0,0 @@
1
- require('./src-BsLnNXTo.cjs');
2
-
3
- //#region src/client.ts
4
- const ssoClient = () => {
5
- return {
6
- id: "sso-client",
7
- $InferServerPlugin: {}
8
- };
9
- };
10
-
11
- //#endregion
12
- exports.ssoClient = ssoClient;
package/dist/client.d.cts DELETED
@@ -1,9 +0,0 @@
1
- import { s as sso } from "./index-N2GvRGik.cjs";
2
-
3
- //#region src/client.d.ts
4
- declare const ssoClient: () => {
5
- id: "sso-client";
6
- $InferServerPlugin: ReturnType<typeof sso>;
7
- };
8
- //#endregion
9
- export { ssoClient };
package/dist/index-N2GvRGik.d.cts DELETED
@@ -1,688 +0,0 @@
1
- import * as better_call0 from "better-call";
2
- import { OAuth2Tokens, User } from "better-auth";
3
- import * as z from "zod/v4";
4
-
5
- //#region src/index.d.ts
6
- interface OIDCMapping {
7
- id?: string;
8
- email?: string;
9
- emailVerified?: string;
10
- name?: string;
11
- image?: string;
12
- extraFields?: Record<string, string>;
13
- }
14
- interface SAMLMapping {
15
- id?: string;
16
- email?: string;
17
- emailVerified?: string;
18
- name?: string;
19
- firstName?: string;
20
- lastName?: string;
21
- extraFields?: Record<string, string>;
22
- }
23
- interface OIDCConfig {
24
- issuer: string;
25
- pkce: boolean;
26
- clientId: string;
27
- clientSecret: string;
28
- authorizationEndpoint?: string;
29
- discoveryEndpoint: string;
30
- userInfoEndpoint?: string;
31
- scopes?: string[];
32
- overrideUserInfo?: boolean;
33
- tokenEndpoint?: string;
34
- tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic";
35
- jwksEndpoint?: string;
36
- mapping?: OIDCMapping;
37
- }
38
- interface SAMLConfig {
39
- issuer: string;
40
- entryPoint: string;
41
- cert: string;
42
- callbackUrl: string;
43
- audience?: string;
44
- idpMetadata?: {
45
- metadata?: string;
46
- entityID?: string;
47
- entityURL?: string;
48
- redirectURL?: string;
49
- cert?: string;
50
- privateKey?: string;
51
- privateKeyPass?: string;
52
- isAssertionEncrypted?: boolean;
53
- encPrivateKey?: string;
54
- encPrivateKeyPass?: string;
55
- singleSignOnService?: Array<{
56
- Binding: string;
57
- Location: string;
58
- }>;
59
- };
60
- spMetadata: {
61
- metadata?: string;
62
- entityID?: string;
63
- binding?: string;
64
- privateKey?: string;
65
- privateKeyPass?: string;
66
- isAssertionEncrypted?: boolean;
67
- encPrivateKey?: string;
68
- encPrivateKeyPass?: string;
69
- };
70
- wantAssertionsSigned?: boolean;
71
- signatureAlgorithm?: string;
72
- digestAlgorithm?: string;
73
- identifierFormat?: string;
74
- privateKey?: string;
75
- decryptionPvk?: string;
76
- additionalParams?: Record<string, any>;
77
- mapping?: SAMLMapping;
78
- }
79
- interface SSOProvider {
80
- issuer: string;
81
- oidcConfig?: OIDCConfig;
82
- samlConfig?: SAMLConfig;
83
- userId: string;
84
- providerId: string;
85
- organizationId?: string;
86
- }
87
- interface SSOOptions {
88
- /**
89
- * custom function to provision a user when they sign in with an SSO provider.
90
- */
91
- provisionUser?: (data: {
92
- /**
93
- * The user object from the database
94
- */
95
- user: User & Record<string, any>;
96
- /**
97
- * The user info object from the provider
98
- */
99
- userInfo: Record<string, any>;
100
- /**
101
- * The OAuth2 tokens from the provider
102
- */
103
- token?: OAuth2Tokens;
104
- /**
105
- * The SSO provider
106
- */
107
- provider: SSOProvider;
108
- }) => Promise<void>;
109
- /**
110
- * Organization provisioning options
111
- */
112
- organizationProvisioning?: {
113
- disabled?: boolean;
114
- defaultRole?: "member" | "admin";
115
- getRole?: (data: {
116
- /**
117
- * The user object from the database
118
- */
119
- user: User & Record<string, any>;
120
- /**
121
- * The user info object from the provider
122
- */
123
- userInfo: Record<string, any>;
124
- /**
125
- * The OAuth2 tokens from the provider
126
- */
127
- token?: OAuth2Tokens;
128
- /**
129
- * The SSO provider
130
- */
131
- provider: SSOProvider;
132
- }) => Promise<"member" | "admin">;
133
- };
134
- /**
135
- * Default SSO provider configurations for testing.
136
- * These will take the precedence over the database providers.
137
- */
138
- defaultSSO?: Array<{
139
- /**
140
- * The domain to match for this default provider.
141
- * This is only used to match incoming requests to this default provider.
142
- */
143
- domain: string;
144
- /**
145
- * The provider ID to use
146
- */
147
- providerId: string;
148
- /**
149
- * SAML configuration
150
- */
151
- samlConfig?: SAMLConfig;
152
- /**
153
- * OIDC configuration
154
- */
155
- oidcConfig?: OIDCConfig;
156
- }>;
157
- /**
158
- * Override user info with the provider info.
159
- * @default false
160
- */
161
- defaultOverrideUserInfo?: boolean;
162
- /**
163
- * Disable implicit sign up for new users. When set to true for the provider,
164
- * sign-in need to be called with with requestSignUp as true to create new users.
165
- */
166
- disableImplicitSignUp?: boolean;
167
- /**
168
- * Configure the maximum number of SSO providers a user can register.
169
- * You can also pass a function that returns a number.
170
- * Set to 0 to disable SSO provider registration.
171
- *
172
- * @example
173
- * ```ts
174
- * providersLimit: async (user) => {
175
- * const plan = await getUserPlan(user);
176
- * return plan.name === "pro" ? 10 : 1;
177
- * }
178
- * ```
179
- * @default 10
180
- */
181
- providersLimit?: number | ((user: User) => Promise<number> | number);
182
- /**
183
- * Trust the email verified flag from the provider.
184
- * @default false
185
- */
186
- trustEmailVerified?: boolean;
187
- }
188
- declare const sso: (options?: SSOOptions) => {
189
- id: "sso";
190
- endpoints: {
191
- spMetadata: better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
192
- method: "GET";
193
- query: z.ZodObject<{
194
- providerId: z.ZodString;
195
- format: z.ZodDefault<z.ZodEnum<{
196
- json: "json";
197
- xml: "xml";
198
- }>>;
199
- }, z.core.$strip>;
200
- metadata: {
201
- openapi: {
202
- summary: string;
203
- description: string;
204
- responses: {
205
- "200": {
206
- description: string;
207
- };
208
- };
209
- };
210
- };
211
- } & {
212
- use: any[];
213
- }, Response>;
214
- registerSSOProvider: better_call0.StrictEndpoint<"/sso/register", {
215
- method: "POST";
216
- body: z.ZodObject<{
217
- providerId: z.ZodString;
218
- issuer: z.ZodString;
219
- domain: z.ZodString;
220
- oidcConfig: z.ZodOptional<z.ZodObject<{
221
- clientId: z.ZodString;
222
- clientSecret: z.ZodString;
223
- authorizationEndpoint: z.ZodOptional<z.ZodString>;
224
- tokenEndpoint: z.ZodOptional<z.ZodString>;
225
- userInfoEndpoint: z.ZodOptional<z.ZodString>;
226
- tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
227
- client_secret_post: "client_secret_post";
228
- client_secret_basic: "client_secret_basic";
229
- }>>;
230
- jwksEndpoint: z.ZodOptional<z.ZodString>;
231
- discoveryEndpoint: z.ZodOptional<z.ZodString>;
232
- scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
233
- pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
234
- mapping: z.ZodOptional<z.ZodObject<{
235
- id: z.ZodString;
236
- email: z.ZodString;
237
- emailVerified: z.ZodOptional<z.ZodString>;
238
- name: z.ZodString;
239
- image: z.ZodOptional<z.ZodString>;
240
- extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
241
- }, z.core.$strip>>;
242
- }, z.core.$strip>>;
243
- samlConfig: z.ZodOptional<z.ZodObject<{
244
- entryPoint: z.ZodString;
245
- cert: z.ZodString;
246
- callbackUrl: z.ZodString;
247
- audience: z.ZodOptional<z.ZodString>;
248
- idpMetadata: z.ZodOptional<z.ZodObject<{
249
- metadata: z.ZodOptional<z.ZodString>;
250
- entityID: z.ZodOptional<z.ZodString>;
251
- cert: z.ZodOptional<z.ZodString>;
252
- privateKey: z.ZodOptional<z.ZodString>;
253
- privateKeyPass: z.ZodOptional<z.ZodString>;
254
- isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
255
- encPrivateKey: z.ZodOptional<z.ZodString>;
256
- encPrivateKeyPass: z.ZodOptional<z.ZodString>;
257
- singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
258
- Binding: z.ZodString;
259
- Location: z.ZodString;
260
- }, z.core.$strip>>>;
261
- }, z.core.$strip>>;
262
- spMetadata: z.ZodObject<{
263
- metadata: z.ZodOptional<z.ZodString>;
264
- entityID: z.ZodOptional<z.ZodString>;
265
- binding: z.ZodOptional<z.ZodString>;
266
- privateKey: z.ZodOptional<z.ZodString>;
267
- privateKeyPass: z.ZodOptional<z.ZodString>;
268
- isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
269
- encPrivateKey: z.ZodOptional<z.ZodString>;
270
- encPrivateKeyPass: z.ZodOptional<z.ZodString>;
271
- }, z.core.$strip>;
272
- wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
273
- signatureAlgorithm: z.ZodOptional<z.ZodString>;
274
- digestAlgorithm: z.ZodOptional<z.ZodString>;
275
- identifierFormat: z.ZodOptional<z.ZodString>;
276
- privateKey: z.ZodOptional<z.ZodString>;
277
- decryptionPvk: z.ZodOptional<z.ZodString>;
278
- additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
279
- mapping: z.ZodOptional<z.ZodObject<{
280
- id: z.ZodString;
281
- email: z.ZodString;
282
- emailVerified: z.ZodOptional<z.ZodString>;
283
- name: z.ZodString;
284
- firstName: z.ZodOptional<z.ZodString>;
285
- lastName: z.ZodOptional<z.ZodString>;
286
- extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
287
- }, z.core.$strip>>;
288
- }, z.core.$strip>>;
289
- organizationId: z.ZodOptional<z.ZodString>;
290
- overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
291
- }, z.core.$strip>;
292
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
293
- session: {
294
- session: Record<string, any> & {
295
- id: string;
296
- createdAt: Date;
297
- updatedAt: Date;
298
- userId: string;
299
- expiresAt: Date;
300
- token: string;
301
- ipAddress?: string | null | undefined;
302
- userAgent?: string | null | undefined;
303
- };
304
- user: Record<string, any> & {
305
- id: string;
306
- createdAt: Date;
307
- updatedAt: Date;
308
- email: string;
309
- emailVerified: boolean;
310
- name: string;
311
- image?: string | null | undefined;
312
- };
313
- };
314
- }>)[];
315
- metadata: {
316
- openapi: {
317
- summary: string;
318
- description: string;
319
- responses: {
320
- "200": {
321
- description: string;
322
- content: {
323
- "application/json": {
324
- schema: {
325
- type: "object";
326
- properties: {
327
- issuer: {
328
- type: string;
329
- format: string;
330
- description: string;
331
- };
332
- domain: {
333
- type: string;
334
- description: string;
335
- };
336
- oidcConfig: {
337
- type: string;
338
- properties: {
339
- issuer: {
340
- type: string;
341
- format: string;
342
- description: string;
343
- };
344
- pkce: {
345
- type: string;
346
- description: string;
347
- };
348
- clientId: {
349
- type: string;
350
- description: string;
351
- };
352
- clientSecret: {
353
- type: string;
354
- description: string;
355
- };
356
- authorizationEndpoint: {
357
- type: string;
358
- format: string;
359
- nullable: boolean;
360
- description: string;
361
- };
362
- discoveryEndpoint: {
363
- type: string;
364
- format: string;
365
- description: string;
366
- };
367
- userInfoEndpoint: {
368
- type: string;
369
- format: string;
370
- nullable: boolean;
371
- description: string;
372
- };
373
- scopes: {
374
- type: string;
375
- items: {
376
- type: string;
377
- };
378
- nullable: boolean;
379
- description: string;
380
- };
381
- tokenEndpoint: {
382
- type: string;
383
- format: string;
384
- nullable: boolean;
385
- description: string;
386
- };
387
- tokenEndpointAuthentication: {
388
- type: string;
389
- enum: string[];
390
- nullable: boolean;
391
- description: string;
392
- };
393
- jwksEndpoint: {
394
- type: string;
395
- format: string;
396
- nullable: boolean;
397
- description: string;
398
- };
399
- mapping: {
400
- type: string;
401
- nullable: boolean;
402
- properties: {
403
- id: {
404
- type: string;
405
- description: string;
406
- };
407
- email: {
408
- type: string;
409
- description: string;
410
- };
411
- emailVerified: {
412
- type: string;
413
- nullable: boolean;
414
- description: string;
415
- };
416
- name: {
417
- type: string;
418
- description: string;
419
- };
420
- image: {
421
- type: string;
422
- nullable: boolean;
423
- description: string;
424
- };
425
- extraFields: {
426
- type: string;
427
- additionalProperties: {
428
- type: string;
429
- };
430
- nullable: boolean;
431
- description: string;
432
- };
433
- };
434
- required: string[];
435
- };
436
- };
437
- required: string[];
438
- description: string;
439
- };
440
- organizationId: {
441
- type: string;
442
- nullable: boolean;
443
- description: string;
444
- };
445
- userId: {
446
- type: string;
447
- description: string;
448
- };
449
- providerId: {
450
- type: string;
451
- description: string;
452
- };
453
- redirectURI: {
454
- type: string;
455
- format: string;
456
- description: string;
457
- };
458
- };
459
- required: string[];
460
- };
461
- };
462
- };
463
- };
464
- };
465
- };
466
- };
467
- } & {
468
- use: any[];
469
- }, {
470
- oidcConfig: OIDCConfig;
471
- samlConfig: SAMLConfig;
472
- redirectURI: string;
473
- issuer: string;
474
- userId: string;
475
- providerId: string;
476
- organizationId?: string;
477
- }>;
478
- signInSSO: better_call0.StrictEndpoint<"/sign-in/sso", {
479
- method: "POST";
480
- body: z.ZodObject<{
481
- email: z.ZodOptional<z.ZodString>;
482
- organizationSlug: z.ZodOptional<z.ZodString>;
483
- providerId: z.ZodOptional<z.ZodString>;
484
- domain: z.ZodOptional<z.ZodString>;
485
- callbackURL: z.ZodString;
486
- errorCallbackURL: z.ZodOptional<z.ZodString>;
487
- newUserCallbackURL: z.ZodOptional<z.ZodString>;
488
- scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
489
- loginHint: z.ZodOptional<z.ZodString>;
490
- requestSignUp: z.ZodOptional<z.ZodBoolean>;
491
- providerType: z.ZodOptional<z.ZodEnum<{
492
- oidc: "oidc";
493
- saml: "saml";
494
- }>>;
495
- }, z.core.$strip>;
496
- metadata: {
497
- openapi: {
498
- summary: string;
499
- description: string;
500
- requestBody: {
501
- content: {
502
- "application/json": {
503
- schema: {
504
- type: "object";
505
- properties: {
506
- email: {
507
- type: string;
508
- description: string;
509
- };
510
- issuer: {
511
- type: string;
512
- description: string;
513
- };
514
- providerId: {
515
- type: string;
516
- description: string;
517
- };
518
- callbackURL: {
519
- type: string;
520
- description: string;
521
- };
522
- errorCallbackURL: {
523
- type: string;
524
- description: string;
525
- };
526
- newUserCallbackURL: {
527
- type: string;
528
- description: string;
529
- };
530
- loginHint: {
531
- type: string;
532
- description: string;
533
- };
534
- };
535
- required: string[];
536
- };
537
- };
538
- };
539
- };
540
- responses: {
541
- "200": {
542
- description: string;
543
- content: {
544
- "application/json": {
545
- schema: {
546
- type: "object";
547
- properties: {
548
- url: {
549
- type: string;
550
- format: string;
551
- description: string;
552
- };
553
- redirect: {
554
- type: string;
555
- description: string;
556
- enum: boolean[];
557
- };
558
- };
559
- required: string[];
560
- };
561
- };
562
- };
563
- };
564
- };
565
- };
566
- };
567
- } & {
568
- use: any[];
569
- }, {
570
- url: string;
571
- redirect: boolean;
572
- }>;
573
- callbackSSO: better_call0.StrictEndpoint<"/sso/callback/:providerId", {
574
- method: "GET";
575
- query: z.ZodObject<{
576
- code: z.ZodOptional<z.ZodString>;
577
- state: z.ZodString;
578
- error: z.ZodOptional<z.ZodString>;
579
- error_description: z.ZodOptional<z.ZodString>;
580
- }, z.core.$strip>;
581
- metadata: {
582
- isAction: boolean;
583
- openapi: {
584
- summary: string;
585
- description: string;
586
- responses: {
587
- "302": {
588
- description: string;
589
- };
590
- };
591
- };
592
- };
593
- } & {
594
- use: any[];
595
- }, never>;
596
- callbackSSOSAML: better_call0.StrictEndpoint<"/sso/saml2/callback/:providerId", {
597
- method: "POST";
598
- body: z.ZodObject<{
599
- SAMLResponse: z.ZodString;
600
- RelayState: z.ZodOptional<z.ZodString>;
601
- }, z.core.$strip>;
602
- metadata: {
603
- isAction: boolean;
604
- openapi: {
605
- summary: string;
606
- description: string;
607
- responses: {
608
- "302": {
609
- description: string;
610
- };
611
- "400": {
612
- description: string;
613
- };
614
- "401": {
615
- description: string;
616
- };
617
- };
618
- };
619
- };
620
- } & {
621
- use: any[];
622
- }, never>;
623
- acsEndpoint: better_call0.StrictEndpoint<"/sso/saml2/sp/acs/:providerId", {
624
- method: "POST";
625
- params: z.ZodObject<{
626
- providerId: z.ZodOptional<z.ZodString>;
627
- }, z.core.$strip>;
628
- body: z.ZodObject<{
629
- SAMLResponse: z.ZodString;
630
- RelayState: z.ZodOptional<z.ZodString>;
631
- }, z.core.$strip>;
632
- metadata: {
633
- isAction: boolean;
634
- openapi: {
635
- summary: string;
636
- description: string;
637
- responses: {
638
- "302": {
639
- description: string;
640
- };
641
- };
642
- };
643
- };
644
- } & {
645
- use: any[];
646
- }, never>;
647
- };
648
- schema: {
649
- ssoProvider: {
650
- fields: {
651
- issuer: {
652
- type: "string";
653
- required: true;
654
- };
655
- oidcConfig: {
656
- type: "string";
657
- required: false;
658
- };
659
- samlConfig: {
660
- type: "string";
661
- required: false;
662
- };
663
- userId: {
664
- type: "string";
665
- references: {
666
- model: string;
667
- field: string;
668
- };
669
- };
670
- providerId: {
671
- type: "string";
672
- required: true;
673
- unique: true;
674
- };
675
- organizationId: {
676
- type: "string";
677
- required: false;
678
- };
679
- domain: {
680
- type: "string";
681
- required: true;
682
- };
683
- };
684
- };
685
- };
686
- };
687
- //#endregion
688
- export { SSOOptions as a, SAMLMapping as i, OIDCMapping as n, SSOProvider as o, SAMLConfig as r, sso as s, OIDCConfig as t };
package/dist/index.cjs DELETED
@@ -1,3 +0,0 @@
1
- const require_src = require('./src-BsLnNXTo.cjs');
2
-
3
- exports.sso = require_src.sso;