@better-auth/sso 1.4.0-beta.15 → 1.4.0-beta.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/.turbo/turbo-build.log +9 -17
  2. package/dist/client.d.ts +1 -1
  3. package/dist/client.js +1 -1
  4. package/dist/{index-CdeDxbNh.d.ts → index-U95aRHHN.d.ts} +6 -0
  5. package/dist/index.d.ts +1 -1
  6. package/dist/index.js +1 -1
  7. package/dist/{src-BEPbgggK.js → src-BrnaMP1W.js} +1 -1
  8. package/package.json +6 -8
  9. package/src/index.ts +7 -1
  10. package/tsdown.config.ts +1 -1
  11. package/dist/client.cjs +0 -12
  12. package/dist/client.d.cts +0 -9
  13. package/dist/index-DJAIa5j3.d.cts +0 -688
  14. package/dist/index.cjs +0 -3
  15. package/dist/index.d.cts +0 -2
  16. package/dist/src-BsLnNXTo.cjs +0 -1256
package/dist/index-DJAIa5j3.d.cts DELETED
@@ -1,688 +0,0 @@
1
- import * as better_call0 from "better-call";
2
- import { OAuth2Tokens, User } from "better-auth";
3
- import * as z from "zod/v4";
4
-
5
- //#region src/index.d.ts
6
- interface OIDCMapping {
7
- id?: string | undefined;
8
- email?: string | undefined;
9
- emailVerified?: string | undefined;
10
- name?: string | undefined;
11
- image?: string | undefined;
12
- extraFields?: Record<string, string> | undefined;
13
- }
14
- interface SAMLMapping {
15
- id?: string | undefined;
16
- email?: string | undefined;
17
- emailVerified?: string | undefined;
18
- name?: string | undefined;
19
- firstName?: string | undefined;
20
- lastName?: string | undefined;
21
- extraFields?: Record<string, string> | undefined;
22
- }
23
- interface OIDCConfig {
24
- issuer: string;
25
- pkce: boolean;
26
- clientId: string;
27
- clientSecret: string;
28
- authorizationEndpoint?: string | undefined;
29
- discoveryEndpoint: string;
30
- userInfoEndpoint?: string | undefined;
31
- scopes?: string[] | undefined;
32
- overrideUserInfo?: boolean | undefined;
33
- tokenEndpoint?: string | undefined;
34
- tokenEndpointAuthentication?: ("client_secret_post" | "client_secret_basic") | undefined;
35
- jwksEndpoint?: string | undefined;
36
- mapping?: OIDCMapping | undefined;
37
- }
38
- interface SAMLConfig {
39
- issuer: string;
40
- entryPoint: string;
41
- cert: string;
42
- callbackUrl: string;
43
- audience?: string | undefined;
44
- idpMetadata?: {
45
- metadata?: string;
46
- entityID?: string;
47
- entityURL?: string;
48
- redirectURL?: string;
49
- cert?: string;
50
- privateKey?: string;
51
- privateKeyPass?: string;
52
- isAssertionEncrypted?: boolean;
53
- encPrivateKey?: string;
54
- encPrivateKeyPass?: string;
55
- singleSignOnService?: Array<{
56
- Binding: string;
57
- Location: string;
58
- }>;
59
- } | undefined;
60
- spMetadata: {
61
- metadata?: string | undefined;
62
- entityID?: string | undefined;
63
- binding?: string | undefined;
64
- privateKey?: string | undefined;
65
- privateKeyPass?: string | undefined;
66
- isAssertionEncrypted?: boolean | undefined;
67
- encPrivateKey?: string | undefined;
68
- encPrivateKeyPass?: string | undefined;
69
- };
70
- wantAssertionsSigned?: boolean | undefined;
71
- signatureAlgorithm?: string | undefined;
72
- digestAlgorithm?: string | undefined;
73
- identifierFormat?: string | undefined;
74
- privateKey?: string | undefined;
75
- decryptionPvk?: string | undefined;
76
- additionalParams?: Record<string, any> | undefined;
77
- mapping?: SAMLMapping | undefined;
78
- }
79
- interface SSOProvider {
80
- issuer: string;
81
- oidcConfig?: OIDCConfig | undefined;
82
- samlConfig?: SAMLConfig | undefined;
83
- userId: string;
84
- providerId: string;
85
- organizationId?: string | undefined;
86
- }
87
- interface SSOOptions {
88
- /**
89
- * custom function to provision a user when they sign in with an SSO provider.
90
- */
91
- provisionUser?: ((data: {
92
- /**
93
- * The user object from the database
94
- */
95
- user: User & Record<string, any>;
96
- /**
97
- * The user info object from the provider
98
- */
99
- userInfo: Record<string, any>;
100
- /**
101
- * The OAuth2 tokens from the provider
102
- */
103
- token?: OAuth2Tokens;
104
- /**
105
- * The SSO provider
106
- */
107
- provider: SSOProvider;
108
- }) => Promise<void>) | undefined;
109
- /**
110
- * Organization provisioning options
111
- */
112
- organizationProvisioning?: {
113
- disabled?: boolean;
114
- defaultRole?: "member" | "admin";
115
- getRole?: (data: {
116
- /**
117
- * The user object from the database
118
- */
119
- user: User & Record<string, any>;
120
- /**
121
- * The user info object from the provider
122
- */
123
- userInfo: Record<string, any>;
124
- /**
125
- * The OAuth2 tokens from the provider
126
- */
127
- token?: OAuth2Tokens;
128
- /**
129
- * The SSO provider
130
- */
131
- provider: SSOProvider;
132
- }) => Promise<"member" | "admin">;
133
- } | undefined;
134
- /**
135
- * Default SSO provider configurations for testing.
136
- * These will take the precedence over the database providers.
137
- */
138
- defaultSSO?: Array<{
139
- /**
140
- * The domain to match for this default provider.
141
- * This is only used to match incoming requests to this default provider.
142
- */
143
- domain: string;
144
- /**
145
- * The provider ID to use
146
- */
147
- providerId: string;
148
- /**
149
- * SAML configuration
150
- */
151
- samlConfig?: SAMLConfig;
152
- /**
153
- * OIDC configuration
154
- */
155
- oidcConfig?: OIDCConfig;
156
- }> | undefined;
157
- /**
158
- * Override user info with the provider info.
159
- * @default false
160
- */
161
- defaultOverrideUserInfo?: boolean | undefined;
162
- /**
163
- * Disable implicit sign up for new users. When set to true for the provider,
164
- * sign-in need to be called with with requestSignUp as true to create new users.
165
- */
166
- disableImplicitSignUp?: boolean | undefined;
167
- /**
168
- * Configure the maximum number of SSO providers a user can register.
169
- * You can also pass a function that returns a number.
170
- * Set to 0 to disable SSO provider registration.
171
- *
172
- * @example
173
- * ```ts
174
- * providersLimit: async (user) => {
175
- * const plan = await getUserPlan(user);
176
- * return plan.name === "pro" ? 10 : 1;
177
- * }
178
- * ```
179
- * @default 10
180
- */
181
- providersLimit?: (number | ((user: User) => Promise<number> | number)) | undefined;
182
- /**
183
- * Trust the email verified flag from the provider.
184
- * @default false
185
- */
186
- trustEmailVerified?: boolean | undefined;
187
- }
188
- declare const sso: (options?: SSOOptions | undefined) => {
189
- id: "sso";
190
- endpoints: {
191
- spMetadata: better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
192
- method: "GET";
193
- query: z.ZodObject<{
194
- providerId: z.ZodString;
195
- format: z.ZodDefault<z.ZodEnum<{
196
- json: "json";
197
- xml: "xml";
198
- }>>;
199
- }, z.core.$strip>;
200
- metadata: {
201
- openapi: {
202
- summary: string;
203
- description: string;
204
- responses: {
205
- "200": {
206
- description: string;
207
- };
208
- };
209
- };
210
- };
211
- } & {
212
- use: any[];
213
- }, Response>;
214
- registerSSOProvider: better_call0.StrictEndpoint<"/sso/register", {
215
- method: "POST";
216
- body: z.ZodObject<{
217
- providerId: z.ZodString;
218
- issuer: z.ZodString;
219
- domain: z.ZodString;
220
- oidcConfig: z.ZodOptional<z.ZodObject<{
221
- clientId: z.ZodString;
222
- clientSecret: z.ZodString;
223
- authorizationEndpoint: z.ZodOptional<z.ZodString>;
224
- tokenEndpoint: z.ZodOptional<z.ZodString>;
225
- userInfoEndpoint: z.ZodOptional<z.ZodString>;
226
- tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
227
- client_secret_post: "client_secret_post";
228
- client_secret_basic: "client_secret_basic";
229
- }>>;
230
- jwksEndpoint: z.ZodOptional<z.ZodString>;
231
- discoveryEndpoint: z.ZodOptional<z.ZodString>;
232
- scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
233
- pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
234
- mapping: z.ZodOptional<z.ZodObject<{
235
- id: z.ZodString;
236
- email: z.ZodString;
237
- emailVerified: z.ZodOptional<z.ZodString>;
238
- name: z.ZodString;
239
- image: z.ZodOptional<z.ZodString>;
240
- extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
241
- }, z.core.$strip>>;
242
- }, z.core.$strip>>;
243
- samlConfig: z.ZodOptional<z.ZodObject<{
244
- entryPoint: z.ZodString;
245
- cert: z.ZodString;
246
- callbackUrl: z.ZodString;
247
- audience: z.ZodOptional<z.ZodString>;
248
- idpMetadata: z.ZodOptional<z.ZodObject<{
249
- metadata: z.ZodOptional<z.ZodString>;
250
- entityID: z.ZodOptional<z.ZodString>;
251
- cert: z.ZodOptional<z.ZodString>;
252
- privateKey: z.ZodOptional<z.ZodString>;
253
- privateKeyPass: z.ZodOptional<z.ZodString>;
254
- isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
255
- encPrivateKey: z.ZodOptional<z.ZodString>;
256
- encPrivateKeyPass: z.ZodOptional<z.ZodString>;
257
- singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
258
- Binding: z.ZodString;
259
- Location: z.ZodString;
260
- }, z.core.$strip>>>;
261
- }, z.core.$strip>>;
262
- spMetadata: z.ZodObject<{
263
- metadata: z.ZodOptional<z.ZodString>;
264
- entityID: z.ZodOptional<z.ZodString>;
265
- binding: z.ZodOptional<z.ZodString>;
266
- privateKey: z.ZodOptional<z.ZodString>;
267
- privateKeyPass: z.ZodOptional<z.ZodString>;
268
- isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
269
- encPrivateKey: z.ZodOptional<z.ZodString>;
270
- encPrivateKeyPass: z.ZodOptional<z.ZodString>;
271
- }, z.core.$strip>;
272
- wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
273
- signatureAlgorithm: z.ZodOptional<z.ZodString>;
274
- digestAlgorithm: z.ZodOptional<z.ZodString>;
275
- identifierFormat: z.ZodOptional<z.ZodString>;
276
- privateKey: z.ZodOptional<z.ZodString>;
277
- decryptionPvk: z.ZodOptional<z.ZodString>;
278
- additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
279
- mapping: z.ZodOptional<z.ZodObject<{
280
- id: z.ZodString;
281
- email: z.ZodString;
282
- emailVerified: z.ZodOptional<z.ZodString>;
283
- name: z.ZodString;
284
- firstName: z.ZodOptional<z.ZodString>;
285
- lastName: z.ZodOptional<z.ZodString>;
286
- extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
287
- }, z.core.$strip>>;
288
- }, z.core.$strip>>;
289
- organizationId: z.ZodOptional<z.ZodString>;
290
- overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
291
- }, z.core.$strip>;
292
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
293
- session: {
294
- session: Record<string, any> & {
295
- id: string;
296
- createdAt: Date;
297
- updatedAt: Date;
298
- userId: string;
299
- expiresAt: Date;
300
- token: string;
301
- ipAddress?: string | null | undefined;
302
- userAgent?: string | null | undefined;
303
- };
304
- user: Record<string, any> & {
305
- id: string;
306
- createdAt: Date;
307
- updatedAt: Date;
308
- email: string;
309
- emailVerified: boolean;
310
- name: string;
311
- image?: string | null | undefined;
312
- };
313
- };
314
- }>)[];
315
- metadata: {
316
- openapi: {
317
- summary: string;
318
- description: string;
319
- responses: {
320
- "200": {
321
- description: string;
322
- content: {
323
- "application/json": {
324
- schema: {
325
- type: "object";
326
- properties: {
327
- issuer: {
328
- type: string;
329
- format: string;
330
- description: string;
331
- };
332
- domain: {
333
- type: string;
334
- description: string;
335
- };
336
- oidcConfig: {
337
- type: string;
338
- properties: {
339
- issuer: {
340
- type: string;
341
- format: string;
342
- description: string;
343
- };
344
- pkce: {
345
- type: string;
346
- description: string;
347
- };
348
- clientId: {
349
- type: string;
350
- description: string;
351
- };
352
- clientSecret: {
353
- type: string;
354
- description: string;
355
- };
356
- authorizationEndpoint: {
357
- type: string;
358
- format: string;
359
- nullable: boolean;
360
- description: string;
361
- };
362
- discoveryEndpoint: {
363
- type: string;
364
- format: string;
365
- description: string;
366
- };
367
- userInfoEndpoint: {
368
- type: string;
369
- format: string;
370
- nullable: boolean;
371
- description: string;
372
- };
373
- scopes: {
374
- type: string;
375
- items: {
376
- type: string;
377
- };
378
- nullable: boolean;
379
- description: string;
380
- };
381
- tokenEndpoint: {
382
- type: string;
383
- format: string;
384
- nullable: boolean;
385
- description: string;
386
- };
387
- tokenEndpointAuthentication: {
388
- type: string;
389
- enum: string[];
390
- nullable: boolean;
391
- description: string;
392
- };
393
- jwksEndpoint: {
394
- type: string;
395
- format: string;
396
- nullable: boolean;
397
- description: string;
398
- };
399
- mapping: {
400
- type: string;
401
- nullable: boolean;
402
- properties: {
403
- id: {
404
- type: string;
405
- description: string;
406
- };
407
- email: {
408
- type: string;
409
- description: string;
410
- };
411
- emailVerified: {
412
- type: string;
413
- nullable: boolean;
414
- description: string;
415
- };
416
- name: {
417
- type: string;
418
- description: string;
419
- };
420
- image: {
421
- type: string;
422
- nullable: boolean;
423
- description: string;
424
- };
425
- extraFields: {
426
- type: string;
427
- additionalProperties: {
428
- type: string;
429
- };
430
- nullable: boolean;
431
- description: string;
432
- };
433
- };
434
- required: string[];
435
- };
436
- };
437
- required: string[];
438
- description: string;
439
- };
440
- organizationId: {
441
- type: string;
442
- nullable: boolean;
443
- description: string;
444
- };
445
- userId: {
446
- type: string;
447
- description: string;
448
- };
449
- providerId: {
450
- type: string;
451
- description: string;
452
- };
453
- redirectURI: {
454
- type: string;
455
- format: string;
456
- description: string;
457
- };
458
- };
459
- required: string[];
460
- };
461
- };
462
- };
463
- };
464
- };
465
- };
466
- };
467
- } & {
468
- use: any[];
469
- }, {
470
- oidcConfig: OIDCConfig;
471
- samlConfig: SAMLConfig;
472
- redirectURI: string;
473
- issuer: string;
474
- userId: string;
475
- providerId: string;
476
- organizationId?: string | undefined;
477
- }>;
478
- signInSSO: better_call0.StrictEndpoint<"/sign-in/sso", {
479
- method: "POST";
480
- body: z.ZodObject<{
481
- email: z.ZodOptional<z.ZodString>;
482
- organizationSlug: z.ZodOptional<z.ZodString>;
483
- providerId: z.ZodOptional<z.ZodString>;
484
- domain: z.ZodOptional<z.ZodString>;
485
- callbackURL: z.ZodString;
486
- errorCallbackURL: z.ZodOptional<z.ZodString>;
487
- newUserCallbackURL: z.ZodOptional<z.ZodString>;
488
- scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
489
- loginHint: z.ZodOptional<z.ZodString>;
490
- requestSignUp: z.ZodOptional<z.ZodBoolean>;
491
- providerType: z.ZodOptional<z.ZodEnum<{
492
- oidc: "oidc";
493
- saml: "saml";
494
- }>>;
495
- }, z.core.$strip>;
496
- metadata: {
497
- openapi: {
498
- summary: string;
499
- description: string;
500
- requestBody: {
501
- content: {
502
- "application/json": {
503
- schema: {
504
- type: "object";
505
- properties: {
506
- email: {
507
- type: string;
508
- description: string;
509
- };
510
- issuer: {
511
- type: string;
512
- description: string;
513
- };
514
- providerId: {
515
- type: string;
516
- description: string;
517
- };
518
- callbackURL: {
519
- type: string;
520
- description: string;
521
- };
522
- errorCallbackURL: {
523
- type: string;
524
- description: string;
525
- };
526
- newUserCallbackURL: {
527
- type: string;
528
- description: string;
529
- };
530
- loginHint: {
531
- type: string;
532
- description: string;
533
- };
534
- };
535
- required: string[];
536
- };
537
- };
538
- };
539
- };
540
- responses: {
541
- "200": {
542
- description: string;
543
- content: {
544
- "application/json": {
545
- schema: {
546
- type: "object";
547
- properties: {
548
- url: {
549
- type: string;
550
- format: string;
551
- description: string;
552
- };
553
- redirect: {
554
- type: string;
555
- description: string;
556
- enum: boolean[];
557
- };
558
- };
559
- required: string[];
560
- };
561
- };
562
- };
563
- };
564
- };
565
- };
566
- };
567
- } & {
568
- use: any[];
569
- }, {
570
- url: string;
571
- redirect: boolean;
572
- }>;
573
- callbackSSO: better_call0.StrictEndpoint<"/sso/callback/:providerId", {
574
- method: "GET";
575
- query: z.ZodObject<{
576
- code: z.ZodOptional<z.ZodString>;
577
- state: z.ZodString;
578
- error: z.ZodOptional<z.ZodString>;
579
- error_description: z.ZodOptional<z.ZodString>;
580
- }, z.core.$strip>;
581
- metadata: {
582
- isAction: boolean;
583
- openapi: {
584
- summary: string;
585
- description: string;
586
- responses: {
587
- "302": {
588
- description: string;
589
- };
590
- };
591
- };
592
- };
593
- } & {
594
- use: any[];
595
- }, never>;
596
- callbackSSOSAML: better_call0.StrictEndpoint<"/sso/saml2/callback/:providerId", {
597
- method: "POST";
598
- body: z.ZodObject<{
599
- SAMLResponse: z.ZodString;
600
- RelayState: z.ZodOptional<z.ZodString>;
601
- }, z.core.$strip>;
602
- metadata: {
603
- isAction: boolean;
604
- openapi: {
605
- summary: string;
606
- description: string;
607
- responses: {
608
- "302": {
609
- description: string;
610
- };
611
- "400": {
612
- description: string;
613
- };
614
- "401": {
615
- description: string;
616
- };
617
- };
618
- };
619
- };
620
- } & {
621
- use: any[];
622
- }, never>;
623
- acsEndpoint: better_call0.StrictEndpoint<"/sso/saml2/sp/acs/:providerId", {
624
- method: "POST";
625
- params: z.ZodObject<{
626
- providerId: z.ZodOptional<z.ZodString>;
627
- }, z.core.$strip>;
628
- body: z.ZodObject<{
629
- SAMLResponse: z.ZodString;
630
- RelayState: z.ZodOptional<z.ZodString>;
631
- }, z.core.$strip>;
632
- metadata: {
633
- isAction: boolean;
634
- openapi: {
635
- summary: string;
636
- description: string;
637
- responses: {
638
- "302": {
639
- description: string;
640
- };
641
- };
642
- };
643
- };
644
- } & {
645
- use: any[];
646
- }, never>;
647
- };
648
- schema: {
649
- ssoProvider: {
650
- fields: {
651
- issuer: {
652
- type: "string";
653
- required: true;
654
- };
655
- oidcConfig: {
656
- type: "string";
657
- required: false;
658
- };
659
- samlConfig: {
660
- type: "string";
661
- required: false;
662
- };
663
- userId: {
664
- type: "string";
665
- references: {
666
- model: string;
667
- field: string;
668
- };
669
- };
670
- providerId: {
671
- type: "string";
672
- required: true;
673
- unique: true;
674
- };
675
- organizationId: {
676
- type: "string";
677
- required: false;
678
- };
679
- domain: {
680
- type: "string";
681
- required: true;
682
- };
683
- };
684
- };
685
- };
686
- };
687
- //#endregion
688
- export { SSOOptions as a, SAMLMapping as i, OIDCMapping as n, SSOProvider as o, SAMLConfig as r, sso as s, OIDCConfig as t };
package/dist/index.cjs DELETED
@@ -1,3 +0,0 @@
1
- const require_src = require('./src-BsLnNXTo.cjs');
2
-
3
- exports.sso = require_src.sso;
package/dist/index.d.cts DELETED
@@ -1,2 +0,0 @@
1
- import { a as SSOOptions, i as SAMLMapping, n as OIDCMapping, o as SSOProvider, r as SAMLConfig, s as sso, t as OIDCConfig } from "./index-DJAIa5j3.cjs";
2
- export { OIDCConfig, OIDCMapping, SAMLConfig, SAMLMapping, SSOOptions, SSOProvider, sso };