@better-auth/sso 1.4.0-beta.21 → 1.4.0-beta.23

package/.turbo/turbo-build.log

@@ -1,16 +1,16 @@
 
-> @better-auth/sso@1.4.0-beta.21 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.0-beta.23 build /home/runner/work/better-auth/better-auth/packages/sso
 > tsdown
 
-ℹ tsdown v0.16.0 powered by rolldown v1.0.0-beta.46
+ℹ tsdown v0.16.5 powered by rolldown v1.0.0-beta.50
 ℹ Using tsdown config: /home/runner/work/better-auth/better-auth/packages/sso/tsdown.config.ts
-ℹ entry: src/client.ts, src/index.ts
+ℹ entry: src/index.ts, src/client.ts
 ℹ tsconfig: tsconfig.json
 ℹ Build start
-ℹ dist/index.mjs             47.64 kB │ gzip: 8.57 kB
-ℹ dist/client.mjs             0.15 kB │ gzip: 0.14 kB
-ℹ dist/client.d.mts           0.21 kB │ gzip: 0.18 kB
-ℹ dist/index.d.mts            0.18 kB │ gzip: 0.14 kB
-ℹ dist/index-C091fIpa.d.mts  20.75 kB │ gzip: 3.37 kB
-ℹ 5 files, total: 68.93 kB
-✔ Build complete in 10064ms
+ℹ dist/index.mjs             57.77 kB │ gzip: 10.35 kB
+ℹ dist/client.mjs             0.15 kB │ gzip:  0.14 kB
+ℹ dist/client.d.mts           0.49 kB │ gzip:  0.30 kB
+ℹ dist/index.d.mts            0.21 kB │ gzip:  0.15 kB
+ℹ dist/index-xXD__4zM.d.mts  25.36 kB │ gzip:  3.94 kB
+ℹ 5 files, total: 83.98 kB
+✔ Build complete in 11335ms

package/dist/client.d.mts

@@ -1,9 +1,20 @@
-import { t as sso } from "./index-C091fIpa.mjs";
+import { t as SSOPlugin } from "./index-xXD__4zM.mjs";
 
 //#region src/client.d.ts
-declare const ssoClient: () => {
+interface SSOClientOptions {
+  domainVerification?: {
+    enabled: boolean;
+  } | undefined;
+}
+declare const ssoClient: <CO extends SSOClientOptions>(options?: CO | undefined) => {
   id: "sso-client";
-  $InferServerPlugin: ReturnType<typeof sso>;
+  $InferServerPlugin: SSOPlugin<{
+    domainVerification: {
+      enabled: CO["domainVerification"] extends {
+        enabled: true;
+      } ? true : false;
+    };
+  }>;
 };
 //#endregion
 export { ssoClient };

package/dist/client.mjs

@@ -1,5 +1,5 @@
 //#region src/client.ts
-const ssoClient = () => {
+const ssoClient = (options) => {
 	return {
 		id: "sso-client",
 		$InferServerPlugin: {}

package/dist/{index-C091fIpa.d.mts → index-xXD__4zM.d.mts}

@@ -1,5 +1,5 @@
-import { OAuth2Tokens, User } from "better-auth";
 import * as z from "zod/v4";
+import { OAuth2Tokens, User } from "better-auth";
 import * as better_call0 from "better-call";
 
 //#region src/types.d.ts
@@ -76,7 +76,7 @@ interface SAMLConfig {
   additionalParams?: Record<string, any> | undefined;
   mapping?: SAMLMapping | undefined;
 }
-type SSOProvider = {
+type BaseSSOProvider = {
   issuer: string;
   oidcConfig?: OIDCConfig | undefined;
   samlConfig?: SAMLConfig | undefined;
@@ -85,6 +85,11 @@ type SSOProvider = {
   organizationId?: string | undefined;
   domain: string;
 };
+type SSOProvider<O extends SSOOptions> = O["domainVerification"] extends {
+  enabled: true;
+} ? {
+  domainVerified: boolean;
+} & BaseSSOProvider : BaseSSOProvider;
 interface SSOOptions {
   /**
    * custom function to provision a user when they sign in with an SSO provider.
@@ -105,7 +110,7 @@ interface SSOOptions {
     /**
      * The SSO provider
      */
-    provider: SSOProvider;
+    provider: SSOProvider<SSOOptions>;
   }) => Promise<void>) | undefined;
   /**
    * Organization provisioning options
@@ -129,7 +134,7 @@ interface SSOOptions {
       /**
        * The SSO provider
        */
-      provider: SSOProvider;
+      provider: SSOProvider<SSOOptions>;
     }) => Promise<"member" | "admin">;
   } | undefined;
   /**
@@ -165,6 +170,29 @@ interface SSOOptions {
    * sign-in need to be called with with requestSignUp as true to create new users.
    */
   disableImplicitSignUp?: boolean | undefined;
+  /**
+   * The model name for the SSO provider table. Defaults to "ssoProvider".
+   */
+  modelName?: string;
+  /**
+   * Map fields
+   *
+   * @example
+   * ```ts
+   * {
+   *  samlConfig: "saml_config"
+   * }
+   * ```
+   */
+  fields?: {
+    issuer?: string | undefined;
+    oidcConfig?: string | undefined;
+    samlConfig?: string | undefined;
+    userId?: string | undefined;
+    providerId?: string | undefined;
+    organizationId?: string | undefined;
+    domain?: string | undefined;
+  };
   /**
    * Configure the maximum number of SSO providers a user can register.
    * You can also pass a function that returns a number.
@@ -191,8 +219,129 @@ interface SSOOptions {
    * @default false
    */
   trustEmailVerified?: boolean | undefined;
+  /**
+   * Enable domain verification on SSO providers
+   *
+   * When this option is enabled, new SSO providers will require the associated domain to be verified by the owner
+   * prior to allowing sign-ins.
+   */
+  domainVerification?: {
+    /**
+     * Enables or disables the domain verification feature
+     */
+    enabled?: boolean;
+    /**
+     * Prefix used to generate the domain verification token
+     *
+     * @default "better-auth-token-"
+     */
+    tokenPrefix?: string;
+  };
 }
 //#endregion
+//#region src/routes/domain-verification.d.ts
+declare const requestDomainVerification: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/request-domain-verification", {
+  method: "POST";
+  body: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      summary: string;
+      description: string;
+      responses: {
+        "404": {
+          description: string;
+        };
+        "409": {
+          description: string;
+        };
+        "201": {
+          description: string;
+        };
+      };
+    };
+  };
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+} & {
+  use: any[];
+}, {
+  domainVerificationToken: string;
+}>;
+declare const verifyDomain: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/verify-domain", {
+  method: "POST";
+  body: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      summary: string;
+      description: string;
+      responses: {
+        "404": {
+          description: string;
+        };
+        "409": {
+          description: string;
+        };
+        "502": {
+          description: string;
+        };
+        "204": {
+          description: string;
+        };
+      };
+    };
+  };
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+} & {
+  use: any[];
+}, void>;
+//#endregion
 //#region src/routes/sso.d.ts
 declare const spMetadata: () => better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
   method: "GET";
@@ -218,7 +367,7 @@ declare const spMetadata: () => better_call0.StrictEndpoint<"/sso/saml2/sp/metad
 } & {
   use: any[];
 }, Response>;
-declare const registerSSOProvider: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/register", {
+declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_call0.StrictEndpoint<"/sso/register", {
   method: "POST";
   body: z.ZodObject<{
     providerId: z.ZodString;
@@ -341,6 +490,14 @@ declare const registerSSOProvider: (options?: SSOOptions) => better_call0.Strict
                     type: string;
                     description: string;
                   };
+                  domainVerified: {
+                    type: string;
+                    description: string;
+                  };
+                  domainVerificationToken: {
+                    type: string;
+                    description: string;
+                  };
                   oidcConfig: {
                     type: string;
                     properties: {
@@ -474,16 +631,12 @@ declare const registerSSOProvider: (options?: SSOOptions) => better_call0.Strict
   };
 } & {
   use: any[];
-}, {
-  oidcConfig: OIDCConfig;
-  samlConfig: SAMLConfig;
-  redirectURI: string;
-  issuer: string;
-  userId: string;
-  providerId: string;
-  organizationId?: string | undefined;
-  domain: string;
-}>;
+}, O["domainVerification"] extends {
+  enabled: true;
+} ? {
+  domainVerified: boolean;
+  domainVerificationToken: string;
+} & SSOProvider<O> : SSOProvider<O>>;
 declare const signInSSO: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sign-in/sso", {
   method: "POST";
   body: z.ZodObject<{
@@ -588,6 +741,7 @@ declare const callbackSSO: (options?: SSOOptions) => better_call0.StrictEndpoint
     error: z.ZodOptional<z.ZodString>;
     error_description: z.ZodOptional<z.ZodString>;
   }, z.core.$strip>;
+  allowedMediaTypes: string[];
   metadata: {
     isAction: boolean;
     openapi: {
@@ -659,17 +813,39 @@ declare const acsEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint
 }, never>;
 //#endregion
 //#region src/index.d.ts
-type SSOEndpoints = {
+type DomainVerificationEndpoints = {
+  requestDomainVerification: ReturnType<typeof requestDomainVerification>;
+  verifyDomain: ReturnType<typeof verifyDomain>;
+};
+type SSOEndpoints<O extends SSOOptions> = {
   spMetadata: ReturnType<typeof spMetadata>;
-  registerSSOProvider: ReturnType<typeof registerSSOProvider>;
+  registerSSOProvider: ReturnType<typeof registerSSOProvider<O>>;
   signInSSO: ReturnType<typeof signInSSO>;
   callbackSSO: ReturnType<typeof callbackSSO>;
   callbackSSOSAML: ReturnType<typeof callbackSSOSAML>;
   acsEndpoint: ReturnType<typeof acsEndpoint>;
 };
+type SSOPlugin<O extends SSOOptions> = {
+  id: "sso";
+  endpoints: SSOEndpoints<O> & (O extends {
+    domainVerification: {
+      enabled: true;
+    };
+  } ? DomainVerificationEndpoints : {});
+};
+declare function sso<O extends SSOOptions & {
+  domainVerification?: {
+    enabled: true;
+  };
+}>(options?: O | undefined): {
+  id: "sso";
+  endpoints: SSOEndpoints<O> & DomainVerificationEndpoints;
+  schema: any;
+  options: O;
+};
 declare function sso<O extends SSOOptions>(options?: O | undefined): {
   id: "sso";
-  endpoints: SSOEndpoints;
+  endpoints: SSOEndpoints<O>;
 };
 //#endregion
-export { SSOProvider as a, SSOOptions as i, OIDCConfig as n, SAMLConfig as r, sso as t };
+export { SSOOptions as a, SAMLConfig as i, sso as n, SSOProvider as o, OIDCConfig as r, SSOPlugin as t };

package/dist/index.d.mts

@@ -1,2 +1,2 @@
-import { a as SSOProvider, i as SSOOptions, n as OIDCConfig, r as SAMLConfig, t as sso } from "./index-C091fIpa.mjs";
-export { OIDCConfig, SAMLConfig, SSOOptions, SSOProvider, sso };
+import { a as SSOOptions, i as SAMLConfig, n as sso, o as SSOProvider, r as OIDCConfig, t as SSOPlugin } from "./index-xXD__4zM.mjs";
+export { OIDCConfig, SAMLConfig, SSOOptions, SSOPlugin, SSOProvider, sso };