npm - @better-auth/sso - Versions diffs - 1.4.0-beta.22 → 1.4.0-beta.23 - Mend

@better-auth/sso 1.4.0-beta.22 → 1.4.0-beta.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/.turbo/turbo-build.log +8 -8
package/dist/client.d.mts +14 -3
package/dist/client.mjs +1 -1
package/dist/{index-DOws6HlV.d.mts → index-xXD__4zM.d.mts} +172 -19
package/dist/index.d.mts +2 -2
package/dist/index.mjs +252 -17
package/package.json +4 -4
package/src/client.ts +20 -3
package/src/domain-verification.test.ts +550 -0
package/src/index.ts +57 -11
package/src/routes/domain-verification.ts +275 -0
package/src/routes/sso.ts +116 -16
package/src/types.ts +28 -3
package/src/utils.ts +10 -0

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,5 +1,5 @@
-> @better-auth/sso@1.4.0-beta.22 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.0-beta.23 build /home/runner/work/better-auth/better-auth/packages/sso
 > tsdown
 [34mℹ[39m tsdown [2mv0.16.5[22m powered by rolldown [2mv1.0.0-beta.50[22m
@@ -7,10 +7,10 @@
 [34mℹ[39m entry: [34msrc/index.ts, src/client.ts[39m
 [34mℹ[39m tsconfig: [34mtsconfig.json[39m
 [34mℹ[39m Build start
-[34mℹ[39m [2mdist/[22m[1mindex.mjs[22m             [2m48.56 kB[22m [2m│ gzip: 8.72 kB[22m
-[34mℹ[39m [2mdist/[22m[1mclient.mjs[22m            [2m 0.15 kB[22m [2m│ gzip: 0.14 kB[22m
-[34mℹ[39m [2mdist/[22m[32m[1mclient.d.mts[22m[39m          [2m 0.21 kB[22m [2m│ gzip: 0.18 kB[22m
-[34mℹ[39m [2mdist/[22m[32m[1mindex.d.mts[22m[39m           [2m 0.18 kB[22m [2m│ gzip: 0.14 kB[22m
-[34mℹ[39m [2mdist/[22m[32mindex-DOws6HlV.d.mts[39m  [2m21.24 kB[22m [2m│ gzip: 3.48 kB[22m
-[34mℹ[39m 5 files, total: 70.34 kB
-[32m✔[39m Build complete in [32m11501ms[39m
+[34mℹ[39m [2mdist/[22m[1mindex.mjs[22m             [2m57.77 kB[22m [2m│ gzip: 10.35 kB[22m
+[34mℹ[39m [2mdist/[22m[1mclient.mjs[22m            [2m 0.15 kB[22m [2m│ gzip:  0.14 kB[22m
+[34mℹ[39m [2mdist/[22m[32m[1mclient.d.mts[22m[39m          [2m 0.49 kB[22m [2m│ gzip:  0.30 kB[22m
+[34mℹ[39m [2mdist/[22m[32m[1mindex.d.mts[22m[39m           [2m 0.21 kB[22m [2m│ gzip:  0.15 kB[22m
+[34mℹ[39m [2mdist/[22m[32mindex-xXD__4zM.d.mts[39m  [2m25.36 kB[22m [2m│ gzip:  3.94 kB[22m
+[34mℹ[39m 5 files, total: 83.98 kB
+[32m✔[39m Build complete in [32m11335ms[39m

package/dist/client.d.mts CHANGED Viewed

@@ -1,9 +1,20 @@
-import { t as sso } from "./index-DOws6HlV.mjs";
+import { t as SSOPlugin } from "./index-xXD__4zM.mjs";
 //#region src/client.d.ts
-declare const ssoClient: () => {
+interface SSOClientOptions {
+  domainVerification?: {
+    enabled: boolean;
+  } | undefined;
+}
+declare const ssoClient: <CO extends SSOClientOptions>(options?: CO | undefined) => {
   id: "sso-client";
-  $InferServerPlugin: ReturnType<typeof sso>;
+  $InferServerPlugin: SSOPlugin<{
+    domainVerification: {
+      enabled: CO["domainVerification"] extends {
+        enabled: true;
+      } ? true : false;
+    };
+  }>;
 };
 //#endregion
 export { ssoClient };

package/dist/client.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
 //#region src/client.ts
-const ssoClient = () => {
+const ssoClient = (options) => {
 	return {
 		id: "sso-client",
 		$InferServerPlugin: {}

package/dist/{index-DOws6HlV.d.mts → index-xXD__4zM.d.mts} RENAMED Viewed

@@ -1,5 +1,5 @@
-import { OAuth2Tokens, User } from "better-auth";
 import * as z from "zod/v4";
+import { OAuth2Tokens, User } from "better-auth";
 import * as better_call0 from "better-call";
 //#region src/types.d.ts
@@ -76,7 +76,7 @@ interface SAMLConfig {
   additionalParams?: Record<string, any> | undefined;
   mapping?: SAMLMapping | undefined;
 }
-type SSOProvider = {
+type BaseSSOProvider = {
   issuer: string;
   oidcConfig?: OIDCConfig | undefined;
   samlConfig?: SAMLConfig | undefined;
@@ -85,6 +85,11 @@ type SSOProvider = {
   organizationId?: string | undefined;
   domain: string;
 };
+type SSOProvider<O extends SSOOptions> = O["domainVerification"] extends {
+  enabled: true;
+} ? {
+  domainVerified: boolean;
+} & BaseSSOProvider : BaseSSOProvider;
 interface SSOOptions {
   /**
    * custom function to provision a user when they sign in with an SSO provider.
@@ -105,7 +110,7 @@ interface SSOOptions {
     /**
      * The SSO provider
      */
-    provider: SSOProvider;
+    provider: SSOProvider<SSOOptions>;
   }) => Promise<void>) | undefined;
   /**
    * Organization provisioning options
@@ -129,7 +134,7 @@ interface SSOOptions {
       /**
        * The SSO provider
        */
-      provider: SSOProvider;
+      provider: SSOProvider<SSOOptions>;
     }) => Promise<"member" | "admin">;
   } | undefined;
   /**
@@ -214,8 +219,129 @@ interface SSOOptions {
    * @default false
    */
   trustEmailVerified?: boolean | undefined;
+  /**
+   * Enable domain verification on SSO providers
+   *
+   * When this option is enabled, new SSO providers will require the associated domain to be verified by the owner
+   * prior to allowing sign-ins.
+   */
+  domainVerification?: {
+    /**
+     * Enables or disables the domain verification feature
+     */
+    enabled?: boolean;
+    /**
+     * Prefix used to generate the domain verification token
+     *
+     * @default "better-auth-token-"
+     */
+    tokenPrefix?: string;
+  };
 }
 //#endregion
+//#region src/routes/domain-verification.d.ts
+declare const requestDomainVerification: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/request-domain-verification", {
+  method: "POST";
+  body: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      summary: string;
+      description: string;
+      responses: {
+        "404": {
+          description: string;
+        };
+        "409": {
+          description: string;
+        };
+        "201": {
+          description: string;
+        };
+      };
+    };
+  };
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+} & {
+  use: any[];
+}, {
+  domainVerificationToken: string;
+}>;
+declare const verifyDomain: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/verify-domain", {
+  method: "POST";
+  body: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      summary: string;
+      description: string;
+      responses: {
+        "404": {
+          description: string;
+        };
+        "409": {
+          description: string;
+        };
+        "502": {
+          description: string;
+        };
+        "204": {
+          description: string;
+        };
+      };
+    };
+  };
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+} & {
+  use: any[];
+}, void>;
+//#endregion
 //#region src/routes/sso.d.ts
 declare const spMetadata: () => better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
   method: "GET";
@@ -241,7 +367,7 @@ declare const spMetadata: () => better_call0.StrictEndpoint<"/sso/saml2/sp/metad
 } & {
   use: any[];
 }, Response>;
-declare const registerSSOProvider: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/register", {
+declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_call0.StrictEndpoint<"/sso/register", {
   method: "POST";
   body: z.ZodObject<{
     providerId: z.ZodString;
@@ -364,6 +490,14 @@ declare const registerSSOProvider: (options?: SSOOptions) => better_call0.Strict
                     type: string;
                     description: string;
                   };
+                  domainVerified: {
+                    type: string;
+                    description: string;
+                  };
+                  domainVerificationToken: {
+                    type: string;
+                    description: string;
+                  };
                   oidcConfig: {
                     type: string;
                     properties: {
@@ -497,16 +631,12 @@ declare const registerSSOProvider: (options?: SSOOptions) => better_call0.Strict
   };
 } & {
   use: any[];
-}, {
-  oidcConfig: OIDCConfig;
-  samlConfig: SAMLConfig;
-  redirectURI: string;
-  issuer: string;
-  userId: string;
-  providerId: string;
-  organizationId?: string | undefined;
-  domain: string;
-}>;
+}, O["domainVerification"] extends {
+  enabled: true;
+} ? {
+  domainVerified: boolean;
+  domainVerificationToken: string;
+} & SSOProvider<O> : SSOProvider<O>>;
 declare const signInSSO: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sign-in/sso", {
   method: "POST";
   body: z.ZodObject<{
@@ -611,6 +741,7 @@ declare const callbackSSO: (options?: SSOOptions) => better_call0.StrictEndpoint
     error: z.ZodOptional<z.ZodString>;
     error_description: z.ZodOptional<z.ZodString>;
   }, z.core.$strip>;
+  allowedMediaTypes: string[];
   metadata: {
     isAction: boolean;
     openapi: {
@@ -682,17 +813,39 @@ declare const acsEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint
 }, never>;
 //#endregion
 //#region src/index.d.ts
-type SSOEndpoints = {
+type DomainVerificationEndpoints = {
+  requestDomainVerification: ReturnType<typeof requestDomainVerification>;
+  verifyDomain: ReturnType<typeof verifyDomain>;
+};
+type SSOEndpoints<O extends SSOOptions> = {
   spMetadata: ReturnType<typeof spMetadata>;
-  registerSSOProvider: ReturnType<typeof registerSSOProvider>;
+  registerSSOProvider: ReturnType<typeof registerSSOProvider<O>>;
   signInSSO: ReturnType<typeof signInSSO>;
   callbackSSO: ReturnType<typeof callbackSSO>;
   callbackSSOSAML: ReturnType<typeof callbackSSOSAML>;
   acsEndpoint: ReturnType<typeof acsEndpoint>;
 };
+type SSOPlugin<O extends SSOOptions> = {
+  id: "sso";
+  endpoints: SSOEndpoints<O> & (O extends {
+    domainVerification: {
+      enabled: true;
+    };
+  } ? DomainVerificationEndpoints : {});
+};
+declare function sso<O extends SSOOptions & {
+  domainVerification?: {
+    enabled: true;
+  };
+}>(options?: O | undefined): {
+  id: "sso";
+  endpoints: SSOEndpoints<O> & DomainVerificationEndpoints;
+  schema: any;
+  options: O;
+};
 declare function sso<O extends SSOOptions>(options?: O | undefined): {
   id: "sso";
-  endpoints: SSOEndpoints;
+  endpoints: SSOEndpoints<O>;
 };
 //#endregion
-export { SSOProvider as a, SSOOptions as i, OIDCConfig as n, SAMLConfig as r, sso as t };
+export { SSOOptions as a, SAMLConfig as i, sso as n, SSOProvider as o, OIDCConfig as r, SSOPlugin as t };

package/dist/index.d.mts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { a as SSOProvider, i as SSOOptions, n as OIDCConfig, r as SAMLConfig, t as sso } from "./index-DOws6HlV.mjs";
-export { OIDCConfig, SAMLConfig, SSOOptions, SSOProvider, sso };
+import { a as SSOOptions, i as SAMLConfig, n as sso, o as SSOProvider, r as OIDCConfig, t as SSOPlugin } from "./index-xXD__4zM.mjs";
+export { OIDCConfig, SAMLConfig, SSOOptions, SSOPlugin, SSOProvider, sso };