@better-auth/sso 1.4.0-beta.23 → 1.4.0-beta.25

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @better-auth/sso@1.4.0-beta.23 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.0-beta.25 build /home/runner/work/better-auth/better-auth/packages/sso
 > tsdown
 
 ℹ tsdown v0.16.5 powered by rolldown v1.0.0-beta.50
@@ -7,10 +7,10 @@
 ℹ entry: src/index.ts, src/client.ts
 ℹ tsconfig: tsconfig.json
 ℹ Build start
-ℹ dist/index.mjs             57.77 kB │ gzip: 10.35 kB
+ℹ dist/index.mjs             58.41 kB │ gzip: 10.32 kB
 ℹ dist/client.mjs             0.15 kB │ gzip:  0.14 kB
-ℹ dist/client.d.mts           0.49 kB │ gzip:  0.30 kB
+ℹ dist/client.d.mts           0.49 kB │ gzip:  0.29 kB
 ℹ dist/index.d.mts            0.21 kB │ gzip:  0.15 kB
-ℹ dist/index-xXD__4zM.d.mts  25.36 kB │ gzip:  3.94 kB
-ℹ 5 files, total: 83.98 kB
-✔ Build complete in 11335ms
+ℹ dist/index-BdGHTkZi.d.mts  25.39 kB │ gzip:  3.95 kB
+ℹ 5 files, total: 84.66 kB
+✔ Build complete in 11606ms

package/dist/client.d.mts

@@ -1,4 +1,4 @@
-import { t as SSOPlugin } from "./index-xXD__4zM.mjs";
+import { t as SSOPlugin } from "./index-BdGHTkZi.mjs";
 
 //#region src/client.d.ts
 interface SSOClientOptions {

package/dist/{index-xXD__4zM.d.mts → index-BdGHTkZi.d.mts}

@@ -797,6 +797,7 @@ declare const acsEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint
   }, z.core.$strip>;
   metadata: {
     isAction: boolean;
+    allowedMediaTypes: string[];
     openapi: {
       operationId: string;
       summary: string;

package/dist/index.d.mts

@@ -1,2 +1,2 @@
-import { a as SSOOptions, i as SAMLConfig, n as sso, o as SSOProvider, r as OIDCConfig, t as SSOPlugin } from "./index-xXD__4zM.mjs";
+import { a as SSOOptions, i as SAMLConfig, n as sso, o as SSOProvider, r as OIDCConfig, t as SSOPlugin } from "./index-BdGHTkZi.mjs";
 export { OIDCConfig, SAMLConfig, SSOOptions, SSOPlugin, SSOProvider, sso };

package/dist/index.mjs

@@ -751,8 +751,18 @@ const signInSSO = (options) => {
 		if (provider.samlConfig) {
 			const parsedSamlConfig = typeof provider.samlConfig === "object" ? provider.samlConfig : safeJsonParse(provider.samlConfig);
 			if (!parsedSamlConfig) throw new APIError("BAD_REQUEST", { message: "Invalid SAML configuration" });
+			let metadata = parsedSamlConfig.spMetadata.metadata;
+			if (!metadata) metadata = saml.SPMetadata({
+				entityID: parsedSamlConfig.spMetadata?.entityID || parsedSamlConfig.issuer,
+				assertionConsumerService: [{
+					Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+					Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.providerId}`
+				}],
+				wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
+				nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0
+			}).getMetadata() || "";
 			const sp = saml.ServiceProvider({
-				metadata: parsedSamlConfig.spMetadata.metadata,
+				metadata,
 				allowCreate: true
 			});
 			const idp = saml.IdentityProvider({
@@ -1185,6 +1195,7 @@ const acsEndpoint = (options) => {
 		}),
 		metadata: {
 			isAction: false,
+			allowedMediaTypes: ["application/x-www-form-urlencoded", "application/json"],
 			openapi: {
 				operationId: "handleSAMLAssertionConsumerService",
 				summary: "SAML Assertion Consumer Service",

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@better-auth/sso",
   "author": "Bereket Engida",
-  "version": "1.4.0-beta.23",
+  "version": "1.4.0-beta.25",
   "type": "module",
   "main": "dist/index.mjs",
   "homepage": "https://www.better-auth.com/docs/plugins/sso",
@@ -65,10 +65,10 @@
     "express": "^5.1.0",
     "oauth2-mock-server": "^7.2.1",
     "tsdown": "^0.16.0",
-    "better-auth": "1.4.0-beta.23"
+    "better-auth": "1.4.0-beta.25"
   },
   "peerDependencies": {
-    "better-auth": "1.4.0-beta.23"
+    "better-auth": "1.4.0-beta.25"
   },
   "scripts": {
     "test": "vitest",

package/src/routes/sso.ts

@@ -1039,8 +1039,35 @@ export const signInSSO = (options?: SSOOptions) => {
 						message: "Invalid SAML configuration",
 					});
 				}
+
+				let metadata = parsedSamlConfig.spMetadata.metadata;
+
+				if (!metadata) {
+					metadata =
+						saml
+							.SPMetadata({
+								entityID:
+									parsedSamlConfig.spMetadata?.entityID ||
+									parsedSamlConfig.issuer,
+								assertionConsumerService: [
+									{
+										Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+										Location:
+											parsedSamlConfig.callbackUrl ||
+											`${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.providerId}`,
+									},
+								],
+								wantMessageSigned:
+									parsedSamlConfig.wantAssertionsSigned || false,
+								nameIDFormat: parsedSamlConfig.identifierFormat
+									? [parsedSamlConfig.identifierFormat]
+									: undefined,
+							})
+							.getMetadata() || "";
+				}
+
 				const sp = saml.ServiceProvider({
-					metadata: parsedSamlConfig.spMetadata.metadata,
+					metadata: metadata,
 					allowCreate: true,
 				});
 
@@ -1798,6 +1825,10 @@ export const acsEndpoint = (options?: SSOOptions) => {
 			}),
 			metadata: {
 				isAction: false,
+				allowedMediaTypes: [
+					"application/x-www-form-urlencoded",
+					"application/json",
+				],
 				openapi: {
 					operationId: "handleSAMLAssertionConsumerService",
 					summary: "SAML Assertion Consumer Service",