@better-auth/sso 1.4.0-beta.24 → 1.4.0-beta.25

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @better-auth/sso@1.4.0-beta.24 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.0-beta.25 build /home/runner/work/better-auth/better-auth/packages/sso
 > tsdown
 
 ℹ tsdown v0.16.5 powered by rolldown v1.0.0-beta.50
@@ -7,10 +7,10 @@
 ℹ entry: src/index.ts, src/client.ts
 ℹ tsconfig: tsconfig.json
 ℹ Build start
-ℹ dist/index.mjs             57.85 kB │ gzip: 10.36 kB
+ℹ dist/index.mjs             58.41 kB │ gzip: 10.32 kB
 ℹ dist/client.mjs             0.15 kB │ gzip:  0.14 kB
 ℹ dist/client.d.mts           0.49 kB │ gzip:  0.29 kB
 ℹ dist/index.d.mts            0.21 kB │ gzip:  0.15 kB
 ℹ dist/index-BdGHTkZi.d.mts  25.39 kB │ gzip:  3.95 kB
-ℹ 5 files, total: 84.10 kB
-✔ Build complete in 11149ms
+ℹ 5 files, total: 84.66 kB
+✔ Build complete in 11606ms

package/dist/index.mjs

@@ -751,8 +751,18 @@ const signInSSO = (options) => {
 		if (provider.samlConfig) {
 			const parsedSamlConfig = typeof provider.samlConfig === "object" ? provider.samlConfig : safeJsonParse(provider.samlConfig);
 			if (!parsedSamlConfig) throw new APIError("BAD_REQUEST", { message: "Invalid SAML configuration" });
+			let metadata = parsedSamlConfig.spMetadata.metadata;
+			if (!metadata) metadata = saml.SPMetadata({
+				entityID: parsedSamlConfig.spMetadata?.entityID || parsedSamlConfig.issuer,
+				assertionConsumerService: [{
+					Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+					Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.providerId}`
+				}],
+				wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
+				nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0
+			}).getMetadata() || "";
 			const sp = saml.ServiceProvider({
-				metadata: parsedSamlConfig.spMetadata.metadata,
+				metadata,
 				allowCreate: true
 			});
 			const idp = saml.IdentityProvider({

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@better-auth/sso",
   "author": "Bereket Engida",
-  "version": "1.4.0-beta.24",
+  "version": "1.4.0-beta.25",
   "type": "module",
   "main": "dist/index.mjs",
   "homepage": "https://www.better-auth.com/docs/plugins/sso",
@@ -65,10 +65,10 @@
     "express": "^5.1.0",
     "oauth2-mock-server": "^7.2.1",
     "tsdown": "^0.16.0",
-    "better-auth": "1.4.0-beta.24"
+    "better-auth": "1.4.0-beta.25"
   },
   "peerDependencies": {
-    "better-auth": "1.4.0-beta.24"
+    "better-auth": "1.4.0-beta.25"
   },
   "scripts": {
     "test": "vitest",

package/src/routes/sso.ts

@@ -1039,8 +1039,35 @@ export const signInSSO = (options?: SSOOptions) => {
 						message: "Invalid SAML configuration",
 					});
 				}
+
+				let metadata = parsedSamlConfig.spMetadata.metadata;
+
+				if (!metadata) {
+					metadata =
+						saml
+							.SPMetadata({
+								entityID:
+									parsedSamlConfig.spMetadata?.entityID ||
+									parsedSamlConfig.issuer,
+								assertionConsumerService: [
+									{
+										Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+										Location:
+											parsedSamlConfig.callbackUrl ||
+											`${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.providerId}`,
+									},
+								],
+								wantMessageSigned:
+									parsedSamlConfig.wantAssertionsSigned || false,
+								nameIDFormat: parsedSamlConfig.identifierFormat
+									? [parsedSamlConfig.identifierFormat]
+									: undefined,
+							})
+							.getMetadata() || "";
+				}
+
 				const sp = saml.ServiceProvider({
-					metadata: parsedSamlConfig.spMetadata.metadata,
+					metadata: metadata,
 					allowCreate: true,
 				});