@better-auth/sso 1.4.0-beta.4 → 1.4.0-beta.6

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @better-auth/sso@1.4.0-beta.4 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.0-beta.6 build /home/runner/work/better-auth/better-auth/packages/sso
 > unbuild
 
 [info] Automatically detected entries: src/index, src/client [esm] [cjs] [dts]

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@better-auth/sso",
   "author": "Bereket Engida",
-  "version": "1.4.0-beta.4",
+  "version": "1.4.0-beta.6",
   "main": "dist/index.cjs",
   "license": "MIT",
   "keywords": [
@@ -58,10 +58,10 @@
     "body-parser": "^2.2.0",
     "express": "^5.1.0",
     "unbuild": "3.6.1",
-    "better-auth": "^1.4.0-beta.4"
+    "better-auth": "^1.4.0-beta.6"
   },
   "peerDependencies": {
-    "better-auth": "1.4.0-beta.4"
+    "better-auth": "1.4.0-beta.6"
   },
   "scripts": {
     "test": "vitest",

package/src/oidc.test.ts

@@ -1,18 +1,28 @@
 import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import { getTestInstanceMemory as getTestInstance } from "better-auth/test";
 import { sso } from ".";
 import { OAuth2Server } from "oauth2-mock-server";
 import { betterFetch } from "@better-fetch/fetch";
-import { organization } from "better-auth/plugins/organization";
-import { getTestInstanceMemory } from "better-auth/test";
+import { organization } from "better-auth/plugins";
+import { createAuthClient } from "better-auth/client";
+import { ssoClient } from "./client";
 
 let server = new OAuth2Server();
 
 describe("SSO", async () => {
-	const { auth, signInWithTestUser, customFetchImpl } =
-		await getTestInstanceMemory({
+	const { auth, signInWithTestUser, customFetchImpl, cookieSetter } =
+		await getTestInstance({
 			plugins: [sso(), organization()],
 		});
 
+	const authClient = createAuthClient({
+		plugins: [ssoClient()],
+		baseURL: "http://localhost:3000",
+		fetchOptions: {
+			customFetchImpl,
+		},
+	});
+
 	beforeAll(async () => {
 		await server.issuer.keys.generate("RS256");
 		server.issuer.on;
@@ -57,7 +67,7 @@ describe("SSO", async () => {
 		});
 
 		if (!location) throw new Error("No redirect location found");
-
+		const newHeaders = new Headers();
 		let callbackURL = "";
 		await betterFetch(location, {
 			method: "GET",
@@ -65,10 +75,11 @@ describe("SSO", async () => {
 			headers,
 			onError(context) {
 				callbackURL = context.response.headers.get("location") || "";
+				cookieSetter(newHeaders)(context);
 			},
 		});
 
-		return callbackURL;
+		return { callbackURL, headers: newHeaders };
 	}
 
 	it("should register a new SSO provider", async () => {
@@ -147,122 +158,76 @@ describe("SSO", async () => {
 	});
 
 	it("should sign in with SSO provider with email matching", async () => {
-		const res = await auth.api.signInSSO({
-			body: {
-				email: "my-email@localhost.com",
-				callbackURL: "/dashboard",
+		const headers = new Headers();
+		const res = await authClient.signIn.sso({
+			email: "my-email@localhost.com",
+			callbackURL: "/dashboard",
+			fetchOptions: {
+				throw: true,
+				onSuccess: cookieSetter(headers),
 			},
 		});
 		expect(res.url).toContain("http://localhost:8080/authorize");
 		expect(res.url).toContain(
 			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Ftest",
 		);
-		const headers = new Headers();
-		const callbackURL = await simulateOAuthFlow(res.url, headers);
+		const { callbackURL } = await simulateOAuthFlow(res.url, headers);
 		expect(callbackURL).toContain("/dashboard");
 	});
 
 	it("should sign in with SSO provider with domain", async () => {
-		const res = await auth.api.signInSSO({
-			body: {
-				email: "my-email@test.com",
-				domain: "localhost.com",
-				callbackURL: "/dashboard",
+		const headers = new Headers();
+		const res = await authClient.signIn.sso({
+			email: "my-email@test.com",
+			domain: "localhost.com",
+			callbackURL: "/dashboard",
+			fetchOptions: {
+				throw: true,
+				onSuccess: cookieSetter(headers),
 			},
 		});
 		expect(res.url).toContain("http://localhost:8080/authorize");
 		expect(res.url).toContain(
 			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Ftest",
 		);
-		const headers = new Headers();
-		const callbackURL = await simulateOAuthFlow(res.url, headers);
+		const { callbackURL } = await simulateOAuthFlow(res.url, headers);
 		expect(callbackURL).toContain("/dashboard");
 	});
 
 	it("should sign in with SSO provider with providerId", async () => {
-		const res = await auth.api.signInSSO({
-			body: {
-				providerId: "test",
-				callbackURL: "/dashboard",
-			},
-		});
-		expect(res.url).toContain("http://localhost:8080/authorize");
-		expect(res.url).toContain(
-			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Ftest",
-		);
 		const headers = new Headers();
-		const callbackURL = await simulateOAuthFlow(res.url, headers);
-		expect(callbackURL).toContain("/dashboard");
-	});
-});
-
-describe("SSO with defaultSSO array", async () => {
-	const { auth, signInWithTestUser, customFetchImpl } =
-		await getTestInstanceMemory({
-			plugins: [
-				sso({
-					defaultSSO: [
-						{
-							domain: "localhost.com",
-							providerId: "default-test",
-							oidcConfig: {
-								issuer: "http://localhost:8080",
-								clientId: "test",
-								clientSecret: "test",
-								authorizationEndpoint: "http://localhost:8080/authorize",
-								tokenEndpoint: "http://localhost:8080/token",
-								jwksEndpoint: "http://localhost:8080/jwks",
-								discoveryEndpoint:
-									"http://localhost:8080/.well-known/openid-configuration",
-								pkce: true,
-								mapping: {
-									id: "sub",
-									email: "email",
-									emailVerified: "email_verified",
-									name: "name",
-									image: "picture",
-								},
-							},
-						},
-					],
-				}),
-				organization(),
-			],
-		});
-
-	it("should use default SSO provider from array when no provider found in database using providerId", async () => {
-		const res = await auth.api.signInSSO({
-			body: {
-				providerId: "default-test",
-				callbackURL: "/dashboard",
+		const res = await authClient.signIn.sso({
+			providerId: "test",
+			callbackURL: "/dashboard",
+			fetchOptions: {
+				throw: true,
+				onSuccess: cookieSetter(headers),
 			},
 		});
 		expect(res.url).toContain("http://localhost:8080/authorize");
 		expect(res.url).toContain(
-			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fdefault-test",
+			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Ftest",
 		);
-	});
 
-	it("should use default SSO provider from array when no provider found in database using domain fallback", async () => {
-		const res = await auth.api.signInSSO({
-			body: {
-				email: "test@localhost.com",
-				callbackURL: "/dashboard",
-			},
-		});
-		expect(res.url).toContain("http://localhost:8080/authorize");
-		expect(res.url).toContain(
-			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fdefault-test",
-		);
+		const { callbackURL } = await simulateOAuthFlow(res.url, headers);
+		expect(callbackURL).toContain("/dashboard");
 	});
 });
 
 describe("SSO disable implicit sign in", async () => {
-	const { auth, signInWithTestUser, customFetchImpl } =
-		await getTestInstanceMemory({
+	const { auth, signInWithTestUser, customFetchImpl, cookieSetter } =
+		await getTestInstance({
 			plugins: [sso({ disableImplicitSignUp: true }), organization()],
 		});
 
+	const authClient = createAuthClient({
+		plugins: [ssoClient()],
+		baseURL: "http://localhost:3000",
+		fetchOptions: {
+			customFetchImpl,
+		},
+	});
+
 	beforeAll(async () => {
 		await server.issuer.keys.generate("RS256");
 		server.issuer.on;
@@ -307,7 +272,7 @@ describe("SSO disable implicit sign in", async () => {
 		});
 
 		if (!location) throw new Error("No redirect location found");
-
+		const newHeaders = new Headers(headers);
 		let callbackURL = "";
 		await betterFetch(location, {
 			method: "GET",
@@ -315,10 +280,11 @@ describe("SSO disable implicit sign in", async () => {
 			headers,
 			onError(context) {
 				callbackURL = context.response.headers.get("location") || "";
+				cookieSetter(newHeaders)(context);
 			},
 		});
 
-		return callbackURL;
+		return { callbackURL, headers: newHeaders };
 	}
 
 	it("should register a new SSO provider", async () => {
@@ -369,150 +335,61 @@ describe("SSO disable implicit sign in", async () => {
 			userId: expect.any(String),
 		});
 	});
-	it("should not allow creating a provider if limit is set to 0", async () => {
-		const { auth, signInWithTestUser } = await getTestInstanceMemory({
-			plugins: [sso({ providersLimit: 0 })],
-		});
-		const { headers } = await signInWithTestUser();
-		await expect(
-			auth.api.registerSSOProvider({
-				body: {
-					issuer: server.issuer.url!,
-					domain: "localhost.com",
-					oidcConfig: {
-						clientId: "test",
-						clientSecret: "test",
-					},
-					providerId: "test",
-				},
-				headers,
-			}),
-		).rejects.toMatchObject({
-			status: "FORBIDDEN",
-			body: { message: "SSO provider registration is disabled" },
-		});
-	});
-	it("should not allow creating a provider if limit is reached", async () => {
-		const { auth, signInWithTestUser } = await getTestInstanceMemory({
-			plugins: [sso({ providersLimit: 1 })],
-		});
-		const { headers } = await signInWithTestUser();
-
-		await auth.api.registerSSOProvider({
-			body: {
-				issuer: server.issuer.url!,
-				domain: "localhost.com",
-				oidcConfig: {
-					clientId: "test",
-					clientSecret: "test",
-				},
-				providerId: "test-1",
-			},
-			headers,
-		});
-
-		await expect(
-			auth.api.registerSSOProvider({
-				body: {
-					issuer: server.issuer.url!,
-					domain: "localhost.com",
-					oidcConfig: {
-						clientId: "test",
-						clientSecret: "test",
-					},
-					providerId: "test-2",
-				},
-				headers,
-			}),
-		).rejects.toMatchObject({
-			status: "FORBIDDEN",
-			body: {
-				message: "You have reached the maximum number of SSO providers",
-			},
-		});
-	});
-
-	it("should not allow creating a provider if limit from function is reached", async () => {
-		const { auth, signInWithTestUser } = await getTestInstanceMemory({
-			plugins: [sso({ providersLimit: async () => 1 })],
-		});
-		const { headers } = await signInWithTestUser();
-
-		await auth.api.registerSSOProvider({
-			body: {
-				issuer: server.issuer.url!,
-				domain: "localhost.com",
-				oidcConfig: {
-					clientId: "test",
-					clientSecret: "test",
-				},
-				providerId: "test-1",
-			},
-			headers,
-		});
 
-		await expect(
-			auth.api.registerSSOProvider({
-				body: {
-					issuer: server.issuer.url!,
-					domain: "localhost.com",
-					oidcConfig: {
-						clientId: "test",
-						clientSecret: "test",
-					},
-					providerId: "test-2",
-				},
-				headers,
-			}),
-		).rejects.toMatchObject({
-			status: "FORBIDDEN",
-			body: {
-				message: "You have reached the maximum number of SSO providers",
-			},
-		});
-	});
 	it("should not create user with SSO provider when sign ups are disabled", async () => {
-		const res = await auth.api.signInSSO({
-			body: {
-				email: "my-email@localhost.com",
-				callbackURL: "/dashboard",
+		const headers = new Headers();
+		const res = await authClient.signIn.sso({
+			email: "my-email@localhost.com",
+			callbackURL: "/dashboard",
+			fetchOptions: {
+				throw: true,
+				onSuccess: cookieSetter(headers),
 			},
 		});
 		expect(res.url).toContain("http://localhost:8080/authorize");
 		expect(res.url).toContain(
 			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Ftest",
 		);
-		const headers = new Headers();
-		const callbackURL = await simulateOAuthFlow(res.url, headers);
+		const { callbackURL } = await simulateOAuthFlow(res.url, headers);
 		expect(callbackURL).toContain(
 			"/api/auth/error/error?error=signup disabled",
 		);
 	});
 
 	it("should create user with SSO provider when sign ups are disabled but sign up is requested", async () => {
-		const res = await auth.api.signInSSO({
-			body: {
-				email: "my-email@localhost.com",
-				callbackURL: "/dashboard",
-				requestSignUp: true,
+		const headers = new Headers();
+		const res = await authClient.signIn.sso({
+			email: "my-email@localhost.com",
+			callbackURL: "/dashboard",
+			requestSignUp: true,
+			fetchOptions: {
+				throw: true,
+				onSuccess: cookieSetter(headers),
 			},
 		});
 		expect(res.url).toContain("http://localhost:8080/authorize");
 		expect(res.url).toContain(
 			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Ftest",
 		);
-		const headers = new Headers();
-		const callbackURL = await simulateOAuthFlow(res.url, headers);
+		const { callbackURL } = await simulateOAuthFlow(res.url, headers);
 		expect(callbackURL).toContain("/dashboard");
 	});
 });
 
 describe("provisioning", async (ctx) => {
-	const { auth, signInWithTestUser, customFetchImpl } =
-		await getTestInstanceMemory({
+	const { auth, signInWithTestUser, customFetchImpl, cookieSetter } =
+		await getTestInstance({
 			plugins: [sso(), organization()],
 		});
 
+	const authClient = createAuthClient({
+		plugins: [ssoClient()],
+		baseURL: "http://localhost:3000",
+		fetchOptions: {
+			customFetchImpl,
+		},
+	});
+
 	beforeAll(async () => {
 		await server.issuer.keys.generate("RS256");
 		server.issuer.on;
@@ -540,12 +417,14 @@ describe("provisioning", async (ctx) => {
 		if (!location) throw new Error("No redirect location found");
 
 		let callbackURL = "";
+		const newHeaders = new Headers();
 		await betterFetch(location, {
 			method: "GET",
 			customFetchImpl: fetchImpl || customFetchImpl,
 			headers,
 			onError(context) {
 				callbackURL = context.response.headers.get("location") || "";
+				cookieSetter(newHeaders)(context);
 			},
 		});
 
@@ -605,18 +484,20 @@ describe("provisioning", async (ctx) => {
 		expect(provider).toMatchObject({
 			organizationId: organization?.id,
 		});
-
-		const res = await auth.api.signInSSO({
-			body: {
-				email: "my-email@localhost.com",
-				callbackURL: "/dashboard",
+		const newHeaders = new Headers();
+		const res = await authClient.signIn.sso({
+			email: "my-email@localhost.com",
+			callbackURL: "/dashboard",
+			fetchOptions: {
+				onSuccess: cookieSetter(newHeaders),
+				throw: true,
 			},
 		});
 		expect(res.url).toContain("http://localhost:8080/authorize");
 		expect(res.url).toContain(
 			"redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Ftest",
 		);
-		const newHeaders = new Headers();
+
 		const callbackURL = await simulateOAuthFlow(res.url, newHeaders);
 		expect(callbackURL).toContain("/dashboard");
 		const org = await auth.api.getFullOrganization({

package/tsconfig.json

@@ -5,10 +5,5 @@
     "outDir": "./dist",
     "lib": ["esnext", "dom", "dom.iterable"]
   },
-  "references": [
-    {
-      "path": "../better-auth/tsconfig.json"
-    }
-  ],
   "include": ["src"]
 }