@better-auth/sso 1.4.16 → 1.4.18

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @better-auth/sso@1.4.16 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.18 build /home/runner/work/better-auth/better-auth/packages/sso
 > tsdown
 
 ℹ tsdown v0.17.2 powered by rolldown v1.0.0-beta.53
@@ -7,10 +7,12 @@
 ℹ entry: src/index.ts, src/client.ts
 ℹ tsconfig: tsconfig.json
 ℹ Build start
-ℹ dist/index.mjs             99.53 kB │ gzip: 19.50 kB
-ℹ dist/client.mjs             0.15 kB │ gzip:  0.14 kB
-ℹ dist/index.d.mts            1.67 kB │ gzip:  0.57 kB
-ℹ dist/client.d.mts           0.49 kB │ gzip:  0.30 kB
-ℹ dist/index-D4Ey-vkQ.d.mts  44.21 kB │ gzip:  9.10 kB
-ℹ 5 files, total: 146.05 kB
-✔ Build complete in 17739ms
+ℹ dist/index.mjs             120.19 kB │ gzip: 23.98 kB
+ℹ dist/client.mjs              0.28 kB │ gzip:  0.21 kB
+ℹ dist/index.mjs.map         244.62 kB │ gzip: 47.01 kB
+ℹ dist/client.mjs.map          0.94 kB │ gzip:  0.50 kB
+ℹ dist/index.d.mts             1.67 kB │ gzip:  0.57 kB
+ℹ dist/client.d.mts            0.62 kB │ gzip:  0.36 kB
+ℹ dist/index-C4nbdf2g.d.mts   55.71 kB │ gzip:  9.86 kB
+ℹ 7 files, total: 424.03 kB
+✔ Build complete in 18417ms

package/dist/client.d.mts

@@ -1,4 +1,4 @@
-import { t as SSOPlugin } from "./index-D4Ey-vkQ.mjs";
+import { t as SSOPlugin } from "./index-C4nbdf2g.mjs";
 
 //#region src/client.d.ts
 interface SSOClientOptions {
@@ -15,6 +15,11 @@ declare const ssoClient: <CO extends SSOClientOptions>(options?: CO | undefined)
       } ? true : false;
     };
   }>;
+  pathMethods: {
+    "/sso/providers": "GET";
+    "/sso/providers/:providerId": "GET";
+  };
 };
 //#endregion
-export { ssoClient };
+export { ssoClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/client.mjs

@@ -2,9 +2,14 @@
 const ssoClient = (options) => {
 	return {
 		id: "sso-client",
-		$InferServerPlugin: {}
+		$InferServerPlugin: {},
+		pathMethods: {
+			"/sso/providers": "GET",
+			"/sso/providers/:providerId": "GET"
+		}
 	};
 };
 
 //#endregion
-export { ssoClient };
+export { ssoClient };
+//# sourceMappingURL=client.mjs.map

package/dist/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../src/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"better-auth/client\";\nimport type { SSOPlugin } from \"./index\";\n\ninterface SSOClientOptions {\n\tdomainVerification?:\n\t\t| {\n\t\t\t\tenabled: boolean;\n\t\t  }\n\t\t| undefined;\n}\n\nexport const ssoClient = <CO extends SSOClientOptions>(\n\toptions?: CO | undefined,\n) => {\n\treturn {\n\t\tid: \"sso-client\",\n\t\t$InferServerPlugin: {} as SSOPlugin<{\n\t\t\tdomainVerification: {\n\t\t\t\tenabled: CO[\"domainVerification\"] extends { enabled: true }\n\t\t\t\t\t? true\n\t\t\t\t\t: false;\n\t\t\t};\n\t\t}>,\n\t\tpathMethods: {\n\t\t\t\"/sso/providers\": \"GET\",\n\t\t\t\"/sso/providers/:providerId\": \"GET\",\n\t\t},\n\t} satisfies BetterAuthClientPlugin;\n};\n"],"mappings":";AAWA,MAAa,aACZ,YACI;AACJ,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAOtB,aAAa;GACZ,kBAAkB;GAClB,8BAA8B;GAC9B;EACD"}

package/dist/{index-D4Ey-vkQ.d.mts → index-C4nbdf2g.d.mts}

@@ -1,7 +1,7 @@
 import { APIError } from "better-auth/api";
 import * as z$1 from "zod/v4";
 import z from "zod/v4";
-import { Awaitable, OAuth2Tokens, User } from "better-auth";
+import { Awaitable, BetterAuthPlugin, OAuth2Tokens, User } from "better-auth";
 import * as better_call0 from "better-call";
 
 //#region src/saml/algorithms.d.ts
@@ -481,6 +481,373 @@ declare const verifyDomain: (options: SSOOptions) => better_call0.StrictEndpoint
   }>)[];
 }, void>;
 //#endregion
+//#region src/routes/providers.d.ts
+declare const listSSOProviders: () => better_call0.StrictEndpoint<"/sso/providers", {
+  method: "GET";
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+  metadata: {
+    openapi: {
+      operationId: string;
+      summary: string;
+      description: string;
+      responses: {
+        "200": {
+          description: string;
+        };
+      };
+    };
+  };
+}, {
+  providers: {
+    providerId: string;
+    type: string;
+    issuer: string;
+    domain: string;
+    organizationId: string | null;
+    domainVerified: boolean;
+    oidcConfig: {
+      discoveryEndpoint: string;
+      clientIdLastFour: string;
+      pkce: boolean;
+      authorizationEndpoint: string | undefined;
+      tokenEndpoint: string | undefined;
+      userInfoEndpoint: string | undefined;
+      jwksEndpoint: string | undefined;
+      scopes: string[] | undefined;
+      tokenEndpointAuthentication: "client_secret_post" | "client_secret_basic" | undefined;
+    } | undefined;
+    samlConfig: {
+      entryPoint: string;
+      callbackUrl: string;
+      audience: string | undefined;
+      wantAssertionsSigned: boolean | undefined;
+      identifierFormat: string | undefined;
+      signatureAlgorithm: string | undefined;
+      digestAlgorithm: string | undefined;
+      certificate: {
+        fingerprintSha256: string;
+        notBefore: string;
+        notAfter: string;
+        publicKeyAlgorithm: string;
+      } | {
+        error: string;
+      };
+    } | undefined;
+    spMetadataUrl: string;
+  }[];
+}>;
+declare const getSSOProvider: () => better_call0.StrictEndpoint<"/sso/providers/:providerId", {
+  method: "GET";
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+  params: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      operationId: string;
+      summary: string;
+      description: string;
+      responses: {
+        "200": {
+          description: string;
+        };
+        "404": {
+          description: string;
+        };
+        "403": {
+          description: string;
+        };
+      };
+    };
+  };
+}, {
+  providerId: string;
+  type: string;
+  issuer: string;
+  domain: string;
+  organizationId: string | null;
+  domainVerified: boolean;
+  oidcConfig: {
+    discoveryEndpoint: string;
+    clientIdLastFour: string;
+    pkce: boolean;
+    authorizationEndpoint: string | undefined;
+    tokenEndpoint: string | undefined;
+    userInfoEndpoint: string | undefined;
+    jwksEndpoint: string | undefined;
+    scopes: string[] | undefined;
+    tokenEndpointAuthentication: "client_secret_post" | "client_secret_basic" | undefined;
+  } | undefined;
+  samlConfig: {
+    entryPoint: string;
+    callbackUrl: string;
+    audience: string | undefined;
+    wantAssertionsSigned: boolean | undefined;
+    identifierFormat: string | undefined;
+    signatureAlgorithm: string | undefined;
+    digestAlgorithm: string | undefined;
+    certificate: {
+      fingerprintSha256: string;
+      notBefore: string;
+      notAfter: string;
+      publicKeyAlgorithm: string;
+    } | {
+      error: string;
+    };
+  } | undefined;
+  spMetadataUrl: string;
+}>;
+declare const updateSSOProvider: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/providers/:providerId", {
+  method: "PATCH";
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+  params: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  body: z.ZodObject<{
+    issuer: z.ZodOptional<z.ZodString>;
+    domain: z.ZodOptional<z.ZodString>;
+    oidcConfig: z.ZodOptional<z.ZodObject<{
+      clientId: z.ZodOptional<z.ZodString>;
+      clientSecret: z.ZodOptional<z.ZodString>;
+      authorizationEndpoint: z.ZodOptional<z.ZodString>;
+      tokenEndpoint: z.ZodOptional<z.ZodString>;
+      userInfoEndpoint: z.ZodOptional<z.ZodString>;
+      tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
+        client_secret_post: "client_secret_post";
+        client_secret_basic: "client_secret_basic";
+      }>>;
+      jwksEndpoint: z.ZodOptional<z.ZodString>;
+      discoveryEndpoint: z.ZodOptional<z.ZodString>;
+      scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+      pkce: z.ZodOptional<z.ZodBoolean>;
+      overrideUserInfo: z.ZodOptional<z.ZodBoolean>;
+      mapping: z.ZodOptional<z.ZodObject<{
+        id: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        emailVerified: z.ZodOptional<z.ZodString>;
+        name: z.ZodOptional<z.ZodString>;
+        image: z.ZodOptional<z.ZodString>;
+        extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+      }, z.core.$strip>>;
+    }, z.core.$strip>>;
+    samlConfig: z.ZodOptional<z.ZodObject<{
+      entryPoint: z.ZodOptional<z.ZodString>;
+      cert: z.ZodOptional<z.ZodString>;
+      callbackUrl: z.ZodOptional<z.ZodString>;
+      audience: z.ZodOptional<z.ZodString>;
+      idpMetadata: z.ZodOptional<z.ZodObject<{
+        metadata: z.ZodOptional<z.ZodString>;
+        entityID: z.ZodOptional<z.ZodString>;
+        cert: z.ZodOptional<z.ZodString>;
+        privateKey: z.ZodOptional<z.ZodString>;
+        privateKeyPass: z.ZodOptional<z.ZodString>;
+        isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
+        encPrivateKey: z.ZodOptional<z.ZodString>;
+        encPrivateKeyPass: z.ZodOptional<z.ZodString>;
+        singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
+          Binding: z.ZodString;
+          Location: z.ZodString;
+        }, z.core.$strip>>>;
+      }, z.core.$strip>>;
+      spMetadata: z.ZodOptional<z.ZodObject<{
+        metadata: z.ZodOptional<z.ZodString>;
+        entityID: z.ZodOptional<z.ZodString>;
+        binding: z.ZodOptional<z.ZodString>;
+        privateKey: z.ZodOptional<z.ZodString>;
+        privateKeyPass: z.ZodOptional<z.ZodString>;
+        isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
+        encPrivateKey: z.ZodOptional<z.ZodString>;
+        encPrivateKeyPass: z.ZodOptional<z.ZodString>;
+      }, z.core.$strip>>;
+      wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
+      signatureAlgorithm: z.ZodOptional<z.ZodString>;
+      digestAlgorithm: z.ZodOptional<z.ZodString>;
+      identifierFormat: z.ZodOptional<z.ZodString>;
+      privateKey: z.ZodOptional<z.ZodString>;
+      decryptionPvk: z.ZodOptional<z.ZodString>;
+      additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+      mapping: z.ZodOptional<z.ZodObject<{
+        id: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        emailVerified: z.ZodOptional<z.ZodString>;
+        name: z.ZodOptional<z.ZodString>;
+        firstName: z.ZodOptional<z.ZodString>;
+        lastName: z.ZodOptional<z.ZodString>;
+        extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+      }, z.core.$strip>>;
+    }, z.core.$strip>>;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      operationId: string;
+      summary: string;
+      description: string;
+      responses: {
+        "200": {
+          description: string;
+        };
+        "404": {
+          description: string;
+        };
+        "403": {
+          description: string;
+        };
+      };
+    };
+  };
+}, {
+  providerId: string;
+  type: string;
+  issuer: string;
+  domain: string;
+  organizationId: string | null;
+  domainVerified: boolean;
+  oidcConfig: {
+    discoveryEndpoint: string;
+    clientIdLastFour: string;
+    pkce: boolean;
+    authorizationEndpoint: string | undefined;
+    tokenEndpoint: string | undefined;
+    userInfoEndpoint: string | undefined;
+    jwksEndpoint: string | undefined;
+    scopes: string[] | undefined;
+    tokenEndpointAuthentication: "client_secret_post" | "client_secret_basic" | undefined;
+  } | undefined;
+  samlConfig: {
+    entryPoint: string;
+    callbackUrl: string;
+    audience: string | undefined;
+    wantAssertionsSigned: boolean | undefined;
+    identifierFormat: string | undefined;
+    signatureAlgorithm: string | undefined;
+    digestAlgorithm: string | undefined;
+    certificate: {
+      fingerprintSha256: string;
+      notBefore: string;
+      notAfter: string;
+      publicKeyAlgorithm: string;
+    } | {
+      error: string;
+    };
+  } | undefined;
+  spMetadataUrl: string;
+}>;
+declare const deleteSSOProvider: () => better_call0.StrictEndpoint<"/sso/providers/:providerId", {
+  method: "DELETE";
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+  params: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      operationId: string;
+      summary: string;
+      description: string;
+      responses: {
+        "200": {
+          description: string;
+        };
+        "404": {
+          description: string;
+        };
+        "403": {
+          description: string;
+        };
+      };
+    };
+  };
+}, {
+  success: boolean;
+}>;
+//#endregion
 //#region src/routes/sso.d.ts
 interface TimestampValidationOptions {
   clockSkew?: number;
@@ -917,11 +1284,14 @@ declare const callbackSSO: (options?: SSOOptions) => better_call0.StrictEndpoint
   };
 }, never>;
 declare const callbackSSOSAML: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/callback/:providerId", {
-  method: "POST";
-  body: z.ZodObject<{
+  method: ("POST" | "GET")[];
+  body: z.ZodOptional<z.ZodObject<{
     SAMLResponse: z.ZodString;
     RelayState: z.ZodOptional<z.ZodString>;
-  }, z.core.$strip>;
+  }, z.core.$strip>>;
+  query: z.ZodOptional<z.ZodObject<{
+    RelayState: z.ZodOptional<z.ZodString>;
+  }, z.core.$strip>>;
   metadata: {
     allowedMediaTypes: string[];
     openapi: {
@@ -945,9 +1315,6 @@ declare const callbackSSOSAML: (options?: SSOOptions) => better_call0.StrictEndp
 }, never>;
 declare const acsEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/sp/acs/:providerId", {
   method: "POST";
-  params: z.ZodObject<{
-    providerId: z.ZodOptional<z.ZodString>;
-  }, z.core.$strip>;
   body: z.ZodObject<{
     SAMLResponse: z.ZodString;
     RelayState: z.ZodOptional<z.ZodString>;
@@ -1260,6 +1627,10 @@ type SSOEndpoints<O extends SSOOptions> = {
   callbackSSO: ReturnType<typeof callbackSSO>;
   callbackSSOSAML: ReturnType<typeof callbackSSOSAML>;
   acsEndpoint: ReturnType<typeof acsEndpoint>;
+  listSSOProviders: ReturnType<typeof listSSOProviders>;
+  getSSOProvider: ReturnType<typeof getSSOProvider>;
+  updateSSOProvider: ReturnType<typeof updateSSOProvider>;
+  deleteSSOProvider: ReturnType<typeof deleteSSOProvider>;
 };
 type SSOPlugin<O extends SSOOptions> = {
   id: "sso";
@@ -1276,7 +1647,7 @@ declare function sso<O extends SSOOptions & {
 }>(options?: O | undefined): {
   id: "sso";
   endpoints: SSOEndpoints<O> & DomainVerificationEndpoints;
-  schema: any;
+  schema: NonNullable<BetterAuthPlugin["schema"]>;
   options: O;
 };
 declare function sso<O extends SSOOptions>(options?: O | undefined): {
@@ -1284,4 +1655,5 @@ declare function sso<O extends SSOOptions>(options?: O | undefined): {
   endpoints: SSOEndpoints<O>;
 };
 //#endregion
-export { DataEncryptionAlgorithm as A, TimestampValidationOptions as C, SSOOptions as D, SAMLConfig as E, DigestAlgorithm as M, KeyEncryptionAlgorithm as N, SSOProvider as O, SignatureAlgorithm as P, SAMLConditions as S, OIDCConfig as T, REQUIRED_DISCOVERY_FIELDS as _, fetchDiscoveryDocument as a, DEFAULT_MAX_SAML_METADATA_SIZE as b, normalizeUrl as c, validateDiscoveryUrl as d, DiscoverOIDCConfigParams as f, OIDCDiscoveryDocument as g, HydratedOIDCConfig as h, discoverOIDCConfig as i, DeprecatedAlgorithmBehavior as j, AlgorithmValidationOptions as k, selectTokenEndpointAuthMethod as l, DiscoveryErrorCode as m, sso as n, needsRuntimeDiscovery as o, DiscoveryError as p, computeDiscoveryUrl as r, normalizeDiscoveryUrls as s, SSOPlugin as t, validateDiscoveryDocument as u, RequiredDiscoveryField as v, validateSAMLTimestamp as w, DEFAULT_MAX_SAML_RESPONSE_SIZE as x, DEFAULT_CLOCK_SKEW_MS as y };
+export { DataEncryptionAlgorithm as A, TimestampValidationOptions as C, SSOOptions as D, SAMLConfig as E, DigestAlgorithm as M, KeyEncryptionAlgorithm as N, SSOProvider as O, SignatureAlgorithm as P, SAMLConditions as S, OIDCConfig as T, REQUIRED_DISCOVERY_FIELDS as _, fetchDiscoveryDocument as a, DEFAULT_MAX_SAML_METADATA_SIZE as b, normalizeUrl as c, validateDiscoveryUrl as d, DiscoverOIDCConfigParams as f, OIDCDiscoveryDocument as g, HydratedOIDCConfig as h, discoverOIDCConfig as i, DeprecatedAlgorithmBehavior as j, AlgorithmValidationOptions as k, selectTokenEndpointAuthMethod as l, DiscoveryErrorCode as m, sso as n, needsRuntimeDiscovery as o, DiscoveryError as p, computeDiscoveryUrl as r, normalizeDiscoveryUrls as s, SSOPlugin as t, validateDiscoveryDocument as u, RequiredDiscoveryField as v, validateSAMLTimestamp as w, DEFAULT_MAX_SAML_RESPONSE_SIZE as x, DEFAULT_CLOCK_SKEW_MS as y };
+//# sourceMappingURL=index-C4nbdf2g.d.mts.map

package/dist/index.d.mts

@@ -1,2 +1,2 @@
-import { A as DataEncryptionAlgorithm, C as TimestampValidationOptions, D as SSOOptions, E as SAMLConfig, M as DigestAlgorithm, N as KeyEncryptionAlgorithm, O as SSOProvider, P as SignatureAlgorithm, S as SAMLConditions, T as OIDCConfig, _ as REQUIRED_DISCOVERY_FIELDS, a as fetchDiscoveryDocument, b as DEFAULT_MAX_SAML_METADATA_SIZE, c as normalizeUrl, d as validateDiscoveryUrl, f as DiscoverOIDCConfigParams, g as OIDCDiscoveryDocument, h as HydratedOIDCConfig, i as discoverOIDCConfig, j as DeprecatedAlgorithmBehavior, k as AlgorithmValidationOptions, l as selectTokenEndpointAuthMethod, m as DiscoveryErrorCode, n as sso, o as needsRuntimeDiscovery, p as DiscoveryError, r as computeDiscoveryUrl, s as normalizeDiscoveryUrls, t as SSOPlugin, u as validateDiscoveryDocument, v as RequiredDiscoveryField, w as validateSAMLTimestamp, x as DEFAULT_MAX_SAML_RESPONSE_SIZE, y as DEFAULT_CLOCK_SKEW_MS } from "./index-D4Ey-vkQ.mjs";
+import { A as DataEncryptionAlgorithm, C as TimestampValidationOptions, D as SSOOptions, E as SAMLConfig, M as DigestAlgorithm, N as KeyEncryptionAlgorithm, O as SSOProvider, P as SignatureAlgorithm, S as SAMLConditions, T as OIDCConfig, _ as REQUIRED_DISCOVERY_FIELDS, a as fetchDiscoveryDocument, b as DEFAULT_MAX_SAML_METADATA_SIZE, c as normalizeUrl, d as validateDiscoveryUrl, f as DiscoverOIDCConfigParams, g as OIDCDiscoveryDocument, h as HydratedOIDCConfig, i as discoverOIDCConfig, j as DeprecatedAlgorithmBehavior, k as AlgorithmValidationOptions, l as selectTokenEndpointAuthMethod, m as DiscoveryErrorCode, n as sso, o as needsRuntimeDiscovery, p as DiscoveryError, r as computeDiscoveryUrl, s as normalizeDiscoveryUrls, t as SSOPlugin, u as validateDiscoveryDocument, v as RequiredDiscoveryField, w as validateSAMLTimestamp, x as DEFAULT_MAX_SAML_RESPONSE_SIZE, y as DEFAULT_CLOCK_SKEW_MS } from "./index-C4nbdf2g.mjs";
 export { AlgorithmValidationOptions, DEFAULT_CLOCK_SKEW_MS, DEFAULT_MAX_SAML_METADATA_SIZE, DEFAULT_MAX_SAML_RESPONSE_SIZE, DataEncryptionAlgorithm, DeprecatedAlgorithmBehavior, DigestAlgorithm, DiscoverOIDCConfigParams, DiscoveryError, DiscoveryErrorCode, HydratedOIDCConfig, KeyEncryptionAlgorithm, OIDCConfig, OIDCDiscoveryDocument, REQUIRED_DISCOVERY_FIELDS, RequiredDiscoveryField, SAMLConditions, SAMLConfig, SSOOptions, SSOPlugin, SSOProvider, SignatureAlgorithm, TimestampValidationOptions, computeDiscoveryUrl, discoverOIDCConfig, fetchDiscoveryDocument, needsRuntimeDiscovery, normalizeDiscoveryUrls, normalizeUrl, selectTokenEndpointAuthMethod, sso, validateDiscoveryDocument, validateDiscoveryUrl, validateSAMLTimestamp };