@better-auth/sso 1.4.17 → 1.4.19

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @better-auth/sso@1.4.17 build /home/runner/work/better-auth/better-auth/packages/sso
+> @better-auth/sso@1.4.19 build /home/runner/work/better-auth/better-auth/packages/sso
 > tsdown
 
 ℹ tsdown v0.17.2 powered by rolldown v1.0.0-beta.53
@@ -7,10 +7,12 @@
 ℹ entry: src/index.ts, src/client.ts
 ℹ tsconfig: tsconfig.json
 ℹ Build start
-ℹ dist/index.mjs             99.41 kB │ gzip: 19.47 kB
-ℹ dist/client.mjs             0.15 kB │ gzip:  0.14 kB
-ℹ dist/index.d.mts            1.67 kB │ gzip:  0.57 kB
-ℹ dist/client.d.mts           0.49 kB │ gzip:  0.30 kB
-ℹ dist/index-XUgmj4eH.d.mts  44.12 kB │ gzip:  9.09 kB
-ℹ 5 files, total: 145.84 kB
-✔ Build complete in 18735ms
+ℹ dist/index.mjs             120.93 kB │ gzip: 24.08 kB
+ℹ dist/client.mjs              0.28 kB │ gzip:  0.21 kB
+ℹ dist/index.mjs.map         246.56 kB │ gzip: 47.33 kB
+ℹ dist/client.mjs.map          0.94 kB │ gzip:  0.50 kB
+ℹ dist/index.d.mts             1.67 kB │ gzip:  0.57 kB
+ℹ dist/client.d.mts            0.62 kB │ gzip:  0.35 kB
+ℹ dist/index-D-VInsst.d.mts   55.92 kB │ gzip:  9.95 kB
+ℹ 7 files, total: 426.92 kB
+✔ Build complete in 18184ms

package/dist/client.d.mts

@@ -1,4 +1,4 @@
-import { t as SSOPlugin } from "./index-XUgmj4eH.mjs";
+import { t as SSOPlugin } from "./index-D-VInsst.mjs";
 
 //#region src/client.d.ts
 interface SSOClientOptions {
@@ -15,6 +15,11 @@ declare const ssoClient: <CO extends SSOClientOptions>(options?: CO | undefined)
       } ? true : false;
     };
   }>;
+  pathMethods: {
+    "/sso/providers": "GET";
+    "/sso/providers/:providerId": "GET";
+  };
 };
 //#endregion
-export { ssoClient };
+export { ssoClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/client.mjs

@@ -2,9 +2,14 @@
 const ssoClient = (options) => {
 	return {
 		id: "sso-client",
-		$InferServerPlugin: {}
+		$InferServerPlugin: {},
+		pathMethods: {
+			"/sso/providers": "GET",
+			"/sso/providers/:providerId": "GET"
+		}
 	};
 };
 
 //#endregion
-export { ssoClient };
+export { ssoClient };
+//# sourceMappingURL=client.mjs.map

package/dist/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../src/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"better-auth/client\";\nimport type { SSOPlugin } from \"./index\";\n\ninterface SSOClientOptions {\n\tdomainVerification?:\n\t\t| {\n\t\t\t\tenabled: boolean;\n\t\t  }\n\t\t| undefined;\n}\n\nexport const ssoClient = <CO extends SSOClientOptions>(\n\toptions?: CO | undefined,\n) => {\n\treturn {\n\t\tid: \"sso-client\",\n\t\t$InferServerPlugin: {} as SSOPlugin<{\n\t\t\tdomainVerification: {\n\t\t\t\tenabled: CO[\"domainVerification\"] extends { enabled: true }\n\t\t\t\t\t? true\n\t\t\t\t\t: false;\n\t\t\t};\n\t\t}>,\n\t\tpathMethods: {\n\t\t\t\"/sso/providers\": \"GET\",\n\t\t\t\"/sso/providers/:providerId\": \"GET\",\n\t\t},\n\t} satisfies BetterAuthClientPlugin;\n};\n"],"mappings":";AAWA,MAAa,aACZ,YACI;AACJ,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAOtB,aAAa;GACZ,kBAAkB;GAClB,8BAA8B;GAC9B;EACD"}

package/dist/{index-XUgmj4eH.d.mts → index-D-VInsst.d.mts}

@@ -1,7 +1,7 @@
 import { APIError } from "better-auth/api";
 import * as z$1 from "zod/v4";
 import z from "zod/v4";
-import { Awaitable, OAuth2Tokens, User } from "better-auth";
+import { Awaitable, BetterAuthPlugin, OAuth2Tokens, User } from "better-auth";
 import * as better_call0 from "better-call";
 
 //#region src/saml/algorithms.d.ts
@@ -109,6 +109,7 @@ interface SAMLConfig {
     encPrivateKeyPass?: string | undefined;
   };
   wantAssertionsSigned?: boolean | undefined;
+  authnRequestsSigned?: boolean | undefined;
   signatureAlgorithm?: string | undefined;
   digestAlgorithm?: string | undefined;
   identifierFormat?: string | undefined;
@@ -278,9 +279,12 @@ interface SSOOptions {
      */
     enabled?: boolean;
     /**
-     * Prefix used to generate the domain verification token
+     * Prefix used to generate the domain verification token.
+     * An underscore is automatically prepended to follow DNS
+     * infrastructure subdomain conventions (RFC 8552), so do
+     * not include a leading underscore.
      *
-     * @default "better-auth-token-"
+     * @default "better-auth-token"
      */
     tokenPrefix?: string;
   };
@@ -481,6 +485,373 @@ declare const verifyDomain: (options: SSOOptions) => better_call0.StrictEndpoint
   }>)[];
 }, void>;
 //#endregion
+//#region src/routes/providers.d.ts
+declare const listSSOProviders: () => better_call0.StrictEndpoint<"/sso/providers", {
+  method: "GET";
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+  metadata: {
+    openapi: {
+      operationId: string;
+      summary: string;
+      description: string;
+      responses: {
+        "200": {
+          description: string;
+        };
+      };
+    };
+  };
+}, {
+  providers: {
+    providerId: string;
+    type: string;
+    issuer: string;
+    domain: string;
+    organizationId: string | null;
+    domainVerified: boolean;
+    oidcConfig: {
+      discoveryEndpoint: string;
+      clientIdLastFour: string;
+      pkce: boolean;
+      authorizationEndpoint: string | undefined;
+      tokenEndpoint: string | undefined;
+      userInfoEndpoint: string | undefined;
+      jwksEndpoint: string | undefined;
+      scopes: string[] | undefined;
+      tokenEndpointAuthentication: "client_secret_post" | "client_secret_basic" | undefined;
+    } | undefined;
+    samlConfig: {
+      entryPoint: string;
+      callbackUrl: string;
+      audience: string | undefined;
+      wantAssertionsSigned: boolean | undefined;
+      identifierFormat: string | undefined;
+      signatureAlgorithm: string | undefined;
+      digestAlgorithm: string | undefined;
+      certificate: {
+        fingerprintSha256: string;
+        notBefore: string;
+        notAfter: string;
+        publicKeyAlgorithm: string;
+      } | {
+        error: string;
+      };
+    } | undefined;
+    spMetadataUrl: string;
+  }[];
+}>;
+declare const getSSOProvider: () => better_call0.StrictEndpoint<"/sso/providers/:providerId", {
+  method: "GET";
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+  params: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      operationId: string;
+      summary: string;
+      description: string;
+      responses: {
+        "200": {
+          description: string;
+        };
+        "404": {
+          description: string;
+        };
+        "403": {
+          description: string;
+        };
+      };
+    };
+  };
+}, {
+  providerId: string;
+  type: string;
+  issuer: string;
+  domain: string;
+  organizationId: string | null;
+  domainVerified: boolean;
+  oidcConfig: {
+    discoveryEndpoint: string;
+    clientIdLastFour: string;
+    pkce: boolean;
+    authorizationEndpoint: string | undefined;
+    tokenEndpoint: string | undefined;
+    userInfoEndpoint: string | undefined;
+    jwksEndpoint: string | undefined;
+    scopes: string[] | undefined;
+    tokenEndpointAuthentication: "client_secret_post" | "client_secret_basic" | undefined;
+  } | undefined;
+  samlConfig: {
+    entryPoint: string;
+    callbackUrl: string;
+    audience: string | undefined;
+    wantAssertionsSigned: boolean | undefined;
+    identifierFormat: string | undefined;
+    signatureAlgorithm: string | undefined;
+    digestAlgorithm: string | undefined;
+    certificate: {
+      fingerprintSha256: string;
+      notBefore: string;
+      notAfter: string;
+      publicKeyAlgorithm: string;
+    } | {
+      error: string;
+    };
+  } | undefined;
+  spMetadataUrl: string;
+}>;
+declare const updateSSOProvider: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/providers/:providerId", {
+  method: "PATCH";
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+  params: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  body: z.ZodObject<{
+    issuer: z.ZodOptional<z.ZodString>;
+    domain: z.ZodOptional<z.ZodString>;
+    oidcConfig: z.ZodOptional<z.ZodObject<{
+      clientId: z.ZodOptional<z.ZodString>;
+      clientSecret: z.ZodOptional<z.ZodString>;
+      authorizationEndpoint: z.ZodOptional<z.ZodString>;
+      tokenEndpoint: z.ZodOptional<z.ZodString>;
+      userInfoEndpoint: z.ZodOptional<z.ZodString>;
+      tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
+        client_secret_post: "client_secret_post";
+        client_secret_basic: "client_secret_basic";
+      }>>;
+      jwksEndpoint: z.ZodOptional<z.ZodString>;
+      discoveryEndpoint: z.ZodOptional<z.ZodString>;
+      scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+      pkce: z.ZodOptional<z.ZodBoolean>;
+      overrideUserInfo: z.ZodOptional<z.ZodBoolean>;
+      mapping: z.ZodOptional<z.ZodObject<{
+        id: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        emailVerified: z.ZodOptional<z.ZodString>;
+        name: z.ZodOptional<z.ZodString>;
+        image: z.ZodOptional<z.ZodString>;
+        extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+      }, z.core.$strip>>;
+    }, z.core.$strip>>;
+    samlConfig: z.ZodOptional<z.ZodObject<{
+      entryPoint: z.ZodOptional<z.ZodString>;
+      cert: z.ZodOptional<z.ZodString>;
+      callbackUrl: z.ZodOptional<z.ZodString>;
+      audience: z.ZodOptional<z.ZodString>;
+      idpMetadata: z.ZodOptional<z.ZodObject<{
+        metadata: z.ZodOptional<z.ZodString>;
+        entityID: z.ZodOptional<z.ZodString>;
+        cert: z.ZodOptional<z.ZodString>;
+        privateKey: z.ZodOptional<z.ZodString>;
+        privateKeyPass: z.ZodOptional<z.ZodString>;
+        isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
+        encPrivateKey: z.ZodOptional<z.ZodString>;
+        encPrivateKeyPass: z.ZodOptional<z.ZodString>;
+        singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
+          Binding: z.ZodString;
+          Location: z.ZodString;
+        }, z.core.$strip>>>;
+      }, z.core.$strip>>;
+      spMetadata: z.ZodOptional<z.ZodObject<{
+        metadata: z.ZodOptional<z.ZodString>;
+        entityID: z.ZodOptional<z.ZodString>;
+        binding: z.ZodOptional<z.ZodString>;
+        privateKey: z.ZodOptional<z.ZodString>;
+        privateKeyPass: z.ZodOptional<z.ZodString>;
+        isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
+        encPrivateKey: z.ZodOptional<z.ZodString>;
+        encPrivateKeyPass: z.ZodOptional<z.ZodString>;
+      }, z.core.$strip>>;
+      wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
+      signatureAlgorithm: z.ZodOptional<z.ZodString>;
+      digestAlgorithm: z.ZodOptional<z.ZodString>;
+      identifierFormat: z.ZodOptional<z.ZodString>;
+      privateKey: z.ZodOptional<z.ZodString>;
+      decryptionPvk: z.ZodOptional<z.ZodString>;
+      additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+      mapping: z.ZodOptional<z.ZodObject<{
+        id: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        emailVerified: z.ZodOptional<z.ZodString>;
+        name: z.ZodOptional<z.ZodString>;
+        firstName: z.ZodOptional<z.ZodString>;
+        lastName: z.ZodOptional<z.ZodString>;
+        extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+      }, z.core.$strip>>;
+    }, z.core.$strip>>;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      operationId: string;
+      summary: string;
+      description: string;
+      responses: {
+        "200": {
+          description: string;
+        };
+        "404": {
+          description: string;
+        };
+        "403": {
+          description: string;
+        };
+      };
+    };
+  };
+}, {
+  providerId: string;
+  type: string;
+  issuer: string;
+  domain: string;
+  organizationId: string | null;
+  domainVerified: boolean;
+  oidcConfig: {
+    discoveryEndpoint: string;
+    clientIdLastFour: string;
+    pkce: boolean;
+    authorizationEndpoint: string | undefined;
+    tokenEndpoint: string | undefined;
+    userInfoEndpoint: string | undefined;
+    jwksEndpoint: string | undefined;
+    scopes: string[] | undefined;
+    tokenEndpointAuthentication: "client_secret_post" | "client_secret_basic" | undefined;
+  } | undefined;
+  samlConfig: {
+    entryPoint: string;
+    callbackUrl: string;
+    audience: string | undefined;
+    wantAssertionsSigned: boolean | undefined;
+    identifierFormat: string | undefined;
+    signatureAlgorithm: string | undefined;
+    digestAlgorithm: string | undefined;
+    certificate: {
+      fingerprintSha256: string;
+      notBefore: string;
+      notAfter: string;
+      publicKeyAlgorithm: string;
+    } | {
+      error: string;
+    };
+  } | undefined;
+  spMetadataUrl: string;
+}>;
+declare const deleteSSOProvider: () => better_call0.StrictEndpoint<"/sso/providers/:providerId", {
+  method: "DELETE";
+  use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+    session: {
+      session: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        expiresAt: Date;
+        token: string;
+        ipAddress?: string | null | undefined;
+        userAgent?: string | null | undefined;
+      };
+      user: Record<string, any> & {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    };
+  }>)[];
+  params: z.ZodObject<{
+    providerId: z.ZodString;
+  }, z.core.$strip>;
+  metadata: {
+    openapi: {
+      operationId: string;
+      summary: string;
+      description: string;
+      responses: {
+        "200": {
+          description: string;
+        };
+        "404": {
+          description: string;
+        };
+        "403": {
+          description: string;
+        };
+      };
+    };
+  };
+}, {
+  success: boolean;
+}>;
+//#endregion
 //#region src/routes/sso.d.ts
 interface TimestampValidationOptions {
   clockSkew?: number;
@@ -917,11 +1288,14 @@ declare const callbackSSO: (options?: SSOOptions) => better_call0.StrictEndpoint
   };
 }, never>;
 declare const callbackSSOSAML: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/callback/:providerId", {
-  method: "POST";
-  body: z.ZodObject<{
+  method: ("POST" | "GET")[];
+  body: z.ZodOptional<z.ZodObject<{
     SAMLResponse: z.ZodString;
     RelayState: z.ZodOptional<z.ZodString>;
-  }, z.core.$strip>;
+  }, z.core.$strip>>;
+  query: z.ZodOptional<z.ZodObject<{
+    RelayState: z.ZodOptional<z.ZodString>;
+  }, z.core.$strip>>;
   metadata: {
     allowedMediaTypes: string[];
     openapi: {
@@ -1257,6 +1631,10 @@ type SSOEndpoints<O extends SSOOptions> = {
   callbackSSO: ReturnType<typeof callbackSSO>;
   callbackSSOSAML: ReturnType<typeof callbackSSOSAML>;
   acsEndpoint: ReturnType<typeof acsEndpoint>;
+  listSSOProviders: ReturnType<typeof listSSOProviders>;
+  getSSOProvider: ReturnType<typeof getSSOProvider>;
+  updateSSOProvider: ReturnType<typeof updateSSOProvider>;
+  deleteSSOProvider: ReturnType<typeof deleteSSOProvider>;
 };
 type SSOPlugin<O extends SSOOptions> = {
   id: "sso";
@@ -1273,7 +1651,7 @@ declare function sso<O extends SSOOptions & {
 }>(options?: O | undefined): {
   id: "sso";
   endpoints: SSOEndpoints<O> & DomainVerificationEndpoints;
-  schema: any;
+  schema: NonNullable<BetterAuthPlugin["schema"]>;
   options: O;
 };
 declare function sso<O extends SSOOptions>(options?: O | undefined): {
@@ -1281,4 +1659,5 @@ declare function sso<O extends SSOOptions>(options?: O | undefined): {
   endpoints: SSOEndpoints<O>;
 };
 //#endregion
-export { DataEncryptionAlgorithm as A, TimestampValidationOptions as C, SSOOptions as D, SAMLConfig as E, DigestAlgorithm as M, KeyEncryptionAlgorithm as N, SSOProvider as O, SignatureAlgorithm as P, SAMLConditions as S, OIDCConfig as T, REQUIRED_DISCOVERY_FIELDS as _, fetchDiscoveryDocument as a, DEFAULT_MAX_SAML_METADATA_SIZE as b, normalizeUrl as c, validateDiscoveryUrl as d, DiscoverOIDCConfigParams as f, OIDCDiscoveryDocument as g, HydratedOIDCConfig as h, discoverOIDCConfig as i, DeprecatedAlgorithmBehavior as j, AlgorithmValidationOptions as k, selectTokenEndpointAuthMethod as l, DiscoveryErrorCode as m, sso as n, needsRuntimeDiscovery as o, DiscoveryError as p, computeDiscoveryUrl as r, normalizeDiscoveryUrls as s, SSOPlugin as t, validateDiscoveryDocument as u, RequiredDiscoveryField as v, validateSAMLTimestamp as w, DEFAULT_MAX_SAML_RESPONSE_SIZE as x, DEFAULT_CLOCK_SKEW_MS as y };
+export { DataEncryptionAlgorithm as A, TimestampValidationOptions as C, SSOOptions as D, SAMLConfig as E, DigestAlgorithm as M, KeyEncryptionAlgorithm as N, SSOProvider as O, SignatureAlgorithm as P, SAMLConditions as S, OIDCConfig as T, REQUIRED_DISCOVERY_FIELDS as _, fetchDiscoveryDocument as a, DEFAULT_MAX_SAML_METADATA_SIZE as b, normalizeUrl as c, validateDiscoveryUrl as d, DiscoverOIDCConfigParams as f, OIDCDiscoveryDocument as g, HydratedOIDCConfig as h, discoverOIDCConfig as i, DeprecatedAlgorithmBehavior as j, AlgorithmValidationOptions as k, selectTokenEndpointAuthMethod as l, DiscoveryErrorCode as m, sso as n, needsRuntimeDiscovery as o, DiscoveryError as p, computeDiscoveryUrl as r, normalizeDiscoveryUrls as s, SSOPlugin as t, validateDiscoveryDocument as u, RequiredDiscoveryField as v, validateSAMLTimestamp as w, DEFAULT_MAX_SAML_RESPONSE_SIZE as x, DEFAULT_CLOCK_SKEW_MS as y };
+//# sourceMappingURL=index-D-VInsst.d.mts.map

package/dist/index.d.mts

@@ -1,2 +1,2 @@
-import { A as DataEncryptionAlgorithm, C as TimestampValidationOptions, D as SSOOptions, E as SAMLConfig, M as DigestAlgorithm, N as KeyEncryptionAlgorithm, O as SSOProvider, P as SignatureAlgorithm, S as SAMLConditions, T as OIDCConfig, _ as REQUIRED_DISCOVERY_FIELDS, a as fetchDiscoveryDocument, b as DEFAULT_MAX_SAML_METADATA_SIZE, c as normalizeUrl, d as validateDiscoveryUrl, f as DiscoverOIDCConfigParams, g as OIDCDiscoveryDocument, h as HydratedOIDCConfig, i as discoverOIDCConfig, j as DeprecatedAlgorithmBehavior, k as AlgorithmValidationOptions, l as selectTokenEndpointAuthMethod, m as DiscoveryErrorCode, n as sso, o as needsRuntimeDiscovery, p as DiscoveryError, r as computeDiscoveryUrl, s as normalizeDiscoveryUrls, t as SSOPlugin, u as validateDiscoveryDocument, v as RequiredDiscoveryField, w as validateSAMLTimestamp, x as DEFAULT_MAX_SAML_RESPONSE_SIZE, y as DEFAULT_CLOCK_SKEW_MS } from "./index-XUgmj4eH.mjs";
+import { A as DataEncryptionAlgorithm, C as TimestampValidationOptions, D as SSOOptions, E as SAMLConfig, M as DigestAlgorithm, N as KeyEncryptionAlgorithm, O as SSOProvider, P as SignatureAlgorithm, S as SAMLConditions, T as OIDCConfig, _ as REQUIRED_DISCOVERY_FIELDS, a as fetchDiscoveryDocument, b as DEFAULT_MAX_SAML_METADATA_SIZE, c as normalizeUrl, d as validateDiscoveryUrl, f as DiscoverOIDCConfigParams, g as OIDCDiscoveryDocument, h as HydratedOIDCConfig, i as discoverOIDCConfig, j as DeprecatedAlgorithmBehavior, k as AlgorithmValidationOptions, l as selectTokenEndpointAuthMethod, m as DiscoveryErrorCode, n as sso, o as needsRuntimeDiscovery, p as DiscoveryError, r as computeDiscoveryUrl, s as normalizeDiscoveryUrls, t as SSOPlugin, u as validateDiscoveryDocument, v as RequiredDiscoveryField, w as validateSAMLTimestamp, x as DEFAULT_MAX_SAML_RESPONSE_SIZE, y as DEFAULT_CLOCK_SKEW_MS } from "./index-D-VInsst.mjs";
 export { AlgorithmValidationOptions, DEFAULT_CLOCK_SKEW_MS, DEFAULT_MAX_SAML_METADATA_SIZE, DEFAULT_MAX_SAML_RESPONSE_SIZE, DataEncryptionAlgorithm, DeprecatedAlgorithmBehavior, DigestAlgorithm, DiscoverOIDCConfigParams, DiscoveryError, DiscoveryErrorCode, HydratedOIDCConfig, KeyEncryptionAlgorithm, OIDCConfig, OIDCDiscoveryDocument, REQUIRED_DISCOVERY_FIELDS, RequiredDiscoveryField, SAMLConditions, SAMLConfig, SSOOptions, SSOPlugin, SSOProvider, SignatureAlgorithm, TimestampValidationOptions, computeDiscoveryUrl, discoverOIDCConfig, fetchDiscoveryDocument, needsRuntimeDiscovery, normalizeDiscoveryUrls, normalizeUrl, selectTokenEndpointAuthMethod, sso, validateDiscoveryDocument, validateDiscoveryUrl, validateSAMLTimestamp };