@better-auth/sso 1.4.17 → 1.4.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +10 -8
- package/dist/client.d.mts +7 -2
- package/dist/client.mjs +7 -2
- package/dist/client.mjs.map +1 -0
- package/dist/{index-XUgmj4eH.d.mts → index-D-VInsst.d.mts} +387 -8
- package/dist/index.d.mts +1 -1
- package/dist/index.mjs +1214 -657
- package/dist/index.mjs.map +1 -0
- package/package.json +4 -3
- package/src/client.ts +5 -1
- package/src/domain-verification.test.ts +46 -4
- package/src/index.ts +45 -6
- package/src/linking/org-assignment.ts +30 -15
- package/src/oidc.test.ts +1 -3
- package/src/providers.test.ts +1326 -0
- package/src/routes/domain-verification.ts +34 -12
- package/src/routes/providers.ts +567 -0
- package/src/routes/schemas.ts +95 -0
- package/src/routes/sso.ts +302 -118
- package/src/saml-state.ts +78 -0
- package/src/saml.test.ts +1660 -229
- package/src/types.ts +13 -2
- package/src/utils.test.ts +103 -0
- package/src/utils.ts +45 -5
- package/tsdown.config.ts +1 -0
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
import z from "zod/v4";
|
|
2
|
+
|
|
3
|
+
const oidcMappingSchema = z
|
|
4
|
+
.object({
|
|
5
|
+
id: z.string().optional(),
|
|
6
|
+
email: z.string().optional(),
|
|
7
|
+
emailVerified: z.string().optional(),
|
|
8
|
+
name: z.string().optional(),
|
|
9
|
+
image: z.string().optional(),
|
|
10
|
+
extraFields: z.record(z.string(), z.any()).optional(),
|
|
11
|
+
})
|
|
12
|
+
.optional();
|
|
13
|
+
|
|
14
|
+
const samlMappingSchema = z
|
|
15
|
+
.object({
|
|
16
|
+
id: z.string().optional(),
|
|
17
|
+
email: z.string().optional(),
|
|
18
|
+
emailVerified: z.string().optional(),
|
|
19
|
+
name: z.string().optional(),
|
|
20
|
+
firstName: z.string().optional(),
|
|
21
|
+
lastName: z.string().optional(),
|
|
22
|
+
extraFields: z.record(z.string(), z.any()).optional(),
|
|
23
|
+
})
|
|
24
|
+
.optional();
|
|
25
|
+
|
|
26
|
+
const oidcConfigSchema = z.object({
|
|
27
|
+
clientId: z.string().optional(),
|
|
28
|
+
clientSecret: z.string().optional(),
|
|
29
|
+
authorizationEndpoint: z.string().url().optional(),
|
|
30
|
+
tokenEndpoint: z.string().url().optional(),
|
|
31
|
+
userInfoEndpoint: z.string().url().optional(),
|
|
32
|
+
tokenEndpointAuthentication: z
|
|
33
|
+
.enum(["client_secret_post", "client_secret_basic"])
|
|
34
|
+
.optional(),
|
|
35
|
+
jwksEndpoint: z.string().url().optional(),
|
|
36
|
+
discoveryEndpoint: z.string().url().optional(),
|
|
37
|
+
scopes: z.array(z.string()).optional(),
|
|
38
|
+
pkce: z.boolean().optional(),
|
|
39
|
+
overrideUserInfo: z.boolean().optional(),
|
|
40
|
+
mapping: oidcMappingSchema,
|
|
41
|
+
});
|
|
42
|
+
|
|
43
|
+
const samlConfigSchema = z.object({
|
|
44
|
+
entryPoint: z.string().url().optional(),
|
|
45
|
+
cert: z.string().optional(),
|
|
46
|
+
callbackUrl: z.string().url().optional(),
|
|
47
|
+
audience: z.string().optional(),
|
|
48
|
+
idpMetadata: z
|
|
49
|
+
.object({
|
|
50
|
+
metadata: z.string().optional(),
|
|
51
|
+
entityID: z.string().optional(),
|
|
52
|
+
cert: z.string().optional(),
|
|
53
|
+
privateKey: z.string().optional(),
|
|
54
|
+
privateKeyPass: z.string().optional(),
|
|
55
|
+
isAssertionEncrypted: z.boolean().optional(),
|
|
56
|
+
encPrivateKey: z.string().optional(),
|
|
57
|
+
encPrivateKeyPass: z.string().optional(),
|
|
58
|
+
singleSignOnService: z
|
|
59
|
+
.array(
|
|
60
|
+
z.object({
|
|
61
|
+
Binding: z.string(),
|
|
62
|
+
Location: z.string().url(),
|
|
63
|
+
}),
|
|
64
|
+
)
|
|
65
|
+
.optional(),
|
|
66
|
+
})
|
|
67
|
+
.optional(),
|
|
68
|
+
spMetadata: z
|
|
69
|
+
.object({
|
|
70
|
+
metadata: z.string().optional(),
|
|
71
|
+
entityID: z.string().optional(),
|
|
72
|
+
binding: z.string().optional(),
|
|
73
|
+
privateKey: z.string().optional(),
|
|
74
|
+
privateKeyPass: z.string().optional(),
|
|
75
|
+
isAssertionEncrypted: z.boolean().optional(),
|
|
76
|
+
encPrivateKey: z.string().optional(),
|
|
77
|
+
encPrivateKeyPass: z.string().optional(),
|
|
78
|
+
})
|
|
79
|
+
.optional(),
|
|
80
|
+
wantAssertionsSigned: z.boolean().optional(),
|
|
81
|
+
signatureAlgorithm: z.string().optional(),
|
|
82
|
+
digestAlgorithm: z.string().optional(),
|
|
83
|
+
identifierFormat: z.string().optional(),
|
|
84
|
+
privateKey: z.string().optional(),
|
|
85
|
+
decryptionPvk: z.string().optional(),
|
|
86
|
+
additionalParams: z.record(z.string(), z.any()).optional(),
|
|
87
|
+
mapping: samlMappingSchema,
|
|
88
|
+
});
|
|
89
|
+
|
|
90
|
+
export const updateSSOProviderBodySchema = z.object({
|
|
91
|
+
issuer: z.string().url().optional(),
|
|
92
|
+
domain: z.string().optional(),
|
|
93
|
+
oidcConfig: oidcConfigSchema.optional(),
|
|
94
|
+
samlConfig: samlConfigSchema.optional(),
|
|
95
|
+
});
|