npm - @better-auth/sso - Versions diffs - 1.4.7-beta.2 → 1.4.7-beta.4 - Mend

@better-auth/sso 1.4.7-beta.2 → 1.4.7-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/.turbo/turbo-build.log +7 -7
package/dist/client.d.mts +1 -1
package/dist/{index-BWvN4yrs.d.mts → index-GoyGoP_a.d.mts} +390 -21
package/dist/index.d.mts +2 -2
package/dist/index.mjs +559 -63
package/package.json +4 -4
package/src/authn-request-store.ts +76 -0
package/src/authn-request.test.ts +99 -0
package/src/index.ts +46 -7
package/src/oidc/discovery.test.ts +823 -0
package/src/oidc/discovery.ts +355 -0
package/src/oidc/errors.ts +86 -0
package/src/oidc/index.ts +31 -0
package/src/oidc/types.ts +210 -0
package/src/oidc.test.ts +0 -164
package/src/routes/sso.ts +415 -96
package/src/saml.test.ts +781 -48
package/src/types.ts +81 -0

package/src/oidc.test.ts CHANGED Viewed

@@ -571,167 +571,3 @@ describe("provisioning", async (ctx) => {
 		expect(res.url).toContain("http://localhost:8080/authorize");
 	});
 });
-describe("OIDC account linking with domainVerified", async () => {
-	const { auth, signInWithTestUser, customFetchImpl, cookieSetter } =
-		await getTestInstance({
-			account: {
-				accountLinking: {
-					enabled: true,
-					trustedProviders: [],
-				},
-			},
-			plugins: [
-				sso({
-					domainVerification: {
-						enabled: true,
-					},
-				}),
-			],
-		});
-	const authClient = createAuthClient({
-		plugins: [ssoClient()],
-		baseURL: "http://localhost:3000",
-		fetchOptions: {
-			customFetchImpl,
-		},
-	});
-	beforeAll(async () => {
-		await server.issuer.keys.generate("RS256");
-		await server.start(8080, "localhost");
-	});
-	afterAll(async () => {
-		await server.stop().catch(() => {});
-	});
-	async function simulateOAuthFlow(authUrl: string, headers: Headers) {
-		let location: string | null = null;
-		await betterFetch(authUrl, {
-			method: "GET",
-			redirect: "manual",
-			onError(context) {
-				location = context.response.headers.get("location");
-			},
-		});
-		if (!location) throw new Error("No redirect location found");
-		let callbackURL = "";
-		const newHeaders = new Headers();
-		await betterFetch(location, {
-			method: "GET",
-			customFetchImpl,
-			headers,
-			onError(context) {
-				callbackURL = context.response.headers.get("location") || "";
-				cookieSetter(newHeaders)(context);
-			},
-		});
-		return { callbackURL, headers: newHeaders };
-	}
-	it("should allow account linking when domain is verified and email domain matches", async () => {
-		const testEmail = "linking-test@verified-oidc.com";
-		const testDomain = "verified-oidc.com";
-		server.service.on("beforeTokenSigning", (token) => {
-			token.payload.email = testEmail;
-			token.payload.email_verified = false;
-			token.payload.name = "Domain Verified User";
-			token.payload.sub = "oidc-domain-verified-user";
-		});
-		const { headers } = await signInWithTestUser();
-		const provider = await auth.api.registerSSOProvider({
-			body: {
-				providerId: "domain-verified-oidc",
-				issuer: server.issuer.url!,
-				domain: testDomain,
-				oidcConfig: {
-					clientId: "test",
-					clientSecret: "test",
-					authorizationEndpoint: `${server.issuer.url}/authorize`,
-					tokenEndpoint: `${server.issuer.url}/token`,
-					jwksEndpoint: `${server.issuer.url}/jwks`,
-					discoveryEndpoint: `${server.issuer.url}/.well-known/openid-configuration`,
-					mapping: {
-						id: "sub",
-						email: "email",
-						emailVerified: "email_verified",
-						name: "name",
-					},
-				},
-			},
-			headers,
-		});
-		expect(provider.domainVerified).toBe(false);
-		const ctx = await auth.$context;
-		await ctx.adapter.update({
-			model: "ssoProvider",
-			where: [{ field: "providerId", value: provider.providerId }],
-			update: {
-				domainVerified: true,
-			},
-		});
-		const updatedProvider = await ctx.adapter.findOne<{
-			domainVerified: boolean;
-			domain: string;
-		}>({
-			model: "ssoProvider",
-			where: [{ field: "providerId", value: provider.providerId }],
-		});
-		expect(updatedProvider?.domainVerified).toBe(true);
-		await ctx.adapter.create({
-			model: "user",
-			data: {
-				id: "existing-oidc-domain-user",
-				email: testEmail,
-				name: "Existing User",
-				emailVerified: true,
-				createdAt: new Date(),
-				updatedAt: new Date(),
-			},
-			forceAllowId: true,
-		});
-		const newHeaders = new Headers();
-		const res = await authClient.signIn.sso({
-			providerId: "domain-verified-oidc",
-			callbackURL: "/dashboard",
-			fetchOptions: {
-				throw: true,
-				onSuccess: cookieSetter(newHeaders),
-			},
-		});
-		expect(res.url).toContain("http://localhost:8080/authorize");
-		const { callbackURL } = await simulateOAuthFlow(res.url, newHeaders);
-		expect(callbackURL).toContain("/dashboard");
-		expect(callbackURL).not.toContain("error");
-		const accounts = await ctx.adapter.findMany<{
-			providerId: string;
-			accountId: string;
-			userId: string;
-		}>({
-			model: "account",
-			where: [{ field: "userId", value: "existing-oidc-domain-user" }],
-		});
-		const linkedAccount = accounts.find(
-			(a) => a.providerId === "domain-verified-oidc",
-		);
-		expect(linkedAccount).toBeTruthy();
-		expect(linkedAccount?.accountId).toBe("oidc-domain-verified-user");
-	});
-});