npm - @better-auth/sso - Versions diffs - 1.5.0-beta.8 → 1.5.0 - Mend

@better-auth/sso 1.5.0-beta.8 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/README.md +17 -0
package/dist/client.d.mts +8 -2
package/dist/client.mjs +7 -2
package/dist/client.mjs.map +1 -0
package/dist/{index-BT0wtuq1.d.mts → index-BQp9TZiG.d.mts} +494 -66
package/dist/index.d.mts +56 -2
package/dist/index.mjs +1505 -629
package/dist/index.mjs.map +1 -0
package/package.json +35 -31
package/.turbo/turbo-build.log +0 -16
package/src/client.ts +0 -25
package/src/constants.ts +0 -58
package/src/domain-verification.test.ts +0 -551
package/src/index.ts +0 -253
package/src/linking/index.ts +0 -2
package/src/linking/org-assignment.test.ts +0 -325
package/src/linking/org-assignment.ts +0 -169
package/src/linking/types.ts +0 -10
package/src/oidc/discovery.test.ts +0 -1157
package/src/oidc/discovery.ts +0 -494
package/src/oidc/errors.ts +0 -92
package/src/oidc/index.ts +0 -31
package/src/oidc/types.ts +0 -219
package/src/oidc.test.ts +0 -576
package/src/routes/domain-verification.ts +0 -275
package/src/routes/sso.ts +0 -2710
package/src/saml/algorithms.test.ts +0 -449
package/src/saml/algorithms.ts +0 -338
package/src/saml/assertions.test.ts +0 -239
package/src/saml/assertions.ts +0 -62
package/src/saml/index.ts +0 -13
package/src/saml/parser.ts +0 -56
package/src/saml-state.ts +0 -78
package/src/saml.test.ts +0 -4003
package/src/types.ts +0 -357
package/src/utils.ts +0 -41
package/tsconfig.json +0 -14
package/tsdown.config.ts +0 -8
package/vitest.config.ts +0 -3

package/src/linking/org-assignment.ts DELETED Viewed

@@ -1,169 +0,0 @@
-import type { GenericEndpointContext, OAuth2Tokens, User } from "better-auth";
-import type { SSOOptions, SSOProvider } from "../types";
-import type { NormalizedSSOProfile } from "./types";
-export interface OrganizationProvisioningOptions {
-	disabled?: boolean;
-	defaultRole?: "member" | "admin";
-	getRole?: (data: {
-		user: User & Record<string, any>;
-		userInfo: Record<string, any>;
-		token?: OAuth2Tokens;
-		provider: SSOProvider<SSOOptions>;
-	}) => Promise<"member" | "admin">;
-}
-export interface AssignOrganizationFromProviderOptions {
-	user: User;
-	profile: NormalizedSSOProfile;
-	provider: SSOProvider<SSOOptions>;
-	token?: OAuth2Tokens;
-	provisioningOptions?: OrganizationProvisioningOptions;
-}
-/**
- * Assigns a user to an organization based on the SSO provider's organizationId.
- * Used in SSO flows (OIDC, SAML) where the provider is already linked to an org.
- */
-export async function assignOrganizationFromProvider(
-	ctx: GenericEndpointContext,
-	options: AssignOrganizationFromProviderOptions,
-): Promise<void> {
-	const { user, profile, provider, token, provisioningOptions } = options;
-	if (!provider.organizationId) {
-		return;
-	}
-	if (provisioningOptions?.disabled) {
-		return;
-	}
-	const isOrgPluginEnabled = ctx.context.options.plugins?.find(
-		(plugin) => plugin.id === "organization",
-	);
-	if (!isOrgPluginEnabled) {
-		return;
-	}
-	const isAlreadyMember = await ctx.context.adapter.findOne({
-		model: "member",
-		where: [
-			{ field: "organizationId", value: provider.organizationId },
-			{ field: "userId", value: user.id },
-		],
-	});
-	if (isAlreadyMember) {
-		return;
-	}
-	const role = provisioningOptions?.getRole
-		? await provisioningOptions.getRole({
-				user,
-				userInfo: profile.rawAttributes || {},
-				token,
-				provider,
-			})
-		: provisioningOptions?.defaultRole || "member";
-	await ctx.context.adapter.create({
-		model: "member",
-		data: {
-			organizationId: provider.organizationId,
-			userId: user.id,
-			role,
-			createdAt: new Date(),
-		},
-	});
-}
-export interface AssignOrganizationByDomainOptions {
-	user: User;
-	provisioningOptions?: OrganizationProvisioningOptions;
-	domainVerification?: {
-		enabled?: boolean;
-	};
-}
-/**
- * Assigns a user to an organization based on their email domain.
- * Looks up SSO providers that match the user's email domain and assigns
- * the user to the associated organization.
- *
- * This enables domain-based org assignment for non-SSO sign-in methods
- * (e.g., Google OAuth with @acme.com email gets added to Acme's org).
- */
-export async function assignOrganizationByDomain(
-	ctx: GenericEndpointContext,
-	options: AssignOrganizationByDomainOptions,
-): Promise<void> {
-	const { user, provisioningOptions, domainVerification } = options;
-	if (provisioningOptions?.disabled) {
-		return;
-	}
-	const isOrgPluginEnabled = ctx.context.options.plugins?.find(
-		(plugin) => plugin.id === "organization",
-	);
-	if (!isOrgPluginEnabled) {
-		return;
-	}
-	const domain = user.email.split("@")[1];
-	if (!domain) {
-		return;
-	}
-	const whereClause: { field: string; value: string | boolean }[] = [
-		{ field: "domain", value: domain },
-	];
-	if (domainVerification?.enabled) {
-		whereClause.push({ field: "domainVerified", value: true });
-	}
-	const ssoProvider = await ctx.context.adapter.findOne<
-		SSOProvider<SSOOptions>
-	>({
-		model: "ssoProvider",
-		where: whereClause,
-	});
-	if (!ssoProvider || !ssoProvider.organizationId) {
-		return;
-	}
-	const isAlreadyMember = await ctx.context.adapter.findOne({
-		model: "member",
-		where: [
-			{ field: "organizationId", value: ssoProvider.organizationId },
-			{ field: "userId", value: user.id },
-		],
-	});
-	if (isAlreadyMember) {
-		return;
-	}
-	const role = provisioningOptions?.getRole
-		? await provisioningOptions.getRole({
-				user,
-				userInfo: {},
-				provider: ssoProvider,
-			})
-		: provisioningOptions?.defaultRole || "member";
-	await ctx.context.adapter.create({
-		model: "member",
-		data: {
-			organizationId: ssoProvider.organizationId,
-			userId: user.id,
-			role,
-			createdAt: new Date(),
-		},
-	});
-}

package/src/linking/types.ts DELETED Viewed

@@ -1,10 +0,0 @@
-export interface NormalizedSSOProfile {
-	providerType: "saml" | "oidc";
-	providerId: string;
-	accountId: string;
-	email: string;
-	emailVerified: boolean;
-	name?: string;
-	image?: string;
-	rawAttributes?: Record<string, unknown>;
-}