@better-auth/sso 1.5.0 → 1.5.1-beta.1

package/dist/client.d.mts

@@ -1,5 +1,4 @@
-import "./index-BQp9TZiG.mjs";
-import { SSOPlugin } from "./index.mjs";
+import { t as SSOPlugin } from "./index-DHITQH_m.mjs";
 
 //#region src/client.d.ts
 interface SSOClientOptions {

package/dist/{index-BQp9TZiG.d.mts → index-DHITQH_m.d.mts}

@@ -1,7 +1,7 @@
 import { APIError } from "better-auth/api";
 import * as z$1 from "zod/v4";
 import z from "zod/v4";
-import { Awaitable, OAuth2Tokens, User } from "better-auth";
+import { Awaitable, BetterAuthPlugin, OAuth2Tokens, User } from "better-auth";
 import * as better_call0 from "better-call";
 
 //#region src/saml/algorithms.d.ts
@@ -1721,5 +1721,56 @@ declare function selectTokenEndpointAuthMethod(doc: OIDCDiscoveryDocument, exist
  */
 declare function needsRuntimeDiscovery(config: Partial<HydratedOIDCConfig> | undefined): boolean;
 //#endregion
-export { spMetadata as A, SSOOptions as B, callbackSSO as C, registerSSOProvider as D, initiateSLO as E, updateSSOProvider as F, DigestAlgorithm as G, AlgorithmValidationOptions as H, requestDomainVerification as I, KeyEncryptionAlgorithm as K, verifyDomain as L, deleteSSOProvider as M, getSSOProvider as N, signInSSO as O, listSSOProviders as P, OIDCConfig as R, acsEndpoint as S, callbackSSOShared as T, DataEncryptionAlgorithm as U, SSOProvider as V, DeprecatedAlgorithmBehavior as W, DEFAULT_CLOCK_SKEW_MS as _, normalizeDiscoveryUrls as a, SAMLConditions as b, validateDiscoveryDocument as c, DiscoveryError as d, DiscoveryErrorCode as f, RequiredDiscoveryField as g, REQUIRED_DISCOVERY_FIELDS as h, needsRuntimeDiscovery as i, validateSAMLTimestamp as j, sloEndpoint as k, validateDiscoveryUrl as l, OIDCDiscoveryDocument as m, discoverOIDCConfig as n, normalizeUrl as o, HydratedOIDCConfig as p, SignatureAlgorithm as q, fetchDiscoveryDocument as r, selectTokenEndpointAuthMethod as s, computeDiscoveryUrl as t, DiscoverOIDCConfigParams as u, DEFAULT_MAX_SAML_METADATA_SIZE as v, callbackSSOSAML as w, TimestampValidationOptions as x, DEFAULT_MAX_SAML_RESPONSE_SIZE as y, SAMLConfig as z };
-//# sourceMappingURL=index-BQp9TZiG.d.mts.map
+//#region src/index.d.ts
+declare module "@better-auth/core" {
+  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+    sso: {
+      creator: typeof sso;
+    };
+  }
+}
+type DomainVerificationEndpoints = {
+  requestDomainVerification: ReturnType<typeof requestDomainVerification>;
+  verifyDomain: ReturnType<typeof verifyDomain>;
+};
+type SSOEndpoints<O extends SSOOptions> = {
+  spMetadata: ReturnType<typeof spMetadata>;
+  registerSSOProvider: ReturnType<typeof registerSSOProvider<O>>;
+  signInSSO: ReturnType<typeof signInSSO>;
+  callbackSSO: ReturnType<typeof callbackSSO>;
+  callbackSSOShared: ReturnType<typeof callbackSSOShared>;
+  callbackSSOSAML: ReturnType<typeof callbackSSOSAML>;
+  acsEndpoint: ReturnType<typeof acsEndpoint>;
+  sloEndpoint: ReturnType<typeof sloEndpoint>;
+  initiateSLO: ReturnType<typeof initiateSLO>;
+  listSSOProviders: ReturnType<typeof listSSOProviders>;
+  getSSOProvider: ReturnType<typeof getSSOProvider>;
+  updateSSOProvider: ReturnType<typeof updateSSOProvider>;
+  deleteSSOProvider: ReturnType<typeof deleteSSOProvider>;
+};
+type SSOPlugin<O extends SSOOptions> = {
+  id: "sso";
+  endpoints: SSOEndpoints<O> & (O extends {
+    domainVerification: {
+      enabled: true;
+    };
+  } ? DomainVerificationEndpoints : {});
+};
+declare function sso<O extends SSOOptions & {
+  domainVerification?: {
+    enabled: true;
+  };
+}>(options?: O | undefined): {
+  id: "sso";
+  endpoints: SSOEndpoints<O> & DomainVerificationEndpoints;
+  schema: NonNullable<BetterAuthPlugin["schema"]>;
+  options: O;
+};
+declare function sso<O extends SSOOptions>(options?: O | undefined): {
+  id: "sso";
+  endpoints: SSOEndpoints<O>;
+  options: O;
+};
+//#endregion
+export { DataEncryptionAlgorithm as A, TimestampValidationOptions as C, SSOOptions as D, SAMLConfig as E, DigestAlgorithm as M, KeyEncryptionAlgorithm as N, SSOProvider as O, SignatureAlgorithm as P, SAMLConditions as S, OIDCConfig as T, REQUIRED_DISCOVERY_FIELDS as _, fetchDiscoveryDocument as a, DEFAULT_MAX_SAML_METADATA_SIZE as b, normalizeUrl as c, validateDiscoveryUrl as d, DiscoverOIDCConfigParams as f, OIDCDiscoveryDocument as g, HydratedOIDCConfig as h, discoverOIDCConfig as i, DeprecatedAlgorithmBehavior as j, AlgorithmValidationOptions as k, selectTokenEndpointAuthMethod as l, DiscoveryErrorCode as m, sso as n, needsRuntimeDiscovery as o, DiscoveryError as p, computeDiscoveryUrl as r, normalizeDiscoveryUrls as s, SSOPlugin as t, validateDiscoveryDocument as u, RequiredDiscoveryField as v, validateSAMLTimestamp as w, DEFAULT_MAX_SAML_RESPONSE_SIZE as x, DEFAULT_CLOCK_SKEW_MS as y };
+//# sourceMappingURL=index-DHITQH_m.d.mts.map

package/dist/index.d.mts

@@ -1,56 +1,2 @@
-import { A as spMetadata, B as SSOOptions, C as callbackSSO, D as registerSSOProvider, E as initiateSLO, F as updateSSOProvider, G as DigestAlgorithm, H as AlgorithmValidationOptions, I as requestDomainVerification, K as KeyEncryptionAlgorithm, L as verifyDomain, M as deleteSSOProvider, N as getSSOProvider, O as signInSSO, P as listSSOProviders, R as OIDCConfig, S as acsEndpoint, T as callbackSSOShared, U as DataEncryptionAlgorithm, V as SSOProvider, W as DeprecatedAlgorithmBehavior, _ as DEFAULT_CLOCK_SKEW_MS, a as normalizeDiscoveryUrls, b as SAMLConditions, c as validateDiscoveryDocument, d as DiscoveryError, f as DiscoveryErrorCode, g as RequiredDiscoveryField, h as REQUIRED_DISCOVERY_FIELDS, i as needsRuntimeDiscovery, j as validateSAMLTimestamp, k as sloEndpoint, l as validateDiscoveryUrl, m as OIDCDiscoveryDocument, n as discoverOIDCConfig, o as normalizeUrl, p as HydratedOIDCConfig, q as SignatureAlgorithm, r as fetchDiscoveryDocument, s as selectTokenEndpointAuthMethod, t as computeDiscoveryUrl, u as DiscoverOIDCConfigParams, v as DEFAULT_MAX_SAML_METADATA_SIZE, w as callbackSSOSAML, x as TimestampValidationOptions, y as DEFAULT_MAX_SAML_RESPONSE_SIZE, z as SAMLConfig } from "./index-BQp9TZiG.mjs";
-import { BetterAuthPlugin } from "better-auth";
-
-//#region src/index.d.ts
-declare module "@better-auth/core" {
-  interface BetterAuthPluginRegistry<AuthOptions, Options> {
-    sso: {
-      creator: typeof sso;
-    };
-  }
-}
-type DomainVerificationEndpoints = {
-  requestDomainVerification: ReturnType<typeof requestDomainVerification>;
-  verifyDomain: ReturnType<typeof verifyDomain>;
-};
-type SSOEndpoints<O extends SSOOptions> = {
-  spMetadata: ReturnType<typeof spMetadata>;
-  registerSSOProvider: ReturnType<typeof registerSSOProvider<O>>;
-  signInSSO: ReturnType<typeof signInSSO>;
-  callbackSSO: ReturnType<typeof callbackSSO>;
-  callbackSSOShared: ReturnType<typeof callbackSSOShared>;
-  callbackSSOSAML: ReturnType<typeof callbackSSOSAML>;
-  acsEndpoint: ReturnType<typeof acsEndpoint>;
-  sloEndpoint: ReturnType<typeof sloEndpoint>;
-  initiateSLO: ReturnType<typeof initiateSLO>;
-  listSSOProviders: ReturnType<typeof listSSOProviders>;
-  getSSOProvider: ReturnType<typeof getSSOProvider>;
-  updateSSOProvider: ReturnType<typeof updateSSOProvider>;
-  deleteSSOProvider: ReturnType<typeof deleteSSOProvider>;
-};
-type SSOPlugin<O extends SSOOptions> = {
-  id: "sso";
-  endpoints: SSOEndpoints<O> & (O extends {
-    domainVerification: {
-      enabled: true;
-    };
-  } ? DomainVerificationEndpoints : {});
-};
-declare function sso<O extends SSOOptions & {
-  domainVerification?: {
-    enabled: true;
-  };
-}>(options?: O | undefined): {
-  id: "sso";
-  endpoints: SSOEndpoints<O> & DomainVerificationEndpoints;
-  schema: NonNullable<BetterAuthPlugin["schema"]>;
-  options: O;
-};
-declare function sso<O extends SSOOptions>(options?: O | undefined): {
-  id: "sso";
-  endpoints: SSOEndpoints<O>;
-  options: O;
-};
-//#endregion
-export { type AlgorithmValidationOptions, DEFAULT_CLOCK_SKEW_MS, DEFAULT_MAX_SAML_METADATA_SIZE, DEFAULT_MAX_SAML_RESPONSE_SIZE, DataEncryptionAlgorithm, type DeprecatedAlgorithmBehavior, DigestAlgorithm, type DiscoverOIDCConfigParams, DiscoveryError, type DiscoveryErrorCode, type HydratedOIDCConfig, KeyEncryptionAlgorithm, type OIDCConfig, type OIDCDiscoveryDocument, REQUIRED_DISCOVERY_FIELDS, type RequiredDiscoveryField, type SAMLConditions, type SAMLConfig, type SSOOptions, SSOPlugin, type SSOProvider, SignatureAlgorithm, type TimestampValidationOptions, computeDiscoveryUrl, discoverOIDCConfig, fetchDiscoveryDocument, needsRuntimeDiscovery, normalizeDiscoveryUrls, normalizeUrl, selectTokenEndpointAuthMethod, sso, validateDiscoveryDocument, validateDiscoveryUrl, validateSAMLTimestamp };
-//# sourceMappingURL=index.d.mts.map
+import { A as DataEncryptionAlgorithm, C as TimestampValidationOptions, D as SSOOptions, E as SAMLConfig, M as DigestAlgorithm, N as KeyEncryptionAlgorithm, O as SSOProvider, P as SignatureAlgorithm, S as SAMLConditions, T as OIDCConfig, _ as REQUIRED_DISCOVERY_FIELDS, a as fetchDiscoveryDocument, b as DEFAULT_MAX_SAML_METADATA_SIZE, c as normalizeUrl, d as validateDiscoveryUrl, f as DiscoverOIDCConfigParams, g as OIDCDiscoveryDocument, h as HydratedOIDCConfig, i as discoverOIDCConfig, j as DeprecatedAlgorithmBehavior, k as AlgorithmValidationOptions, l as selectTokenEndpointAuthMethod, m as DiscoveryErrorCode, n as sso, o as needsRuntimeDiscovery, p as DiscoveryError, r as computeDiscoveryUrl, s as normalizeDiscoveryUrls, t as SSOPlugin, u as validateDiscoveryDocument, v as RequiredDiscoveryField, w as validateSAMLTimestamp, x as DEFAULT_MAX_SAML_RESPONSE_SIZE, y as DEFAULT_CLOCK_SKEW_MS } from "./index-DHITQH_m.mjs";
+export { AlgorithmValidationOptions, DEFAULT_CLOCK_SKEW_MS, DEFAULT_MAX_SAML_METADATA_SIZE, DEFAULT_MAX_SAML_RESPONSE_SIZE, DataEncryptionAlgorithm, DeprecatedAlgorithmBehavior, DigestAlgorithm, DiscoverOIDCConfigParams, DiscoveryError, DiscoveryErrorCode, HydratedOIDCConfig, KeyEncryptionAlgorithm, OIDCConfig, OIDCDiscoveryDocument, REQUIRED_DISCOVERY_FIELDS, RequiredDiscoveryField, SAMLConditions, SAMLConfig, SSOOptions, SSOPlugin, SSOProvider, SignatureAlgorithm, TimestampValidationOptions, computeDiscoveryUrl, discoverOIDCConfig, fetchDiscoveryDocument, needsRuntimeDiscovery, normalizeDiscoveryUrls, normalizeUrl, selectTokenEndpointAuthMethod, sso, validateDiscoveryDocument, validateDiscoveryUrl, validateSAMLTimestamp };

package/dist/index.mjs

@@ -3161,7 +3161,7 @@ async function handleLogoutResponse(ctx, sp, idp, relayState, providerId) {
 	if (inResponseTo) {
 		const key = `${LOGOUT_REQUEST_KEY_PREFIX}${inResponseTo}`;
 		if (!await ctx.context.internalAdapter.findVerificationValue(key)) ctx.context.logger.warn("LogoutResponse references unknown or expired request", { inResponseTo });
-		await ctx.context.internalAdapter.deleteVerificationValue(key).catch((e) => ctx.context.logger.warn("Failed to delete logout request verification value", e));
+		await ctx.context.internalAdapter.deleteVerificationByIdentifier(key).catch((e) => ctx.context.logger.warn("Failed to delete logout request verification value", e));
 	}
 	deleteSessionCookie(ctx);
 	const appOrigin = new URL(ctx.context.baseURL).origin;
@@ -3189,13 +3189,13 @@ async function handleLogoutRequest(ctx, sp, idp, relayState, providerId) {
 		const data = safeJsonParse(stored.value);
 		if (data) if (!sessionIndex || !data.sessionIndex || sessionIndex === data.sessionIndex) {
 			await ctx.context.internalAdapter.deleteSession(data.sessionId).catch((e) => ctx.context.logger.warn("Failed to delete session during SLO", { error: e }));
-			await ctx.context.internalAdapter.deleteVerificationValue(`${SAML_SESSION_BY_ID_PREFIX}${data.sessionId}`).catch((e) => ctx.context.logger.warn("Failed to delete SAML session lookup during SLO", e));
+			await ctx.context.internalAdapter.deleteVerificationByIdentifier(`${SAML_SESSION_BY_ID_PREFIX}${data.sessionId}`).catch((e) => ctx.context.logger.warn("Failed to delete SAML session lookup during SLO", e));
 		} else ctx.context.logger.warn("SessionIndex mismatch in LogoutRequest - skipping session deletion", {
 			providerId,
 			requestedSessionIndex: sessionIndex,
 			storedSessionIndex: data.sessionIndex
 		});
-		await ctx.context.internalAdapter.deleteVerificationValue(key).catch((e) => ctx.context.logger.warn("Failed to delete SAML session key during SLO", e));
+		await ctx.context.internalAdapter.deleteVerificationByIdentifier(key).catch((e) => ctx.context.logger.warn("Failed to delete SAML session key during SLO", e));
 	}
 	const currentSession = await getSessionFromCtx(ctx);
 	if (currentSession?.session) await ctx.context.internalAdapter.deleteSession(currentSession.session.id);
@@ -3252,8 +3252,8 @@ const initiateSLO = (options) => {
 			value: providerId,
 			expiresAt: new Date(Date.now() + ttl)
 		});
-		if (samlSessionKey) await ctx.context.internalAdapter.deleteVerificationValue(samlSessionKey).catch((e) => ctx.context.logger.warn("Failed to delete SAML session key during logout", e));
-		await ctx.context.internalAdapter.deleteVerificationValue(sessionLookupKey).catch((e) => ctx.context.logger.warn("Failed to delete session lookup key during logout", e));
+		if (samlSessionKey) await ctx.context.internalAdapter.deleteVerificationByIdentifier(samlSessionKey).catch((e) => ctx.context.logger.warn("Failed to delete SAML session key during logout", e));
+		await ctx.context.internalAdapter.deleteVerificationByIdentifier(sessionLookupKey).catch((e) => ctx.context.logger.warn("Failed to delete session lookup key during logout", e));
 		await ctx.context.internalAdapter.deleteSession(session.session.id);
 		deleteSessionCookie(ctx);
 		throw ctx.redirect(logoutRequest.context);
@@ -3323,8 +3323,8 @@ function sso(options) {
 					const sessionLookupKey = `${SAML_SESSION_BY_ID_PREFIX}${session.session.id}`;
 					const sessionLookup = await ctx.context.internalAdapter.findVerificationValue(sessionLookupKey);
 					if (sessionLookup?.value) {
-						await ctx.context.internalAdapter.deleteVerificationValue(sessionLookup.value).catch(() => {});
-						await ctx.context.internalAdapter.deleteVerificationValue(sessionLookupKey).catch(() => {});
+						await ctx.context.internalAdapter.deleteVerificationByIdentifier(sessionLookup.value).catch(() => {});
+						await ctx.context.internalAdapter.deleteVerificationByIdentifier(sessionLookupKey).catch(() => {});
 					}
 				})
 			}],