@better-auth/sso 1.5.1 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +27 -51
- package/dist/index.mjs.map +1 -1
- package/package.json +5 -5
package/dist/index.mjs
CHANGED
|
@@ -270,31 +270,16 @@ const requestDomainVerification = (options) => {
|
|
|
270
270
|
code: "DOMAIN_VERIFIED"
|
|
271
271
|
});
|
|
272
272
|
const identifier = getVerificationIdentifier(options, provider.providerId);
|
|
273
|
-
const activeVerification = await ctx.context.
|
|
274
|
-
|
|
275
|
-
where: [{
|
|
276
|
-
field: "identifier",
|
|
277
|
-
value: identifier
|
|
278
|
-
}, {
|
|
279
|
-
field: "expiresAt",
|
|
280
|
-
value: /* @__PURE__ */ new Date(),
|
|
281
|
-
operator: "gt"
|
|
282
|
-
}]
|
|
283
|
-
});
|
|
284
|
-
if (activeVerification) {
|
|
273
|
+
const activeVerification = await ctx.context.internalAdapter.findVerificationValue(identifier);
|
|
274
|
+
if (activeVerification && new Date(activeVerification.expiresAt) > /* @__PURE__ */ new Date()) {
|
|
285
275
|
ctx.setStatus(201);
|
|
286
276
|
return ctx.json({ domainVerificationToken: activeVerification.value });
|
|
287
277
|
}
|
|
288
278
|
const domainVerificationToken = generateRandomString(24);
|
|
289
|
-
await ctx.context.
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
createdAt: /* @__PURE__ */ new Date(),
|
|
294
|
-
updatedAt: /* @__PURE__ */ new Date(),
|
|
295
|
-
value: domainVerificationToken,
|
|
296
|
-
expiresAt: new Date(Date.now() + 3600 * 24 * 7 * 1e3)
|
|
297
|
-
}
|
|
279
|
+
await ctx.context.internalAdapter.createVerificationValue({
|
|
280
|
+
identifier,
|
|
281
|
+
value: domainVerificationToken,
|
|
282
|
+
expiresAt: new Date(Date.now() + 3600 * 24 * 7 * 1e3)
|
|
298
283
|
});
|
|
299
284
|
ctx.setStatus(201);
|
|
300
285
|
return ctx.json({ domainVerificationToken });
|
|
@@ -353,18 +338,8 @@ const verifyDomain = (options) => {
|
|
|
353
338
|
message: `Verification identifier exceeds the DNS label limit of ${DNS_LABEL_MAX_LENGTH} characters`,
|
|
354
339
|
code: "IDENTIFIER_TOO_LONG"
|
|
355
340
|
});
|
|
356
|
-
const activeVerification = await ctx.context.
|
|
357
|
-
|
|
358
|
-
where: [{
|
|
359
|
-
field: "identifier",
|
|
360
|
-
value: identifier
|
|
361
|
-
}, {
|
|
362
|
-
field: "expiresAt",
|
|
363
|
-
value: /* @__PURE__ */ new Date(),
|
|
364
|
-
operator: "gt"
|
|
365
|
-
}]
|
|
366
|
-
});
|
|
367
|
-
if (!activeVerification) throw new APIError("NOT_FOUND", {
|
|
341
|
+
const activeVerification = await ctx.context.internalAdapter.findVerificationValue(identifier);
|
|
342
|
+
if (!activeVerification || new Date(activeVerification.expiresAt) <= /* @__PURE__ */ new Date()) throw new APIError("NOT_FOUND", {
|
|
368
343
|
message: "No pending domain verification exists",
|
|
369
344
|
code: "NO_PENDING_VERIFICATION"
|
|
370
345
|
});
|
|
@@ -2030,15 +2005,10 @@ const registerSSOProvider = (options) => {
|
|
|
2030
2005
|
if (options?.domainVerification?.enabled) {
|
|
2031
2006
|
domainVerified = false;
|
|
2032
2007
|
domainVerificationToken = generateRandomString(24);
|
|
2033
|
-
await ctx.context.
|
|
2034
|
-
|
|
2035
|
-
|
|
2036
|
-
|
|
2037
|
-
createdAt: /* @__PURE__ */ new Date(),
|
|
2038
|
-
updatedAt: /* @__PURE__ */ new Date(),
|
|
2039
|
-
value: domainVerificationToken,
|
|
2040
|
-
expiresAt: new Date(Date.now() + 3600 * 24 * 7 * 1e3)
|
|
2041
|
-
}
|
|
2008
|
+
await ctx.context.internalAdapter.createVerificationValue({
|
|
2009
|
+
identifier: getVerificationIdentifier(options, provider.providerId),
|
|
2010
|
+
value: domainVerificationToken,
|
|
2011
|
+
expiresAt: new Date(Date.now() + 3600 * 24 * 7 * 1e3)
|
|
2042
2012
|
});
|
|
2043
2013
|
}
|
|
2044
2014
|
const result = {
|
|
@@ -2374,7 +2344,20 @@ async function handleOIDCCallback(ctx, options, providerId, stateData) {
|
|
|
2374
2344
|
});
|
|
2375
2345
|
if (!tokenResponse) throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=token_response_not_found`);
|
|
2376
2346
|
let userInfo = null;
|
|
2377
|
-
|
|
2347
|
+
const mapping = config.mapping || {};
|
|
2348
|
+
if (config.userInfoEndpoint) {
|
|
2349
|
+
const userInfoResponse = await betterFetch(config.userInfoEndpoint, { headers: { Authorization: `Bearer ${tokenResponse.accessToken}` } });
|
|
2350
|
+
if (userInfoResponse.error) throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=${userInfoResponse.error.message}`);
|
|
2351
|
+
const rawUserInfo = userInfoResponse.data;
|
|
2352
|
+
userInfo = {
|
|
2353
|
+
...Object.fromEntries(Object.entries(mapping.extraFields || {}).map(([key, value]) => [key, rawUserInfo[value]])),
|
|
2354
|
+
id: rawUserInfo[mapping.id || "sub"],
|
|
2355
|
+
email: rawUserInfo[mapping.email || "email"],
|
|
2356
|
+
emailVerified: options?.trustEmailVerified ? rawUserInfo[mapping.emailVerified || "email_verified"] : false,
|
|
2357
|
+
name: rawUserInfo[mapping.name || "name"],
|
|
2358
|
+
image: rawUserInfo[mapping.image || "picture"]
|
|
2359
|
+
};
|
|
2360
|
+
} else if (tokenResponse.idToken) {
|
|
2378
2361
|
const idToken = decodeJwt(tokenResponse.idToken);
|
|
2379
2362
|
if (!config.jwksEndpoint) throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=jwks_endpoint_not_found`);
|
|
2380
2363
|
const verified = await validateToken(tokenResponse.idToken, config.jwksEndpoint, {
|
|
@@ -2385,7 +2368,6 @@ async function handleOIDCCallback(ctx, options, providerId, stateData) {
|
|
|
2385
2368
|
return null;
|
|
2386
2369
|
});
|
|
2387
2370
|
if (!verified) throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=token_not_verified`);
|
|
2388
|
-
const mapping = config.mapping || {};
|
|
2389
2371
|
userInfo = {
|
|
2390
2372
|
...Object.fromEntries(Object.entries(mapping.extraFields || {}).map(([key, value]) => [key, verified.payload[value]])),
|
|
2391
2373
|
id: idToken[mapping.id || "sub"],
|
|
@@ -2394,13 +2376,7 @@ async function handleOIDCCallback(ctx, options, providerId, stateData) {
|
|
|
2394
2376
|
name: idToken[mapping.name || "name"],
|
|
2395
2377
|
image: idToken[mapping.image || "picture"]
|
|
2396
2378
|
};
|
|
2397
|
-
}
|
|
2398
|
-
if (!userInfo) {
|
|
2399
|
-
if (!config.userInfoEndpoint) throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=user_info_endpoint_not_found`);
|
|
2400
|
-
const userInfoResponse = await betterFetch(config.userInfoEndpoint, { headers: { Authorization: `Bearer ${tokenResponse.accessToken}` } });
|
|
2401
|
-
if (userInfoResponse.error) throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=${userInfoResponse.error.message}`);
|
|
2402
|
-
userInfo = userInfoResponse.data;
|
|
2403
|
-
}
|
|
2379
|
+
} else throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=user_info_endpoint_not_found`);
|
|
2404
2380
|
if (!userInfo.email || !userInfo.id) throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=missing_user_info`);
|
|
2405
2381
|
const isTrustedProvider = "domainVerified" in provider && provider.domainVerified === true && validateEmailDomain(userInfo.email, provider.domain);
|
|
2406
2382
|
const linked = await handleOAuthUserInfo(ctx, {
|