@better-auth/sso 1.5.6 → 1.6.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/client.d.mts +3 -3
  2. package/dist/client.mjs +2 -2
  3. package/dist/{index-DoxMd-mL.d.mts → index-eQBsdtYB.d.mts} +732 -804
  4. package/dist/index.d.mts +1 -1
  5. package/dist/index.mjs +23 -47
  6. package/dist/version-BqMHXjG-.mjs +5 -0
  7. package/package.json +13 -13
  8. package/dist/client.mjs.map +0 -1
  9. package/dist/index.mjs.map +0 -1
package/dist/{index-DoxMd-mL.d.mts → index-eQBsdtYB.d.mts} RENAMED
@@ -1,5 +1,4 @@
1
1
  import { APIError } from "better-auth/api";
2
- import * as z from "zod";
3
2
  import { Awaitable, BetterAuthPlugin, OAuth2Tokens, User } from "better-auth";
4
3
  import * as better_call0 from "better-call";
5
4
 
@@ -157,6 +156,16 @@ interface SSOOptions {
157
156
  */
158
157
  provider: SSOProvider<SSOOptions>;
159
158
  }) => Awaitable<void>) | undefined;
159
+ /**
160
+ * If true, the `provisionUser` callback will be called on every login,
161
+ * not just when a new user is registered. This is useful when you need
162
+ * to sync upstream identity provider profile changes on each sign-in.
163
+ *
164
+ * The `provisionUser` callback should be idempotent when this is enabled.
165
+ *
166
+ * @default false
167
+ */
168
+ provisionUserOnEveryLogin?: boolean;
160
169
  /**
161
170
  * Organization provisioning options
162
171
  */
@@ -311,7 +320,7 @@ interface SSOOptions {
311
320
  *
312
321
  * This works correctly in serverless environments without any additional configuration.
313
322
  *
314
- * @default false
323
+ * @default true
315
324
  */
316
325
  enableInResponseToValidation?: boolean;
317
326
  /**
@@ -415,143 +424,118 @@ interface SSOOptions {
415
424
  }
416
425
  //#endregion
417
426
  //#region src/routes/domain-verification.d.ts
418
- declare const requestDomainVerification: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/request-domain-verification", {
419
- method: "POST";
420
- body: z.ZodObject<{
421
- providerId: z.ZodString;
422
- }, z.core.$strip>;
423
- metadata: {
424
- openapi: {
425
- summary: string;
426
- description: string;
427
- responses: {
428
- "404": {
429
- description: string;
430
- };
431
- "409": {
432
- description: string;
433
- };
434
- "201": {
435
- description: string;
436
- };
437
- };
427
+ declare const requestDomainVerification: (options: SSOOptions) => better_call0.Endpoint<"/sso/request-domain-verification", "POST", {
428
+ providerId: string;
429
+ }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
430
+ session: {
431
+ session: Record<string, any> & {
432
+ id: string;
433
+ createdAt: Date;
434
+ updatedAt: Date;
435
+ userId: string;
436
+ expiresAt: Date;
437
+ token: string;
438
+ ipAddress?: string | null | undefined;
439
+ userAgent?: string | null | undefined;
440
+ };
441
+ user: Record<string, any> & {
442
+ id: string;
443
+ createdAt: Date;
444
+ updatedAt: Date;
445
+ email: string;
446
+ emailVerified: boolean;
447
+ name: string;
448
+ image?: string | null | undefined;
438
449
  };
439
450
  };
440
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
441
- session: {
442
- session: Record<string, any> & {
443
- id: string;
444
- createdAt: Date;
445
- updatedAt: Date;
446
- userId: string;
447
- expiresAt: Date;
448
- token: string;
449
- ipAddress?: string | null | undefined;
450
- userAgent?: string | null | undefined;
451
+ }>>], {
452
+ domainVerificationToken: string;
453
+ }, {
454
+ openapi: {
455
+ summary: string;
456
+ description: string;
457
+ responses: {
458
+ "404": {
459
+ description: string;
451
460
  };
452
- user: Record<string, any> & {
453
- id: string;
454
- createdAt: Date;
455
- updatedAt: Date;
456
- email: string;
457
- emailVerified: boolean;
458
- name: string;
459
- image?: string | null | undefined;
461
+ "409": {
462
+ description: string;
460
463
  };
461
- };
462
- }>)[];
463
- }, {
464
- domainVerificationToken: string;
465
- }>;
466
- declare const verifyDomain: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/verify-domain", {
467
- method: "POST";
468
- body: z.ZodObject<{
469
- providerId: z.ZodString;
470
- }, z.core.$strip>;
471
- metadata: {
472
- openapi: {
473
- summary: string;
474
- description: string;
475
- responses: {
476
- "404": {
477
- description: string;
478
- };
479
- "409": {
480
- description: string;
481
- };
482
- "502": {
483
- description: string;
484
- };
485
- "204": {
486
- description: string;
487
- };
464
+ "201": {
465
+ description: string;
488
466
  };
489
467
  };
490
468
  };
491
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
492
- session: {
493
- session: Record<string, any> & {
494
- id: string;
495
- createdAt: Date;
496
- updatedAt: Date;
497
- userId: string;
498
- expiresAt: Date;
499
- token: string;
500
- ipAddress?: string | null | undefined;
501
- userAgent?: string | null | undefined;
469
+ }, undefined>;
470
+ declare const verifyDomain: (options: SSOOptions) => better_call0.Endpoint<"/sso/verify-domain", "POST", {
471
+ providerId: string;
472
+ }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
473
+ session: {
474
+ session: Record<string, any> & {
475
+ id: string;
476
+ createdAt: Date;
477
+ updatedAt: Date;
478
+ userId: string;
479
+ expiresAt: Date;
480
+ token: string;
481
+ ipAddress?: string | null | undefined;
482
+ userAgent?: string | null | undefined;
483
+ };
484
+ user: Record<string, any> & {
485
+ id: string;
486
+ createdAt: Date;
487
+ updatedAt: Date;
488
+ email: string;
489
+ emailVerified: boolean;
490
+ name: string;
491
+ image?: string | null | undefined;
492
+ };
493
+ };
494
+ }>>], void, {
495
+ openapi: {
496
+ summary: string;
497
+ description: string;
498
+ responses: {
499
+ "404": {
500
+ description: string;
501
+ };
502
+ "409": {
503
+ description: string;
502
504
  };
503
- user: Record<string, any> & {
504
- id: string;
505
- createdAt: Date;
506
- updatedAt: Date;
507
- email: string;
508
- emailVerified: boolean;
509
- name: string;
510
- image?: string | null | undefined;
505
+ "502": {
506
+ description: string;
507
+ };
508
+ "204": {
509
+ description: string;
511
510
  };
512
511
  };
513
- }>)[];
514
- }, void>;
512
+ };
513
+ }, undefined>;
515
514
  //#endregion
516
515
  //#region src/routes/providers.d.ts
517
- declare const listSSOProviders: () => better_call0.StrictEndpoint<"/sso/providers", {
518
- method: "GET";
519
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
520
- session: {
521
- session: Record<string, any> & {
522
- id: string;
523
- createdAt: Date;
524
- updatedAt: Date;
525
- userId: string;
526
- expiresAt: Date;
527
- token: string;
528
- ipAddress?: string | null | undefined;
529
- userAgent?: string | null | undefined;
530
- };
531
- user: Record<string, any> & {
532
- id: string;
533
- createdAt: Date;
534
- updatedAt: Date;
535
- email: string;
536
- emailVerified: boolean;
537
- name: string;
538
- image?: string | null | undefined;
539
- };
516
+ declare const listSSOProviders: () => better_call0.Endpoint<"/sso/providers", "GET", undefined, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
517
+ session: {
518
+ session: Record<string, any> & {
519
+ id: string;
520
+ createdAt: Date;
521
+ updatedAt: Date;
522
+ userId: string;
523
+ expiresAt: Date;
524
+ token: string;
525
+ ipAddress?: string | null | undefined;
526
+ userAgent?: string | null | undefined;
540
527
  };
541
- }>)[];
542
- metadata: {
543
- openapi: {
544
- operationId: string;
545
- summary: string;
546
- description: string;
547
- responses: {
548
- "200": {
549
- description: string;
550
- };
551
- };
528
+ user: Record<string, any> & {
529
+ id: string;
530
+ createdAt: Date;
531
+ updatedAt: Date;
532
+ email: string;
533
+ emailVerified: boolean;
534
+ name: string;
535
+ image?: string | null | undefined;
552
536
  };
553
537
  };
554
- }, {
538
+ }>>], {
555
539
  providers: {
556
540
  providerId: string;
557
541
  type: string;
@@ -590,54 +574,43 @@ declare const listSSOProviders: () => better_call0.StrictEndpoint<"/sso/provider
590
574
  } | undefined;
591
575
  spMetadataUrl: string;
592
576
  }[];
593
- }>;
594
- declare const getSSOProvider: () => better_call0.StrictEndpoint<"/sso/get-provider", {
595
- method: "GET";
596
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
597
- session: {
598
- session: Record<string, any> & {
599
- id: string;
600
- createdAt: Date;
601
- updatedAt: Date;
602
- userId: string;
603
- expiresAt: Date;
604
- token: string;
605
- ipAddress?: string | null | undefined;
606
- userAgent?: string | null | undefined;
607
- };
608
- user: Record<string, any> & {
609
- id: string;
610
- createdAt: Date;
611
- updatedAt: Date;
612
- email: string;
613
- emailVerified: boolean;
614
- name: string;
615
- image?: string | null | undefined;
577
+ }, {
578
+ openapi: {
579
+ operationId: string;
580
+ summary: string;
581
+ description: string;
582
+ responses: {
583
+ "200": {
584
+ description: string;
616
585
  };
617
586
  };
618
- }>)[];
619
- query: z.ZodObject<{
620
- providerId: z.ZodString;
621
- }, z.core.$strip>;
622
- metadata: {
623
- openapi: {
624
- operationId: string;
625
- summary: string;
626
- description: string;
627
- responses: {
628
- "200": {
629
- description: string;
630
- };
631
- "404": {
632
- description: string;
633
- };
634
- "403": {
635
- description: string;
636
- };
637
- };
587
+ };
588
+ }, undefined>;
589
+ declare const getSSOProvider: () => better_call0.Endpoint<"/sso/get-provider", "GET", undefined, {
590
+ providerId: string;
591
+ }, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
592
+ session: {
593
+ session: Record<string, any> & {
594
+ id: string;
595
+ createdAt: Date;
596
+ updatedAt: Date;
597
+ userId: string;
598
+ expiresAt: Date;
599
+ token: string;
600
+ ipAddress?: string | null | undefined;
601
+ userAgent?: string | null | undefined;
602
+ };
603
+ user: Record<string, any> & {
604
+ id: string;
605
+ createdAt: Date;
606
+ updatedAt: Date;
607
+ email: string;
608
+ emailVerified: boolean;
609
+ name: string;
610
+ image?: string | null | undefined;
638
611
  };
639
612
  };
640
- }, {
613
+ }>>], {
641
614
  providerId: string;
642
615
  type: string;
643
616
  issuer: string;
@@ -674,127 +647,119 @@ declare const getSSOProvider: () => better_call0.StrictEndpoint<"/sso/get-provid
674
647
  };
675
648
  } | undefined;
676
649
  spMetadataUrl: string;
677
- }>;
678
- declare const updateSSOProvider: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/update-provider", {
679
- method: "POST";
680
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
681
- session: {
682
- session: Record<string, any> & {
683
- id: string;
684
- createdAt: Date;
685
- updatedAt: Date;
686
- userId: string;
687
- expiresAt: Date;
688
- token: string;
689
- ipAddress?: string | null | undefined;
690
- userAgent?: string | null | undefined;
650
+ }, {
651
+ openapi: {
652
+ operationId: string;
653
+ summary: string;
654
+ description: string;
655
+ responses: {
656
+ "200": {
657
+ description: string;
691
658
  };
692
- user: Record<string, any> & {
693
- id: string;
694
- createdAt: Date;
695
- updatedAt: Date;
696
- email: string;
697
- emailVerified: boolean;
698
- name: string;
699
- image?: string | null | undefined;
659
+ "404": {
660
+ description: string;
700
661
  };
701
- };
702
- }>)[];
703
- body: z.ZodObject<{
704
- issuer: z.ZodOptional<z.ZodString>;
705
- domain: z.ZodOptional<z.ZodString>;
706
- oidcConfig: z.ZodOptional<z.ZodObject<{
707
- clientId: z.ZodOptional<z.ZodString>;
708
- clientSecret: z.ZodOptional<z.ZodString>;
709
- authorizationEndpoint: z.ZodOptional<z.ZodString>;
710
- tokenEndpoint: z.ZodOptional<z.ZodString>;
711
- userInfoEndpoint: z.ZodOptional<z.ZodString>;
712
- tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
713
- client_secret_post: "client_secret_post";
714
- client_secret_basic: "client_secret_basic";
715
- }>>;
716
- jwksEndpoint: z.ZodOptional<z.ZodString>;
717
- discoveryEndpoint: z.ZodOptional<z.ZodString>;
718
- scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
719
- pkce: z.ZodOptional<z.ZodBoolean>;
720
- overrideUserInfo: z.ZodOptional<z.ZodBoolean>;
721
- mapping: z.ZodOptional<z.ZodObject<{
722
- id: z.ZodOptional<z.ZodString>;
723
- email: z.ZodOptional<z.ZodString>;
724
- emailVerified: z.ZodOptional<z.ZodString>;
725
- name: z.ZodOptional<z.ZodString>;
726
- image: z.ZodOptional<z.ZodString>;
727
- extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
728
- }, z.core.$strip>>;
729
- }, z.core.$strip>>;
730
- samlConfig: z.ZodOptional<z.ZodObject<{
731
- entryPoint: z.ZodOptional<z.ZodString>;
732
- cert: z.ZodOptional<z.ZodString>;
733
- callbackUrl: z.ZodOptional<z.ZodString>;
734
- audience: z.ZodOptional<z.ZodString>;
735
- idpMetadata: z.ZodOptional<z.ZodObject<{
736
- metadata: z.ZodOptional<z.ZodString>;
737
- entityID: z.ZodOptional<z.ZodString>;
738
- cert: z.ZodOptional<z.ZodString>;
739
- privateKey: z.ZodOptional<z.ZodString>;
740
- privateKeyPass: z.ZodOptional<z.ZodString>;
741
- isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
742
- encPrivateKey: z.ZodOptional<z.ZodString>;
743
- encPrivateKeyPass: z.ZodOptional<z.ZodString>;
744
- singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
745
- Binding: z.ZodString;
746
- Location: z.ZodString;
747
- }, z.core.$strip>>>;
748
- }, z.core.$strip>>;
749
- spMetadata: z.ZodOptional<z.ZodObject<{
750
- metadata: z.ZodOptional<z.ZodString>;
751
- entityID: z.ZodOptional<z.ZodString>;
752
- binding: z.ZodOptional<z.ZodString>;
753
- privateKey: z.ZodOptional<z.ZodString>;
754
- privateKeyPass: z.ZodOptional<z.ZodString>;
755
- isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
756
- encPrivateKey: z.ZodOptional<z.ZodString>;
757
- encPrivateKeyPass: z.ZodOptional<z.ZodString>;
758
- }, z.core.$strip>>;
759
- wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
760
- authnRequestsSigned: z.ZodOptional<z.ZodBoolean>;
761
- signatureAlgorithm: z.ZodOptional<z.ZodString>;
762
- digestAlgorithm: z.ZodOptional<z.ZodString>;
763
- identifierFormat: z.ZodOptional<z.ZodString>;
764
- privateKey: z.ZodOptional<z.ZodString>;
765
- decryptionPvk: z.ZodOptional<z.ZodString>;
766
- additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
767
- mapping: z.ZodOptional<z.ZodObject<{
768
- id: z.ZodOptional<z.ZodString>;
769
- email: z.ZodOptional<z.ZodString>;
770
- emailVerified: z.ZodOptional<z.ZodString>;
771
- name: z.ZodOptional<z.ZodString>;
772
- firstName: z.ZodOptional<z.ZodString>;
773
- lastName: z.ZodOptional<z.ZodString>;
774
- extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
775
- }, z.core.$strip>>;
776
- }, z.core.$strip>>;
777
- providerId: z.ZodString;
778
- }, z.core.$strip>;
779
- metadata: {
780
- openapi: {
781
- operationId: string;
782
- summary: string;
783
- description: string;
784
- responses: {
785
- "200": {
786
- description: string;
787
- };
788
- "404": {
789
- description: string;
790
- };
791
- "403": {
792
- description: string;
793
- };
662
+ "403": {
663
+ description: string;
794
664
  };
795
665
  };
796
666
  };
797
- }, {
667
+ }, undefined>;
668
+ declare const updateSSOProvider: (options: SSOOptions) => better_call0.Endpoint<"/sso/update-provider", "POST", {
669
+ providerId: string;
670
+ issuer?: string | undefined;
671
+ domain?: string | undefined;
672
+ oidcConfig?: {
673
+ clientId?: string | undefined;
674
+ clientSecret?: string | undefined;
675
+ authorizationEndpoint?: string | undefined;
676
+ tokenEndpoint?: string | undefined;
677
+ userInfoEndpoint?: string | undefined;
678
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
679
+ jwksEndpoint?: string | undefined;
680
+ discoveryEndpoint?: string | undefined;
681
+ scopes?: string[] | undefined;
682
+ pkce?: boolean | undefined;
683
+ overrideUserInfo?: boolean | undefined;
684
+ mapping?: {
685
+ id?: string | undefined;
686
+ email?: string | undefined;
687
+ emailVerified?: string | undefined;
688
+ name?: string | undefined;
689
+ image?: string | undefined;
690
+ extraFields?: Record<string, any> | undefined;
691
+ } | undefined;
692
+ } | undefined;
693
+ samlConfig?: {
694
+ entryPoint?: string | undefined;
695
+ cert?: string | undefined;
696
+ callbackUrl?: string | undefined;
697
+ audience?: string | undefined;
698
+ idpMetadata?: {
699
+ metadata?: string | undefined;
700
+ entityID?: string | undefined;
701
+ cert?: string | undefined;
702
+ privateKey?: string | undefined;
703
+ privateKeyPass?: string | undefined;
704
+ isAssertionEncrypted?: boolean | undefined;
705
+ encPrivateKey?: string | undefined;
706
+ encPrivateKeyPass?: string | undefined;
707
+ singleSignOnService?: {
708
+ Binding: string;
709
+ Location: string;
710
+ }[] | undefined;
711
+ } | undefined;
712
+ spMetadata?: {
713
+ metadata?: string | undefined;
714
+ entityID?: string | undefined;
715
+ binding?: string | undefined;
716
+ privateKey?: string | undefined;
717
+ privateKeyPass?: string | undefined;
718
+ isAssertionEncrypted?: boolean | undefined;
719
+ encPrivateKey?: string | undefined;
720
+ encPrivateKeyPass?: string | undefined;
721
+ } | undefined;
722
+ wantAssertionsSigned?: boolean | undefined;
723
+ authnRequestsSigned?: boolean | undefined;
724
+ signatureAlgorithm?: string | undefined;
725
+ digestAlgorithm?: string | undefined;
726
+ identifierFormat?: string | undefined;
727
+ privateKey?: string | undefined;
728
+ decryptionPvk?: string | undefined;
729
+ additionalParams?: Record<string, any> | undefined;
730
+ mapping?: {
731
+ id?: string | undefined;
732
+ email?: string | undefined;
733
+ emailVerified?: string | undefined;
734
+ name?: string | undefined;
735
+ firstName?: string | undefined;
736
+ lastName?: string | undefined;
737
+ extraFields?: Record<string, any> | undefined;
738
+ } | undefined;
739
+ } | undefined;
740
+ }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
741
+ session: {
742
+ session: Record<string, any> & {
743
+ id: string;
744
+ createdAt: Date;
745
+ updatedAt: Date;
746
+ userId: string;
747
+ expiresAt: Date;
748
+ token: string;
749
+ ipAddress?: string | null | undefined;
750
+ userAgent?: string | null | undefined;
751
+ };
752
+ user: Record<string, any> & {
753
+ id: string;
754
+ createdAt: Date;
755
+ updatedAt: Date;
756
+ email: string;
757
+ emailVerified: boolean;
758
+ name: string;
759
+ image?: string | null | undefined;
760
+ };
761
+ };
762
+ }>>], {
798
763
  providerId: string;
799
764
  type: string;
800
765
  issuer: string;
@@ -831,56 +796,68 @@ declare const updateSSOProvider: (options: SSOOptions) => better_call0.StrictEnd
831
796
  };
832
797
  } | undefined;
833
798
  spMetadataUrl: string;
834
- }>;
835
- declare const deleteSSOProvider: () => better_call0.StrictEndpoint<"/sso/delete-provider", {
836
- method: "POST";
837
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
838
- session: {
839
- session: Record<string, any> & {
840
- id: string;
841
- createdAt: Date;
842
- updatedAt: Date;
843
- userId: string;
844
- expiresAt: Date;
845
- token: string;
846
- ipAddress?: string | null | undefined;
847
- userAgent?: string | null | undefined;
799
+ }, {
800
+ openapi: {
801
+ operationId: string;
802
+ summary: string;
803
+ description: string;
804
+ responses: {
805
+ "200": {
806
+ description: string;
848
807
  };
849
- user: Record<string, any> & {
850
- id: string;
851
- createdAt: Date;
852
- updatedAt: Date;
853
- email: string;
854
- emailVerified: boolean;
855
- name: string;
856
- image?: string | null | undefined;
808
+ "404": {
809
+ description: string;
857
810
  };
858
- };
859
- }>)[];
860
- body: z.ZodObject<{
861
- providerId: z.ZodString;
862
- }, z.core.$strip>;
863
- metadata: {
864
- openapi: {
865
- operationId: string;
866
- summary: string;
867
- description: string;
868
- responses: {
869
- "200": {
870
- description: string;
871
- };
872
- "404": {
873
- description: string;
874
- };
875
- "403": {
876
- description: string;
877
- };
811
+ "403": {
812
+ description: string;
878
813
  };
879
814
  };
880
815
  };
881
- }, {
816
+ }, undefined>;
817
+ declare const deleteSSOProvider: () => better_call0.Endpoint<"/sso/delete-provider", "POST", {
818
+ providerId: string;
819
+ }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
820
+ session: {
821
+ session: Record<string, any> & {
822
+ id: string;
823
+ createdAt: Date;
824
+ updatedAt: Date;
825
+ userId: string;
826
+ expiresAt: Date;
827
+ token: string;
828
+ ipAddress?: string | null | undefined;
829
+ userAgent?: string | null | undefined;
830
+ };
831
+ user: Record<string, any> & {
832
+ id: string;
833
+ createdAt: Date;
834
+ updatedAt: Date;
835
+ email: string;
836
+ emailVerified: boolean;
837
+ name: string;
838
+ image?: string | null | undefined;
839
+ };
840
+ };
841
+ }>>], {
882
842
  success: boolean;
883
- }>;
843
+ }, {
844
+ openapi: {
845
+ operationId: string;
846
+ summary: string;
847
+ description: string;
848
+ responses: {
849
+ "200": {
850
+ description: string;
851
+ };
852
+ "404": {
853
+ description: string;
854
+ };
855
+ "403": {
856
+ description: string;
857
+ };
858
+ };
859
+ };
860
+ }, undefined>;
884
861
  //#endregion
885
862
  //#region src/routes/sso.d.ts
886
863
  interface TimestampValidationOptions {
@@ -901,293 +878,118 @@ interface SAMLConditions {
901
878
  * @throws {APIError} If timestamps are invalid, expired, or not yet valid
902
879
  */
903
880
  declare function validateSAMLTimestamp(conditions: SAMLConditions | undefined, options?: TimestampValidationOptions): void;
904
- declare const spMetadata: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
905
- method: "GET";
906
- query: z.ZodObject<{
907
- providerId: z.ZodString;
908
- format: z.ZodDefault<z.ZodEnum<{
909
- json: "json";
910
- xml: "xml";
911
- }>>;
912
- }, z.core.$strip>;
913
- metadata: {
914
- openapi: {
915
- operationId: string;
916
- summary: string;
917
- description: string;
918
- responses: {
919
- "200": {
920
- description: string;
921
- };
881
+ declare const spMetadata: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/sp/metadata", "GET", undefined, {
882
+ providerId: string;
883
+ format?: "json" | "xml" | undefined;
884
+ }, [], Response, {
885
+ openapi: {
886
+ operationId: string;
887
+ summary: string;
888
+ description: string;
889
+ responses: {
890
+ "200": {
891
+ description: string;
922
892
  };
923
893
  };
924
894
  };
925
- }, Response>;
926
- declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_call0.StrictEndpoint<"/sso/register", {
927
- method: "POST";
928
- body: z.ZodObject<{
929
- providerId: z.ZodString;
930
- issuer: z.ZodString;
931
- domain: z.ZodString;
932
- oidcConfig: z.ZodOptional<z.ZodObject<{
933
- clientId: z.ZodString;
934
- clientSecret: z.ZodString;
935
- authorizationEndpoint: z.ZodOptional<z.ZodString>;
936
- tokenEndpoint: z.ZodOptional<z.ZodString>;
937
- userInfoEndpoint: z.ZodOptional<z.ZodString>;
938
- tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
939
- client_secret_post: "client_secret_post";
940
- client_secret_basic: "client_secret_basic";
941
- }>>;
942
- jwksEndpoint: z.ZodOptional<z.ZodString>;
943
- discoveryEndpoint: z.ZodOptional<z.ZodString>;
944
- skipDiscovery: z.ZodOptional<z.ZodBoolean>;
945
- scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
946
- pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
947
- mapping: z.ZodOptional<z.ZodObject<{
948
- id: z.ZodString;
949
- email: z.ZodString;
950
- emailVerified: z.ZodOptional<z.ZodString>;
951
- name: z.ZodString;
952
- image: z.ZodOptional<z.ZodString>;
953
- extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
954
- }, z.core.$strip>>;
955
- }, z.core.$strip>>;
956
- samlConfig: z.ZodOptional<z.ZodObject<{
957
- entryPoint: z.ZodString;
958
- cert: z.ZodString;
959
- callbackUrl: z.ZodString;
960
- audience: z.ZodOptional<z.ZodString>;
961
- idpMetadata: z.ZodOptional<z.ZodObject<{
962
- metadata: z.ZodOptional<z.ZodString>;
963
- entityID: z.ZodOptional<z.ZodString>;
964
- cert: z.ZodOptional<z.ZodString>;
965
- privateKey: z.ZodOptional<z.ZodString>;
966
- privateKeyPass: z.ZodOptional<z.ZodString>;
967
- isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
968
- encPrivateKey: z.ZodOptional<z.ZodString>;
969
- encPrivateKeyPass: z.ZodOptional<z.ZodString>;
970
- singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
971
- Binding: z.ZodString;
972
- Location: z.ZodString;
973
- }, z.core.$strip>>>;
974
- }, z.core.$strip>>;
975
- spMetadata: z.ZodObject<{
976
- metadata: z.ZodOptional<z.ZodString>;
977
- entityID: z.ZodOptional<z.ZodString>;
978
- binding: z.ZodOptional<z.ZodString>;
979
- privateKey: z.ZodOptional<z.ZodString>;
980
- privateKeyPass: z.ZodOptional<z.ZodString>;
981
- isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
982
- encPrivateKey: z.ZodOptional<z.ZodString>;
983
- encPrivateKeyPass: z.ZodOptional<z.ZodString>;
984
- }, z.core.$strip>;
985
- wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
986
- authnRequestsSigned: z.ZodOptional<z.ZodBoolean>;
987
- signatureAlgorithm: z.ZodOptional<z.ZodString>;
988
- digestAlgorithm: z.ZodOptional<z.ZodString>;
989
- identifierFormat: z.ZodOptional<z.ZodString>;
990
- privateKey: z.ZodOptional<z.ZodString>;
991
- decryptionPvk: z.ZodOptional<z.ZodString>;
992
- additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
993
- mapping: z.ZodOptional<z.ZodObject<{
994
- id: z.ZodString;
995
- email: z.ZodString;
996
- emailVerified: z.ZodOptional<z.ZodString>;
997
- name: z.ZodString;
998
- firstName: z.ZodOptional<z.ZodString>;
999
- lastName: z.ZodOptional<z.ZodString>;
1000
- extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
1001
- }, z.core.$strip>>;
1002
- }, z.core.$strip>>;
1003
- organizationId: z.ZodOptional<z.ZodString>;
1004
- overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
1005
- }, z.core.$strip>;
1006
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
1007
- session: {
1008
- session: Record<string, any> & {
1009
- id: string;
1010
- createdAt: Date;
1011
- updatedAt: Date;
1012
- userId: string;
1013
- expiresAt: Date;
1014
- token: string;
1015
- ipAddress?: string | null | undefined;
1016
- userAgent?: string | null | undefined;
1017
- };
1018
- user: Record<string, any> & {
1019
- id: string;
1020
- createdAt: Date;
1021
- updatedAt: Date;
1022
- email: string;
1023
- emailVerified: boolean;
1024
- name: string;
1025
- image?: string | null | undefined;
1026
- };
895
+ }, undefined>;
896
+ declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_call0.Endpoint<"/sso/register", "POST", {
897
+ providerId: string;
898
+ issuer: string;
899
+ domain: string;
900
+ oidcConfig?: {
901
+ clientId: string;
902
+ clientSecret: string;
903
+ authorizationEndpoint?: string | undefined;
904
+ tokenEndpoint?: string | undefined;
905
+ userInfoEndpoint?: string | undefined;
906
+ tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
907
+ jwksEndpoint?: string | undefined;
908
+ discoveryEndpoint?: string | undefined;
909
+ skipDiscovery?: boolean | undefined;
910
+ scopes?: string[] | undefined;
911
+ pkce?: boolean | undefined;
912
+ mapping?: {
913
+ id: string;
914
+ email: string;
915
+ name: string;
916
+ emailVerified?: string | undefined;
917
+ image?: string | undefined;
918
+ extraFields?: Record<string, any> | undefined;
919
+ } | undefined;
920
+ } | undefined;
921
+ samlConfig?: {
922
+ entryPoint: string;
923
+ cert: string;
924
+ callbackUrl: string;
925
+ spMetadata: {
926
+ metadata?: string | undefined;
927
+ entityID?: string | undefined;
928
+ binding?: string | undefined;
929
+ privateKey?: string | undefined;
930
+ privateKeyPass?: string | undefined;
931
+ isAssertionEncrypted?: boolean | undefined;
932
+ encPrivateKey?: string | undefined;
933
+ encPrivateKeyPass?: string | undefined;
1027
934
  };
1028
- }>)[];
1029
- metadata: {
1030
- openapi: {
1031
- operationId: string;
1032
- summary: string;
1033
- description: string;
1034
- responses: {
1035
- "200": {
1036
- description: string;
1037
- content: {
1038
- "application/json": {
1039
- schema: {
1040
- type: "object";
1041
- properties: {
1042
- issuer: {
1043
- type: string;
1044
- format: string;
1045
- description: string;
1046
- };
1047
- domain: {
1048
- type: string;
1049
- description: string;
1050
- };
1051
- domainVerified: {
1052
- type: string;
1053
- description: string;
1054
- };
1055
- domainVerificationToken: {
1056
- type: string;
1057
- description: string;
1058
- };
1059
- oidcConfig: {
1060
- type: string;
1061
- properties: {
1062
- issuer: {
1063
- type: string;
1064
- format: string;
1065
- description: string;
1066
- };
1067
- pkce: {
1068
- type: string;
1069
- description: string;
1070
- };
1071
- clientId: {
1072
- type: string;
1073
- description: string;
1074
- };
1075
- clientSecret: {
1076
- type: string;
1077
- description: string;
1078
- };
1079
- authorizationEndpoint: {
1080
- type: string;
1081
- format: string;
1082
- nullable: boolean;
1083
- description: string;
1084
- };
1085
- discoveryEndpoint: {
1086
- type: string;
1087
- format: string;
1088
- description: string;
1089
- };
1090
- userInfoEndpoint: {
1091
- type: string;
1092
- format: string;
1093
- nullable: boolean;
1094
- description: string;
1095
- };
1096
- scopes: {
1097
- type: string;
1098
- items: {
1099
- type: string;
1100
- };
1101
- nullable: boolean;
1102
- description: string;
1103
- };
1104
- tokenEndpoint: {
1105
- type: string;
1106
- format: string;
1107
- nullable: boolean;
1108
- description: string;
1109
- };
1110
- tokenEndpointAuthentication: {
1111
- type: string;
1112
- enum: string[];
1113
- nullable: boolean;
1114
- description: string;
1115
- };
1116
- jwksEndpoint: {
1117
- type: string;
1118
- format: string;
1119
- nullable: boolean;
1120
- description: string;
1121
- };
1122
- mapping: {
1123
- type: string;
1124
- nullable: boolean;
1125
- properties: {
1126
- id: {
1127
- type: string;
1128
- description: string;
1129
- };
1130
- email: {
1131
- type: string;
1132
- description: string;
1133
- };
1134
- emailVerified: {
1135
- type: string;
1136
- nullable: boolean;
1137
- description: string;
1138
- };
1139
- name: {
1140
- type: string;
1141
- description: string;
1142
- };
1143
- image: {
1144
- type: string;
1145
- nullable: boolean;
1146
- description: string;
1147
- };
1148
- extraFields: {
1149
- type: string;
1150
- additionalProperties: {
1151
- type: string;
1152
- };
1153
- nullable: boolean;
1154
- description: string;
1155
- };
1156
- };
1157
- required: string[];
1158
- };
1159
- };
1160
- required: string[];
1161
- description: string;
1162
- };
1163
- organizationId: {
1164
- type: string;
1165
- nullable: boolean;
1166
- description: string;
1167
- };
1168
- userId: {
1169
- type: string;
1170
- description: string;
1171
- };
1172
- providerId: {
1173
- type: string;
1174
- description: string;
1175
- };
1176
- redirectURI: {
1177
- type: string;
1178
- format: string;
1179
- description: string;
1180
- };
1181
- };
1182
- required: string[];
1183
- };
1184
- };
1185
- };
1186
- };
1187
- };
935
+ audience?: string | undefined;
936
+ idpMetadata?: {
937
+ metadata?: string | undefined;
938
+ entityID?: string | undefined;
939
+ cert?: string | undefined;
940
+ privateKey?: string | undefined;
941
+ privateKeyPass?: string | undefined;
942
+ isAssertionEncrypted?: boolean | undefined;
943
+ encPrivateKey?: string | undefined;
944
+ encPrivateKeyPass?: string | undefined;
945
+ singleSignOnService?: {
946
+ Binding: string;
947
+ Location: string;
948
+ }[] | undefined;
949
+ } | undefined;
950
+ wantAssertionsSigned?: boolean | undefined;
951
+ authnRequestsSigned?: boolean | undefined;
952
+ signatureAlgorithm?: string | undefined;
953
+ digestAlgorithm?: string | undefined;
954
+ identifierFormat?: string | undefined;
955
+ privateKey?: string | undefined;
956
+ decryptionPvk?: string | undefined;
957
+ additionalParams?: Record<string, any> | undefined;
958
+ mapping?: {
959
+ id: string;
960
+ email: string;
961
+ name: string;
962
+ emailVerified?: string | undefined;
963
+ firstName?: string | undefined;
964
+ lastName?: string | undefined;
965
+ extraFields?: Record<string, any> | undefined;
966
+ } | undefined;
967
+ } | undefined;
968
+ organizationId?: string | undefined;
969
+ overrideUserInfo?: boolean | undefined;
970
+ }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
971
+ session: {
972
+ session: Record<string, any> & {
973
+ id: string;
974
+ createdAt: Date;
975
+ updatedAt: Date;
976
+ userId: string;
977
+ expiresAt: Date;
978
+ token: string;
979
+ ipAddress?: string | null | undefined;
980
+ userAgent?: string | null | undefined;
981
+ };
982
+ user: Record<string, any> & {
983
+ id: string;
984
+ createdAt: Date;
985
+ updatedAt: Date;
986
+ email: string;
987
+ emailVerified: boolean;
988
+ name: string;
989
+ image?: string | null | undefined;
1188
990
  };
1189
991
  };
1190
- }, O["domainVerification"] extends {
992
+ }>>], O["domainVerification"] extends {
1191
993
  enabled: true;
1192
994
  } ? {
1193
995
  redirectURI: string;
@@ -1200,62 +1002,156 @@ declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_
1200
1002
  redirectURI: string;
1201
1003
  oidcConfig: OIDCConfig | null;
1202
1004
  samlConfig: SAMLConfig | null;
1203
- } & Omit<SSOProvider<O>, "oidcConfig" | "samlConfig">>;
1204
- declare const signInSSO: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sign-in/sso", {
1205
- method: "POST";
1206
- body: z.ZodObject<{
1207
- email: z.ZodOptional<z.ZodString>;
1208
- organizationSlug: z.ZodOptional<z.ZodString>;
1209
- providerId: z.ZodOptional<z.ZodString>;
1210
- domain: z.ZodOptional<z.ZodString>;
1211
- callbackURL: z.ZodString;
1212
- errorCallbackURL: z.ZodOptional<z.ZodString>;
1213
- newUserCallbackURL: z.ZodOptional<z.ZodString>;
1214
- scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
1215
- loginHint: z.ZodOptional<z.ZodString>;
1216
- requestSignUp: z.ZodOptional<z.ZodBoolean>;
1217
- providerType: z.ZodOptional<z.ZodEnum<{
1218
- saml: "saml";
1219
- oidc: "oidc";
1220
- }>>;
1221
- }, z.core.$strip>;
1222
- metadata: {
1223
- openapi: {
1224
- operationId: string;
1225
- summary: string;
1226
- description: string;
1227
- requestBody: {
1005
+ } & Omit<SSOProvider<O>, "oidcConfig" | "samlConfig">, {
1006
+ openapi: {
1007
+ operationId: string;
1008
+ summary: string;
1009
+ description: string;
1010
+ responses: {
1011
+ "200": {
1012
+ description: string;
1228
1013
  content: {
1229
1014
  "application/json": {
1230
1015
  schema: {
1231
1016
  type: "object";
1232
1017
  properties: {
1233
- email: {
1018
+ issuer: {
1234
1019
  type: string;
1020
+ format: string;
1235
1021
  description: string;
1236
1022
  };
1237
- issuer: {
1023
+ domain: {
1238
1024
  type: string;
1239
1025
  description: string;
1240
1026
  };
1241
- providerId: {
1027
+ domainVerified: {
1242
1028
  type: string;
1243
1029
  description: string;
1244
1030
  };
1245
- callbackURL: {
1031
+ domainVerificationToken: {
1032
+ type: string;
1033
+ description: string;
1034
+ };
1035
+ oidcConfig: {
1036
+ type: string;
1037
+ properties: {
1038
+ issuer: {
1039
+ type: string;
1040
+ format: string;
1041
+ description: string;
1042
+ };
1043
+ pkce: {
1044
+ type: string;
1045
+ description: string;
1046
+ };
1047
+ clientId: {
1048
+ type: string;
1049
+ description: string;
1050
+ };
1051
+ clientSecret: {
1052
+ type: string;
1053
+ description: string;
1054
+ };
1055
+ authorizationEndpoint: {
1056
+ type: string;
1057
+ format: string;
1058
+ nullable: boolean;
1059
+ description: string;
1060
+ };
1061
+ discoveryEndpoint: {
1062
+ type: string;
1063
+ format: string;
1064
+ description: string;
1065
+ };
1066
+ userInfoEndpoint: {
1067
+ type: string;
1068
+ format: string;
1069
+ nullable: boolean;
1070
+ description: string;
1071
+ };
1072
+ scopes: {
1073
+ type: string;
1074
+ items: {
1075
+ type: string;
1076
+ };
1077
+ nullable: boolean;
1078
+ description: string;
1079
+ };
1080
+ tokenEndpoint: {
1081
+ type: string;
1082
+ format: string;
1083
+ nullable: boolean;
1084
+ description: string;
1085
+ };
1086
+ tokenEndpointAuthentication: {
1087
+ type: string;
1088
+ enum: string[];
1089
+ nullable: boolean;
1090
+ description: string;
1091
+ };
1092
+ jwksEndpoint: {
1093
+ type: string;
1094
+ format: string;
1095
+ nullable: boolean;
1096
+ description: string;
1097
+ };
1098
+ mapping: {
1099
+ type: string;
1100
+ nullable: boolean;
1101
+ properties: {
1102
+ id: {
1103
+ type: string;
1104
+ description: string;
1105
+ };
1106
+ email: {
1107
+ type: string;
1108
+ description: string;
1109
+ };
1110
+ emailVerified: {
1111
+ type: string;
1112
+ nullable: boolean;
1113
+ description: string;
1114
+ };
1115
+ name: {
1116
+ type: string;
1117
+ description: string;
1118
+ };
1119
+ image: {
1120
+ type: string;
1121
+ nullable: boolean;
1122
+ description: string;
1123
+ };
1124
+ extraFields: {
1125
+ type: string;
1126
+ additionalProperties: {
1127
+ type: string;
1128
+ };
1129
+ nullable: boolean;
1130
+ description: string;
1131
+ };
1132
+ };
1133
+ required: string[];
1134
+ };
1135
+ };
1136
+ required: string[];
1137
+ description: string;
1138
+ };
1139
+ organizationId: {
1246
1140
  type: string;
1141
+ nullable: boolean;
1247
1142
  description: string;
1248
1143
  };
1249
- errorCallbackURL: {
1144
+ userId: {
1250
1145
  type: string;
1251
1146
  description: string;
1252
1147
  };
1253
- newUserCallbackURL: {
1148
+ providerId: {
1254
1149
  type: string;
1255
1150
  description: string;
1256
1151
  };
1257
- loginHint: {
1152
+ redirectURI: {
1258
1153
  type: string;
1154
+ format: string;
1259
1155
  description: string;
1260
1156
  };
1261
1157
  };
@@ -1264,192 +1160,222 @@ declare const signInSSO: (options?: SSOOptions) => better_call0.StrictEndpoint<"
1264
1160
  };
1265
1161
  };
1266
1162
  };
1267
- responses: {
1268
- "200": {
1269
- description: string;
1270
- content: {
1271
- "application/json": {
1272
- schema: {
1273
- type: "object";
1274
- properties: {
1275
- url: {
1276
- type: string;
1277
- format: string;
1278
- description: string;
1279
- };
1280
- redirect: {
1281
- type: string;
1282
- description: string;
1283
- enum: boolean[];
1284
- };
1163
+ };
1164
+ };
1165
+ }, undefined>;
1166
+ declare const signInSSO: (options?: SSOOptions) => better_call0.Endpoint<"/sign-in/sso", "POST", {
1167
+ callbackURL: string;
1168
+ email?: string | undefined;
1169
+ organizationSlug?: string | undefined;
1170
+ providerId?: string | undefined;
1171
+ domain?: string | undefined;
1172
+ errorCallbackURL?: string | undefined;
1173
+ newUserCallbackURL?: string | undefined;
1174
+ scopes?: string[] | undefined;
1175
+ loginHint?: string | undefined;
1176
+ requestSignUp?: boolean | undefined;
1177
+ providerType?: "saml" | "oidc" | undefined;
1178
+ }, Record<string, any> | undefined, [], {
1179
+ url: string;
1180
+ redirect: boolean;
1181
+ }, {
1182
+ openapi: {
1183
+ operationId: string;
1184
+ summary: string;
1185
+ description: string;
1186
+ requestBody: {
1187
+ content: {
1188
+ "application/json": {
1189
+ schema: {
1190
+ type: "object";
1191
+ properties: {
1192
+ email: {
1193
+ type: string;
1194
+ description: string;
1195
+ };
1196
+ issuer: {
1197
+ type: string;
1198
+ description: string;
1199
+ };
1200
+ providerId: {
1201
+ type: string;
1202
+ description: string;
1203
+ };
1204
+ callbackURL: {
1205
+ type: string;
1206
+ description: string;
1207
+ };
1208
+ errorCallbackURL: {
1209
+ type: string;
1210
+ description: string;
1211
+ };
1212
+ newUserCallbackURL: {
1213
+ type: string;
1214
+ description: string;
1215
+ };
1216
+ loginHint: {
1217
+ type: string;
1218
+ description: string;
1219
+ };
1220
+ };
1221
+ required: string[];
1222
+ };
1223
+ };
1224
+ };
1225
+ };
1226
+ responses: {
1227
+ "200": {
1228
+ description: string;
1229
+ content: {
1230
+ "application/json": {
1231
+ schema: {
1232
+ type: "object";
1233
+ properties: {
1234
+ url: {
1235
+ type: string;
1236
+ format: string;
1237
+ description: string;
1238
+ };
1239
+ redirect: {
1240
+ type: string;
1241
+ description: string;
1242
+ enum: boolean[];
1285
1243
  };
1286
- required: string[];
1287
1244
  };
1245
+ required: string[];
1288
1246
  };
1289
1247
  };
1290
1248
  };
1291
1249
  };
1292
1250
  };
1293
1251
  };
1294
- }, {
1295
- url: string;
1296
- redirect: boolean;
1297
- }>;
1298
- declare const callbackSSO: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/callback/:providerId", {
1299
- method: "GET";
1300
- query: z.ZodObject<{
1301
- code: z.ZodOptional<z.ZodString>;
1302
- state: z.ZodString;
1303
- error: z.ZodOptional<z.ZodString>;
1304
- error_description: z.ZodOptional<z.ZodString>;
1305
- }, z.core.$strip>;
1306
- allowedMediaTypes: readonly ["application/x-www-form-urlencoded", "application/json"];
1307
- metadata: {
1308
- openapi: {
1309
- operationId: string;
1310
- summary: string;
1311
- description: string;
1312
- responses: {
1313
- "302": {
1314
- description: string;
1315
- };
1252
+ }, undefined>;
1253
+ declare const callbackSSO: (options?: SSOOptions) => better_call0.Endpoint<"/sso/callback/:providerId", "GET", undefined, {
1254
+ state: string;
1255
+ code?: string | undefined;
1256
+ error?: string | undefined;
1257
+ error_description?: string | undefined;
1258
+ }, [], void, {
1259
+ openapi: {
1260
+ operationId: string;
1261
+ summary: string;
1262
+ description: string;
1263
+ responses: {
1264
+ "302": {
1265
+ description: string;
1316
1266
  };
1317
1267
  };
1318
- scope: "server";
1319
1268
  };
1320
- }, void>;
1269
+ scope: "server";
1270
+ }, undefined>;
1321
1271
  /**
1322
1272
  * Shared OIDC callback endpoint (no `:providerId` in path).
1323
1273
  * Used when `options.redirectURI` is set — the `providerId` is read from
1324
1274
  * the OAuth state instead of the URL path.
1325
1275
  */
1326
- declare const callbackSSOShared: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/callback", {
1327
- metadata: {
1328
- openapi: {
1329
- operationId: string;
1330
- summary: string;
1331
- description: string;
1332
- responses: {
1333
- "302": {
1334
- description: string;
1335
- };
1276
+ declare const callbackSSOShared: (options?: SSOOptions) => better_call0.Endpoint<"/sso/callback", "GET", undefined, {
1277
+ state: string;
1278
+ code?: string | undefined;
1279
+ error?: string | undefined;
1280
+ error_description?: string | undefined;
1281
+ }, [], void, {
1282
+ openapi: {
1283
+ operationId: string;
1284
+ summary: string;
1285
+ description: string;
1286
+ responses: {
1287
+ "302": {
1288
+ description: string;
1336
1289
  };
1337
1290
  };
1338
- scope: "server";
1339
1291
  };
1340
- method: "GET";
1341
- query: z.ZodObject<{
1342
- code: z.ZodOptional<z.ZodString>;
1343
- state: z.ZodString;
1344
- error: z.ZodOptional<z.ZodString>;
1345
- error_description: z.ZodOptional<z.ZodString>;
1346
- }, z.core.$strip>;
1347
- allowedMediaTypes: readonly ["application/x-www-form-urlencoded", "application/json"];
1348
- }, void>;
1349
- declare const callbackSSOSAML: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/callback/:providerId", {
1350
- method: ("POST" | "GET")[];
1351
- body: z.ZodOptional<z.ZodObject<{
1352
- SAMLResponse: z.ZodString;
1353
- RelayState: z.ZodOptional<z.ZodString>;
1354
- }, z.core.$strip>>;
1355
- query: z.ZodOptional<z.ZodObject<{
1356
- RelayState: z.ZodOptional<z.ZodString>;
1357
- }, z.core.$strip>>;
1358
- metadata: {
1359
- allowedMediaTypes: string[];
1360
- openapi: {
1361
- operationId: string;
1362
- summary: string;
1363
- description: string;
1364
- responses: {
1365
- "302": {
1366
- description: string;
1367
- };
1368
- "400": {
1369
- description: string;
1370
- };
1371
- "401": {
1372
- description: string;
1373
- };
1292
+ scope: "server";
1293
+ }, undefined>;
1294
+ declare const callbackSSOSAML: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/callback/:providerId", ("GET" | "POST")[], {
1295
+ SAMLResponse: string;
1296
+ RelayState?: string | undefined;
1297
+ } | undefined, {
1298
+ RelayState?: string | undefined;
1299
+ } | undefined, [], never, {
1300
+ allowedMediaTypes: string[];
1301
+ openapi: {
1302
+ operationId: string;
1303
+ summary: string;
1304
+ description: string;
1305
+ responses: {
1306
+ "302": {
1307
+ description: string;
1308
+ };
1309
+ "400": {
1310
+ description: string;
1311
+ };
1312
+ "401": {
1313
+ description: string;
1374
1314
  };
1375
1315
  };
1376
- scope: "server";
1377
1316
  };
1378
- }, never>;
1379
- declare const acsEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/sp/acs/:providerId", {
1380
- method: "POST";
1381
- body: z.ZodObject<{
1382
- SAMLResponse: z.ZodString;
1383
- RelayState: z.ZodOptional<z.ZodString>;
1384
- }, z.core.$strip>;
1385
- metadata: {
1386
- allowedMediaTypes: string[];
1387
- openapi: {
1388
- operationId: string;
1389
- summary: string;
1390
- description: string;
1391
- responses: {
1392
- "302": {
1393
- description: string;
1394
- };
1317
+ scope: "server";
1318
+ }, undefined>;
1319
+ declare const acsEndpoint: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/sp/acs/:providerId", "POST", {
1320
+ SAMLResponse: string;
1321
+ RelayState?: string | undefined;
1322
+ }, Record<string, any> | undefined, [], never, {
1323
+ allowedMediaTypes: string[];
1324
+ openapi: {
1325
+ operationId: string;
1326
+ summary: string;
1327
+ description: string;
1328
+ responses: {
1329
+ "302": {
1330
+ description: string;
1395
1331
  };
1396
1332
  };
1397
- scope: "server";
1398
- };
1399
- }, never>;
1400
- declare const sloEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/sp/slo/:providerId", {
1401
- method: ("POST" | "GET")[];
1402
- body: z.ZodOptional<z.ZodObject<{
1403
- SAMLRequest: z.ZodOptional<z.ZodString>;
1404
- SAMLResponse: z.ZodOptional<z.ZodString>;
1405
- RelayState: z.ZodOptional<z.ZodString>;
1406
- SigAlg: z.ZodOptional<z.ZodString>;
1407
- Signature: z.ZodOptional<z.ZodString>;
1408
- }, z.core.$strip>>;
1409
- query: z.ZodOptional<z.ZodObject<{
1410
- SAMLRequest: z.ZodOptional<z.ZodString>;
1411
- SAMLResponse: z.ZodOptional<z.ZodString>;
1412
- RelayState: z.ZodOptional<z.ZodString>;
1413
- SigAlg: z.ZodOptional<z.ZodString>;
1414
- Signature: z.ZodOptional<z.ZodString>;
1415
- }, z.core.$strip>>;
1416
- metadata: {
1417
- allowedMediaTypes: string[];
1418
- scope: "server";
1419
1333
  };
1420
- }, void | Response>;
1421
- declare const initiateSLO: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/logout/:providerId", {
1422
- method: "POST";
1423
- body: z.ZodObject<{
1424
- callbackURL: z.ZodOptional<z.ZodString>;
1425
- }, z.core.$strip>;
1426
- use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
1427
- session: {
1428
- session: Record<string, any> & {
1429
- id: string;
1430
- createdAt: Date;
1431
- updatedAt: Date;
1432
- userId: string;
1433
- expiresAt: Date;
1434
- token: string;
1435
- ipAddress?: string | null | undefined;
1436
- userAgent?: string | null | undefined;
1437
- };
1438
- user: Record<string, any> & {
1439
- id: string;
1440
- createdAt: Date;
1441
- updatedAt: Date;
1442
- email: string;
1443
- emailVerified: boolean;
1444
- name: string;
1445
- image?: string | null | undefined;
1446
- };
1334
+ scope: "server";
1335
+ }, undefined>;
1336
+ declare const sloEndpoint: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/sp/slo/:providerId", ("GET" | "POST")[], {
1337
+ SAMLRequest?: string | undefined;
1338
+ SAMLResponse?: string | undefined;
1339
+ RelayState?: string | undefined;
1340
+ SigAlg?: string | undefined;
1341
+ Signature?: string | undefined;
1342
+ } | undefined, {
1343
+ SAMLRequest?: string | undefined;
1344
+ SAMLResponse?: string | undefined;
1345
+ RelayState?: string | undefined;
1346
+ SigAlg?: string | undefined;
1347
+ Signature?: string | undefined;
1348
+ } | undefined, [], void | Response, {
1349
+ allowedMediaTypes: string[];
1350
+ scope: "server";
1351
+ }, undefined>;
1352
+ declare const initiateSLO: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/logout/:providerId", "POST", {
1353
+ callbackURL?: string | undefined;
1354
+ }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
1355
+ session: {
1356
+ session: Record<string, any> & {
1357
+ id: string;
1358
+ createdAt: Date;
1359
+ updatedAt: Date;
1360
+ userId: string;
1361
+ expiresAt: Date;
1362
+ token: string;
1363
+ ipAddress?: string | null | undefined;
1364
+ userAgent?: string | null | undefined;
1365
+ };
1366
+ user: Record<string, any> & {
1367
+ id: string;
1368
+ createdAt: Date;
1369
+ updatedAt: Date;
1370
+ email: string;
1371
+ emailVerified: boolean;
1372
+ name: string;
1373
+ image?: string | null | undefined;
1447
1374
  };
1448
- }>)[];
1449
- metadata: {
1450
- readonly scope: "server";
1451
1375
  };
1452
- }, never>;
1376
+ }>>], never, {
1377
+ readonly scope: "server";
1378
+ }, undefined>;
1453
1379
  //#endregion
1454
1380
  //#region src/constants.d.ts
1455
1381
  /**
@@ -1749,6 +1675,7 @@ type SSOEndpoints<O extends SSOOptions> = {
1749
1675
  };
1750
1676
  type SSOPlugin<O extends SSOOptions> = {
1751
1677
  id: "sso";
1678
+ version: string;
1752
1679
  endpoints: SSOEndpoints<O> & (O extends {
1753
1680
  domainVerification: {
1754
1681
  enabled: true;
@@ -1761,15 +1688,16 @@ declare function sso<O extends SSOOptions & {
1761
1688
  };
1762
1689
  }>(options?: O | undefined): {
1763
1690
  id: "sso";
1691
+ version: string;
1764
1692
  endpoints: SSOEndpoints<O> & DomainVerificationEndpoints;
1765
1693
  schema: NonNullable<BetterAuthPlugin["schema"]>;
1766
- options: O;
1694
+ options: NoInfer<O>;
1767
1695
  };
1768
1696
  declare function sso<O extends SSOOptions>(options?: O | undefined): {
1769
1697
  id: "sso";
1698
+ version: string;
1770
1699
  endpoints: SSOEndpoints<O>;
1771
- options: O;
1700
+ options: NoInfer<O>;
1772
1701
  };
1773
1702
  //#endregion
1774
- export { DataEncryptionAlgorithm as A, TimestampValidationOptions as C, SSOOptions as D, SAMLConfig as E, DigestAlgorithm as M, KeyEncryptionAlgorithm as N, SSOProvider as O, SignatureAlgorithm as P, SAMLConditions as S, OIDCConfig as T, REQUIRED_DISCOVERY_FIELDS as _, fetchDiscoveryDocument as a, DEFAULT_MAX_SAML_METADATA_SIZE as b, normalizeUrl as c, validateDiscoveryUrl as d, DiscoverOIDCConfigParams as f, OIDCDiscoveryDocument as g, HydratedOIDCConfig as h, discoverOIDCConfig as i, DeprecatedAlgorithmBehavior as j, AlgorithmValidationOptions as k, selectTokenEndpointAuthMethod as l, DiscoveryErrorCode as m, sso as n, needsRuntimeDiscovery as o, DiscoveryError as p, computeDiscoveryUrl as r, normalizeDiscoveryUrls as s, SSOPlugin as t, validateDiscoveryDocument as u, RequiredDiscoveryField as v, validateSAMLTimestamp as w, DEFAULT_MAX_SAML_RESPONSE_SIZE as x, DEFAULT_CLOCK_SKEW_MS as y };
1775
- //# sourceMappingURL=index-DoxMd-mL.d.mts.map
1703
+ export { DataEncryptionAlgorithm as A, TimestampValidationOptions as C, SSOOptions as D, SAMLConfig as E, DigestAlgorithm as M, KeyEncryptionAlgorithm as N, SSOProvider as O, SignatureAlgorithm as P, SAMLConditions as S, OIDCConfig as T, REQUIRED_DISCOVERY_FIELDS as _, fetchDiscoveryDocument as a, DEFAULT_MAX_SAML_METADATA_SIZE as b, normalizeUrl as c, validateDiscoveryUrl as d, DiscoverOIDCConfigParams as f, OIDCDiscoveryDocument as g, HydratedOIDCConfig as h, discoverOIDCConfig as i, DeprecatedAlgorithmBehavior as j, AlgorithmValidationOptions as k, selectTokenEndpointAuthMethod as l, DiscoveryErrorCode as m, sso as n, needsRuntimeDiscovery as o, DiscoveryError as p, computeDiscoveryUrl as r, normalizeDiscoveryUrls as s, SSOPlugin as t, validateDiscoveryDocument as u, RequiredDiscoveryField as v, validateSAMLTimestamp as w, DEFAULT_MAX_SAML_RESPONSE_SIZE as x, DEFAULT_CLOCK_SKEW_MS as y };