@better-auth/sso 1.5.7-beta.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/client.d.mts +3 -3
  2. package/dist/client.mjs +2 -2
  3. package/dist/{index-N-z2Csye.d.mts → index-iRhhiRKL.d.mts} +816 -720
  4. package/dist/index.d.mts +1 -1
  5. package/dist/index.mjs +8 -9
  6. package/dist/version-Cf5gNNxE.mjs +5 -0
  7. package/package.json +12 -12
  8. package/dist/client.mjs.map +0 -1
  9. package/dist/index.mjs.map +0 -1
package/dist/{index-N-z2Csye.d.mts → index-iRhhiRKL.d.mts} RENAMED
@@ -1,4 +1,5 @@
1
1
  import { APIError } from "better-auth/api";
2
+ import * as z from "zod";
2
3
  import { Awaitable, BetterAuthPlugin, OAuth2Tokens, User } from "better-auth";
3
4
  import * as better_call0 from "better-call";
4
5
 
@@ -156,6 +157,16 @@ interface SSOOptions {
156
157
  */
157
158
  provider: SSOProvider<SSOOptions>;
158
159
  }) => Awaitable<void>) | undefined;
160
+ /**
161
+ * If true, the `provisionUser` callback will be called on every login,
162
+ * not just when a new user is registered. This is useful when you need
163
+ * to sync upstream identity provider profile changes on each sign-in.
164
+ *
165
+ * The `provisionUser` callback should be idempotent when this is enabled.
166
+ *
167
+ * @default false
168
+ */
169
+ provisionUserOnEveryLogin?: boolean;
159
170
  /**
160
171
  * Organization provisioning options
161
172
  */
@@ -310,7 +321,7 @@ interface SSOOptions {
310
321
  *
311
322
  * This works correctly in serverless environments without any additional configuration.
312
323
  *
313
- * @default false
324
+ * @default true
314
325
  */
315
326
  enableInResponseToValidation?: boolean;
316
327
  /**
@@ -414,118 +425,143 @@ interface SSOOptions {
414
425
  }
415
426
  //#endregion
416
427
  //#region src/routes/domain-verification.d.ts
417
- declare const requestDomainVerification: (options: SSOOptions) => better_call0.Endpoint<"/sso/request-domain-verification", "POST", {
418
- providerId: string;
419
- }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
420
- session: {
421
- session: Record<string, any> & {
422
- id: string;
423
- createdAt: Date;
424
- updatedAt: Date;
425
- userId: string;
426
- expiresAt: Date;
427
- token: string;
428
- ipAddress?: string | null | undefined;
429
- userAgent?: string | null | undefined;
430
- };
431
- user: Record<string, any> & {
432
- id: string;
433
- createdAt: Date;
434
- updatedAt: Date;
435
- email: string;
436
- emailVerified: boolean;
437
- name: string;
438
- image?: string | null | undefined;
428
+ declare const requestDomainVerification: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/request-domain-verification", {
429
+ method: "POST";
430
+ body: z.ZodObject<{
431
+ providerId: z.ZodString;
432
+ }, z.core.$strip>;
433
+ metadata: {
434
+ openapi: {
435
+ summary: string;
436
+ description: string;
437
+ responses: {
438
+ "404": {
439
+ description: string;
440
+ };
441
+ "409": {
442
+ description: string;
443
+ };
444
+ "201": {
445
+ description: string;
446
+ };
447
+ };
439
448
  };
440
449
  };
441
- }>>], {
442
- domainVerificationToken: string;
443
- }, {
444
- openapi: {
445
- summary: string;
446
- description: string;
447
- responses: {
448
- "404": {
449
- description: string;
450
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
451
+ session: {
452
+ session: Record<string, any> & {
453
+ id: string;
454
+ createdAt: Date;
455
+ updatedAt: Date;
456
+ userId: string;
457
+ expiresAt: Date;
458
+ token: string;
459
+ ipAddress?: string | null | undefined;
460
+ userAgent?: string | null | undefined;
450
461
  };
451
- "409": {
452
- description: string;
462
+ user: Record<string, any> & {
463
+ id: string;
464
+ createdAt: Date;
465
+ updatedAt: Date;
466
+ email: string;
467
+ emailVerified: boolean;
468
+ name: string;
469
+ image?: string | null | undefined;
453
470
  };
454
- "201": {
455
- description: string;
456
- };
457
- };
458
- };
459
- }, undefined>;
460
- declare const verifyDomain: (options: SSOOptions) => better_call0.Endpoint<"/sso/verify-domain", "POST", {
461
- providerId: string;
462
- }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
463
- session: {
464
- session: Record<string, any> & {
465
- id: string;
466
- createdAt: Date;
467
- updatedAt: Date;
468
- userId: string;
469
- expiresAt: Date;
470
- token: string;
471
- ipAddress?: string | null | undefined;
472
- userAgent?: string | null | undefined;
473
471
  };
474
- user: Record<string, any> & {
475
- id: string;
476
- createdAt: Date;
477
- updatedAt: Date;
478
- email: string;
479
- emailVerified: boolean;
480
- name: string;
481
- image?: string | null | undefined;
472
+ }>)[];
473
+ }, {
474
+ domainVerificationToken: string;
475
+ }>;
476
+ declare const verifyDomain: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/verify-domain", {
477
+ method: "POST";
478
+ body: z.ZodObject<{
479
+ providerId: z.ZodString;
480
+ }, z.core.$strip>;
481
+ metadata: {
482
+ openapi: {
483
+ summary: string;
484
+ description: string;
485
+ responses: {
486
+ "404": {
487
+ description: string;
488
+ };
489
+ "409": {
490
+ description: string;
491
+ };
492
+ "502": {
493
+ description: string;
494
+ };
495
+ "204": {
496
+ description: string;
497
+ };
498
+ };
482
499
  };
483
500
  };
484
- }>>], void, {
485
- openapi: {
486
- summary: string;
487
- description: string;
488
- responses: {
489
- "404": {
490
- description: string;
491
- };
492
- "409": {
493
- description: string;
501
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
502
+ session: {
503
+ session: Record<string, any> & {
504
+ id: string;
505
+ createdAt: Date;
506
+ updatedAt: Date;
507
+ userId: string;
508
+ expiresAt: Date;
509
+ token: string;
510
+ ipAddress?: string | null | undefined;
511
+ userAgent?: string | null | undefined;
494
512
  };
495
- "502": {
496
- description: string;
497
- };
498
- "204": {
499
- description: string;
513
+ user: Record<string, any> & {
514
+ id: string;
515
+ createdAt: Date;
516
+ updatedAt: Date;
517
+ email: string;
518
+ emailVerified: boolean;
519
+ name: string;
520
+ image?: string | null | undefined;
500
521
  };
501
522
  };
502
- };
503
- }, undefined>;
523
+ }>)[];
524
+ }, void>;
504
525
  //#endregion
505
526
  //#region src/routes/providers.d.ts
506
- declare const listSSOProviders: () => better_call0.Endpoint<"/sso/providers", "GET", undefined, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
507
- session: {
508
- session: Record<string, any> & {
509
- id: string;
510
- createdAt: Date;
511
- updatedAt: Date;
512
- userId: string;
513
- expiresAt: Date;
514
- token: string;
515
- ipAddress?: string | null | undefined;
516
- userAgent?: string | null | undefined;
527
+ declare const listSSOProviders: () => better_call0.StrictEndpoint<"/sso/providers", {
528
+ method: "GET";
529
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
530
+ session: {
531
+ session: Record<string, any> & {
532
+ id: string;
533
+ createdAt: Date;
534
+ updatedAt: Date;
535
+ userId: string;
536
+ expiresAt: Date;
537
+ token: string;
538
+ ipAddress?: string | null | undefined;
539
+ userAgent?: string | null | undefined;
540
+ };
541
+ user: Record<string, any> & {
542
+ id: string;
543
+ createdAt: Date;
544
+ updatedAt: Date;
545
+ email: string;
546
+ emailVerified: boolean;
547
+ name: string;
548
+ image?: string | null | undefined;
549
+ };
517
550
  };
518
- user: Record<string, any> & {
519
- id: string;
520
- createdAt: Date;
521
- updatedAt: Date;
522
- email: string;
523
- emailVerified: boolean;
524
- name: string;
525
- image?: string | null | undefined;
551
+ }>)[];
552
+ metadata: {
553
+ openapi: {
554
+ operationId: string;
555
+ summary: string;
556
+ description: string;
557
+ responses: {
558
+ "200": {
559
+ description: string;
560
+ };
561
+ };
526
562
  };
527
563
  };
528
- }>>], {
564
+ }, {
529
565
  providers: {
530
566
  providerId: string;
531
567
  type: string;
@@ -564,43 +600,54 @@ declare const listSSOProviders: () => better_call0.Endpoint<"/sso/providers", "G
564
600
  } | undefined;
565
601
  spMetadataUrl: string;
566
602
  }[];
567
- }, {
568
- openapi: {
569
- operationId: string;
570
- summary: string;
571
- description: string;
572
- responses: {
573
- "200": {
574
- description: string;
603
+ }>;
604
+ declare const getSSOProvider: () => better_call0.StrictEndpoint<"/sso/get-provider", {
605
+ method: "GET";
606
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
607
+ session: {
608
+ session: Record<string, any> & {
609
+ id: string;
610
+ createdAt: Date;
611
+ updatedAt: Date;
612
+ userId: string;
613
+ expiresAt: Date;
614
+ token: string;
615
+ ipAddress?: string | null | undefined;
616
+ userAgent?: string | null | undefined;
617
+ };
618
+ user: Record<string, any> & {
619
+ id: string;
620
+ createdAt: Date;
621
+ updatedAt: Date;
622
+ email: string;
623
+ emailVerified: boolean;
624
+ name: string;
625
+ image?: string | null | undefined;
575
626
  };
576
627
  };
577
- };
578
- }, undefined>;
579
- declare const getSSOProvider: () => better_call0.Endpoint<"/sso/get-provider", "GET", undefined, {
580
- providerId: string;
581
- }, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
582
- session: {
583
- session: Record<string, any> & {
584
- id: string;
585
- createdAt: Date;
586
- updatedAt: Date;
587
- userId: string;
588
- expiresAt: Date;
589
- token: string;
590
- ipAddress?: string | null | undefined;
591
- userAgent?: string | null | undefined;
592
- };
593
- user: Record<string, any> & {
594
- id: string;
595
- createdAt: Date;
596
- updatedAt: Date;
597
- email: string;
598
- emailVerified: boolean;
599
- name: string;
600
- image?: string | null | undefined;
628
+ }>)[];
629
+ query: z.ZodObject<{
630
+ providerId: z.ZodString;
631
+ }, z.core.$strip>;
632
+ metadata: {
633
+ openapi: {
634
+ operationId: string;
635
+ summary: string;
636
+ description: string;
637
+ responses: {
638
+ "200": {
639
+ description: string;
640
+ };
641
+ "404": {
642
+ description: string;
643
+ };
644
+ "403": {
645
+ description: string;
646
+ };
647
+ };
601
648
  };
602
649
  };
603
- }>>], {
650
+ }, {
604
651
  providerId: string;
605
652
  type: string;
606
653
  issuer: string;
@@ -637,119 +684,127 @@ declare const getSSOProvider: () => better_call0.Endpoint<"/sso/get-provider", "
637
684
  };
638
685
  } | undefined;
639
686
  spMetadataUrl: string;
640
- }, {
641
- openapi: {
642
- operationId: string;
643
- summary: string;
644
- description: string;
645
- responses: {
646
- "200": {
647
- description: string;
687
+ }>;
688
+ declare const updateSSOProvider: (options: SSOOptions) => better_call0.StrictEndpoint<"/sso/update-provider", {
689
+ method: "POST";
690
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
691
+ session: {
692
+ session: Record<string, any> & {
693
+ id: string;
694
+ createdAt: Date;
695
+ updatedAt: Date;
696
+ userId: string;
697
+ expiresAt: Date;
698
+ token: string;
699
+ ipAddress?: string | null | undefined;
700
+ userAgent?: string | null | undefined;
648
701
  };
649
- "404": {
650
- description: string;
651
- };
652
- "403": {
653
- description: string;
702
+ user: Record<string, any> & {
703
+ id: string;
704
+ createdAt: Date;
705
+ updatedAt: Date;
706
+ email: string;
707
+ emailVerified: boolean;
708
+ name: string;
709
+ image?: string | null | undefined;
654
710
  };
655
711
  };
656
- };
657
- }, undefined>;
658
- declare const updateSSOProvider: (options: SSOOptions) => better_call0.Endpoint<"/sso/update-provider", "POST", {
659
- providerId: string;
660
- issuer?: string | undefined;
661
- domain?: string | undefined;
662
- oidcConfig?: {
663
- clientId?: string | undefined;
664
- clientSecret?: string | undefined;
665
- authorizationEndpoint?: string | undefined;
666
- tokenEndpoint?: string | undefined;
667
- userInfoEndpoint?: string | undefined;
668
- tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
669
- jwksEndpoint?: string | undefined;
670
- discoveryEndpoint?: string | undefined;
671
- scopes?: string[] | undefined;
672
- pkce?: boolean | undefined;
673
- overrideUserInfo?: boolean | undefined;
674
- mapping?: {
675
- id?: string | undefined;
676
- email?: string | undefined;
677
- emailVerified?: string | undefined;
678
- name?: string | undefined;
679
- image?: string | undefined;
680
- extraFields?: Record<string, any> | undefined;
681
- } | undefined;
682
- } | undefined;
683
- samlConfig?: {
684
- entryPoint?: string | undefined;
685
- cert?: string | undefined;
686
- callbackUrl?: string | undefined;
687
- audience?: string | undefined;
688
- idpMetadata?: {
689
- metadata?: string | undefined;
690
- entityID?: string | undefined;
691
- cert?: string | undefined;
692
- privateKey?: string | undefined;
693
- privateKeyPass?: string | undefined;
694
- isAssertionEncrypted?: boolean | undefined;
695
- encPrivateKey?: string | undefined;
696
- encPrivateKeyPass?: string | undefined;
697
- singleSignOnService?: {
698
- Binding: string;
699
- Location: string;
700
- }[] | undefined;
701
- } | undefined;
702
- spMetadata?: {
703
- metadata?: string | undefined;
704
- entityID?: string | undefined;
705
- binding?: string | undefined;
706
- privateKey?: string | undefined;
707
- privateKeyPass?: string | undefined;
708
- isAssertionEncrypted?: boolean | undefined;
709
- encPrivateKey?: string | undefined;
710
- encPrivateKeyPass?: string | undefined;
711
- } | undefined;
712
- wantAssertionsSigned?: boolean | undefined;
713
- authnRequestsSigned?: boolean | undefined;
714
- signatureAlgorithm?: string | undefined;
715
- digestAlgorithm?: string | undefined;
716
- identifierFormat?: string | undefined;
717
- privateKey?: string | undefined;
718
- decryptionPvk?: string | undefined;
719
- additionalParams?: Record<string, any> | undefined;
720
- mapping?: {
721
- id?: string | undefined;
722
- email?: string | undefined;
723
- emailVerified?: string | undefined;
724
- name?: string | undefined;
725
- firstName?: string | undefined;
726
- lastName?: string | undefined;
727
- extraFields?: Record<string, any> | undefined;
728
- } | undefined;
729
- } | undefined;
730
- }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
731
- session: {
732
- session: Record<string, any> & {
733
- id: string;
734
- createdAt: Date;
735
- updatedAt: Date;
736
- userId: string;
737
- expiresAt: Date;
738
- token: string;
739
- ipAddress?: string | null | undefined;
740
- userAgent?: string | null | undefined;
741
- };
742
- user: Record<string, any> & {
743
- id: string;
744
- createdAt: Date;
745
- updatedAt: Date;
746
- email: string;
747
- emailVerified: boolean;
748
- name: string;
749
- image?: string | null | undefined;
712
+ }>)[];
713
+ body: z.ZodObject<{
714
+ issuer: z.ZodOptional<z.ZodString>;
715
+ domain: z.ZodOptional<z.ZodString>;
716
+ oidcConfig: z.ZodOptional<z.ZodObject<{
717
+ clientId: z.ZodOptional<z.ZodString>;
718
+ clientSecret: z.ZodOptional<z.ZodString>;
719
+ authorizationEndpoint: z.ZodOptional<z.ZodString>;
720
+ tokenEndpoint: z.ZodOptional<z.ZodString>;
721
+ userInfoEndpoint: z.ZodOptional<z.ZodString>;
722
+ tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
723
+ client_secret_post: "client_secret_post";
724
+ client_secret_basic: "client_secret_basic";
725
+ }>>;
726
+ jwksEndpoint: z.ZodOptional<z.ZodString>;
727
+ discoveryEndpoint: z.ZodOptional<z.ZodString>;
728
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
729
+ pkce: z.ZodOptional<z.ZodBoolean>;
730
+ overrideUserInfo: z.ZodOptional<z.ZodBoolean>;
731
+ mapping: z.ZodOptional<z.ZodObject<{
732
+ id: z.ZodOptional<z.ZodString>;
733
+ email: z.ZodOptional<z.ZodString>;
734
+ emailVerified: z.ZodOptional<z.ZodString>;
735
+ name: z.ZodOptional<z.ZodString>;
736
+ image: z.ZodOptional<z.ZodString>;
737
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
738
+ }, z.core.$strip>>;
739
+ }, z.core.$strip>>;
740
+ samlConfig: z.ZodOptional<z.ZodObject<{
741
+ entryPoint: z.ZodOptional<z.ZodString>;
742
+ cert: z.ZodOptional<z.ZodString>;
743
+ callbackUrl: z.ZodOptional<z.ZodString>;
744
+ audience: z.ZodOptional<z.ZodString>;
745
+ idpMetadata: z.ZodOptional<z.ZodObject<{
746
+ metadata: z.ZodOptional<z.ZodString>;
747
+ entityID: z.ZodOptional<z.ZodString>;
748
+ cert: z.ZodOptional<z.ZodString>;
749
+ privateKey: z.ZodOptional<z.ZodString>;
750
+ privateKeyPass: z.ZodOptional<z.ZodString>;
751
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
752
+ encPrivateKey: z.ZodOptional<z.ZodString>;
753
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
754
+ singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
755
+ Binding: z.ZodString;
756
+ Location: z.ZodString;
757
+ }, z.core.$strip>>>;
758
+ }, z.core.$strip>>;
759
+ spMetadata: z.ZodOptional<z.ZodObject<{
760
+ metadata: z.ZodOptional<z.ZodString>;
761
+ entityID: z.ZodOptional<z.ZodString>;
762
+ binding: z.ZodOptional<z.ZodString>;
763
+ privateKey: z.ZodOptional<z.ZodString>;
764
+ privateKeyPass: z.ZodOptional<z.ZodString>;
765
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
766
+ encPrivateKey: z.ZodOptional<z.ZodString>;
767
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
768
+ }, z.core.$strip>>;
769
+ wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
770
+ authnRequestsSigned: z.ZodOptional<z.ZodBoolean>;
771
+ signatureAlgorithm: z.ZodOptional<z.ZodString>;
772
+ digestAlgorithm: z.ZodOptional<z.ZodString>;
773
+ identifierFormat: z.ZodOptional<z.ZodString>;
774
+ privateKey: z.ZodOptional<z.ZodString>;
775
+ decryptionPvk: z.ZodOptional<z.ZodString>;
776
+ additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
777
+ mapping: z.ZodOptional<z.ZodObject<{
778
+ id: z.ZodOptional<z.ZodString>;
779
+ email: z.ZodOptional<z.ZodString>;
780
+ emailVerified: z.ZodOptional<z.ZodString>;
781
+ name: z.ZodOptional<z.ZodString>;
782
+ firstName: z.ZodOptional<z.ZodString>;
783
+ lastName: z.ZodOptional<z.ZodString>;
784
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
785
+ }, z.core.$strip>>;
786
+ }, z.core.$strip>>;
787
+ providerId: z.ZodString;
788
+ }, z.core.$strip>;
789
+ metadata: {
790
+ openapi: {
791
+ operationId: string;
792
+ summary: string;
793
+ description: string;
794
+ responses: {
795
+ "200": {
796
+ description: string;
797
+ };
798
+ "404": {
799
+ description: string;
800
+ };
801
+ "403": {
802
+ description: string;
803
+ };
804
+ };
750
805
  };
751
806
  };
752
- }>>], {
807
+ }, {
753
808
  providerId: string;
754
809
  type: string;
755
810
  issuer: string;
@@ -786,68 +841,56 @@ declare const updateSSOProvider: (options: SSOOptions) => better_call0.Endpoint<
786
841
  };
787
842
  } | undefined;
788
843
  spMetadataUrl: string;
789
- }, {
790
- openapi: {
791
- operationId: string;
792
- summary: string;
793
- description: string;
794
- responses: {
795
- "200": {
796
- description: string;
844
+ }>;
845
+ declare const deleteSSOProvider: () => better_call0.StrictEndpoint<"/sso/delete-provider", {
846
+ method: "POST";
847
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
848
+ session: {
849
+ session: Record<string, any> & {
850
+ id: string;
851
+ createdAt: Date;
852
+ updatedAt: Date;
853
+ userId: string;
854
+ expiresAt: Date;
855
+ token: string;
856
+ ipAddress?: string | null | undefined;
857
+ userAgent?: string | null | undefined;
797
858
  };
798
- "404": {
799
- description: string;
859
+ user: Record<string, any> & {
860
+ id: string;
861
+ createdAt: Date;
862
+ updatedAt: Date;
863
+ email: string;
864
+ emailVerified: boolean;
865
+ name: string;
866
+ image?: string | null | undefined;
800
867
  };
801
- "403": {
802
- description: string;
803
- };
804
- };
805
- };
806
- }, undefined>;
807
- declare const deleteSSOProvider: () => better_call0.Endpoint<"/sso/delete-provider", "POST", {
808
- providerId: string;
809
- }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
810
- session: {
811
- session: Record<string, any> & {
812
- id: string;
813
- createdAt: Date;
814
- updatedAt: Date;
815
- userId: string;
816
- expiresAt: Date;
817
- token: string;
818
- ipAddress?: string | null | undefined;
819
- userAgent?: string | null | undefined;
820
868
  };
821
- user: Record<string, any> & {
822
- id: string;
823
- createdAt: Date;
824
- updatedAt: Date;
825
- email: string;
826
- emailVerified: boolean;
827
- name: string;
828
- image?: string | null | undefined;
829
- };
830
- };
831
- }>>], {
832
- success: boolean;
833
- }, {
834
- openapi: {
835
- operationId: string;
836
- summary: string;
837
- description: string;
838
- responses: {
839
- "200": {
840
- description: string;
841
- };
842
- "404": {
843
- description: string;
844
- };
845
- "403": {
846
- description: string;
869
+ }>)[];
870
+ body: z.ZodObject<{
871
+ providerId: z.ZodString;
872
+ }, z.core.$strip>;
873
+ metadata: {
874
+ openapi: {
875
+ operationId: string;
876
+ summary: string;
877
+ description: string;
878
+ responses: {
879
+ "200": {
880
+ description: string;
881
+ };
882
+ "404": {
883
+ description: string;
884
+ };
885
+ "403": {
886
+ description: string;
887
+ };
847
888
  };
848
889
  };
849
890
  };
850
- }, undefined>;
891
+ }, {
892
+ success: boolean;
893
+ }>;
851
894
  //#endregion
852
895
  //#region src/routes/sso.d.ts
853
896
  interface TimestampValidationOptions {
@@ -868,118 +911,293 @@ interface SAMLConditions {
868
911
  * @throws {APIError} If timestamps are invalid, expired, or not yet valid
869
912
  */
870
913
  declare function validateSAMLTimestamp(conditions: SAMLConditions | undefined, options?: TimestampValidationOptions): void;
871
- declare const spMetadata: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/sp/metadata", "GET", undefined, {
872
- providerId: string;
873
- format?: "json" | "xml" | undefined;
874
- }, [], Response, {
875
- openapi: {
876
- operationId: string;
877
- summary: string;
878
- description: string;
879
- responses: {
880
- "200": {
881
- description: string;
914
+ declare const spMetadata: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/sp/metadata", {
915
+ method: "GET";
916
+ query: z.ZodObject<{
917
+ providerId: z.ZodString;
918
+ format: z.ZodDefault<z.ZodEnum<{
919
+ json: "json";
920
+ xml: "xml";
921
+ }>>;
922
+ }, z.core.$strip>;
923
+ metadata: {
924
+ openapi: {
925
+ operationId: string;
926
+ summary: string;
927
+ description: string;
928
+ responses: {
929
+ "200": {
930
+ description: string;
931
+ };
882
932
  };
883
933
  };
884
934
  };
885
- }, undefined>;
886
- declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_call0.Endpoint<"/sso/register", "POST", {
887
- providerId: string;
888
- issuer: string;
889
- domain: string;
890
- oidcConfig?: {
891
- clientId: string;
892
- clientSecret: string;
893
- authorizationEndpoint?: string | undefined;
894
- tokenEndpoint?: string | undefined;
895
- userInfoEndpoint?: string | undefined;
896
- tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
897
- jwksEndpoint?: string | undefined;
898
- discoveryEndpoint?: string | undefined;
899
- skipDiscovery?: boolean | undefined;
900
- scopes?: string[] | undefined;
901
- pkce?: boolean | undefined;
902
- mapping?: {
903
- id: string;
904
- email: string;
905
- name: string;
906
- emailVerified?: string | undefined;
907
- image?: string | undefined;
908
- extraFields?: Record<string, any> | undefined;
909
- } | undefined;
910
- } | undefined;
911
- samlConfig?: {
912
- entryPoint: string;
913
- cert: string;
914
- callbackUrl: string;
915
- spMetadata: {
916
- metadata?: string | undefined;
917
- entityID?: string | undefined;
918
- binding?: string | undefined;
919
- privateKey?: string | undefined;
920
- privateKeyPass?: string | undefined;
921
- isAssertionEncrypted?: boolean | undefined;
922
- encPrivateKey?: string | undefined;
923
- encPrivateKeyPass?: string | undefined;
924
- };
925
- audience?: string | undefined;
926
- idpMetadata?: {
927
- metadata?: string | undefined;
928
- entityID?: string | undefined;
929
- cert?: string | undefined;
930
- privateKey?: string | undefined;
931
- privateKeyPass?: string | undefined;
932
- isAssertionEncrypted?: boolean | undefined;
933
- encPrivateKey?: string | undefined;
934
- encPrivateKeyPass?: string | undefined;
935
- singleSignOnService?: {
936
- Binding: string;
937
- Location: string;
938
- }[] | undefined;
939
- } | undefined;
940
- wantAssertionsSigned?: boolean | undefined;
941
- authnRequestsSigned?: boolean | undefined;
942
- signatureAlgorithm?: string | undefined;
943
- digestAlgorithm?: string | undefined;
944
- identifierFormat?: string | undefined;
945
- privateKey?: string | undefined;
946
- decryptionPvk?: string | undefined;
947
- additionalParams?: Record<string, any> | undefined;
948
- mapping?: {
949
- id: string;
950
- email: string;
951
- name: string;
952
- emailVerified?: string | undefined;
953
- firstName?: string | undefined;
954
- lastName?: string | undefined;
955
- extraFields?: Record<string, any> | undefined;
956
- } | undefined;
957
- } | undefined;
958
- organizationId?: string | undefined;
959
- overrideUserInfo?: boolean | undefined;
960
- }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
961
- session: {
962
- session: Record<string, any> & {
963
- id: string;
964
- createdAt: Date;
965
- updatedAt: Date;
966
- userId: string;
967
- expiresAt: Date;
968
- token: string;
969
- ipAddress?: string | null | undefined;
970
- userAgent?: string | null | undefined;
935
+ }, Response>;
936
+ declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_call0.StrictEndpoint<"/sso/register", {
937
+ method: "POST";
938
+ body: z.ZodObject<{
939
+ providerId: z.ZodString;
940
+ issuer: z.ZodString;
941
+ domain: z.ZodString;
942
+ oidcConfig: z.ZodOptional<z.ZodObject<{
943
+ clientId: z.ZodString;
944
+ clientSecret: z.ZodString;
945
+ authorizationEndpoint: z.ZodOptional<z.ZodString>;
946
+ tokenEndpoint: z.ZodOptional<z.ZodString>;
947
+ userInfoEndpoint: z.ZodOptional<z.ZodString>;
948
+ tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
949
+ client_secret_post: "client_secret_post";
950
+ client_secret_basic: "client_secret_basic";
951
+ }>>;
952
+ jwksEndpoint: z.ZodOptional<z.ZodString>;
953
+ discoveryEndpoint: z.ZodOptional<z.ZodString>;
954
+ skipDiscovery: z.ZodOptional<z.ZodBoolean>;
955
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
956
+ pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
957
+ mapping: z.ZodOptional<z.ZodObject<{
958
+ id: z.ZodString;
959
+ email: z.ZodString;
960
+ emailVerified: z.ZodOptional<z.ZodString>;
961
+ name: z.ZodString;
962
+ image: z.ZodOptional<z.ZodString>;
963
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
964
+ }, z.core.$strip>>;
965
+ }, z.core.$strip>>;
966
+ samlConfig: z.ZodOptional<z.ZodObject<{
967
+ entryPoint: z.ZodString;
968
+ cert: z.ZodString;
969
+ callbackUrl: z.ZodString;
970
+ audience: z.ZodOptional<z.ZodString>;
971
+ idpMetadata: z.ZodOptional<z.ZodObject<{
972
+ metadata: z.ZodOptional<z.ZodString>;
973
+ entityID: z.ZodOptional<z.ZodString>;
974
+ cert: z.ZodOptional<z.ZodString>;
975
+ privateKey: z.ZodOptional<z.ZodString>;
976
+ privateKeyPass: z.ZodOptional<z.ZodString>;
977
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
978
+ encPrivateKey: z.ZodOptional<z.ZodString>;
979
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
980
+ singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
981
+ Binding: z.ZodString;
982
+ Location: z.ZodString;
983
+ }, z.core.$strip>>>;
984
+ }, z.core.$strip>>;
985
+ spMetadata: z.ZodObject<{
986
+ metadata: z.ZodOptional<z.ZodString>;
987
+ entityID: z.ZodOptional<z.ZodString>;
988
+ binding: z.ZodOptional<z.ZodString>;
989
+ privateKey: z.ZodOptional<z.ZodString>;
990
+ privateKeyPass: z.ZodOptional<z.ZodString>;
991
+ isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
992
+ encPrivateKey: z.ZodOptional<z.ZodString>;
993
+ encPrivateKeyPass: z.ZodOptional<z.ZodString>;
994
+ }, z.core.$strip>;
995
+ wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
996
+ authnRequestsSigned: z.ZodOptional<z.ZodBoolean>;
997
+ signatureAlgorithm: z.ZodOptional<z.ZodString>;
998
+ digestAlgorithm: z.ZodOptional<z.ZodString>;
999
+ identifierFormat: z.ZodOptional<z.ZodString>;
1000
+ privateKey: z.ZodOptional<z.ZodString>;
1001
+ decryptionPvk: z.ZodOptional<z.ZodString>;
1002
+ additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
1003
+ mapping: z.ZodOptional<z.ZodObject<{
1004
+ id: z.ZodString;
1005
+ email: z.ZodString;
1006
+ emailVerified: z.ZodOptional<z.ZodString>;
1007
+ name: z.ZodString;
1008
+ firstName: z.ZodOptional<z.ZodString>;
1009
+ lastName: z.ZodOptional<z.ZodString>;
1010
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
1011
+ }, z.core.$strip>>;
1012
+ }, z.core.$strip>>;
1013
+ organizationId: z.ZodOptional<z.ZodString>;
1014
+ overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
1015
+ }, z.core.$strip>;
1016
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
1017
+ session: {
1018
+ session: Record<string, any> & {
1019
+ id: string;
1020
+ createdAt: Date;
1021
+ updatedAt: Date;
1022
+ userId: string;
1023
+ expiresAt: Date;
1024
+ token: string;
1025
+ ipAddress?: string | null | undefined;
1026
+ userAgent?: string | null | undefined;
1027
+ };
1028
+ user: Record<string, any> & {
1029
+ id: string;
1030
+ createdAt: Date;
1031
+ updatedAt: Date;
1032
+ email: string;
1033
+ emailVerified: boolean;
1034
+ name: string;
1035
+ image?: string | null | undefined;
1036
+ };
971
1037
  };
972
- user: Record<string, any> & {
973
- id: string;
974
- createdAt: Date;
975
- updatedAt: Date;
976
- email: string;
977
- emailVerified: boolean;
978
- name: string;
979
- image?: string | null | undefined;
1038
+ }>)[];
1039
+ metadata: {
1040
+ openapi: {
1041
+ operationId: string;
1042
+ summary: string;
1043
+ description: string;
1044
+ responses: {
1045
+ "200": {
1046
+ description: string;
1047
+ content: {
1048
+ "application/json": {
1049
+ schema: {
1050
+ type: "object";
1051
+ properties: {
1052
+ issuer: {
1053
+ type: string;
1054
+ format: string;
1055
+ description: string;
1056
+ };
1057
+ domain: {
1058
+ type: string;
1059
+ description: string;
1060
+ };
1061
+ domainVerified: {
1062
+ type: string;
1063
+ description: string;
1064
+ };
1065
+ domainVerificationToken: {
1066
+ type: string;
1067
+ description: string;
1068
+ };
1069
+ oidcConfig: {
1070
+ type: string;
1071
+ properties: {
1072
+ issuer: {
1073
+ type: string;
1074
+ format: string;
1075
+ description: string;
1076
+ };
1077
+ pkce: {
1078
+ type: string;
1079
+ description: string;
1080
+ };
1081
+ clientId: {
1082
+ type: string;
1083
+ description: string;
1084
+ };
1085
+ clientSecret: {
1086
+ type: string;
1087
+ description: string;
1088
+ };
1089
+ authorizationEndpoint: {
1090
+ type: string;
1091
+ format: string;
1092
+ nullable: boolean;
1093
+ description: string;
1094
+ };
1095
+ discoveryEndpoint: {
1096
+ type: string;
1097
+ format: string;
1098
+ description: string;
1099
+ };
1100
+ userInfoEndpoint: {
1101
+ type: string;
1102
+ format: string;
1103
+ nullable: boolean;
1104
+ description: string;
1105
+ };
1106
+ scopes: {
1107
+ type: string;
1108
+ items: {
1109
+ type: string;
1110
+ };
1111
+ nullable: boolean;
1112
+ description: string;
1113
+ };
1114
+ tokenEndpoint: {
1115
+ type: string;
1116
+ format: string;
1117
+ nullable: boolean;
1118
+ description: string;
1119
+ };
1120
+ tokenEndpointAuthentication: {
1121
+ type: string;
1122
+ enum: string[];
1123
+ nullable: boolean;
1124
+ description: string;
1125
+ };
1126
+ jwksEndpoint: {
1127
+ type: string;
1128
+ format: string;
1129
+ nullable: boolean;
1130
+ description: string;
1131
+ };
1132
+ mapping: {
1133
+ type: string;
1134
+ nullable: boolean;
1135
+ properties: {
1136
+ id: {
1137
+ type: string;
1138
+ description: string;
1139
+ };
1140
+ email: {
1141
+ type: string;
1142
+ description: string;
1143
+ };
1144
+ emailVerified: {
1145
+ type: string;
1146
+ nullable: boolean;
1147
+ description: string;
1148
+ };
1149
+ name: {
1150
+ type: string;
1151
+ description: string;
1152
+ };
1153
+ image: {
1154
+ type: string;
1155
+ nullable: boolean;
1156
+ description: string;
1157
+ };
1158
+ extraFields: {
1159
+ type: string;
1160
+ additionalProperties: {
1161
+ type: string;
1162
+ };
1163
+ nullable: boolean;
1164
+ description: string;
1165
+ };
1166
+ };
1167
+ required: string[];
1168
+ };
1169
+ };
1170
+ required: string[];
1171
+ description: string;
1172
+ };
1173
+ organizationId: {
1174
+ type: string;
1175
+ nullable: boolean;
1176
+ description: string;
1177
+ };
1178
+ userId: {
1179
+ type: string;
1180
+ description: string;
1181
+ };
1182
+ providerId: {
1183
+ type: string;
1184
+ description: string;
1185
+ };
1186
+ redirectURI: {
1187
+ type: string;
1188
+ format: string;
1189
+ description: string;
1190
+ };
1191
+ };
1192
+ required: string[];
1193
+ };
1194
+ };
1195
+ };
1196
+ };
1197
+ };
980
1198
  };
981
1199
  };
982
- }>>], O["domainVerification"] extends {
1200
+ }, O["domainVerification"] extends {
983
1201
  enabled: true;
984
1202
  } ? {
985
1203
  redirectURI: string;
@@ -992,156 +1210,62 @@ declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_
992
1210
  redirectURI: string;
993
1211
  oidcConfig: OIDCConfig | null;
994
1212
  samlConfig: SAMLConfig | null;
995
- } & Omit<SSOProvider<O>, "oidcConfig" | "samlConfig">, {
996
- openapi: {
997
- operationId: string;
998
- summary: string;
999
- description: string;
1000
- responses: {
1001
- "200": {
1002
- description: string;
1213
+ } & Omit<SSOProvider<O>, "oidcConfig" | "samlConfig">>;
1214
+ declare const signInSSO: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sign-in/sso", {
1215
+ method: "POST";
1216
+ body: z.ZodObject<{
1217
+ email: z.ZodOptional<z.ZodString>;
1218
+ organizationSlug: z.ZodOptional<z.ZodString>;
1219
+ providerId: z.ZodOptional<z.ZodString>;
1220
+ domain: z.ZodOptional<z.ZodString>;
1221
+ callbackURL: z.ZodString;
1222
+ errorCallbackURL: z.ZodOptional<z.ZodString>;
1223
+ newUserCallbackURL: z.ZodOptional<z.ZodString>;
1224
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
1225
+ loginHint: z.ZodOptional<z.ZodString>;
1226
+ requestSignUp: z.ZodOptional<z.ZodBoolean>;
1227
+ providerType: z.ZodOptional<z.ZodEnum<{
1228
+ saml: "saml";
1229
+ oidc: "oidc";
1230
+ }>>;
1231
+ }, z.core.$strip>;
1232
+ metadata: {
1233
+ openapi: {
1234
+ operationId: string;
1235
+ summary: string;
1236
+ description: string;
1237
+ requestBody: {
1003
1238
  content: {
1004
1239
  "application/json": {
1005
1240
  schema: {
1006
1241
  type: "object";
1007
1242
  properties: {
1008
- issuer: {
1009
- type: string;
1010
- format: string;
1011
- description: string;
1012
- };
1013
- domain: {
1014
- type: string;
1015
- description: string;
1016
- };
1017
- domainVerified: {
1243
+ email: {
1018
1244
  type: string;
1019
1245
  description: string;
1020
1246
  };
1021
- domainVerificationToken: {
1247
+ issuer: {
1022
1248
  type: string;
1023
1249
  description: string;
1024
1250
  };
1025
- oidcConfig: {
1251
+ providerId: {
1026
1252
  type: string;
1027
- properties: {
1028
- issuer: {
1029
- type: string;
1030
- format: string;
1031
- description: string;
1032
- };
1033
- pkce: {
1034
- type: string;
1035
- description: string;
1036
- };
1037
- clientId: {
1038
- type: string;
1039
- description: string;
1040
- };
1041
- clientSecret: {
1042
- type: string;
1043
- description: string;
1044
- };
1045
- authorizationEndpoint: {
1046
- type: string;
1047
- format: string;
1048
- nullable: boolean;
1049
- description: string;
1050
- };
1051
- discoveryEndpoint: {
1052
- type: string;
1053
- format: string;
1054
- description: string;
1055
- };
1056
- userInfoEndpoint: {
1057
- type: string;
1058
- format: string;
1059
- nullable: boolean;
1060
- description: string;
1061
- };
1062
- scopes: {
1063
- type: string;
1064
- items: {
1065
- type: string;
1066
- };
1067
- nullable: boolean;
1068
- description: string;
1069
- };
1070
- tokenEndpoint: {
1071
- type: string;
1072
- format: string;
1073
- nullable: boolean;
1074
- description: string;
1075
- };
1076
- tokenEndpointAuthentication: {
1077
- type: string;
1078
- enum: string[];
1079
- nullable: boolean;
1080
- description: string;
1081
- };
1082
- jwksEndpoint: {
1083
- type: string;
1084
- format: string;
1085
- nullable: boolean;
1086
- description: string;
1087
- };
1088
- mapping: {
1089
- type: string;
1090
- nullable: boolean;
1091
- properties: {
1092
- id: {
1093
- type: string;
1094
- description: string;
1095
- };
1096
- email: {
1097
- type: string;
1098
- description: string;
1099
- };
1100
- emailVerified: {
1101
- type: string;
1102
- nullable: boolean;
1103
- description: string;
1104
- };
1105
- name: {
1106
- type: string;
1107
- description: string;
1108
- };
1109
- image: {
1110
- type: string;
1111
- nullable: boolean;
1112
- description: string;
1113
- };
1114
- extraFields: {
1115
- type: string;
1116
- additionalProperties: {
1117
- type: string;
1118
- };
1119
- nullable: boolean;
1120
- description: string;
1121
- };
1122
- };
1123
- required: string[];
1124
- };
1125
- };
1126
- required: string[];
1127
1253
  description: string;
1128
1254
  };
1129
- organizationId: {
1255
+ callbackURL: {
1130
1256
  type: string;
1131
- nullable: boolean;
1132
1257
  description: string;
1133
1258
  };
1134
- userId: {
1259
+ errorCallbackURL: {
1135
1260
  type: string;
1136
1261
  description: string;
1137
1262
  };
1138
- providerId: {
1263
+ newUserCallbackURL: {
1139
1264
  type: string;
1140
1265
  description: string;
1141
1266
  };
1142
- redirectURI: {
1267
+ loginHint: {
1143
1268
  type: string;
1144
- format: string;
1145
1269
  description: string;
1146
1270
  };
1147
1271
  };
@@ -1150,222 +1274,192 @@ declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_
1150
1274
  };
1151
1275
  };
1152
1276
  };
1153
- };
1154
- };
1155
- }, undefined>;
1156
- declare const signInSSO: (options?: SSOOptions) => better_call0.Endpoint<"/sign-in/sso", "POST", {
1157
- callbackURL: string;
1158
- email?: string | undefined;
1159
- organizationSlug?: string | undefined;
1160
- providerId?: string | undefined;
1161
- domain?: string | undefined;
1162
- errorCallbackURL?: string | undefined;
1163
- newUserCallbackURL?: string | undefined;
1164
- scopes?: string[] | undefined;
1165
- loginHint?: string | undefined;
1166
- requestSignUp?: boolean | undefined;
1167
- providerType?: "saml" | "oidc" | undefined;
1168
- }, Record<string, any> | undefined, [], {
1169
- url: string;
1170
- redirect: boolean;
1171
- }, {
1172
- openapi: {
1173
- operationId: string;
1174
- summary: string;
1175
- description: string;
1176
- requestBody: {
1177
- content: {
1178
- "application/json": {
1179
- schema: {
1180
- type: "object";
1181
- properties: {
1182
- email: {
1183
- type: string;
1184
- description: string;
1185
- };
1186
- issuer: {
1187
- type: string;
1188
- description: string;
1189
- };
1190
- providerId: {
1191
- type: string;
1192
- description: string;
1193
- };
1194
- callbackURL: {
1195
- type: string;
1196
- description: string;
1197
- };
1198
- errorCallbackURL: {
1199
- type: string;
1200
- description: string;
1201
- };
1202
- newUserCallbackURL: {
1203
- type: string;
1204
- description: string;
1205
- };
1206
- loginHint: {
1207
- type: string;
1208
- description: string;
1209
- };
1210
- };
1211
- required: string[];
1212
- };
1213
- };
1214
- };
1215
- };
1216
- responses: {
1217
- "200": {
1218
- description: string;
1219
- content: {
1220
- "application/json": {
1221
- schema: {
1222
- type: "object";
1223
- properties: {
1224
- url: {
1225
- type: string;
1226
- format: string;
1227
- description: string;
1228
- };
1229
- redirect: {
1230
- type: string;
1231
- description: string;
1232
- enum: boolean[];
1277
+ responses: {
1278
+ "200": {
1279
+ description: string;
1280
+ content: {
1281
+ "application/json": {
1282
+ schema: {
1283
+ type: "object";
1284
+ properties: {
1285
+ url: {
1286
+ type: string;
1287
+ format: string;
1288
+ description: string;
1289
+ };
1290
+ redirect: {
1291
+ type: string;
1292
+ description: string;
1293
+ enum: boolean[];
1294
+ };
1233
1295
  };
1296
+ required: string[];
1234
1297
  };
1235
- required: string[];
1236
1298
  };
1237
1299
  };
1238
1300
  };
1239
1301
  };
1240
1302
  };
1241
1303
  };
1242
- }, undefined>;
1243
- declare const callbackSSO: (options?: SSOOptions) => better_call0.Endpoint<"/sso/callback/:providerId", "GET", undefined, {
1244
- state: string;
1245
- code?: string | undefined;
1246
- error?: string | undefined;
1247
- error_description?: string | undefined;
1248
- }, [], void, {
1249
- openapi: {
1250
- operationId: string;
1251
- summary: string;
1252
- description: string;
1253
- responses: {
1254
- "302": {
1255
- description: string;
1304
+ }, {
1305
+ url: string;
1306
+ redirect: boolean;
1307
+ }>;
1308
+ declare const callbackSSO: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/callback/:providerId", {
1309
+ method: "GET";
1310
+ query: z.ZodObject<{
1311
+ code: z.ZodOptional<z.ZodString>;
1312
+ state: z.ZodString;
1313
+ error: z.ZodOptional<z.ZodString>;
1314
+ error_description: z.ZodOptional<z.ZodString>;
1315
+ }, z.core.$strip>;
1316
+ allowedMediaTypes: readonly ["application/x-www-form-urlencoded", "application/json"];
1317
+ metadata: {
1318
+ openapi: {
1319
+ operationId: string;
1320
+ summary: string;
1321
+ description: string;
1322
+ responses: {
1323
+ "302": {
1324
+ description: string;
1325
+ };
1256
1326
  };
1257
1327
  };
1328
+ scope: "server";
1258
1329
  };
1259
- scope: "server";
1260
- }, undefined>;
1330
+ }, void>;
1261
1331
  /**
1262
1332
  * Shared OIDC callback endpoint (no `:providerId` in path).
1263
1333
  * Used when `options.redirectURI` is set — the `providerId` is read from
1264
1334
  * the OAuth state instead of the URL path.
1265
1335
  */
1266
- declare const callbackSSOShared: (options?: SSOOptions) => better_call0.Endpoint<"/sso/callback", "GET", undefined, {
1267
- state: string;
1268
- code?: string | undefined;
1269
- error?: string | undefined;
1270
- error_description?: string | undefined;
1271
- }, [], void, {
1272
- openapi: {
1273
- operationId: string;
1274
- summary: string;
1275
- description: string;
1276
- responses: {
1277
- "302": {
1278
- description: string;
1336
+ declare const callbackSSOShared: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/callback", {
1337
+ metadata: {
1338
+ openapi: {
1339
+ operationId: string;
1340
+ summary: string;
1341
+ description: string;
1342
+ responses: {
1343
+ "302": {
1344
+ description: string;
1345
+ };
1279
1346
  };
1280
1347
  };
1348
+ scope: "server";
1281
1349
  };
1282
- scope: "server";
1283
- }, undefined>;
1284
- declare const callbackSSOSAML: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/callback/:providerId", ("GET" | "POST")[], {
1285
- SAMLResponse: string;
1286
- RelayState?: string | undefined;
1287
- } | undefined, {
1288
- RelayState?: string | undefined;
1289
- } | undefined, [], never, {
1290
- allowedMediaTypes: string[];
1291
- openapi: {
1292
- operationId: string;
1293
- summary: string;
1294
- description: string;
1295
- responses: {
1296
- "302": {
1297
- description: string;
1298
- };
1299
- "400": {
1300
- description: string;
1301
- };
1302
- "401": {
1303
- description: string;
1350
+ method: "GET";
1351
+ query: z.ZodObject<{
1352
+ code: z.ZodOptional<z.ZodString>;
1353
+ state: z.ZodString;
1354
+ error: z.ZodOptional<z.ZodString>;
1355
+ error_description: z.ZodOptional<z.ZodString>;
1356
+ }, z.core.$strip>;
1357
+ allowedMediaTypes: readonly ["application/x-www-form-urlencoded", "application/json"];
1358
+ }, void>;
1359
+ declare const callbackSSOSAML: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/callback/:providerId", {
1360
+ method: ("POST" | "GET")[];
1361
+ body: z.ZodOptional<z.ZodObject<{
1362
+ SAMLResponse: z.ZodString;
1363
+ RelayState: z.ZodOptional<z.ZodString>;
1364
+ }, z.core.$strip>>;
1365
+ query: z.ZodOptional<z.ZodObject<{
1366
+ RelayState: z.ZodOptional<z.ZodString>;
1367
+ }, z.core.$strip>>;
1368
+ metadata: {
1369
+ allowedMediaTypes: string[];
1370
+ openapi: {
1371
+ operationId: string;
1372
+ summary: string;
1373
+ description: string;
1374
+ responses: {
1375
+ "302": {
1376
+ description: string;
1377
+ };
1378
+ "400": {
1379
+ description: string;
1380
+ };
1381
+ "401": {
1382
+ description: string;
1383
+ };
1304
1384
  };
1305
1385
  };
1386
+ scope: "server";
1306
1387
  };
1307
- scope: "server";
1308
- }, undefined>;
1309
- declare const acsEndpoint: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/sp/acs/:providerId", "POST", {
1310
- SAMLResponse: string;
1311
- RelayState?: string | undefined;
1312
- }, Record<string, any> | undefined, [], never, {
1313
- allowedMediaTypes: string[];
1314
- openapi: {
1315
- operationId: string;
1316
- summary: string;
1317
- description: string;
1318
- responses: {
1319
- "302": {
1320
- description: string;
1388
+ }, never>;
1389
+ declare const acsEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/sp/acs/:providerId", {
1390
+ method: "POST";
1391
+ body: z.ZodObject<{
1392
+ SAMLResponse: z.ZodString;
1393
+ RelayState: z.ZodOptional<z.ZodString>;
1394
+ }, z.core.$strip>;
1395
+ metadata: {
1396
+ allowedMediaTypes: string[];
1397
+ openapi: {
1398
+ operationId: string;
1399
+ summary: string;
1400
+ description: string;
1401
+ responses: {
1402
+ "302": {
1403
+ description: string;
1404
+ };
1321
1405
  };
1322
1406
  };
1407
+ scope: "server";
1323
1408
  };
1324
- scope: "server";
1325
- }, undefined>;
1326
- declare const sloEndpoint: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/sp/slo/:providerId", ("GET" | "POST")[], {
1327
- SAMLRequest?: string | undefined;
1328
- SAMLResponse?: string | undefined;
1329
- RelayState?: string | undefined;
1330
- SigAlg?: string | undefined;
1331
- Signature?: string | undefined;
1332
- } | undefined, {
1333
- SAMLRequest?: string | undefined;
1334
- SAMLResponse?: string | undefined;
1335
- RelayState?: string | undefined;
1336
- SigAlg?: string | undefined;
1337
- Signature?: string | undefined;
1338
- } | undefined, [], void | Response, {
1339
- allowedMediaTypes: string[];
1340
- scope: "server";
1341
- }, undefined>;
1342
- declare const initiateSLO: (options?: SSOOptions) => better_call0.Endpoint<"/sso/saml2/logout/:providerId", "POST", {
1343
- callbackURL?: string | undefined;
1344
- }, Record<string, any> | undefined, [better_call0.Middleware<(inputContext: Record<string, any>) => Promise<{
1345
- session: {
1346
- session: Record<string, any> & {
1347
- id: string;
1348
- createdAt: Date;
1349
- updatedAt: Date;
1350
- userId: string;
1351
- expiresAt: Date;
1352
- token: string;
1353
- ipAddress?: string | null | undefined;
1354
- userAgent?: string | null | undefined;
1355
- };
1356
- user: Record<string, any> & {
1357
- id: string;
1358
- createdAt: Date;
1359
- updatedAt: Date;
1360
- email: string;
1361
- emailVerified: boolean;
1362
- name: string;
1363
- image?: string | null | undefined;
1409
+ }, never>;
1410
+ declare const sloEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/sp/slo/:providerId", {
1411
+ method: ("POST" | "GET")[];
1412
+ body: z.ZodOptional<z.ZodObject<{
1413
+ SAMLRequest: z.ZodOptional<z.ZodString>;
1414
+ SAMLResponse: z.ZodOptional<z.ZodString>;
1415
+ RelayState: z.ZodOptional<z.ZodString>;
1416
+ SigAlg: z.ZodOptional<z.ZodString>;
1417
+ Signature: z.ZodOptional<z.ZodString>;
1418
+ }, z.core.$strip>>;
1419
+ query: z.ZodOptional<z.ZodObject<{
1420
+ SAMLRequest: z.ZodOptional<z.ZodString>;
1421
+ SAMLResponse: z.ZodOptional<z.ZodString>;
1422
+ RelayState: z.ZodOptional<z.ZodString>;
1423
+ SigAlg: z.ZodOptional<z.ZodString>;
1424
+ Signature: z.ZodOptional<z.ZodString>;
1425
+ }, z.core.$strip>>;
1426
+ metadata: {
1427
+ allowedMediaTypes: string[];
1428
+ scope: "server";
1429
+ };
1430
+ }, void | Response>;
1431
+ declare const initiateSLO: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/logout/:providerId", {
1432
+ method: "POST";
1433
+ body: z.ZodObject<{
1434
+ callbackURL: z.ZodOptional<z.ZodString>;
1435
+ }, z.core.$strip>;
1436
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
1437
+ session: {
1438
+ session: Record<string, any> & {
1439
+ id: string;
1440
+ createdAt: Date;
1441
+ updatedAt: Date;
1442
+ userId: string;
1443
+ expiresAt: Date;
1444
+ token: string;
1445
+ ipAddress?: string | null | undefined;
1446
+ userAgent?: string | null | undefined;
1447
+ };
1448
+ user: Record<string, any> & {
1449
+ id: string;
1450
+ createdAt: Date;
1451
+ updatedAt: Date;
1452
+ email: string;
1453
+ emailVerified: boolean;
1454
+ name: string;
1455
+ image?: string | null | undefined;
1456
+ };
1364
1457
  };
1458
+ }>)[];
1459
+ metadata: {
1460
+ readonly scope: "server";
1365
1461
  };
1366
- }>>], never, {
1367
- readonly scope: "server";
1368
- }, undefined>;
1462
+ }, never>;
1369
1463
  //#endregion
1370
1464
  //#region src/constants.d.ts
1371
1465
  /**
@@ -1665,6 +1759,7 @@ type SSOEndpoints<O extends SSOOptions> = {
1665
1759
  };
1666
1760
  type SSOPlugin<O extends SSOOptions> = {
1667
1761
  id: "sso";
1762
+ version: string;
1668
1763
  endpoints: SSOEndpoints<O> & (O extends {
1669
1764
  domainVerification: {
1670
1765
  enabled: true;
@@ -1677,15 +1772,16 @@ declare function sso<O extends SSOOptions & {
1677
1772
  };
1678
1773
  }>(options?: O | undefined): {
1679
1774
  id: "sso";
1775
+ version: string;
1680
1776
  endpoints: SSOEndpoints<O> & DomainVerificationEndpoints;
1681
1777
  schema: NonNullable<BetterAuthPlugin["schema"]>;
1682
- options: O;
1778
+ options: NoInfer<O>;
1683
1779
  };
1684
1780
  declare function sso<O extends SSOOptions>(options?: O | undefined): {
1685
1781
  id: "sso";
1782
+ version: string;
1686
1783
  endpoints: SSOEndpoints<O>;
1687
- options: O;
1784
+ options: NoInfer<O>;
1688
1785
  };
1689
1786
  //#endregion
1690
- export { DataEncryptionAlgorithm as A, TimestampValidationOptions as C, SSOOptions as D, SAMLConfig as E, DigestAlgorithm as M, KeyEncryptionAlgorithm as N, SSOProvider as O, SignatureAlgorithm as P, SAMLConditions as S, OIDCConfig as T, REQUIRED_DISCOVERY_FIELDS as _, fetchDiscoveryDocument as a, DEFAULT_MAX_SAML_METADATA_SIZE as b, normalizeUrl as c, validateDiscoveryUrl as d, DiscoverOIDCConfigParams as f, OIDCDiscoveryDocument as g, HydratedOIDCConfig as h, discoverOIDCConfig as i, DeprecatedAlgorithmBehavior as j, AlgorithmValidationOptions as k, selectTokenEndpointAuthMethod as l, DiscoveryErrorCode as m, sso as n, needsRuntimeDiscovery as o, DiscoveryError as p, computeDiscoveryUrl as r, normalizeDiscoveryUrls as s, SSOPlugin as t, validateDiscoveryDocument as u, RequiredDiscoveryField as v, validateSAMLTimestamp as w, DEFAULT_MAX_SAML_RESPONSE_SIZE as x, DEFAULT_CLOCK_SKEW_MS as y };
1691
- //# sourceMappingURL=index-N-z2Csye.d.mts.map
1787
+ export { DataEncryptionAlgorithm as A, TimestampValidationOptions as C, SSOOptions as D, SAMLConfig as E, DigestAlgorithm as M, KeyEncryptionAlgorithm as N, SSOProvider as O, SignatureAlgorithm as P, SAMLConditions as S, OIDCConfig as T, REQUIRED_DISCOVERY_FIELDS as _, fetchDiscoveryDocument as a, DEFAULT_MAX_SAML_METADATA_SIZE as b, normalizeUrl as c, validateDiscoveryUrl as d, DiscoverOIDCConfigParams as f, OIDCDiscoveryDocument as g, HydratedOIDCConfig as h, discoverOIDCConfig as i, DeprecatedAlgorithmBehavior as j, AlgorithmValidationOptions as k, selectTokenEndpointAuthMethod as l, DiscoveryErrorCode as m, sso as n, needsRuntimeDiscovery as o, DiscoveryError as p, computeDiscoveryUrl as r, normalizeDiscoveryUrls as s, SSOPlugin as t, validateDiscoveryDocument as u, RequiredDiscoveryField as v, validateSAMLTimestamp as w, DEFAULT_MAX_SAML_RESPONSE_SIZE as x, DEFAULT_CLOCK_SKEW_MS as y };