npm - @better-auth/sso - Versions diffs - 1.6.11 → 1.6.12 - Mend

@better-auth/sso 1.6.11 → 1.6.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/client.mjs +1 -1
package/dist/index.mjs +72 -42
package/dist/{version-D_ggtAOl.mjs → version-dnGn0OgM.mjs} +1 -1
package/package.json +7 -7

package/dist/client.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { t as PACKAGE_VERSION } from "./version-D_ggtAOl.mjs";
+import { t as PACKAGE_VERSION } from "./version-dnGn0OgM.mjs";
 //#region src/client.ts
 const ssoClient = (options) => {
 	return {

package/dist/index.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { t as PACKAGE_VERSION } from "./version-D_ggtAOl.mjs";
+import { t as PACKAGE_VERSION } from "./version-dnGn0OgM.mjs";
 import { APIError, createAuthEndpoint, createAuthMiddleware, getSessionFromCtx, sessionMiddleware } from "better-auth/api";
 import { XMLParser, XMLValidator } from "fast-xml-parser";
 import { X509Certificate } from "node:crypto";
@@ -8,6 +8,7 @@ import * as z from "zod";
 import { isPublicRoutableHost } from "@better-auth/core/utils/host";
 import { BetterFetchError, betterFetch } from "@better-fetch/fetch";
 import { base64 } from "@better-auth/utils/base64";
+import { isAPIError } from "@better-auth/core/utils/is-api-error";
 import { HIDE_METADATA, createAuthorizationURL, generateGenericState, generateState, parseGenericState, parseState, validateAuthorizationCode, validateToken } from "better-auth";
 import { deleteSessionCookie, setSessionCookie } from "better-auth/cookies";
 import { handleOAuthUserInfo } from "better-auth/oauth2";
@@ -1809,23 +1810,35 @@ async function processSAMLResponse(ctx, params, options) {
 	}
 	const isTrustedProvider = ctx.context.trustedProviders.includes(providerId) || "domainVerified" in provider && !!provider.domainVerified && validateEmailDomain(userInfo.email, provider.domain);
 	const callbackUrl = relayState?.callbackURL || parsedSamlConfig.callbackUrl || ctx.context.baseURL;
-	const result = await handleOAuthUserInfo(ctx, {
-		userInfo: {
-			email: userInfo.email,
-			name: userInfo.name || userInfo.email,
-			id: userInfo.id,
-			emailVerified: Boolean(userInfo.emailVerified)
-		},
-		account: {
-			providerId,
-			accountId: userInfo.id,
-			accessToken: "",
-			refreshToken: ""
-		},
-		callbackURL: callbackUrl,
-		disableSignUp: options?.disableImplicitSignUp,
-		isTrustedProvider
-	});
+	const errorUrl = relayState?.errorURL || samlRedirectUrl;
+	let result;
+	try {
+		result = await handleOAuthUserInfo(ctx, {
+			userInfo: {
+				email: userInfo.email,
+				name: userInfo.name || userInfo.email,
+				id: userInfo.id,
+				emailVerified: Boolean(userInfo.emailVerified)
+			},
+			account: {
+				providerId,
+				accountId: userInfo.id,
+				accessToken: "",
+				refreshToken: ""
+			},
+			callbackURL: callbackUrl,
+			disableSignUp: options?.disableImplicitSignUp,
+			isTrustedProvider
+		});
+	} catch (e) {
+		if (isAPIError(e) && e.body?.code) {
+			const params = new URLSearchParams({ error: e.body.code });
+			if (e.body.message) params.set("error_description", e.body.message);
+			const sep = errorUrl.includes("?") ? "&" : "?";
+			throw ctx.redirect(`${errorUrl}${sep}${params.toString()}`);
+		}
+		throw e;
+	}
 	if (result.error) throw ctx.redirect(`${callbackUrl}?error=${result.error.split(" ").join("_")}`);
 	const { session, user } = result.data;
 	if (options?.provisionUser && (result.isRegister || options.provisionUserOnEveryLogin)) await options.provisionUser({
@@ -2698,30 +2711,47 @@ async function handleOIDCCallback(ctx, options, providerId, stateData) {
 	} else throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=user_info_endpoint_not_found`);
 	if (!userInfo.email || !userInfo.id) throw ctx.redirect(`${errorURL || callbackURL}?error=invalid_provider&error_description=missing_user_info`);
 	const isTrustedProvider = "domainVerified" in provider && provider.domainVerified === true && validateEmailDomain(userInfo.email, provider.domain);
-	const linked = await handleOAuthUserInfo(ctx, {
-		userInfo: {
-			email: userInfo.email,
-			name: userInfo.name || "",
-			id: userInfo.id,
-			image: userInfo.image,
-			emailVerified: options?.trustEmailVerified ? userInfo.emailVerified || false : false
-		},
-		account: {
-			idToken: tokenResponse.idToken,
-			accessToken: tokenResponse.accessToken,
-			refreshToken: tokenResponse.refreshToken,
-			accountId: userInfo.id,
-			providerId: provider.providerId,
-			accessTokenExpiresAt: tokenResponse.accessTokenExpiresAt,
-			refreshTokenExpiresAt: tokenResponse.refreshTokenExpiresAt,
-			scope: tokenResponse.scopes?.join(",")
-		},
-		callbackURL,
-		disableSignUp: options?.disableImplicitSignUp && !requestSignUp,
-		overrideUserInfo: config.overrideUserInfo,
-		isTrustedProvider
-	});
-	if (linked.error) throw ctx.redirect(`${errorURL || callbackURL}?error=${linked.error}`);
+	let linked;
+	try {
+		linked = await handleOAuthUserInfo(ctx, {
+			userInfo: {
+				email: userInfo.email,
+				name: userInfo.name || "",
+				id: userInfo.id,
+				image: userInfo.image,
+				emailVerified: options?.trustEmailVerified ? userInfo.emailVerified || false : false
+			},
+			account: {
+				idToken: tokenResponse.idToken,
+				accessToken: tokenResponse.accessToken,
+				refreshToken: tokenResponse.refreshToken,
+				accountId: userInfo.id,
+				providerId: provider.providerId,
+				accessTokenExpiresAt: tokenResponse.accessTokenExpiresAt,
+				refreshTokenExpiresAt: tokenResponse.refreshTokenExpiresAt,
+				scope: tokenResponse.scopes?.join(",")
+			},
+			callbackURL,
+			disableSignUp: options?.disableImplicitSignUp && !requestSignUp,
+			overrideUserInfo: config.overrideUserInfo,
+			isTrustedProvider
+		});
+	} catch (e) {
+		if (isAPIError(e) && e.body?.code) {
+			const baseURL = errorURL || callbackURL;
+			const params = new URLSearchParams({ error: e.body.code });
+			if (e.body.message) params.set("error_description", e.body.message);
+			const sep = baseURL.includes("?") ? "&" : "?";
+			throw ctx.redirect(`${baseURL}${sep}${params.toString()}`);
+		}
+		throw e;
+	}
+	if (linked.error) {
+		const baseURL = errorURL || callbackURL;
+		const params = new URLSearchParams({ error: linked.error });
+		const sep = baseURL.includes("?") ? "&" : "?";
+		throw ctx.redirect(`${baseURL}${sep}${params.toString()}`);
+	}
 	const { session, user } = linked.data;
 	if (options?.provisionUser && (linked.isRegister || options.provisionUserOnEveryLogin)) await options.provisionUser({
 		user,

package/dist/{version-D_ggtAOl.mjs → version-dnGn0OgM.mjs} RENAMED Viewed

@@ -1,5 +1,5 @@
 //#endregion
 //#region src/version.ts
-const PACKAGE_VERSION = "1.6.11";
+const PACKAGE_VERSION = "1.6.12";
 //#endregion
 export { PACKAGE_VERSION as t };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/sso",
-  "version": "1.6.11",
+  "version": "1.6.12",
   "description": "SSO plugin for Better Auth",
   "type": "module",
   "license": "MIT",
@@ -56,7 +56,7 @@
     }
   },
   "dependencies": {
-    "fast-xml-parser": "^5.5.7",
+    "fast-xml-parser": "^5.8.0",
     "jose": "^6.1.3",
     "samlify": "~2.10.2",
     "tldts": "^6.1.0",
@@ -70,15 +70,15 @@
     "express": "^5.2.1",
     "oauth2-mock-server": "^8.2.2",
     "tsdown": "0.21.1",
-    "@better-auth/core": "1.6.11",
-    "better-auth": "1.6.11"
+    "@better-auth/core": "1.6.12",
+    "better-auth": "1.6.12"
   },
   "peerDependencies": {
-    "@better-auth/utils": "0.4.0",
+    "@better-auth/utils": "0.4.1",
     "@better-fetch/fetch": "1.1.21",
     "better-call": "1.3.5",
-    "@better-auth/core": "^1.6.11",
-    "better-auth": "^1.6.11"
+    "@better-auth/core": "^1.6.12",
+    "better-auth": "^1.6.12"
   },
   "scripts": {
     "build": "tsdown",