@better-auth/sso 1.7.0-beta.4 → 1.7.0-beta.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/client.d.mts
CHANGED
|
@@ -1,10 +1,18 @@
|
|
|
1
|
-
import { t as SSOPlugin } from "./index-
|
|
1
|
+
import { t as SSOPlugin } from "./index-DsajaS2F.mjs";
|
|
2
|
+
import { DBFieldAttribute } from "better-auth/db";
|
|
2
3
|
|
|
3
4
|
//#region src/client.d.ts
|
|
4
5
|
interface SSOClientOptions {
|
|
5
6
|
domainVerification?: {
|
|
6
7
|
enabled: boolean;
|
|
7
8
|
} | undefined;
|
|
9
|
+
schema?: {
|
|
10
|
+
ssoProvider?: {
|
|
11
|
+
additionalFields?: {
|
|
12
|
+
[key: string]: DBFieldAttribute;
|
|
13
|
+
};
|
|
14
|
+
};
|
|
15
|
+
} | undefined;
|
|
8
16
|
}
|
|
9
17
|
declare const ssoClient: <CO extends SSOClientOptions>(options?: CO | undefined) => {
|
|
10
18
|
id: "sso-client";
|
|
@@ -15,6 +23,7 @@ declare const ssoClient: <CO extends SSOClientOptions>(options?: CO | undefined)
|
|
|
15
23
|
enabled: true;
|
|
16
24
|
} ? true : false;
|
|
17
25
|
};
|
|
26
|
+
schema: CO["schema"];
|
|
18
27
|
}>;
|
|
19
28
|
pathMethods: {
|
|
20
29
|
"/sso/providers": "GET";
|
package/dist/client.mjs
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { APIError } from "better-auth/api";
|
|
2
2
|
import * as z from "zod";
|
|
3
|
-
import {
|
|
3
|
+
import { DBFieldAttribute, FieldAttributeToObject, InferAdditionalFieldsFromPluginOptions, RemoveFieldsWithReturnedFalse } from "better-auth/db";
|
|
4
|
+
import { Awaitable, OAuth2Tokens, User } from "better-auth";
|
|
4
5
|
import * as better_call0 from "better-call";
|
|
5
6
|
|
|
6
7
|
//#region src/saml/algorithms.d.ts
|
|
@@ -172,11 +173,32 @@ type BaseSSOProvider = {
|
|
|
172
173
|
organizationId?: string | undefined;
|
|
173
174
|
domain: string;
|
|
174
175
|
};
|
|
176
|
+
type SSOProviderAdditionalFields<O extends SSOOptions, IsClientSide extends boolean> = O["schema"] extends {
|
|
177
|
+
ssoProvider?: {
|
|
178
|
+
additionalFields: infer Field extends Record<string, DBFieldAttribute>;
|
|
179
|
+
};
|
|
180
|
+
} ? IsClientSide extends true ? FieldAttributeToObject<RemoveFieldsWithReturnedFalse<Field>> : FieldAttributeToObject<Field> : {};
|
|
181
|
+
type SSOProviderAdditionalFieldsInput<O extends SSOOptions, IsClientSide extends boolean = true> = InferAdditionalFieldsFromPluginOptions<"ssoProvider", O, IsClientSide>;
|
|
182
|
+
type InferSSOProvider<O extends SSOOptions, IsClientSide extends boolean = true> = (O["domainVerification"] extends {
|
|
183
|
+
enabled: true;
|
|
184
|
+
} ? {
|
|
185
|
+
domainVerified: boolean;
|
|
186
|
+
} & BaseSSOProvider : BaseSSOProvider) & SSOProviderAdditionalFields<O, IsClientSide>;
|
|
175
187
|
type SSOProvider<O extends SSOOptions> = O["domainVerification"] extends {
|
|
176
188
|
enabled: true;
|
|
177
189
|
} ? {
|
|
178
190
|
domainVerified: boolean;
|
|
179
|
-
} & BaseSSOProvider : BaseSSOProvider
|
|
191
|
+
} & BaseSSOProvider & SSOProviderAdditionalFields<O, false> : BaseSSOProvider & SSOProviderAdditionalFields<O, false>;
|
|
192
|
+
type SSOProviderSchema<O extends SSOOptions> = {
|
|
193
|
+
ssoProvider: {
|
|
194
|
+
modelName: string;
|
|
195
|
+
fields: Record<string, DBFieldAttribute> & (O["schema"] extends {
|
|
196
|
+
ssoProvider?: {
|
|
197
|
+
additionalFields: infer Field extends Record<string, DBFieldAttribute>;
|
|
198
|
+
};
|
|
199
|
+
} ? Field : {});
|
|
200
|
+
};
|
|
201
|
+
};
|
|
180
202
|
interface SSOOptions {
|
|
181
203
|
/**
|
|
182
204
|
* custom function to provision a user when they sign in with an SSO provider.
|
|
@@ -298,6 +320,25 @@ interface SSOOptions {
|
|
|
298
320
|
organizationId?: string | undefined;
|
|
299
321
|
domain?: string | undefined;
|
|
300
322
|
};
|
|
323
|
+
/**
|
|
324
|
+
* The schema for the SSO plugin.
|
|
325
|
+
*/
|
|
326
|
+
schema?: {
|
|
327
|
+
ssoProvider?: {
|
|
328
|
+
modelName?: string | undefined;
|
|
329
|
+
fields?: {
|
|
330
|
+
issuer?: string | undefined;
|
|
331
|
+
oidcConfig?: string | undefined;
|
|
332
|
+
samlConfig?: string | undefined;
|
|
333
|
+
userId?: string | undefined;
|
|
334
|
+
providerId?: string | undefined;
|
|
335
|
+
organizationId?: string | undefined;
|
|
336
|
+
domain?: string | undefined;
|
|
337
|
+
domainVerified?: string | undefined;
|
|
338
|
+
};
|
|
339
|
+
additionalFields?: { [key in string]: DBFieldAttribute };
|
|
340
|
+
};
|
|
341
|
+
} | undefined;
|
|
301
342
|
/**
|
|
302
343
|
* Configure the maximum number of SSO providers a user can register.
|
|
303
344
|
* You can also pass a function that returns a number.
|
|
@@ -605,7 +646,7 @@ type ParsedCert = ReturnType<typeof parseCertificate>;
|
|
|
605
646
|
type SanitizedCert = ParsedCert | {
|
|
606
647
|
error: string;
|
|
607
648
|
};
|
|
608
|
-
declare const listSSOProviders: () => better_call0.StrictEndpoint<"/sso/providers", {
|
|
649
|
+
declare const listSSOProviders: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/providers", {
|
|
609
650
|
method: "GET";
|
|
610
651
|
use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
|
|
611
652
|
session: {
|
|
@@ -674,7 +715,7 @@ declare const listSSOProviders: () => better_call0.StrictEndpoint<"/sso/provider
|
|
|
674
715
|
spMetadataUrl: string;
|
|
675
716
|
}[];
|
|
676
717
|
}>;
|
|
677
|
-
declare const getSSOProvider: () => better_call0.StrictEndpoint<"/sso/get-provider", {
|
|
718
|
+
declare const getSSOProvider: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/get-provider", {
|
|
678
719
|
method: "GET";
|
|
679
720
|
use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
|
|
680
721
|
session: {
|
|
@@ -976,87 +1017,7 @@ declare const spMetadata: (options?: SSOOptions) => better_call0.StrictEndpoint<
|
|
|
976
1017
|
declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_call0.StrictEndpoint<"/sso/register", {
|
|
977
1018
|
method: "POST";
|
|
978
1019
|
body: z.ZodObject<{
|
|
979
|
-
|
|
980
|
-
issuer: z.ZodString;
|
|
981
|
-
domain: z.ZodString;
|
|
982
|
-
oidcConfig: z.ZodOptional<z.ZodObject<{
|
|
983
|
-
clientId: z.ZodString;
|
|
984
|
-
clientSecret: z.ZodOptional<z.ZodString>;
|
|
985
|
-
authorizationEndpoint: z.ZodOptional<z.ZodString>;
|
|
986
|
-
tokenEndpoint: z.ZodOptional<z.ZodString>;
|
|
987
|
-
userInfoEndpoint: z.ZodOptional<z.ZodString>;
|
|
988
|
-
tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
|
|
989
|
-
client_secret_post: "client_secret_post";
|
|
990
|
-
client_secret_basic: "client_secret_basic";
|
|
991
|
-
private_key_jwt: "private_key_jwt";
|
|
992
|
-
}>>;
|
|
993
|
-
privateKeyId: z.ZodOptional<z.ZodString>;
|
|
994
|
-
privateKeyAlgorithm: z.ZodOptional<z.ZodString>;
|
|
995
|
-
jwksEndpoint: z.ZodOptional<z.ZodString>;
|
|
996
|
-
discoveryEndpoint: z.ZodOptional<z.ZodString>;
|
|
997
|
-
skipDiscovery: z.ZodOptional<z.ZodBoolean>;
|
|
998
|
-
scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
999
|
-
pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
|
|
1000
|
-
overrideUserInfo: z.ZodOptional<z.ZodBoolean>;
|
|
1001
|
-
mapping: z.ZodOptional<z.ZodObject<{
|
|
1002
|
-
id: z.ZodString;
|
|
1003
|
-
email: z.ZodString;
|
|
1004
|
-
emailVerified: z.ZodOptional<z.ZodString>;
|
|
1005
|
-
name: z.ZodString;
|
|
1006
|
-
image: z.ZodOptional<z.ZodString>;
|
|
1007
|
-
extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
1008
|
-
}, z.core.$strip>>;
|
|
1009
|
-
}, z.core.$strip>>;
|
|
1010
|
-
samlConfig: z.ZodOptional<z.ZodObject<{
|
|
1011
|
-
entryPoint: z.ZodString;
|
|
1012
|
-
cert: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
|
|
1013
|
-
audience: z.ZodOptional<z.ZodString>;
|
|
1014
|
-
idpMetadata: z.ZodOptional<z.ZodObject<{
|
|
1015
|
-
metadata: z.ZodOptional<z.ZodString>;
|
|
1016
|
-
entityID: z.ZodOptional<z.ZodString>;
|
|
1017
|
-
cert: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
|
|
1018
|
-
privateKey: z.ZodOptional<z.ZodString>;
|
|
1019
|
-
privateKeyPass: z.ZodOptional<z.ZodString>;
|
|
1020
|
-
isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
|
|
1021
|
-
encPrivateKey: z.ZodOptional<z.ZodString>;
|
|
1022
|
-
encPrivateKeyPass: z.ZodOptional<z.ZodString>;
|
|
1023
|
-
singleSignOnService: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
1024
|
-
Binding: z.ZodString;
|
|
1025
|
-
Location: z.ZodString;
|
|
1026
|
-
}, z.core.$strip>>>;
|
|
1027
|
-
singleLogoutService: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
1028
|
-
Binding: z.ZodString;
|
|
1029
|
-
Location: z.ZodString;
|
|
1030
|
-
}, z.core.$strip>>>;
|
|
1031
|
-
}, z.core.$strip>>;
|
|
1032
|
-
spMetadata: z.ZodOptional<z.ZodObject<{
|
|
1033
|
-
metadata: z.ZodOptional<z.ZodString>;
|
|
1034
|
-
entityID: z.ZodOptional<z.ZodString>;
|
|
1035
|
-
binding: z.ZodOptional<z.ZodString>;
|
|
1036
|
-
privateKey: z.ZodOptional<z.ZodString>;
|
|
1037
|
-
privateKeyPass: z.ZodOptional<z.ZodString>;
|
|
1038
|
-
isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
|
|
1039
|
-
encPrivateKey: z.ZodOptional<z.ZodString>;
|
|
1040
|
-
encPrivateKeyPass: z.ZodOptional<z.ZodString>;
|
|
1041
|
-
}, z.core.$strip>>;
|
|
1042
|
-
wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
|
|
1043
|
-
authnRequestsSigned: z.ZodOptional<z.ZodBoolean>;
|
|
1044
|
-
signatureAlgorithm: z.ZodOptional<z.ZodString>;
|
|
1045
|
-
digestAlgorithm: z.ZodOptional<z.ZodString>;
|
|
1046
|
-
identifierFormat: z.ZodOptional<z.ZodString>;
|
|
1047
|
-
privateKey: z.ZodOptional<z.ZodString>;
|
|
1048
|
-
mapping: z.ZodOptional<z.ZodObject<{
|
|
1049
|
-
id: z.ZodString;
|
|
1050
|
-
email: z.ZodString;
|
|
1051
|
-
emailVerified: z.ZodOptional<z.ZodString>;
|
|
1052
|
-
name: z.ZodString;
|
|
1053
|
-
firstName: z.ZodOptional<z.ZodString>;
|
|
1054
|
-
lastName: z.ZodOptional<z.ZodString>;
|
|
1055
|
-
extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
1056
|
-
}, z.core.$strip>>;
|
|
1057
|
-
}, z.core.$strip>>;
|
|
1058
|
-
organizationId: z.ZodOptional<z.ZodString>;
|
|
1059
|
-
overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
|
|
1020
|
+
[x: string]: z.ZodOptional<z.ZodAny>;
|
|
1060
1021
|
}, z.core.$strip>;
|
|
1061
1022
|
use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
|
|
1062
1023
|
session: {
|
|
@@ -1082,6 +1043,9 @@ declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_
|
|
|
1082
1043
|
};
|
|
1083
1044
|
}>)[];
|
|
1084
1045
|
metadata: {
|
|
1046
|
+
$Infer: {
|
|
1047
|
+
body: Record<string, any> & SSOProviderAdditionalFieldsInput<O>;
|
|
1048
|
+
};
|
|
1085
1049
|
openapi: {
|
|
1086
1050
|
operationId: string;
|
|
1087
1051
|
summary: string;
|
|
@@ -1248,14 +1212,14 @@ declare const registerSSOProvider: <O extends SSOOptions>(options: O) => better_
|
|
|
1248
1212
|
redirectURI: string;
|
|
1249
1213
|
oidcConfig: OIDCConfig | null;
|
|
1250
1214
|
samlConfig: SAMLConfig | null;
|
|
1251
|
-
} & Omit<
|
|
1215
|
+
} & Omit<InferSSOProvider<O>, "oidcConfig" | "samlConfig"> & {
|
|
1252
1216
|
domainVerified: boolean;
|
|
1253
1217
|
domainVerificationToken: string;
|
|
1254
1218
|
} : {
|
|
1255
1219
|
redirectURI: string;
|
|
1256
1220
|
oidcConfig: OIDCConfig | null;
|
|
1257
1221
|
samlConfig: SAMLConfig | null;
|
|
1258
|
-
} & Omit<
|
|
1222
|
+
} & Omit<InferSSOProvider<O>, "oidcConfig" | "samlConfig">>;
|
|
1259
1223
|
declare const signInSSO: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sign-in/sso", {
|
|
1260
1224
|
method: "POST";
|
|
1261
1225
|
body: z.ZodObject<{
|
|
@@ -1430,7 +1394,7 @@ declare const callbackSSOShared: (options?: SSOOptions) => better_call0.StrictEn
|
|
|
1430
1394
|
allowedMediaTypes: readonly ["application/x-www-form-urlencoded", "application/json"];
|
|
1431
1395
|
}, void>;
|
|
1432
1396
|
declare const acsEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/sp/acs/:providerId", {
|
|
1433
|
-
method: ("
|
|
1397
|
+
method: ("GET" | "POST")[];
|
|
1434
1398
|
body: z.ZodOptional<z.ZodObject<{
|
|
1435
1399
|
SAMLResponse: z.ZodString;
|
|
1436
1400
|
RelayState: z.ZodOptional<z.ZodString>;
|
|
@@ -1460,7 +1424,7 @@ declare const acsEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint
|
|
|
1460
1424
|
};
|
|
1461
1425
|
}, never>;
|
|
1462
1426
|
declare const sloEndpoint: (options?: SSOOptions) => better_call0.StrictEndpoint<"/sso/saml2/sp/slo/:providerId", {
|
|
1463
|
-
method: ("
|
|
1427
|
+
method: ("GET" | "POST")[];
|
|
1464
1428
|
body: z.ZodOptional<z.ZodObject<{
|
|
1465
1429
|
SAMLRequest: z.ZodOptional<z.ZodString>;
|
|
1466
1430
|
SAMLResponse: z.ZodOptional<z.ZodString>;
|
|
@@ -1630,7 +1594,7 @@ interface OIDCDiscoveryDocument {
|
|
|
1630
1594
|
/**
|
|
1631
1595
|
* Error codes for OIDC discovery operations.
|
|
1632
1596
|
*/
|
|
1633
|
-
type DiscoveryErrorCode = /** Request to discovery endpoint timed out */"discovery_timeout" /** Discovery endpoint returned 404 or similar */ | "discovery_not_found" /** Discovery endpoint returned invalid JSON */ | "discovery_invalid_json" /** OIDC endpoint URL (discovery or per-endpoint: authorization, token, userinfo, jwks) is invalid, malformed, or uses a non-`http(s)` scheme */ | "discovery_invalid_url" /** OIDC endpoint URL is not trusted by the trusted origins configuration */ | "discovery_untrusted_origin" /** OIDC endpoint URL (discovery or per-endpoint) points to a host that is not publicly routable (loopback, RFC 1918, link-local, cloud metadata FQDN, etc.) */ | "discovery_private_host" /** Discovery document issuer doesn't match configured issuer */ | "issuer_mismatch" /** Discovery document is missing required fields */ | "discovery_incomplete" /** IdP only advertises token auth methods that Better Auth doesn't currently support */ | "unsupported_token_auth_method" /** Catch-all for unexpected errors */ | "discovery_unexpected_error";
|
|
1597
|
+
type DiscoveryErrorCode = /** Request to discovery endpoint timed out */"discovery_timeout" /** Discovery endpoint returned 404 or similar */ | "discovery_not_found" /** Discovery endpoint returned invalid JSON */ | "discovery_invalid_json" /** OIDC endpoint URL (discovery or per-endpoint: authorization, token, userinfo, jwks) is invalid, malformed, or uses a non-`http(s)` scheme */ | "discovery_invalid_url" /** OIDC endpoint URL is not trusted by the trusted origins configuration */ | "discovery_untrusted_origin" /** OIDC endpoint URL (discovery or per-endpoint) points to a host that is not publicly routable (loopback, RFC 1918, link-local, cloud metadata FQDN, etc.) */ | "discovery_private_host" /** Server-side OIDC endpoint fetch received an HTTP redirect response */ | "oidc_endpoint_redirect" /** Discovery document issuer doesn't match configured issuer */ | "issuer_mismatch" /** Discovery document is missing required fields */ | "discovery_incomplete" /** IdP only advertises token auth methods that Better Auth doesn't currently support */ | "unsupported_token_auth_method" /** Catch-all for unexpected errors */ | "discovery_unexpected_error";
|
|
1634
1598
|
/**
|
|
1635
1599
|
* Custom error class for OIDC discovery failures.
|
|
1636
1600
|
* Can be caught and mapped to APIError at the edge.
|
|
@@ -1745,7 +1709,7 @@ declare function validateDiscoveryUrl(url: string, isTrustedOrigin: DiscoverOIDC
|
|
|
1745
1709
|
* @returns The parsed discovery document
|
|
1746
1710
|
* @throws DiscoveryError on network errors, timeouts, or invalid responses
|
|
1747
1711
|
*/
|
|
1748
|
-
declare function fetchDiscoveryDocument(url: string, timeout?: number): Promise<OIDCDiscoveryDocument>;
|
|
1712
|
+
declare function fetchDiscoveryDocument(url: string, timeout?: number, isTrustedOrigin?: (url: string) => boolean): Promise<OIDCDiscoveryDocument>;
|
|
1749
1713
|
/**
|
|
1750
1714
|
* Validate a discovery document.
|
|
1751
1715
|
*
|
|
@@ -1836,6 +1800,11 @@ type SSOPlugin<O extends SSOOptions> = {
|
|
|
1836
1800
|
enabled: true;
|
|
1837
1801
|
};
|
|
1838
1802
|
} ? DomainVerificationEndpoints : {});
|
|
1803
|
+
schema: SSOProviderSchema<O>;
|
|
1804
|
+
$Infer: {
|
|
1805
|
+
SSOProvider: InferSSOProvider<O>;
|
|
1806
|
+
};
|
|
1807
|
+
options: NoInfer<O>;
|
|
1839
1808
|
};
|
|
1840
1809
|
declare function sso<O extends SSOOptions & {
|
|
1841
1810
|
domainVerification?: {
|
|
@@ -1845,13 +1814,20 @@ declare function sso<O extends SSOOptions & {
|
|
|
1845
1814
|
id: "sso";
|
|
1846
1815
|
version: string;
|
|
1847
1816
|
endpoints: SSOEndpoints<O> & DomainVerificationEndpoints;
|
|
1848
|
-
schema:
|
|
1817
|
+
schema: SSOProviderSchema<O>;
|
|
1818
|
+
$Infer: {
|
|
1819
|
+
SSOProvider: InferSSOProvider<O>;
|
|
1820
|
+
};
|
|
1849
1821
|
options: NoInfer<O>;
|
|
1850
1822
|
};
|
|
1851
1823
|
declare function sso<O extends SSOOptions>(options?: O | undefined): {
|
|
1852
1824
|
id: "sso";
|
|
1853
1825
|
version: string;
|
|
1854
1826
|
endpoints: SSOEndpoints<O>;
|
|
1827
|
+
schema: SSOProviderSchema<O>;
|
|
1828
|
+
$Infer: {
|
|
1829
|
+
SSOProvider: InferSSOProvider<O>;
|
|
1830
|
+
};
|
|
1855
1831
|
options: NoInfer<O>;
|
|
1856
1832
|
};
|
|
1857
1833
|
//#endregion
|
package/dist/index.d.mts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { A as DataEncryptionAlgorithm, C as DEFAULT_MAX_SAML_METADATA_SIZE, D as SSOOptions, E as SAMLConfig, M as DigestAlgorithm, N as KeyEncryptionAlgorithm, O as SSOProvider, P as SignatureAlgorithm, S as DEFAULT_CLOCK_SKEW_MS, T as OIDCConfig, _ as REQUIRED_DISCOVERY_FIELDS, a as fetchDiscoveryDocument, b as TimestampValidationOptions, c as normalizeUrl, d as validateDiscoveryUrl, f as DiscoverOIDCConfigParams, g as OIDCDiscoveryDocument, h as HydratedOIDCConfig, i as discoverOIDCConfig, j as DeprecatedAlgorithmBehavior, k as AlgorithmValidationOptions, l as selectTokenEndpointAuthMethod, m as DiscoveryErrorCode, n as sso, o as needsRuntimeDiscovery, p as DiscoveryError, r as computeDiscoveryUrl, s as normalizeDiscoveryUrls, t as SSOPlugin, u as validateDiscoveryDocument, v as RequiredDiscoveryField, w as DEFAULT_MAX_SAML_RESPONSE_SIZE, x as validateSAMLTimestamp, y as SAMLConditions } from "./index-
|
|
1
|
+
import { A as DataEncryptionAlgorithm, C as DEFAULT_MAX_SAML_METADATA_SIZE, D as SSOOptions, E as SAMLConfig, M as DigestAlgorithm, N as KeyEncryptionAlgorithm, O as SSOProvider, P as SignatureAlgorithm, S as DEFAULT_CLOCK_SKEW_MS, T as OIDCConfig, _ as REQUIRED_DISCOVERY_FIELDS, a as fetchDiscoveryDocument, b as TimestampValidationOptions, c as normalizeUrl, d as validateDiscoveryUrl, f as DiscoverOIDCConfigParams, g as OIDCDiscoveryDocument, h as HydratedOIDCConfig, i as discoverOIDCConfig, j as DeprecatedAlgorithmBehavior, k as AlgorithmValidationOptions, l as selectTokenEndpointAuthMethod, m as DiscoveryErrorCode, n as sso, o as needsRuntimeDiscovery, p as DiscoveryError, r as computeDiscoveryUrl, s as normalizeDiscoveryUrls, t as SSOPlugin, u as validateDiscoveryDocument, v as RequiredDiscoveryField, w as DEFAULT_MAX_SAML_RESPONSE_SIZE, x as validateSAMLTimestamp, y as SAMLConditions } from "./index-DsajaS2F.mjs";
|
|
2
2
|
export { AlgorithmValidationOptions, DEFAULT_CLOCK_SKEW_MS, DEFAULT_MAX_SAML_METADATA_SIZE, DEFAULT_MAX_SAML_RESPONSE_SIZE, DataEncryptionAlgorithm, DeprecatedAlgorithmBehavior, DigestAlgorithm, DiscoverOIDCConfigParams, DiscoveryError, DiscoveryErrorCode, HydratedOIDCConfig, KeyEncryptionAlgorithm, OIDCConfig, OIDCDiscoveryDocument, REQUIRED_DISCOVERY_FIELDS, RequiredDiscoveryField, SAMLConditions, SAMLConfig, SSOOptions, SSOPlugin, SSOProvider, SignatureAlgorithm, TimestampValidationOptions, computeDiscoveryUrl, discoverOIDCConfig, fetchDiscoveryDocument, needsRuntimeDiscovery, normalizeDiscoveryUrls, normalizeUrl, selectTokenEndpointAuthMethod, sso, validateDiscoveryDocument, validateDiscoveryUrl, validateSAMLTimestamp };
|