@better-auth/sso 1.7.0-beta.6 → 1.7.0-beta.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/client.mjs
CHANGED
package/dist/index.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { t as PACKAGE_VERSION } from "./version-
|
|
1
|
+
import { t as PACKAGE_VERSION } from "./version-DPq9tYZW.mjs";
|
|
2
2
|
import { APIError, addOAuthServerContext, createAuthEndpoint, createAuthMiddleware, getSessionFromCtx, sessionMiddleware } from "better-auth/api";
|
|
3
3
|
import { XMLParser, XMLValidator } from "fast-xml-parser";
|
|
4
4
|
import { X509Certificate } from "node:crypto";
|
|
@@ -15,7 +15,7 @@ import { parseInputData, toZodSchema } from "better-auth/db";
|
|
|
15
15
|
import { isAPIError } from "@better-auth/core/utils/is-api-error";
|
|
16
16
|
import { HIDE_METADATA, PRIVATE_KEY_JWT_SIGNING_ALGORITHMS, authorizationCodeRequest, createAuthorizationURL, createPrivateKeyJwtClientAssertionGetter, generateGenericState, generateState, getOAuth2Tokens, parseGenericState, parseState } from "better-auth";
|
|
17
17
|
import { deleteSessionCookie, setSessionCookie } from "better-auth/cookies";
|
|
18
|
-
import { additionalAuthorizationParamsSchema,
|
|
18
|
+
import { additionalAuthorizationParamsSchema, handleOAuthUserInfo } from "better-auth/oauth2";
|
|
19
19
|
import * as samlifyNamespace from "samlify";
|
|
20
20
|
import samlifyDefault from "samlify";
|
|
21
21
|
//#region src/constants.ts
|
|
@@ -2098,16 +2098,19 @@ async function processSAMLResponse(ctx, params, options) {
|
|
|
2098
2098
|
const errorUrl = relayState?.errorURL || samlRedirectUrl;
|
|
2099
2099
|
let result;
|
|
2100
2100
|
try {
|
|
2101
|
-
result = await
|
|
2101
|
+
result = await handleOAuthUserInfo(ctx, {
|
|
2102
2102
|
userInfo: {
|
|
2103
2103
|
email: userInfo.email,
|
|
2104
2104
|
name: userInfo.name || userInfo.email,
|
|
2105
2105
|
id: userInfo.id,
|
|
2106
2106
|
emailVerified: userInfo.emailVerified
|
|
2107
2107
|
},
|
|
2108
|
-
|
|
2109
|
-
|
|
2110
|
-
|
|
2108
|
+
account: {
|
|
2109
|
+
providerId,
|
|
2110
|
+
accountId: userInfo.id,
|
|
2111
|
+
accessToken: "",
|
|
2112
|
+
refreshToken: ""
|
|
2113
|
+
},
|
|
2111
2114
|
callbackURL: postAuthRedirect,
|
|
2112
2115
|
disableSignUp: options?.disableImplicitSignUp,
|
|
2113
2116
|
source: {
|
|
@@ -2743,16 +2746,10 @@ const signInSSO = (options) => {
|
|
|
2743
2746
|
throw error;
|
|
2744
2747
|
}
|
|
2745
2748
|
if (!config.authorizationEndpoint) throw new APIError("BAD_REQUEST", { message: "Invalid OIDC configuration. Authorization URL not found." });
|
|
2746
|
-
const requestedScopes = ctx.body.scopes || config.scopes || [
|
|
2747
|
-
"openid",
|
|
2748
|
-
"email",
|
|
2749
|
-
"profile",
|
|
2750
|
-
"offline_access"
|
|
2751
|
-
];
|
|
2752
2749
|
if (options?.redirectURI?.trim()) await addOAuthServerContext({ ssoProviderId: provider.providerId });
|
|
2753
|
-
const state = await generateState(ctx
|
|
2750
|
+
const state = await generateState(ctx);
|
|
2754
2751
|
const redirectURI = getOIDCRedirectURI(ctx.context.baseURL, provider.providerId, options);
|
|
2755
|
-
const
|
|
2752
|
+
const authorizationURL = await createAuthorizationURL({
|
|
2756
2753
|
id: provider.issuer,
|
|
2757
2754
|
options: {
|
|
2758
2755
|
clientId: config.clientId,
|
|
@@ -2761,7 +2758,12 @@ const signInSSO = (options) => {
|
|
|
2761
2758
|
redirectURI,
|
|
2762
2759
|
state: state.state,
|
|
2763
2760
|
codeVerifier: config.pkce ? state.codeVerifier : void 0,
|
|
2764
|
-
scopes:
|
|
2761
|
+
scopes: ctx.body.scopes || config.scopes || [
|
|
2762
|
+
"openid",
|
|
2763
|
+
"email",
|
|
2764
|
+
"profile",
|
|
2765
|
+
"offline_access"
|
|
2766
|
+
],
|
|
2765
2767
|
loginHint: ctx.body.loginHint || email,
|
|
2766
2768
|
authorizationEndpoint: config.authorizationEndpoint,
|
|
2767
2769
|
additionalParams: ctx.body.additionalParams
|
|
@@ -2840,7 +2842,7 @@ async function handleOIDCCallback(ctx, options, providerId, stateData) {
|
|
|
2840
2842
|
const errorURL = ctx.context.options.onAPIError?.errorURL || `${ctx.context.baseURL}/error`;
|
|
2841
2843
|
throw ctx.redirect(`${errorURL}?error=invalid_state`);
|
|
2842
2844
|
}
|
|
2843
|
-
const { callbackURL, errorURL, newUserURL, requestSignUp
|
|
2845
|
+
const { callbackURL, errorURL, newUserURL, requestSignUp } = stateData;
|
|
2844
2846
|
const redirectOIDCError = (error, description) => {
|
|
2845
2847
|
const baseURL = errorURL || callbackURL;
|
|
2846
2848
|
const params = new URLSearchParams({
|
|
@@ -2967,7 +2969,7 @@ async function handleOIDCCallback(ctx, options, providerId, stateData) {
|
|
|
2967
2969
|
const isTrustedProvider = "domainVerified" in provider && provider.domainVerified === true && validateEmailDomain(userInfo.email, provider.domain);
|
|
2968
2970
|
let linked;
|
|
2969
2971
|
try {
|
|
2970
|
-
linked = await
|
|
2972
|
+
linked = await handleOAuthUserInfo(ctx, {
|
|
2971
2973
|
userInfo: {
|
|
2972
2974
|
email: userInfo.email,
|
|
2973
2975
|
name: userInfo.name || "",
|
|
@@ -2975,10 +2977,16 @@ async function handleOIDCCallback(ctx, options, providerId, stateData) {
|
|
|
2975
2977
|
image: userInfo.image,
|
|
2976
2978
|
emailVerified: options?.trustEmailVerified ? userInfo.emailVerified || false : false
|
|
2977
2979
|
},
|
|
2978
|
-
|
|
2979
|
-
|
|
2980
|
-
|
|
2981
|
-
|
|
2980
|
+
account: {
|
|
2981
|
+
idToken: tokenResponse.idToken,
|
|
2982
|
+
accessToken: tokenResponse.accessToken,
|
|
2983
|
+
refreshToken: tokenResponse.refreshToken,
|
|
2984
|
+
accountId: userInfo.id,
|
|
2985
|
+
providerId: provider.providerId,
|
|
2986
|
+
accessTokenExpiresAt: tokenResponse.accessTokenExpiresAt,
|
|
2987
|
+
refreshTokenExpiresAt: tokenResponse.refreshTokenExpiresAt,
|
|
2988
|
+
scope: tokenResponse.scopes?.join(",")
|
|
2989
|
+
},
|
|
2982
2990
|
callbackURL,
|
|
2983
2991
|
disableSignUp: options?.disableImplicitSignUp && !requestSignUp,
|
|
2984
2992
|
overrideUserInfo: config.overrideUserInfo,
|
|
@@ -3109,14 +3117,9 @@ async function bounceIfIdpInitiated(ctx, options, providerId) {
|
|
|
3109
3117
|
return;
|
|
3110
3118
|
}
|
|
3111
3119
|
if (options?.redirectURI?.trim()) await addOAuthServerContext({ ssoProviderId: provider.providerId });
|
|
3112
|
-
const state = await generateState(ctx
|
|
3113
|
-
"openid",
|
|
3114
|
-
"email",
|
|
3115
|
-
"profile",
|
|
3116
|
-
"offline_access"
|
|
3117
|
-
] });
|
|
3120
|
+
const state = await generateState(ctx);
|
|
3118
3121
|
const redirectURI = getOIDCRedirectURI(ctx.context.baseURL, provider.providerId, options);
|
|
3119
|
-
const
|
|
3122
|
+
const authorizationURL = await createAuthorizationURL({
|
|
3120
3123
|
id: provider.issuer,
|
|
3121
3124
|
options: {
|
|
3122
3125
|
clientId: config.clientId,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@better-auth/sso",
|
|
3
|
-
"version": "1.7.0-beta.
|
|
3
|
+
"version": "1.7.0-beta.8",
|
|
4
4
|
"description": "SSO plugin for Better Auth",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
@@ -70,15 +70,15 @@
|
|
|
70
70
|
"express": "^5.2.1",
|
|
71
71
|
"oauth2-mock-server": "^8.2.2",
|
|
72
72
|
"tsdown": "0.21.1",
|
|
73
|
-
"@better-auth/core": "1.7.0-beta.
|
|
74
|
-
"better-auth": "1.7.0-beta.
|
|
73
|
+
"@better-auth/core": "1.7.0-beta.8",
|
|
74
|
+
"better-auth": "1.7.0-beta.8"
|
|
75
75
|
},
|
|
76
76
|
"peerDependencies": {
|
|
77
77
|
"@better-auth/utils": "0.4.2",
|
|
78
78
|
"@better-fetch/fetch": "1.3.1",
|
|
79
79
|
"better-call": "1.3.6",
|
|
80
|
-
"@better-auth/core": "^1.7.0-beta.
|
|
81
|
-
"better-auth": "^1.7.0-beta.
|
|
80
|
+
"@better-auth/core": "^1.7.0-beta.8",
|
|
81
|
+
"better-auth": "^1.7.0-beta.8"
|
|
82
82
|
},
|
|
83
83
|
"scripts": {
|
|
84
84
|
"build": "tsdown",
|