github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-25 16:36:34 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

Revert "fix(sso): always use default SAML assertion consumer service URL (#6069)"

Browse Source 
This reverts commit 041ebeb2f6.
This commit is contained in:
Bereket Engida
2025-11-29 23:09:56 -08:00
parent 7699846ec9
commit b76945e2de
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
packages/sso/src/routes/sso.ts
View File

@@ -10,7 +10,6 @@ import {
import {
APIError,
createAuthEndpoint,
originCheck,
sessionMiddleware,
} from "better-auth/api";
import { setSessionCookie } from "better-auth/cookies";
@@ -110,7 +109,9 @@ export const spMetadata = () => {
assertionConsumerService: [
{
Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
Location: `${ctx.context.baseURL}/sso/saml2/sp/acs/${ctx.query.providerId}`,
Location:
parsedSamlConfig.callbackUrl ||
`${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.id}`,
},
],
wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,
@@ -1476,7 +1477,6 @@ export const callbackSSOSAML = (options?: SSOOptions) => {
SAMLResponse: z.string(),
RelayState: z.string().optional(),
}),
use: [originCheck((ctx) => ctx.body.RelayState)],
metadata: {
isAction: false,
allowedMediaTypes: [
@@ -1604,7 +1604,7 @@ export const callbackSSOSAML = (options?: SSOOptions) => {
: [
{
Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
Location: `${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`,
Location: parsedSamlConfig.callbackUrl,
},
],
privateKey: spData?.privateKey || parsedSamlConfig.privateKey,
@@ -1820,7 +1820,9 @@ export const acsEndpoint = (options?: SSOOptions) => {
"/sso/saml2/sp/acs/:providerId",
{
method: "POST",
params: z.object({
providerId: z.string().optional(),
}),
body: z.object({
SAMLResponse: z.string(),
RelayState: z.string().optional(),
@@ -1919,7 +1921,9 @@ export const acsEndpoint = (options?: SSOOptions) => {
assertionConsumerService: [
{
Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
Location: `${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`,
Location:
parsedSamlConfig.callbackUrl ||
`${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`,
},
],
wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,