zerobyte/app/server/lib/auth/utils/sso-context.ts
Nico f511095fde
fix(sso): prevent auto-linking with an existing account in a different org (#607)
* fix(sso): prevent auto-linking with an existing account in a different org

* chore: lint issue

* chore: bump @better-auth/sso
2026-03-03 20:27:50 +01:00

47 lines
1.2 KiB
TypeScript

import type { GenericEndpointContext } from "better-auth";
const SSO_CALLBACK_PATH_SEGMENTS = ["/sso/callback/", "/sso/saml2/callback/", "/sso/saml2/sp/acs/"] as const;
const SSO_CALLBACK_PATH_PATTERN = /\/sso\/(?:callback|saml2\/callback|saml2\/sp\/acs)\/([^/]+)$/;
export function normalizeEmail(email: string): string {
return email.trim().toLowerCase();
}
export function isSsoCallbackPath(pathname: string): boolean {
return SSO_CALLBACK_PATH_SEGMENTS.some((segment) => pathname.includes(segment));
}
export function extractProviderIdFromPathname(pathname: string): string | null {
if (!isSsoCallbackPath(pathname)) {
return null;
}
const match = pathname.match(SSO_CALLBACK_PATH_PATTERN);
return match?.[1] ?? null;
}
export function extractProviderIdFromUrl(url: string): string | null {
try {
const pathname = new URL(url, "http://localhost").pathname;
return extractProviderIdFromPathname(pathname);
} catch {
return null;
}
}
export function extractProviderIdFromContext(ctx?: GenericEndpointContext | null) {
if (!ctx) {
return null;
}
if (ctx.params?.providerId) {
return ctx.params.providerId;
}
if (ctx.request?.url) {
return extractProviderIdFromUrl(ctx.request.url);
}
return null;
}