From d22d96105ccc0f5104e5c278e8ca42ba74650c47 Mon Sep 17 00:00:00 2001 From: Mauricio Siu Date: Sat, 31 Jan 2026 03:50:54 -0600 Subject: [PATCH] feat(auth): add SSO request handling and provider validation in authentication flow --- packages/server/src/lib/auth.ts | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/packages/server/src/lib/auth.ts b/packages/server/src/lib/auth.ts index 4db295da5..537f0dfbc 100644 --- a/packages/server/src/lib/auth.ts +++ b/packages/server/src/lib/auth.ts @@ -112,6 +112,10 @@ export const { handler, api } = betterAuth({ }); } } else { + const isSSORequest = context?.path.includes("/sso/callback"); + if (isSSORequest) { + return; + } const isAdminPresent = await db.query.member.findFirst({ where: eq(schema.member.role, "owner"), }); @@ -124,6 +128,7 @@ export const { handler, api } = betterAuth({ } }, after: async (user, context) => { + const isSSORequest = context?.path.includes("/sso/callback"); const isAdminPresent = await db.query.member.findFirst({ where: eq(schema.member.role, "owner"), }); @@ -180,6 +185,31 @@ export const { handler, api } = betterAuth({ }); }); } + + if (isSSORequest) { + const providerId = context?.params?.providerId; + if (!providerId) { + throw new APIError("BAD_REQUEST", { + message: "Provider ID is required", + }); + } + const provider = await db.query.ssoProvider.findFirst({ + where: eq(schema.ssoProvider.providerId, providerId), + }); + + if (!provider) { + throw new APIError("BAD_REQUEST", { + message: "Provider not found", + }); + } + await db.insert(schema.member).values({ + userId: user.id, + organizationId: provider?.organizationId || "", + role: "member", + createdAt: new Date(), + isDefault: true, + }); + } }, }, },