SSO
OIDC and SAML single sign-on providers.
This page documents the current Ruby port behavior. Ruby uses snake_case option names and auth.api method names; HTTP paths and JSON keys keep the upstream wire shape where implemented.
Some UI or provider-specific setup from upstream is app-provided in Ruby. The protocol endpoints below are implemented, but you must supply your own pages, callbacks, client objects, or provider metadata where noted by the option names.
Configure
require "better_auth"
auth = BetterAuth.auth(
secret: ENV.fetch("BETTER_AUTH_SECRET"),
base_url: ENV.fetch("BETTER_AUTH_URL", "http://localhost:3000"),
plugins: [
BetterAuth::Plugins.sso
]
)Usage
auth.api.register_sso_provider(headers: { "cookie" => admin_cookie }, body: { providerId: "acme", domain: "acme.com" })
response = auth.api.sign_in_sso(body: { providerId: "acme", callbackURL: "/dashboard" })Routes
| Method | Path | Ruby API method |
|---|---|---|
POST | /sso/register | auth.api.register_sso_provider |
GET | /sso/providers | auth.api.list_sso_providers |
POST | /sign-in/sso | auth.api.sign_in_sso |
GET | /sso/callback/:providerId | auth.api.callback_sso |
POST | /sso/saml2/sp/acs/:providerId | auth.api.acs_endpoint |
GET | /sso/saml2/sp/metadata | auth.api.sp_metadata |
POST | /sso/verify-domain | auth.api.verify_domain |
Options
Current Ruby options accepted by BetterAuth::Plugins.sso:
model_nameget_tokenget_user_infoauthorization_endpointauthorization_urlclient_idscopescopesentry_point
Support Notes
- The examples above are based on Ruby plugin source and tests in
packages/better_auth. - If an upstream section is not represented here, treat it as not yet documented or not yet supported by the Ruby port until the matching Ruby implementation exists.