signInSSO: createAuthEndpoint()

in packages/better-auth/src/plugins/sso/index.ts [407:535]


			signInSSO: createAuthEndpoint(
				"/sign-in/sso",
				{
					method: "POST",
					body: z.object({
						email: z
							.string({
								description:
									"The email address to sign in with. This is used to identify the issuer to sign in with. It's optional if the issuer is provided",
							})
							.optional(),
						organizationSlug: z
							.string({
								description: "The slug of the organization to sign in with",
							})
							.optional(),
						providerId: z
							.string({
								description:
									"The ID of the provider to sign in with. This can be provided instead of email or issuer",
							})
							.optional(),
						domain: z
							.string({
								description: "The domain of the provider.",
							})
							.optional(),
						callbackURL: z.string({
							description: "The URL to redirect to after login",
						}),
						errorCallbackURL: z
							.string({
								description: "The URL to redirect to after login",
							})
							.optional(),
						newUserCallbackURL: z
							.string({
								description:
									"The URL to redirect to after login if the user is new",
							})
							.optional(),
						scopes: z
							.array(z.string(), {
								description: "Scopes to request from the provider.",
							})
							.optional(),
						requestSignUp: z
							.boolean({
								description:
									"Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider",
							})
							.optional(),
					}),
					metadata: {
						openapi: {
							summary: "Sign in with SSO provider",
							description:
								"This endpoint is used to sign in with an SSO provider. It redirects to the provider's authorization URL",
							requestBody: {
								content: {
									"application/json": {
										schema: {
											type: "object",
											properties: {
												email: {
													type: "string",
													description:
														"The email address to sign in with. This is used to identify the issuer to sign in with. It's optional if the issuer is provided",
												},
												issuer: {
													type: "string",
													description:
														"The issuer identifier, this is the URL of the provider and can be used to verify the provider and identify the provider during login. It's optional if the email is provided",
												},
												providerId: {
													type: "string",
													description:
														"The ID of the provider to sign in with. This can be provided instead of email or issuer",
												},
												callbackURL: {
													type: "string",
													description: "The URL to redirect to after login",
												},
												errorCallbackURL: {
													type: "string",
													description: "The URL to redirect to after login",
												},
												newUserCallbackURL: {
													type: "string",
													description:
														"The URL to redirect to after login if the user is new",
												},
											},
											required: ["callbackURL"],
										},
									},
								},
							},
							responses: {
								"200": {
									description:
										"Authorization URL generated successfully for SSO sign-in",
									content: {
										"application/json": {
											schema: {
												type: "object",
												properties: {
													url: {
														type: "string",
														format: "uri",
														description:
															"The authorization URL to redirect the user to for SSO sign-in",
													},
													redirect: {
														type: "boolean",
														description:
															"Indicates that the client should redirect to the provided URL",
														enum: [true],
													},
												},
												required: ["url", "redirect"],
											},
										},
									},
								},
							},
						},
					},
				},