UNPKG

@mastra/core

Version:

Mastra is a framework for building AI-powered applications and agents with a modern TypeScript stack.

mastra.ai

mastra-ai/mastra

116 lines 3.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/** * SSO provider interface for EE authentication. * Enables single sign-on flows in Studio. */ /** * Configuration for rendering a login button. */ export interface SSOLoginConfig { /** Provider identifier (e.g., 'mastra', 'auth0', 'okta') */ provider: string; /** Button text (e.g., 'Sign in with Mastra') */ text: string; /** Optional icon URL */ icon?: string; /** Optional description explaining the auth requirement and what credentials to use */ description?: string; } /** * Result of an SSO callback exchange. */ export interface SSOCallbackResult<TUser> { /** Authenticated user */ user: TUser; /** OAuth tokens */ tokens: { /** Access token for API calls */ accessToken: string; /** Refresh token for token renewal */ refreshToken?: string; /** ID token with user claims */ idToken?: string; /** Token expiration time */ expiresAt?: Date; }; /** * Session cookies to set in the response. * Providers using encrypted cookie sessions (like AuthKit) should populate this. */ cookies?: string[]; } /** * Provider interface for SSO authentication. * * Implement this interface to enable: * - SSO login button in Studio * - OAuth/OIDC redirect flows * - Token exchange on callback * * @example * ```typescript * class Auth0SSOProvider implements ISSOProvider { * getLoginUrl(redirectUri: string, state: string) { * const params = new URLSearchParams({ * client_id: this.clientId, * redirect_uri: redirectUri, * response_type: 'code', * scope: 'openid profile email', * state, * }); * return `https://${this.domain}/authorize?${params}`; * } * * async handleCallback(code: string, state: string) { * const tokens = await this.exchangeCode(code); * const user = await this.getUserInfo(tokens.accessToken); * return { user, tokens }; * } * * getLoginButtonConfig() { * return { provider: 'auth0', text: 'Sign in with Auth0' }; * } * } * ``` */ export interface ISSOProvider<TUser = unknown> { /** * Get URL to redirect user to for login. * * @param redirectUri - Callback URL after authentication * @param state - CSRF protection state parameter * @returns Full URL to redirect user to */ getLoginUrl(redirectUri: string, state: string): string; /** * Handle OAuth callback, exchange code for tokens and user. * * @param code - Authorization code from callback * @param state - State parameter for CSRF validation * @returns User and tokens */ handleCallback(code: string, state: string): Promise<SSOCallbackResult<TUser>>; /** * Optional: Get logout URL if provider supports it. * * @param redirectUri - URL to redirect to after logout * @param request - Optional request to extract session info (e.g., for WorkOS sid) * @returns Logout URL, null if no active session, or undefined if not implemented */ getLogoutUrl?(redirectUri: string, request?: Request): string | null | Promise<string | null>; /** * Get configuration for rendering login button in UI. * * @returns Login button configuration */ getLoginButtonConfig(): SSOLoginConfig; /** * Optional: Get cookies to set during login redirect. * Used by PKCE-enabled providers to store code verifier. * * @param redirectUri - OAuth callback URL * @param state - State parameter * @returns Array of Set-Cookie header values, or undefined */ getLoginCookies?(redirectUri: string, state: string): string[] | undefined; } //# sourceMappingURL=sso.d.ts.map