feat(provider): add Osso SAML provider (#1448 )

Co-authored-by: @sbauch
feat(client): introduce NEXTAUTH_URL_INTERNAL (#1449 )
2026-05-01 10:55:20 +00:00 · 2021-03-06 00:21:38 +01:00 · 2021-03-06 00:10:36 +01:00
6 changed files with 74 additions and 1 deletions
--- a/src/client/index.d.ts
+++ b/src/client/index.d.ts
@@ -29,6 +29,8 @@ type GetSession<S extends Record<string, unknown> = DefaultSession> = (options:
 export interface NextAuthConfig {
  baseUrl: string
  basePath: string
+  baseUrlServer: string
+  basePathServer: string
  /** 0 means disabled (don't send); 60 means send every 60 seconds */
  keepAlive: number
  /** 0 means disabled (only use cache); 60 means sync if last checked > 60 seconds ago */
--- a/src/client/index.js
+++ b/src/client/index.js
@@ -22,6 +22,8 @@ import parseUrl from '../lib/parse-url'
 const __NEXTAUTH = {
  baseUrl: parseUrl(process.env.NEXTAUTH_URL || process.env.VERCEL_URL).baseUrl,
  basePath: parseUrl(process.env.NEXTAUTH_URL).basePath,
+  baseUrlServer: parseUrl(process.env.NEXTAUTH_URL_INTERNAL || process.env.NEXTAUTH_URL || process.env.VERCEL_URL).baseUrl,
+  basePathServer: parseUrl(process.env.NEXTAUTH_URL_INTERNAL || process.env.NEXTAUTH_URL).basePath,
  keepAlive: 0,
  clientMaxAge: 0,
  // Properties starting with _ are used for tracking internal app state
@@ -359,7 +361,7 @@ function _apiBaseUrl () {
    }

    // Return absolute path when called server side
-    return `${__NEXTAUTH.baseUrl}${__NEXTAUTH.basePath}`
+    return `${__NEXTAUTH.baseUrlServer}${__NEXTAUTH.basePathServer}`
  }
  // Return relative path when called client side
  return __NEXTAUTH.basePath
--- a/src/providers/index.js
+++ b/src/providers/index.js
@@ -25,6 +25,7 @@ import MailRu from './mailru'
 import Medium from './medium'
 import Netlify from './netlify'
 import Okta from './okta'
+import Osso from './osso'
 import Reddit from './reddit'
 import Salesforce from './salesforce'
 import Slack from './slack'
@@ -63,6 +64,7 @@ export default {
  Medium,
  Netlify,
  Okta,
+  Osso,
  Reddit,
  Salesforce,
  Slack,
--- a/src/providers/osso.js
+++ b/src/providers/osso.js
@@ -0,0 +1,20 @@
+export default (options) => {
+  return {
+    id: 'osso',
+    name: 'SAML SSO',
+    type: 'oauth',
+    version: '2.0',
+    params: { grant_type: 'authorization_code' },
+    accessTokenUrl: `https://${options.domain}/oauth/token`,
+    authorizationUrl: `https://${options.domain}/oauth/authorize?response_type=code`,
+    profileUrl: `https://${options.domain}/oauth/me`,
+    profile: (profile) => {
+      return {
+        id: profile.id,
+        name: profile.name || profile.email,
+        email: profile.email
+      }
+    },
+    ...options
+  }
+}
--- a/www/docs/configuration/options.md
+++ b/www/docs/configuration/options.md
@@ -21,6 +21,14 @@ _e.g. `NEXTAUTH_URL=https://example.com/custom-route/api/auth`_
 To set environment variables on Vercel, you can use the [dashboard](https://vercel.com/dashboard) or the `now env` command.
 :::

+### NEXTAUTH_URL_INTERNAL
+
+If provided, server-side calls will use this instead of `NEXTAUTH_URL`. Useful in environments when the server doesn't have access to the canonical URL of your site. Defaults to `NEXTAUTH_URL`.
+
+```
+NEXTAUTH_URL_INTERNAL=http://10.240.8.16
+```
+
 ---

 ## Options
--- a/www/docs/providers/osso.md
+++ b/www/docs/providers/osso.md
@@ -0,0 +1,39 @@
+---
+id: osso
+title: Osso
+---
+
+## Documentation
+
+Osso is an open source service that handles SAML authentication against Identity Providers, normalizes profiles, and makes those profiles available to you in an OAuth 2.0 code grant flow.
+
+If you don't yet have an Osso instance, you can use [Osso's Demo App](https://demo.ossoapp.com) for your testing purposes. For documentation on deploying an Osso instance, see https://ossoapp.com/docs/deploy/overview/
+
+## Configuration
+
+You can configure your OAuth Clients on your Osso Admin UI, i.e. https://demo.ossoapp.com/admin/config - you'll need to get a Client ID and Secret and allow-list your redirect URIs.
+
+[SAML SSO differs a bit from OAuth](https://ossoapp.com/blog/saml-vs-oauth) - for every tenant who wants to sign in to your application using SAML, you and your customer need to perform a multi-step configuration in Osso's Admin UI and the admin dashboard of the tenant's Identity Provider. Osso provides documentation for providers like Okta and OneLogin, cloud-based IDPs who also offer a developer account that's useful for testing. Osso also provides a [Mock IDP](https://idp.ossoapp.com) that you can use for testing without needing to sign up for an Identity Provider service.
+
+See Osso's complete configuration and testing documentation at https://ossoapp.com/docs/configure/overview
+
+## Example
+
+A full example application is available at https://github.com/enterprise-oss/osso-next-auth-example and https://nextjs-demo.ossoapp.com
+
+```js
+import Providers from `next-auth/providers`
+...
+providers: [
+  Providers.Osso({
+    clientId: process.env.OSSO_CLIENT_ID,
+    clientSecret: process.env.OSSO_CLIENT_SECRET,
+    domain: process.env.OSSO_DOMAIN
+  })
+}
+...
+```
+
+:::note
+`domain` should be the fully qualified domain – e.g. `demo.ossoapp.com`
+:::
Author	SHA1	Message	Date
Sam Bauch	95942519a5	feat(provider): add Osso SAML provider (#1448 ) Co-authored-by: @sbauch	2021-03-06 00:21:38 +01:00
Balázs Orbán	f3e64f04cc	feat(client): introduce NEXTAUTH_URL_INTERNAL (#1449 ) Co-authored-by: @gergelyke	2021-03-06 00:10:36 +01:00