From ea9dc35323cfa3c23887508e0159742e6c8c8b83 Mon Sep 17 00:00:00 2001
From: Sean O'Connor <sean@soconnor.dev>
Date: Wed, 14 Jan 2026 03:24:30 -0500
Subject: [PATCH] db: push sso changes

---
 .../settings/_components/settings-content.tsx     |  4 ++--
 src/lib/auth.ts                                   |  4 ++++
 src/server/db/schema.ts                           | 15 +++++++++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/app/dashboard/settings/_components/settings-content.tsx b/src/app/dashboard/settings/_components/settings-content.tsx
index fa63b5f..c3123ea 100644
--- a/src/app/dashboard/settings/_components/settings-content.tsx
+++ b/src/app/dashboard/settings/_components/settings-content.tsx
@@ -87,8 +87,8 @@ export function SettingsContent() {
   const handleLinkAuthentik = async () => {
     setIsLinking(true);
     try {
-      await authClient.linkSocial({
-        provider: "authentik",
+      await authClient.signIn.sso({
+        domain: "beenvoice.soconnor.dev",
         callbackURL: "/dashboard/settings",
       });
     } catch (error) {
diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index 0f5c15d..895cf3b 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -13,6 +13,7 @@ export const auth = betterAuth({
             session: schema.sessions,
             account: schema.accounts,
             verification: schema.verificationTokens,
+            ssoProvider: schema.ssoProviders,
         },
     }),
     trustedOrigins: [
@@ -60,6 +61,9 @@ export const auth = betterAuth({
                                 jwksEndpoint: "https://auth.soconnor.dev/application/o/beenvoice/jwks/",
                                 scopes: ["openid", "email", "profile"],
                                 pkce: true,
+                                mapping: {
+                                    emailVerified: "email_verified",
+                                },
                             },
                         },
                     ]
diff --git a/src/server/db/schema.ts b/src/server/db/schema.ts
index eca68e6..a21b627 100644
--- a/src/server/db/schema.ts
+++ b/src/server/db/schema.ts
@@ -106,6 +106,21 @@ export const verificationTokens = createTable(
   (t) => [index("verification_token_identifier_idx").on(t.identifier)],
 );
 
+export const ssoProviders = createTable(
+  "sso_provider",
+  (d) => ({
+    id: d.varchar({ length: 255 }).notNull().primaryKey().$defaultFn(() => crypto.randomUUID()),
+    providerId: d.varchar({ length: 255 }).notNull().unique(),
+    userId: d.varchar({ length: 255 }).notNull().references(() => users.id),
+    redirectURI: d.varchar({ length: 255 }).notNull().default(""), // Added detailed fields
+    oidcConfig: d.text(),
+    samlConfig: d.text(),
+    createdAt: d.timestamp().notNull().defaultNow(),
+    updatedAt: d.timestamp().notNull().defaultNow().$onUpdate(() => new Date()),
+  }),
+  (t) => [index("sso_provider_user_id_idx").on(t.userId)],
+);
+
 // Invoicing app tables
 export const clients = createTable(
   "client",