From 7d6bbe908f34e7767c48e3e2a18b632ea4232d91 Mon Sep 17 00:00:00 2001
From: Arunavo Ray <rayanup3@gmail.com>
Date: Thu, 2 Apr 2026 08:15:14 +0530
Subject: [PATCH] fix: respect BASE_URL in SAML callback fallback

---
 src/pages/api/auth/sso/register.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/pages/api/auth/sso/register.ts b/src/pages/api/auth/sso/register.ts
index 5d74ac2..27255b4 100644
--- a/src/pages/api/auth/sso/register.ts
+++ b/src/pages/api/auth/sso/register.ts
@@ -6,6 +6,7 @@ import { db, ssoProviders } from "@/lib/db";
 import { eq } from "drizzle-orm";
 import { nanoid } from "nanoid";
 import { normalizeOidcProviderConfig, OidcConfigError } from "@/lib/sso/oidc-config";
+import { withBase } from "@/lib/base-path";
 
 // POST /api/auth/sso/register - Register a new SSO provider using Better Auth
 export async function POST(context: APIContext) {
@@ -87,7 +88,9 @@ export async function POST(context: APIContext) {
       registrationBody.samlConfig = {
         entryPoint,
         cert,
-        callbackUrl: callbackUrl || `${context.url.origin}/api/auth/sso/saml2/callback/${providerId}`,
+        callbackUrl:
+          callbackUrl ||
+          `${context.url.origin}${withBase(`/api/auth/sso/saml2/callback/${providerId}`)}`,
         audience: audience || context.url.origin,
         wantAssertionsSigned,
         signatureAlgorithm,