From c228bb7317aa78e91adc84a80ea5e67a1920f470 Mon Sep 17 00:00:00 2001
From: gdauber1 <gal@bae44.com>
Date: Sat, 23 Aug 2025 14:27:42 +0300
Subject: [PATCH] sso_auth

---
 src/client.ts      |  2 +-
 src/modules/sso.ts | 16 ++++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/client.ts b/src/client.ts
index fac620e..a4e8049 100644
--- a/src/client.ts
+++ b/src/client.ts
@@ -85,7 +85,7 @@ export function createClient(config: {
   const serviceRoleModules = {
     entities: createEntitiesModule(serviceRoleAxiosClient, appId),
     integrations: createIntegrationsModule(serviceRoleAxiosClient, appId),
-    sso: createSsoModule(serviceRoleAxiosClient, appId),
+    sso: createSsoModule(serviceRoleAxiosClient, appId, token),
     functions: createFunctionsModule(serviceRoleFunctionsAxiosClient, appId),
   };
 
diff --git a/src/modules/sso.ts b/src/modules/sso.ts
index ee839fd..c839a5b 100644
--- a/src/modules/sso.ts
+++ b/src/modules/sso.ts
@@ -4,11 +4,14 @@ import { AxiosInstance } from "axios";
  * Creates the SSO module for the Base44 SDK
  * @param {import('axios').AxiosInstance} axios - Axios instance
  * @param {string} appId - Application ID
+ * @param {string} [userToken] - User authentication token
+ * @param {string} [serviceToken] - Service role authentication token
  * @returns {Object} SSO module with SSO authentication methods
  */
 export function createSsoModule(
   axios: AxiosInstance,
-  appId: string
+  appId: string,
+  userToken?: string
 ) {
   return {
     /**
@@ -18,7 +21,16 @@ export function createSsoModule(
      */
     async getAccessToken(userid: string) {
       const url = `/apps/${appId}/auth/sso/accesstoken/${userid}`;
-      return axios.get(url);
+      
+      // Prepare headers with both tokens if available
+      const headers: Record<string, string> = {};
+      
+    
+      if (userToken) {
+        headers['on-behalf-of'] = `Bearer ${userToken}`;
+      }
+      
+      return axios.get(url, { headers });
     },
   };
 }