fix: narrow resolvedIP type guard instead of non-null assertion

Replace urlValidation.resolvedIP! with proper type narrowing by adding
!urlValidation.resolvedIP to the guard clause, so TypeScript can infer
the string type without a fragile assertion.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/auth/sso/register/route.ts

@@ -161,17 +161,20 @@ export async function POST(request: NextRequest) {
           })
 
           const urlValidation = await validateUrlWithDNS(discoveryUrl, 'OIDC discovery URL')
-          if (!urlValidation.isValid) {
+          if (!urlValidation.isValid || !urlValidation.resolvedIP) {
             logger.warn('OIDC discovery URL failed SSRF validation', {
               discoveryUrl,
               error: urlValidation.error,
             })
-            return NextResponse.json({ error: urlValidation.error }, { status: 400 })
+            return NextResponse.json(
+              { error: urlValidation.error ?? 'SSRF validation failed' },
+              { status: 400 }
+            )
           }
 
           const discoveryResponse = await secureFetchWithPinnedIP(
             discoveryUrl,
-            urlValidation.resolvedIP!,
+            urlValidation.resolvedIP,
             {
               headers: { Accept: 'application/json' },
             }