better_auth 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/README.md +5 -3
- data/lib/better_auth/adapters/internal_adapter.rb +168 -18
- data/lib/better_auth/adapters/memory.rb +4 -1
- data/lib/better_auth/adapters/mongodb.rb +5 -365
- data/lib/better_auth/adapters/sql.rb +17 -1
- data/lib/better_auth/api.rb +1 -1
- data/lib/better_auth/context.rb +2 -1
- data/lib/better_auth/plugin.rb +14 -1
- data/lib/better_auth/plugins/oauth_protocol.rb +403 -57
- data/lib/better_auth/plugins/organization.rb +5 -0
- data/lib/better_auth/rate_limiter.rb +19 -2
- data/lib/better_auth/router.rb +14 -1
- data/lib/better_auth/routes/email_verification.rb +5 -2
- data/lib/better_auth/routes/password.rb +19 -0
- data/lib/better_auth/routes/session.rb +27 -4
- data/lib/better_auth/routes/sign_in.rb +1 -1
- data/lib/better_auth/routes/sign_up.rb +52 -1
- data/lib/better_auth/routes/social.rb +201 -22
- data/lib/better_auth/routes/user.rb +14 -2
- data/lib/better_auth/schema/sql.rb +11 -0
- data/lib/better_auth/schema.rb +16 -0
- data/lib/better_auth/social_providers/apple.rb +44 -8
- data/lib/better_auth/social_providers/atlassian.rb +32 -0
- data/lib/better_auth/social_providers/base.rb +262 -4
- data/lib/better_auth/social_providers/cognito.rb +32 -0
- data/lib/better_auth/social_providers/discord.rb +27 -5
- data/lib/better_auth/social_providers/dropbox.rb +33 -0
- data/lib/better_auth/social_providers/facebook.rb +35 -0
- data/lib/better_auth/social_providers/figma.rb +31 -0
- data/lib/better_auth/social_providers/github.rb +21 -6
- data/lib/better_auth/social_providers/gitlab.rb +16 -3
- data/lib/better_auth/social_providers/google.rb +38 -13
- data/lib/better_auth/social_providers/huggingface.rb +31 -0
- data/lib/better_auth/social_providers/kakao.rb +32 -0
- data/lib/better_auth/social_providers/kick.rb +32 -0
- data/lib/better_auth/social_providers/line.rb +33 -0
- data/lib/better_auth/social_providers/linear.rb +44 -0
- data/lib/better_auth/social_providers/linkedin.rb +30 -0
- data/lib/better_auth/social_providers/microsoft_entra_id.rb +79 -7
- data/lib/better_auth/social_providers/naver.rb +31 -0
- data/lib/better_auth/social_providers/notion.rb +33 -0
- data/lib/better_auth/social_providers/paybin.rb +31 -0
- data/lib/better_auth/social_providers/paypal.rb +36 -0
- data/lib/better_auth/social_providers/polar.rb +31 -0
- data/lib/better_auth/social_providers/railway.rb +49 -0
- data/lib/better_auth/social_providers/reddit.rb +32 -0
- data/lib/better_auth/social_providers/roblox.rb +31 -0
- data/lib/better_auth/social_providers/salesforce.rb +38 -0
- data/lib/better_auth/social_providers/slack.rb +30 -0
- data/lib/better_auth/social_providers/spotify.rb +31 -0
- data/lib/better_auth/social_providers/tiktok.rb +35 -0
- data/lib/better_auth/social_providers/twitch.rb +39 -0
- data/lib/better_auth/social_providers/twitter.rb +32 -0
- data/lib/better_auth/social_providers/vercel.rb +47 -0
- data/lib/better_auth/social_providers/vk.rb +34 -0
- data/lib/better_auth/social_providers/wechat.rb +104 -0
- data/lib/better_auth/social_providers/zoom.rb +31 -0
- data/lib/better_auth/social_providers.rb +29 -0
- data/lib/better_auth/version.rb +1 -1
- data/lib/better_auth.rb +0 -1
- metadata +30 -15
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def naver(client_id:, client_secret:, scopes: ["profile", "email"], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "naver",
|
|
10
|
+
name: "Naver",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://nid.naver.com/oauth2.0/authorize",
|
|
14
|
+
token_endpoint: "https://nid.naver.com/oauth2.0/token",
|
|
15
|
+
user_info_endpoint: "https://openapi.naver.com/v1/nid/me",
|
|
16
|
+
scopes: scopes,
|
|
17
|
+
profile_map: ->(profile) {
|
|
18
|
+
data = profile["response"] || {}
|
|
19
|
+
{
|
|
20
|
+
id: data["id"],
|
|
21
|
+
name: data["name"] || data["nickname"] || "",
|
|
22
|
+
email: data["email"],
|
|
23
|
+
image: data["profile_image"],
|
|
24
|
+
emailVerified: false
|
|
25
|
+
}
|
|
26
|
+
},
|
|
27
|
+
**options
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def notion(client_id:, client_secret:, scopes: [], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "notion",
|
|
10
|
+
name: "Notion",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://api.notion.com/v1/oauth/authorize",
|
|
14
|
+
token_endpoint: "https://api.notion.com/v1/oauth/token",
|
|
15
|
+
user_info_endpoint: "https://api.notion.com/v1/users/me",
|
|
16
|
+
scopes: scopes,
|
|
17
|
+
auth_params: {owner: "user"},
|
|
18
|
+
user_info_headers: {"Notion-Version" => "2022-06-28"},
|
|
19
|
+
profile_map: ->(profile) {
|
|
20
|
+
user = profile.dig("bot", "owner", "user") || profile
|
|
21
|
+
{
|
|
22
|
+
id: user["id"],
|
|
23
|
+
name: user["name"] || "",
|
|
24
|
+
email: user.dig("person", "email"),
|
|
25
|
+
image: user["avatar_url"],
|
|
26
|
+
emailVerified: false
|
|
27
|
+
}
|
|
28
|
+
},
|
|
29
|
+
**options
|
|
30
|
+
)
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def paybin(client_id:, client_secret:, scopes: ["openid", "email", "profile"], **options)
|
|
8
|
+
issuer = (options[:issuer] || "https://idp.paybin.io").to_s.sub(%r{/+\z}, "")
|
|
9
|
+
Base.oauth_provider(
|
|
10
|
+
id: "paybin",
|
|
11
|
+
name: "Paybin",
|
|
12
|
+
client_id: client_id,
|
|
13
|
+
client_secret: client_secret,
|
|
14
|
+
authorization_endpoint: "#{issuer}/oauth2/authorize",
|
|
15
|
+
token_endpoint: "#{issuer}/oauth2/token",
|
|
16
|
+
scopes: scopes,
|
|
17
|
+
pkce: true,
|
|
18
|
+
profile_map: ->(profile) {
|
|
19
|
+
{
|
|
20
|
+
id: profile["sub"],
|
|
21
|
+
name: profile["name"] || profile["preferred_username"] || "",
|
|
22
|
+
email: profile["email"],
|
|
23
|
+
image: profile["picture"],
|
|
24
|
+
emailVerified: !!profile["email_verified"]
|
|
25
|
+
}
|
|
26
|
+
},
|
|
27
|
+
**options
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def paypal(client_id:, client_secret:, scopes: [], **options)
|
|
8
|
+
sandbox = (options[:environment] || "sandbox").to_s == "sandbox"
|
|
9
|
+
auth_host = sandbox ? "https://www.sandbox.paypal.com" : "https://www.paypal.com"
|
|
10
|
+
api_host = sandbox ? "https://api-m.sandbox.paypal.com" : "https://api-m.paypal.com"
|
|
11
|
+
provider = Base.oauth_provider(
|
|
12
|
+
id: "paypal",
|
|
13
|
+
name: "PayPal",
|
|
14
|
+
client_id: client_id,
|
|
15
|
+
client_secret: client_secret,
|
|
16
|
+
authorization_endpoint: "#{auth_host}/signin/authorize",
|
|
17
|
+
token_endpoint: "#{api_host}/v1/oauth2/token",
|
|
18
|
+
user_info_endpoint: "#{api_host}/v1/identity/oauth2/userinfo?schema=paypalv1.1",
|
|
19
|
+
scopes: scopes,
|
|
20
|
+
pkce: true,
|
|
21
|
+
profile_map: ->(profile) {
|
|
22
|
+
{
|
|
23
|
+
id: profile["user_id"],
|
|
24
|
+
name: profile["name"],
|
|
25
|
+
email: profile["email"],
|
|
26
|
+
image: profile["picture"],
|
|
27
|
+
emailVerified: !!profile["email_verified"]
|
|
28
|
+
}
|
|
29
|
+
},
|
|
30
|
+
**options
|
|
31
|
+
)
|
|
32
|
+
provider[:verify_id_token] = provider[:options][:verify_id_token] || ->(token, _nonce = nil) { provider[:options][:disable_id_token_sign_in] ? false : !!Base.decode_jwt_payload(token)["sub"] }
|
|
33
|
+
provider
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def polar(client_id:, client_secret:, scopes: ["openid", "profile", "email"], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "polar",
|
|
10
|
+
name: "Polar",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://polar.sh/oauth2/authorize",
|
|
14
|
+
token_endpoint: "https://api.polar.sh/v1/oauth2/token",
|
|
15
|
+
user_info_endpoint: "https://api.polar.sh/v1/oauth2/userinfo",
|
|
16
|
+
scopes: scopes,
|
|
17
|
+
pkce: true,
|
|
18
|
+
profile_map: ->(profile) {
|
|
19
|
+
{
|
|
20
|
+
id: profile["id"],
|
|
21
|
+
name: profile["public_name"] || profile["username"] || "",
|
|
22
|
+
email: profile["email"],
|
|
23
|
+
image: profile["avatar_url"],
|
|
24
|
+
emailVerified: !!profile["email_verified"]
|
|
25
|
+
}
|
|
26
|
+
},
|
|
27
|
+
**options
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def railway(client_id:, client_secret:, scopes: ["openid", "email", "profile"], **options)
|
|
8
|
+
primary_client_id = Base.primary_client_id(client_id)
|
|
9
|
+
credentials = Base64.strict_encode64("#{primary_client_id}:#{client_secret}")
|
|
10
|
+
token_endpoint = options[:token_endpoint] || options[:tokenEndpoint] || "https://backboard.railway.com/oauth/token"
|
|
11
|
+
provider = Base.oauth_provider(
|
|
12
|
+
id: "railway",
|
|
13
|
+
name: "Railway",
|
|
14
|
+
client_id: client_id,
|
|
15
|
+
client_secret: client_secret,
|
|
16
|
+
authorization_endpoint: "https://backboard.railway.com/oauth/auth",
|
|
17
|
+
token_endpoint: "https://backboard.railway.com/oauth/token",
|
|
18
|
+
user_info_endpoint: "https://backboard.railway.com/oauth/me",
|
|
19
|
+
scopes: scopes,
|
|
20
|
+
pkce: true,
|
|
21
|
+
profile_map: ->(profile) {
|
|
22
|
+
{
|
|
23
|
+
id: profile["sub"],
|
|
24
|
+
name: profile["name"],
|
|
25
|
+
email: profile["email"],
|
|
26
|
+
image: profile["picture"],
|
|
27
|
+
emailVerified: false
|
|
28
|
+
}
|
|
29
|
+
},
|
|
30
|
+
**options
|
|
31
|
+
)
|
|
32
|
+
provider[:validate_authorization_code] = lambda do |data|
|
|
33
|
+
Base.post_form_json(token_endpoint, {
|
|
34
|
+
code: data[:code],
|
|
35
|
+
code_verifier: data[:code_verifier] || data[:codeVerifier],
|
|
36
|
+
grant_type: "authorization_code",
|
|
37
|
+
redirect_uri: options[:redirect_uri] || options[:redirectURI] || data[:redirect_uri] || data[:redirectURI]
|
|
38
|
+
}, {"Authorization" => "Basic #{credentials}"})
|
|
39
|
+
end
|
|
40
|
+
provider[:refresh_access_token] = options[:refresh_access_token] || options[:refreshAccessToken] || lambda do |refresh_token|
|
|
41
|
+
Base.normalize_tokens(Base.post_form_json(token_endpoint, {
|
|
42
|
+
grant_type: "refresh_token",
|
|
43
|
+
refresh_token: refresh_token
|
|
44
|
+
}, {"Authorization" => "Basic #{credentials}"}))
|
|
45
|
+
end
|
|
46
|
+
provider
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def reddit(client_id:, client_secret:, scopes: ["identity"], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "reddit",
|
|
10
|
+
name: "Reddit",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://www.reddit.com/api/v1/authorize",
|
|
14
|
+
token_endpoint: "https://www.reddit.com/api/v1/access_token",
|
|
15
|
+
user_info_endpoint: "https://oauth.reddit.com/api/v1/me",
|
|
16
|
+
user_info_headers: {"User-Agent" => "better-auth"},
|
|
17
|
+
scopes: scopes,
|
|
18
|
+
auth_params: ->(_data, opts) { {duration: opts[:duration]} },
|
|
19
|
+
profile_map: ->(profile) {
|
|
20
|
+
{
|
|
21
|
+
id: profile["id"],
|
|
22
|
+
name: profile["name"],
|
|
23
|
+
email: profile["oauth_client_id"],
|
|
24
|
+
image: profile["icon_img"].to_s.split("?").first,
|
|
25
|
+
emailVerified: !!profile["has_verified_email"]
|
|
26
|
+
}
|
|
27
|
+
},
|
|
28
|
+
**options
|
|
29
|
+
)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def roblox(client_id:, client_secret:, scopes: ["openid", "profile"], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "roblox",
|
|
10
|
+
name: "Roblox",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://apis.roblox.com/oauth/v1/authorize",
|
|
14
|
+
token_endpoint: "https://apis.roblox.com/oauth/v1/token",
|
|
15
|
+
user_info_endpoint: "https://apis.roblox.com/oauth/v1/userinfo",
|
|
16
|
+
scopes: scopes,
|
|
17
|
+
auth_params: ->(_data, opts) { {prompt: opts[:prompt] || "select_account consent"} },
|
|
18
|
+
profile_map: ->(profile) {
|
|
19
|
+
{
|
|
20
|
+
id: profile["sub"],
|
|
21
|
+
name: profile["nickname"] || profile["preferred_username"] || "",
|
|
22
|
+
email: profile["preferred_username"],
|
|
23
|
+
image: profile["picture"],
|
|
24
|
+
emailVerified: false
|
|
25
|
+
}
|
|
26
|
+
},
|
|
27
|
+
**options
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def salesforce(client_id:, client_secret:, scopes: ["openid", "email", "profile"], **options)
|
|
8
|
+
host = if options[:loginUrl] || options[:login_url]
|
|
9
|
+
"https://#{options[:loginUrl] || options[:login_url]}"
|
|
10
|
+
elsif options[:environment].to_s == "sandbox"
|
|
11
|
+
"https://test.salesforce.com"
|
|
12
|
+
else
|
|
13
|
+
"https://login.salesforce.com"
|
|
14
|
+
end
|
|
15
|
+
Base.oauth_provider(
|
|
16
|
+
id: "salesforce",
|
|
17
|
+
name: "Salesforce",
|
|
18
|
+
client_id: client_id,
|
|
19
|
+
client_secret: client_secret,
|
|
20
|
+
authorization_endpoint: "#{host}/services/oauth2/authorize",
|
|
21
|
+
token_endpoint: "#{host}/services/oauth2/token",
|
|
22
|
+
user_info_endpoint: "#{host}/services/oauth2/userinfo",
|
|
23
|
+
scopes: scopes,
|
|
24
|
+
pkce: true,
|
|
25
|
+
profile_map: ->(profile) {
|
|
26
|
+
{
|
|
27
|
+
id: profile["user_id"],
|
|
28
|
+
name: profile["name"],
|
|
29
|
+
email: profile["email"],
|
|
30
|
+
image: profile.dig("photos", "picture") || profile.dig("photos", "thumbnail"),
|
|
31
|
+
emailVerified: !!profile["email_verified"]
|
|
32
|
+
}
|
|
33
|
+
},
|
|
34
|
+
**options
|
|
35
|
+
)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def slack(client_id:, client_secret:, scopes: ["openid", "profile", "email"], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "slack",
|
|
10
|
+
name: "Slack",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://slack.com/openid/connect/authorize",
|
|
14
|
+
token_endpoint: "https://slack.com/api/openid.connect.token",
|
|
15
|
+
user_info_endpoint: "https://slack.com/api/openid.connect.userInfo",
|
|
16
|
+
scopes: scopes,
|
|
17
|
+
profile_map: ->(profile) {
|
|
18
|
+
{
|
|
19
|
+
id: profile["https://slack.com/user_id"] || profile["sub"],
|
|
20
|
+
name: profile["name"] || "",
|
|
21
|
+
email: profile["email"],
|
|
22
|
+
image: profile["picture"] || profile["https://slack.com/user_image_512"],
|
|
23
|
+
emailVerified: !!profile["email_verified"]
|
|
24
|
+
}
|
|
25
|
+
},
|
|
26
|
+
**options
|
|
27
|
+
)
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def spotify(client_id:, client_secret:, scopes: ["user-read-email"], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "spotify",
|
|
10
|
+
name: "Spotify",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://accounts.spotify.com/authorize",
|
|
14
|
+
token_endpoint: "https://accounts.spotify.com/api/token",
|
|
15
|
+
user_info_endpoint: "https://api.spotify.com/v1/me",
|
|
16
|
+
scopes: scopes,
|
|
17
|
+
pkce: true,
|
|
18
|
+
profile_map: ->(profile) {
|
|
19
|
+
{
|
|
20
|
+
id: profile["id"],
|
|
21
|
+
name: profile["display_name"],
|
|
22
|
+
email: profile["email"],
|
|
23
|
+
image: Array(profile["images"]).first&.fetch("url", nil),
|
|
24
|
+
emailVerified: false
|
|
25
|
+
}
|
|
26
|
+
},
|
|
27
|
+
**options
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def tiktok(client_id:, client_secret:, scopes: ["user.info.profile"], **options)
|
|
8
|
+
client_key = options[:client_key] || options[:clientKey] || client_id
|
|
9
|
+
Base.oauth_provider(
|
|
10
|
+
id: "tiktok",
|
|
11
|
+
name: "TikTok",
|
|
12
|
+
client_id: client_key,
|
|
13
|
+
client_secret: client_secret,
|
|
14
|
+
authorization_endpoint: "https://www.tiktok.com/v2/auth/authorize",
|
|
15
|
+
token_endpoint: "https://open.tiktokapis.com/v2/oauth/token/",
|
|
16
|
+
user_info_endpoint: "https://open.tiktokapis.com/v2/user/info/?fields=open_id,avatar_large_url,display_name,username",
|
|
17
|
+
scopes: scopes,
|
|
18
|
+
scope_separator: ",",
|
|
19
|
+
auth_params: {client_key: client_key},
|
|
20
|
+
token_params: {client_key: client_key},
|
|
21
|
+
profile_map: ->(profile) {
|
|
22
|
+
user = profile.dig("data", "user") || profile
|
|
23
|
+
{
|
|
24
|
+
id: user["open_id"],
|
|
25
|
+
name: user["display_name"] || user["username"] || "",
|
|
26
|
+
email: user["email"] || user["username"],
|
|
27
|
+
image: user["avatar_large_url"],
|
|
28
|
+
emailVerified: false
|
|
29
|
+
}
|
|
30
|
+
},
|
|
31
|
+
**options
|
|
32
|
+
)
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def twitch(client_id:, client_secret:, scopes: ["user:read:email", "openid"], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "twitch",
|
|
10
|
+
name: "Twitch",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://id.twitch.tv/oauth2/authorize",
|
|
14
|
+
token_endpoint: "https://id.twitch.tv/oauth2/token",
|
|
15
|
+
scopes: scopes,
|
|
16
|
+
auth_params: {
|
|
17
|
+
claims: JSON.generate({
|
|
18
|
+
userinfo: {
|
|
19
|
+
email: nil,
|
|
20
|
+
email_verified: nil,
|
|
21
|
+
preferred_username: nil,
|
|
22
|
+
picture: nil
|
|
23
|
+
}
|
|
24
|
+
})
|
|
25
|
+
},
|
|
26
|
+
profile_map: ->(profile) {
|
|
27
|
+
{
|
|
28
|
+
id: profile["sub"],
|
|
29
|
+
name: profile["preferred_username"],
|
|
30
|
+
email: profile["email"],
|
|
31
|
+
image: profile["picture"],
|
|
32
|
+
emailVerified: !!profile["email_verified"]
|
|
33
|
+
}
|
|
34
|
+
},
|
|
35
|
+
**options
|
|
36
|
+
)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def twitter(client_id:, client_secret:, scopes: ["users.read", "tweet.read", "offline.access", "users.email"], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "twitter",
|
|
10
|
+
name: "Twitter",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://x.com/i/oauth2/authorize",
|
|
14
|
+
token_endpoint: "https://api.x.com/2/oauth2/token",
|
|
15
|
+
user_info_endpoint: "https://api.x.com/2/users/me?user.fields=profile_image_url,verified",
|
|
16
|
+
scopes: scopes,
|
|
17
|
+
pkce: true,
|
|
18
|
+
profile_map: ->(profile) {
|
|
19
|
+
data = profile["data"] || profile
|
|
20
|
+
{
|
|
21
|
+
id: data["id"],
|
|
22
|
+
name: data["name"],
|
|
23
|
+
email: data["email"] || data["username"],
|
|
24
|
+
image: data["profile_image_url"],
|
|
25
|
+
emailVerified: !!data["confirmed_email"]
|
|
26
|
+
}
|
|
27
|
+
},
|
|
28
|
+
**options
|
|
29
|
+
)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def vercel(client_id:, client_secret:, scopes: [], **options)
|
|
8
|
+
provider = Base.oauth_provider(
|
|
9
|
+
id: "vercel",
|
|
10
|
+
name: "Vercel",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://vercel.com/oauth/authorize",
|
|
14
|
+
token_endpoint: "https://api.vercel.com/login/oauth/token",
|
|
15
|
+
user_info_endpoint: "https://api.vercel.com/login/oauth/userinfo",
|
|
16
|
+
scopes: scopes,
|
|
17
|
+
pkce: true,
|
|
18
|
+
profile_map: ->(profile) {
|
|
19
|
+
{
|
|
20
|
+
id: profile["sub"],
|
|
21
|
+
name: profile["name"] || profile["preferred_username"] || "",
|
|
22
|
+
email: profile["email"],
|
|
23
|
+
image: profile["picture"],
|
|
24
|
+
emailVerified: !!profile["email_verified"]
|
|
25
|
+
}
|
|
26
|
+
},
|
|
27
|
+
**options
|
|
28
|
+
)
|
|
29
|
+
provider[:create_authorization_url] = lambda do |data|
|
|
30
|
+
verifier = data[:code_verifier] || data[:codeVerifier]
|
|
31
|
+
raise Error, "codeVerifier is required for Vercel" if verifier.to_s.empty?
|
|
32
|
+
|
|
33
|
+
selected_scopes = Base.selected_scopes(scopes, Base.normalize_options(options), data)
|
|
34
|
+
Base.authorization_url(options[:authorization_endpoint] || "https://vercel.com/oauth/authorize", {
|
|
35
|
+
client_id: Base.primary_client_id(client_id),
|
|
36
|
+
redirect_uri: options[:redirect_uri] || options[:redirectURI] || data[:redirect_uri] || data[:redirectURI],
|
|
37
|
+
response_type: "code",
|
|
38
|
+
scope: selected_scopes.empty? ? nil : selected_scopes,
|
|
39
|
+
state: data[:state],
|
|
40
|
+
code_challenge: Base.pkce_challenge(verifier),
|
|
41
|
+
code_challenge_method: "S256"
|
|
42
|
+
})
|
|
43
|
+
end
|
|
44
|
+
provider
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module BetterAuth
|
|
4
|
+
module SocialProviders
|
|
5
|
+
module_function
|
|
6
|
+
|
|
7
|
+
def vk(client_id:, client_secret:, scopes: ["email", "phone"], **options)
|
|
8
|
+
Base.oauth_provider(
|
|
9
|
+
id: "vk",
|
|
10
|
+
name: "VK",
|
|
11
|
+
client_id: client_id,
|
|
12
|
+
client_secret: client_secret,
|
|
13
|
+
authorization_endpoint: "https://id.vk.com/authorize",
|
|
14
|
+
token_endpoint: "https://id.vk.com/oauth2/auth",
|
|
15
|
+
user_info_endpoint: "https://id.vk.com/oauth2/user_info",
|
|
16
|
+
user_info_method: :post,
|
|
17
|
+
user_info_body: {client_id: client_id},
|
|
18
|
+
scopes: scopes,
|
|
19
|
+
pkce: true,
|
|
20
|
+
profile_map: ->(profile) {
|
|
21
|
+
user = profile["user"] || profile
|
|
22
|
+
{
|
|
23
|
+
id: user["user_id"],
|
|
24
|
+
name: [user["first_name"], user["last_name"]].compact.join(" "),
|
|
25
|
+
email: user["email"],
|
|
26
|
+
image: user["avatar"],
|
|
27
|
+
emailVerified: false
|
|
28
|
+
}
|
|
29
|
+
},
|
|
30
|
+
**options
|
|
31
|
+
)
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|