@_mustachio/openauth 0.6.0

package/dist/types/provider/oauth2.d.ts

@@ -0,0 +1,133 @@
+/**
+ * Use this to connect authentication providers that support OAuth 2.0.
+ *
+ * ```ts {5-12}
+ * import { Oauth2Provider } from "@openauthjs/openauth/provider/oauth2"
+ *
+ * export default issuer({
+ *   providers: {
+ *     oauth2: Oauth2Provider({
+ *       clientID: "1234567890",
+ *       clientSecret: "0987654321",
+ *       endpoint: {
+ *         authorization: "https://auth.myserver.com/authorize",
+ *         token: "https://auth.myserver.com/token"
+ *       }
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ *
+ * @packageDocumentation
+ */
+import { Provider } from "./provider.js";
+export interface Oauth2Config {
+    /**
+     * @internal
+     */
+    type?: string;
+    /**
+     * The client ID.
+     *
+     * This is just a string to identify your app.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientID: "my-client"
+     * }
+     * ```
+     */
+    clientID: string;
+    /**
+     * The client secret.
+     *
+     * This is a private key that's used to authenticate your app. It should be kept secret.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientSecret: "0987654321"
+     * }
+     * ```
+     */
+    clientSecret: string;
+    /**
+     * The URLs of the authorization and token endpoints.
+     *
+     * @example
+     * ```ts
+     * {
+     *   endpoint: {
+     *     authorization: "https://auth.myserver.com/authorize",
+     *     token: "https://auth.myserver.com/token",
+     *     jwks: "https://auth.myserver.com/auth/keys"
+     *   }
+     * }
+     * ```
+     */
+    endpoint: {
+        /**
+         * The URL of the authorization endpoint.
+         */
+        authorization: string;
+        /**
+         * The URL of the token endpoint.
+         */
+        token: string;
+        /**
+         * The URL of the JWKS endpoint.
+         */
+        jwks?: string;
+    };
+    /**
+     * A list of OAuth scopes that you want to request.
+     *
+     * @example
+     * ```ts
+     * {
+     *   scopes: ["email", "profile"]
+     * }
+     * ```
+     */
+    scopes: string[];
+    /**
+     * Whether to use PKCE (Proof Key for Code Exchange) for the authorization code flow.
+     * Some providers like x.com require this.
+     * @default false
+     */
+    pkce?: boolean;
+    /**
+     * Any additional parameters that you want to pass to the authorization endpoint.
+     * @example
+     * ```ts
+     * {
+     *   query: {
+     *     access_type: "offline",
+     *     prompt: "consent"
+     *   }
+     * }
+     * ```
+     */
+    query?: Record<string, string>;
+}
+/**
+ * @internal
+ */
+export type Oauth2WrappedConfig = Omit<Oauth2Config, "endpoint" | "name">;
+/**
+ * @internal
+ */
+export interface Oauth2Token {
+    access: string;
+    refresh: string;
+    expiry: number;
+    id?: Record<string, any>;
+    raw: Record<string, any>;
+}
+export declare function Oauth2Provider(config: Oauth2Config): Provider<{
+    tokenset: Oauth2Token;
+    clientID: string;
+}>;
+//# sourceMappingURL=oauth2.d.ts.map

package/dist/types/provider/oauth2.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.d.ts","sourceRoot":"","sources":["../../../src/provider/oauth2.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAMH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAExC,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;IACb;;;;;;;;;;;OAWG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;;;;;;;;;;OAWG;IACH,YAAY,EAAE,MAAM,CAAA;IACpB;;;;;;;;;;;;;OAaG;IACH,QAAQ,EAAE;QACR;;WAEG;QACH,aAAa,EAAE,MAAM,CAAA;QACrB;;WAEG;QACH,KAAK,EAAE,MAAM,CAAA;QACb;;WAEG;QACH,IAAI,CAAC,EAAE,MAAM,CAAA;KACd,CAAA;IACD;;;;;;;;;OASG;IACH,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB;;;;OAIG;IACH,IAAI,CAAC,EAAE,OAAO,CAAA;IACd;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC/B;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,IAAI,CAAC,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC,CAAA;AAEzE;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,EAAE,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACxB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CACzB;AAQD,wBAAgB,cAAc,CAC5B,MAAM,EAAE,YAAY,GACnB,QAAQ,CAAC;IAAE,QAAQ,EAAE,WAAW,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAuJvD"}

package/dist/types/provider/oidc.d.ts

@@ -0,0 +1,91 @@
+/**
+ * Use this to connect authentication providers that support OIDC.
+ *
+ * ```ts {5-8}
+ * import { OidcProvider } from "@openauthjs/openauth/provider/oidc"
+ *
+ * export default issuer({
+ *   providers: {
+ *     oauth2: OidcProvider({
+ *       clientId: "1234567890",
+ *       issuer: "https://auth.myserver.com"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ *
+ * @packageDocumentation
+ */
+import { Provider } from "./provider.js";
+import { JWTPayload } from "hono/utils/jwt/types";
+export interface OidcConfig {
+    /**
+     * @internal
+     */
+    type?: string;
+    /**
+     * The client ID.
+     *
+     * This is just a string to identify your app.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientID: "my-client"
+     * }
+     * ```
+     */
+    clientID: string;
+    /**
+     * The URL of your authorization server.
+     *
+     * @example
+     * ```ts
+     * {
+     *   issuer: "https://auth.myserver.com"
+     * }
+     * ```
+     */
+    issuer: string;
+    /**
+     * A list of OIDC scopes that you want to request.
+     *
+     * @example
+     * ```ts
+     * {
+     *   scopes: ["openid", "profile", "email"]
+     * }
+     * ```
+     */
+    scopes?: string[];
+    /**
+     * Any additional parameters that you want to pass to the authorization endpoint.
+     * @example
+     * ```ts
+     * {
+     *   query: {
+     *     prompt: "consent"
+     *   }
+     * }
+     * ```
+     */
+    query?: Record<string, string>;
+}
+/**
+ * @internal
+ */
+export type OidcWrappedConfig = Omit<OidcConfig, "issuer" | "name">;
+/**
+ * @internal
+ */
+export interface IdTokenResponse {
+    idToken: string;
+    claims: Record<string, any>;
+    raw: Record<string, any>;
+}
+export declare function OidcProvider(config: OidcConfig): Provider<{
+    id: JWTPayload;
+    clientID: string;
+}>;
+//# sourceMappingURL=oidc.d.ts.map

package/dist/types/provider/oidc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../src/provider/oidc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAKH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAGjD,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;IACb;;;;;;;;;;;OAWG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;;;;;;;;OASG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;;;;;;;;OASG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB;;;;;;;;;;OAUG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC/B;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,GAAG,MAAM,CAAC,CAAA;AAQnE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC3B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CACzB;AAED,wBAAgB,YAAY,CAC1B,MAAM,EAAE,UAAU,GACjB,QAAQ,CAAC;IAAE,EAAE,EAAE,UAAU,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CA2EhD"}

package/dist/types/provider/passkey.d.ts

@@ -0,0 +1,143 @@
+/**
+ * Configures a provider that supports passkey (WebAuthn) authentication.
+ *
+ * ```ts
+ * import { PasskeyProvider } from "@openauthjs/openauth/provider/passkey"
+ *
+ * export default issuer({
+ *   providers: {
+ *     passkey: PasskeyProvider({
+ *       rpName: "My Application",
+ *       rpID: "example.com", // optional - can also be passed in as a query parameter (see the UI)
+ *       origin: "https://example.com", // optional - can also be passed in as a query parameter (see the UI)
+ *       userCanRegisterPasskey: async (userId, req) => { // optional
+ *         // Check if the user is allowed to register a passkey
+ *         return true
+ *       }
+ *     })
+ *   },
+ *   // ...
+ * })
+ * ```
+ *
+ * PasskeyProvider implements WebAuthn (Web Authentication) to enable passwordless
+ * authentication using biometrics, mobile devices, or security keys. It handles
+ * the complete flow for registering new passkeys and authenticating with them.
+ *
+ * The provider requires configuration of:
+ * - Relying Party information (rpName, rpID)
+ * - Origin validation
+ * - UI handlers for authorization and registration
+ *
+ * It automatically manages:
+ * - Challenge generation
+ * - Credential storage
+ * - Registration verification
+ * - Authentication verification
+ *
+ * This implementation is powered by [@simplewebauthn/server](https://simplewebauthn.dev),
+ * which provides the core WebAuthn functionality for passkey authentication.
+ *
+ * @packageDocumentation
+ */
+import type { AuthenticatorTransportFuture, CredentialDeviceType, Base64URLString, AuthenticatorSelectionCriteria } from "@simplewebauthn/server";
+import type { Provider } from "./provider.js";
+/**
+ * User model for passkey authentication.
+ * Contains the core user data needed for WebAuthn operations.
+ */
+export type UserModel = {
+    id: string;
+    username: string;
+};
+/**
+ * Original PasskeyModel structure for in-memory use.
+ * Represents a registered credential with public key as Uint8Array.
+ */
+export type PasskeyModel = {
+    id: string;
+    publicKey: Uint8Array;
+    userId: string;
+    webauthnUserID: string;
+    counter: number;
+    deviceType: CredentialDeviceType;
+    backedUp: boolean;
+    transports?: AuthenticatorTransportFuture[];
+};
+/**
+ * PasskeyModel version for KV storage with publicKey as string.
+ * Used for storing credentials in a key-value store.
+ */
+export type PasskeyModelStored = Omit<PasskeyModel, "publicKey"> & {
+    publicKey: string;
+};
+declare const DEFAULT_COPY: {
+    error_user_not_allowed: string;
+};
+/**
+ * Configuration for the PasskeyProvider.
+ * Defines how the passkey authentication flow should behave.
+ */
+export interface PasskeyProviderConfig {
+    /**
+     * Custom authorization handler that generates the UI for authorization.
+     */
+    authorize: (req: Request) => Promise<Response>;
+    /**
+     * Custom registration handler that generates the UI for registration.
+     */
+    register: (req: Request) => Promise<Response>;
+    /**
+     * The human-readable name of the relying party (your application).
+     */
+    rpName: string;
+    /**
+     * The ID of the relying party, typically the domain name without protocol.
+     */
+    rpID?: string;
+    /**
+     * The origin URL(s) that are allowed to initiate WebAuthn ceremonies.
+     */
+    origin?: string | string[];
+    /**
+     * Optional function to check if a user is allowed to register a passkey.
+     */
+    userCanRegisterPasskey?: (userId: string, req: Request) => Promise<boolean>;
+    /**
+     * Optional WebAuthn authenticator selection criteria.
+     */
+    authenticatorSelection?: AuthenticatorSelectionCriteria;
+    /**
+     * Optional attestation type.
+     */
+    attestationType?: "none" | "direct" | "enterprise";
+    /**
+     * Optional timeout for challenges in milliseconds.
+     */
+    timeout?: number;
+    /**
+     * Custom copy texts for error messages and UI elements.
+     */
+    copy?: Partial<typeof DEFAULT_COPY>;
+}
+/**
+ * Creates a passkey (WebAuthn) authentication provider.
+ *
+ * This provider enables passwordless authentication using biometrics, hardware security
+ * keys, or platform authenticators. It implements the Web Authentication (WebAuthn) standard.
+ *
+ * It handles:
+ * - Passkey registration (creating new credentials)
+ * - Authentication with existing passkeys
+ * - Secure storage of credentials
+ * - Challenge verification
+ *
+ * @param config Configuration options for the passkey provider
+ * @returns A Provider instance configured for passkey authentication
+ */
+export declare function PasskeyProvider(config: PasskeyProviderConfig): Provider<{
+    userId: string;
+    credentialId?: Base64URLString;
+}>;
+export {};
+//# sourceMappingURL=passkey.d.ts.map

package/dist/types/provider/passkey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../../src/provider/passkey.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AAEH,OAAO,KAAK,EACV,4BAA4B,EAC5B,oBAAoB,EACpB,eAAe,EACf,8BAA8B,EAM/B,MAAM,wBAAwB,CAAA;AAQ/B,OAAO,KAAK,EAAE,QAAQ,EAAkC,MAAM,eAAe,CAAA;AAyD7E;;;GAGG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;CAEjB,CAAA;AAED;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAA;IACV,SAAS,EAAE,UAAU,CAAA;IACrB,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,MAAM,CAAA;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,oBAAoB,CAAA;IAChC,QAAQ,EAAE,OAAO,CAAA;IACjB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAA;CAC5C,CAAA;AAED;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG;IACjE,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAqBD,QAAA,MAAM,YAAY;;CAGjB,CAAA;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;IAE9C;;OAEG;IACH,QAAQ,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;IAE7C;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;IAEb;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IAE1B;;OAEG;IACH,sBAAsB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;IAE3E;;OAEG;IACH,sBAAsB,CAAC,EAAE,8BAA8B,CAAA;IAEvD;;OAEG;IACH,eAAe,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,YAAY,CAAA;IAElD;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,IAAI,CAAC,EAAE,OAAO,CAAC,OAAO,YAAY,CAAC,CAAA;CACpC;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,qBAAqB,GAC5B,QAAQ,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,eAAe,CAAA;CAAE,CAAC,CAsZ9D"}

package/dist/types/provider/password.d.ts

@@ -0,0 +1,210 @@
+import { Provider } from "./provider.js";
+import { v1 } from "@standard-schema/spec";
+/**
+ * @internal
+ */
+export interface PasswordHasher<T> {
+    hash(password: string): Promise<T>;
+    verify(password: string, compare: T): Promise<boolean>;
+}
+export interface PasswordConfig {
+    /**
+     * @internal
+     */
+    length?: number;
+    /**
+     * @internal
+     */
+    hasher?: PasswordHasher<any>;
+    /**
+     * The request handler to generate the UI for the login screen.
+     *
+     * Takes the standard [`Request`](https://developer.mozilla.org/en-US/docs/Web/API/Request)
+     * and optionally [`FormData`](https://developer.mozilla.org/en-US/docs/Web/API/FormData)
+     * ojects.
+     *
+     * In case of an error, this is called again with the `error`.
+     *
+     * Expects the [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response) object
+     * in return.
+     */
+    login: (req: Request, form?: FormData, error?: PasswordLoginError) => Promise<Response>;
+    /**
+     * The request handler to generate the UI for the register screen.
+     *
+     * Takes the standard [`Request`](https://developer.mozilla.org/en-US/docs/Web/API/Request)
+     * and optionally [`FormData`](https://developer.mozilla.org/en-US/docs/Web/API/FormData)
+     * ojects.
+     *
+     * Also passes in the current `state` of the flow and any `error` that occurred.
+     *
+     * Expects the [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response) object
+     * in return.
+     */
+    register: (req: Request, state: PasswordRegisterState, form?: FormData, error?: PasswordRegisterError) => Promise<Response>;
+    /**
+     * The request handler to generate the UI for the change password screen.
+     *
+     * Takes the standard [`Request`](https://developer.mozilla.org/en-US/docs/Web/API/Request)
+     * and optionally [`FormData`](https://developer.mozilla.org/en-US/docs/Web/API/FormData)
+     * ojects.
+     *
+     * Also passes in the current `state` of the flow and any `error` that occurred.
+     *
+     * Expects the [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response) object
+     * in return.
+     */
+    change: (req: Request, state: PasswordChangeState, form?: FormData, error?: PasswordChangeError) => Promise<Response>;
+    /**
+     * Callback to send the confirmation pin code to the user.
+     *
+     * @example
+     * ```ts
+     * {
+     *   sendCode: async (email, code) => {
+     *     // Send an email with the code
+     *   }
+     * }
+     * ```
+     */
+    sendCode: (email: string, code: string) => Promise<void>;
+    /**
+     * Callback to validate the password on sign up and password reset.
+     *
+     * @example
+     * ```ts
+     * {
+     *   validatePassword: (password) => {
+     *      return password.length < 8 ? "Password must be at least 8 characters" : undefined
+     *   }
+     * }
+     * ```
+     */
+    validatePassword?: v1.StandardSchema | ((password: string) => Promise<string | undefined> | string | undefined);
+}
+/**
+ * The states that can happen on the register screen.
+ *
+ * | State | Description |
+ * | ----- | ----------- |
+ * | `start` | The user is asked to enter their email address and password to start the flow. |
+ * | `code` | The user needs to enter the pin code to verify their email. |
+ */
+export type PasswordRegisterState = {
+    type: "start";
+} | {
+    type: "code";
+    code: string;
+    email: string;
+    password: string;
+};
+/**
+ * The errors that can happen on the register screen.
+ *
+ * | Error | Description |
+ * | ----- | ----------- |
+ * | `email_taken` | The email is already taken. |
+ * | `invalid_email` | The email is invalid. |
+ * | `invalid_code` | The code is invalid. |
+ * | `invalid_password` | The password is invalid. |
+ * | `password_mismatch` | The passwords do not match. |
+ */
+export type PasswordRegisterError = {
+    type: "invalid_code";
+} | {
+    type: "email_taken";
+} | {
+    type: "invalid_email";
+} | {
+    type: "invalid_password";
+} | {
+    type: "password_mismatch";
+} | {
+    type: "validation_error";
+    message?: string;
+};
+/**
+ * The state of the password change flow.
+ *
+ * | State | Description |
+ * | ----- | ----------- |
+ * | `start` | The user is asked to enter their email address to start the flow. |
+ * | `code` | The user needs to enter the pin code to verify their email. |
+ * | `update` | The user is asked to enter their new password and confirm it. |
+ */
+export type PasswordChangeState = {
+    type: "start";
+    redirect: string;
+} | {
+    type: "code";
+    code: string;
+    email: string;
+    redirect: string;
+} | {
+    type: "update";
+    redirect: string;
+    email: string;
+};
+/**
+ * The errors that can happen on the change password screen.
+ *
+ * | Error | Description |
+ * | ----- | ----------- |
+ * | `invalid_email` | The email is invalid. |
+ * | `invalid_code` | The code is invalid. |
+ * | `invalid_password` | The password is invalid. |
+ * | `password_mismatch` | The passwords do not match. |
+ */
+export type PasswordChangeError = {
+    type: "invalid_email";
+} | {
+    type: "invalid_code";
+} | {
+    type: "invalid_password";
+} | {
+    type: "password_mismatch";
+} | {
+    type: "validation_error";
+    message: string;
+};
+/**
+ * The errors that can happen on the login screen.
+ *
+ * | Error | Description |
+ * | ----- | ----------- |
+ * | `invalid_email` | The email is invalid. |
+ * | `invalid_password` | The password is invalid. |
+ */
+export type PasswordLoginError = {
+    type: "invalid_password";
+} | {
+    type: "invalid_email";
+};
+export declare function PasswordProvider(config: PasswordConfig): Provider<{
+    email: string;
+}>;
+/**
+ * @internal
+ */
+export declare function PBKDF2Hasher(opts?: {
+    iterations?: number;
+}): PasswordHasher<{
+    hash: string;
+    salt: string;
+    iterations: number;
+}>;
+/**
+ * @internal
+ */
+export declare function ScryptHasher(opts?: {
+    N?: number;
+    r?: number;
+    p?: number;
+}): PasswordHasher<{
+    hash: string;
+    salt: string;
+    N: number;
+    r: number;
+    p: number;
+}>;
+//# sourceMappingURL=password.d.ts.map

package/dist/types/provider/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../../src/provider/password.ts"],"names":[],"mappings":"AAyCA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAExC,OAAO,EAAE,EAAE,EAAE,MAAM,uBAAuB,CAAA;AAE1C;;GAEG;AACH,MAAM,WAAW,cAAc,CAAC,CAAC;IAC/B,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;IAClC,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACvD;AAED,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;OAEG;IACH,MAAM,CAAC,EAAE,cAAc,CAAC,GAAG,CAAC,CAAA;IAC5B;;;;;;;;;;;OAWG;IACH,KAAK,EAAE,CACL,GAAG,EAAE,OAAO,EACZ,IAAI,CAAC,EAAE,QAAQ,EACf,KAAK,CAAC,EAAE,kBAAkB,KACvB,OAAO,CAAC,QAAQ,CAAC,CAAA;IACtB;;;;;;;;;;;OAWG;IACH,QAAQ,EAAE,CACR,GAAG,EAAE,OAAO,EACZ,KAAK,EAAE,qBAAqB,EAC5B,IAAI,CAAC,EAAE,QAAQ,EACf,KAAK,CAAC,EAAE,qBAAqB,KAC1B,OAAO,CAAC,QAAQ,CAAC,CAAA;IACtB;;;;;;;;;;;OAWG;IACH,MAAM,EAAE,CACN,GAAG,EAAE,OAAO,EACZ,KAAK,EAAE,mBAAmB,EAC1B,IAAI,CAAC,EAAE,QAAQ,EACf,KAAK,CAAC,EAAE,mBAAmB,KACxB,OAAO,CAAC,QAAQ,CAAC,CAAA;IACtB;;;;;;;;;;;OAWG;IACH,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACxD;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,EACb,EAAE,CAAC,cAAc,GACjB,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC,CAAA;CAC7E;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,qBAAqB,GAC7B;IACE,IAAI,EAAE,OAAO,CAAA;CACd,GACD;IACE,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAEL;;;;;;;;;;GAUG;AACH,MAAM,MAAM,qBAAqB,GAC7B;IACE,IAAI,EAAE,cAAc,CAAA;CACrB,GACD;IACE,IAAI,EAAE,aAAa,CAAA;CACpB,GACD;IACE,IAAI,EAAE,eAAe,CAAA;CACtB,GACD;IACE,IAAI,EAAE,kBAAkB,CAAA;CACzB,GACD;IACE,IAAI,EAAE,mBAAmB,CAAA;CAC1B,GACD;IACE,IAAI,EAAE,kBAAkB,CAAA;IACxB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAEL;;;;;;;;GAQG;AACH,MAAM,MAAM,mBAAmB,GAC3B;IACE,IAAI,EAAE,OAAO,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,GACD;IACE,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,GACD;IACE,IAAI,EAAE,QAAQ,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAEL;;;;;;;;;GASG;AACH,MAAM,MAAM,mBAAmB,GAC3B;IACE,IAAI,EAAE,eAAe,CAAA;CACtB,GACD;IACE,IAAI,EAAE,cAAc,CAAA;CACrB,GACD;IACE,IAAI,EAAE,kBAAkB,CAAA;CACzB,GACD;IACE,IAAI,EAAE,mBAAmB,CAAA;CAC1B,GACD;IACE,IAAI,EAAE,kBAAkB,CAAA;IACxB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAEL;;;;;;;GAOG;AACH,MAAM,MAAM,kBAAkB,GAC1B;IACE,IAAI,EAAE,kBAAkB,CAAA;CACzB,GACD;IACE,IAAI,EAAE,eAAe,CAAA;CACtB,CAAA;AAEL,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,cAAc,GACrB,QAAQ,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CA6Q7B;AAOD;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,CAAC,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,cAAc,CAAC;IAC3E,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,MAAM,CAAA;CACnB,CAAC,CAsDD;AAID;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,CAAC,EAAE;IAClC,CAAC,CAAC,EAAE,MAAM,CAAA;IACV,CAAC,CAAC,EAAE,MAAM,CAAA;IACV,CAAC,CAAC,EAAE,MAAM,CAAA;CACX,GAAG,cAAc,CAAC;IACjB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV,CAAC,CAiDD"}

package/dist/types/provider/provider.d.ts

@@ -0,0 +1,29 @@
+import type { Context, Hono } from "hono";
+import { StorageAdapter } from "../storage/storage.js";
+export type ProviderRoute = Hono;
+export interface Provider<Properties = any> {
+    type: string;
+    init: (route: ProviderRoute, options: ProviderOptions<Properties>) => void;
+    client?: (input: {
+        clientID: string;
+        clientSecret: string;
+        params: Record<string, string>;
+    }) => Promise<Properties>;
+}
+export interface ProviderOptions<Properties> {
+    name: string;
+    success: (ctx: Context, properties: Properties, opts?: {
+        invalidate?: (subject: string) => Promise<void>;
+    }) => Promise<Response>;
+    forward: (ctx: Context, response: Response) => Response;
+    set: <T>(ctx: Context, key: string, maxAge: number, value: T) => Promise<void>;
+    get: <T>(ctx: Context, key: string) => Promise<T>;
+    unset: (ctx: Context, key: string) => Promise<void>;
+    invalidate: (subject: string) => Promise<void>;
+    storage: StorageAdapter;
+}
+export declare class ProviderError extends Error {
+}
+export declare class ProviderUnknownError extends ProviderError {
+}
+//# sourceMappingURL=provider.d.ts.map

package/dist/types/provider/provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/provider/provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAEtD,MAAM,MAAM,aAAa,GAAG,IAAI,CAAA;AAEhC,MAAM,WAAW,QAAQ,CAAC,UAAU,GAAG,GAAG;IACxC,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,CAAC,UAAU,CAAC,KAAK,IAAI,CAAA;IAC1E,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE;QACf,QAAQ,EAAE,MAAM,CAAA;QAChB,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAC/B,KAAK,OAAO,CAAC,UAAU,CAAC,CAAA;CAC1B;AAED,MAAM,WAAW,eAAe,CAAC,UAAU;IACzC,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,CACP,GAAG,EAAE,OAAO,EACZ,UAAU,EAAE,UAAU,EACtB,IAAI,CAAC,EAAE;QACL,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;KAChD,KACE,OAAO,CAAC,QAAQ,CAAC,CAAA;IACtB,OAAO,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,KAAK,QAAQ,CAAA;IACvD,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC9E,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,CAAA;IACjD,KAAK,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnD,UAAU,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC9C,OAAO,EAAE,cAAc,CAAA;CACxB;AACD,qBAAa,aAAc,SAAQ,KAAK;CAAG;AAC3C,qBAAa,oBAAqB,SAAQ,aAAa;CAAG"}

package/dist/types/provider/slack.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Use this provider to authenticate with Slack.
+ *
+ * ```ts {5-10}
+ * import { SlackProvider } from "@openauthjs/openauth/provider/slack"
+ *
+ * export default issuer({
+ *   providers: {
+ *     slack: SlackProvider({
+ *       team: "T1234567890",
+ *       clientID: "1234567890",
+ *       clientSecret: "0987654321",
+ *       scopes: ["openid", "email", "profile"]
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { Oauth2WrappedConfig } from "./oauth2.js";
+export interface SlackConfig extends Oauth2WrappedConfig {
+    /**
+     * The workspace the user is intending to authenticate.
+     *
+     * If that workspace has been previously authenticated, the user will be signed in directly,
+     * bypassing the consent screen.
+     */
+    team: string;
+    /**
+     * The scopes to request from the user.
+     *
+     * | Scope | Description |
+     * |-|-|
+     * | `email` | Grants permission to access the user's email address. |
+     * | `profile` | Grants permission to access the user's profile information. |
+     * | `openid` | Grants permission to use OpenID Connect to verify the user's identity. |
+     */
+    scopes: ("email" | "profile" | "openid")[];
+}
+/**
+ * Creates a [Slack OAuth2 provider](https://api.slack.com/authentication/sign-in-with-slack).
+ *
+ * @param {SlackConfig} config - The config for the provider.
+ * @example
+ * ```ts
+ * SlackProvider({
+ *   team: "T1234567890",
+ *   clientID: "1234567890",
+ *   clientSecret: "0987654321",
+ *   scopes: ["openid", "email", "profile"]
+ * })
+ * ```
+ */
+export declare function SlackProvider(config: SlackConfig): import("./provider.js").Provider<{
+    tokenset: import("./oauth2.js").Oauth2Token;
+    clientID: string;
+}>;
+//# sourceMappingURL=slack.d.ts.map