npm - @_mustachio/openauth - Versions diffs - 0.6.0 - Mend

@_mustachio/openauth 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (192) hide show

package/dist/esm/client.js +186 -0
package/dist/esm/css.d.js +0 -0
package/dist/esm/error.js +73 -0
package/dist/esm/index.js +14 -0
package/dist/esm/issuer.js +558 -0
package/dist/esm/jwt.js +16 -0
package/dist/esm/keys.js +113 -0
package/dist/esm/pkce.js +35 -0
package/dist/esm/provider/apple.js +28 -0
package/dist/esm/provider/arctic.js +43 -0
package/dist/esm/provider/code.js +58 -0
package/dist/esm/provider/cognito.js +16 -0
package/dist/esm/provider/discord.js +15 -0
package/dist/esm/provider/facebook.js +24 -0
package/dist/esm/provider/github.js +15 -0
package/dist/esm/provider/google.js +25 -0
package/dist/esm/provider/index.js +3 -0
package/dist/esm/provider/jumpcloud.js +15 -0
package/dist/esm/provider/keycloak.js +15 -0
package/dist/esm/provider/linkedin.js +15 -0
package/dist/esm/provider/m2m.js +17 -0
package/dist/esm/provider/microsoft.js +24 -0
package/dist/esm/provider/oauth2.js +119 -0
package/dist/esm/provider/oidc.js +69 -0
package/dist/esm/provider/passkey.js +315 -0
package/dist/esm/provider/password.js +306 -0
package/dist/esm/provider/provider.js +10 -0
package/dist/esm/provider/slack.js +15 -0
package/dist/esm/provider/spotify.js +15 -0
package/dist/esm/provider/twitch.js +15 -0
package/dist/esm/provider/x.js +16 -0
package/dist/esm/provider/yahoo.js +15 -0
package/dist/esm/random.js +27 -0
package/dist/esm/storage/aws.js +39 -0
package/dist/esm/storage/cloudflare.js +42 -0
package/dist/esm/storage/dynamo.js +116 -0
package/dist/esm/storage/memory.js +88 -0
package/dist/esm/storage/storage.js +36 -0
package/dist/esm/subject.js +7 -0
package/dist/esm/ui/base.js +407 -0
package/dist/esm/ui/code.js +151 -0
package/dist/esm/ui/form.js +43 -0
package/dist/esm/ui/icon.js +92 -0
package/dist/esm/ui/passkey.js +329 -0
package/dist/esm/ui/password.js +338 -0
package/dist/esm/ui/select.js +187 -0
package/dist/esm/ui/theme.js +115 -0
package/dist/esm/util.js +54 -0
package/dist/types/client.d.ts +466 -0
package/dist/types/client.d.ts.map +1 -0
package/dist/types/error.d.ts +77 -0
package/dist/types/error.d.ts.map +1 -0
package/dist/types/index.d.ts +20 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/issuer.d.ts +465 -0
package/dist/types/issuer.d.ts.map +1 -0
package/dist/types/jwt.d.ts +6 -0
package/dist/types/jwt.d.ts.map +1 -0
package/dist/types/keys.d.ts +18 -0
package/dist/types/keys.d.ts.map +1 -0
package/dist/types/pkce.d.ts +7 -0
package/dist/types/pkce.d.ts.map +1 -0
package/dist/types/provider/apple.d.ts +108 -0
package/dist/types/provider/apple.d.ts.map +1 -0
package/dist/types/provider/arctic.d.ts +16 -0
package/dist/types/provider/arctic.d.ts.map +1 -0
package/dist/types/provider/code.d.ts +74 -0
package/dist/types/provider/code.d.ts.map +1 -0
package/dist/types/provider/cognito.d.ts +64 -0
package/dist/types/provider/cognito.d.ts.map +1 -0
package/dist/types/provider/discord.d.ts +38 -0
package/dist/types/provider/discord.d.ts.map +1 -0
package/dist/types/provider/facebook.d.ts +74 -0
package/dist/types/provider/facebook.d.ts.map +1 -0
package/dist/types/provider/github.d.ts +38 -0
package/dist/types/provider/github.d.ts.map +1 -0
package/dist/types/provider/google.d.ts +74 -0
package/dist/types/provider/google.d.ts.map +1 -0
package/dist/types/provider/index.d.ts +4 -0
package/dist/types/provider/index.d.ts.map +1 -0
package/dist/types/provider/jumpcloud.d.ts +38 -0
package/dist/types/provider/jumpcloud.d.ts.map +1 -0
package/dist/types/provider/keycloak.d.ts +67 -0
package/dist/types/provider/keycloak.d.ts.map +1 -0
package/dist/types/provider/linkedin.d.ts +6 -0
package/dist/types/provider/linkedin.d.ts.map +1 -0
package/dist/types/provider/m2m.d.ts +34 -0
package/dist/types/provider/m2m.d.ts.map +1 -0
package/dist/types/provider/microsoft.d.ts +89 -0
package/dist/types/provider/microsoft.d.ts.map +1 -0
package/dist/types/provider/oauth2.d.ts +133 -0
package/dist/types/provider/oauth2.d.ts.map +1 -0
package/dist/types/provider/oidc.d.ts +91 -0
package/dist/types/provider/oidc.d.ts.map +1 -0
package/dist/types/provider/passkey.d.ts +143 -0
package/dist/types/provider/passkey.d.ts.map +1 -0
package/dist/types/provider/password.d.ts +210 -0
package/dist/types/provider/password.d.ts.map +1 -0
package/dist/types/provider/provider.d.ts +29 -0
package/dist/types/provider/provider.d.ts.map +1 -0
package/dist/types/provider/slack.d.ts +59 -0
package/dist/types/provider/slack.d.ts.map +1 -0
package/dist/types/provider/spotify.d.ts +38 -0
package/dist/types/provider/spotify.d.ts.map +1 -0
package/dist/types/provider/twitch.d.ts +38 -0
package/dist/types/provider/twitch.d.ts.map +1 -0
package/dist/types/provider/x.d.ts +38 -0
package/dist/types/provider/x.d.ts.map +1 -0
package/dist/types/provider/yahoo.d.ts +38 -0
package/dist/types/provider/yahoo.d.ts.map +1 -0
package/dist/types/random.d.ts +3 -0
package/dist/types/random.d.ts.map +1 -0
package/dist/types/storage/aws.d.ts +4 -0
package/dist/types/storage/aws.d.ts.map +1 -0
package/dist/types/storage/cloudflare.d.ts +34 -0
package/dist/types/storage/cloudflare.d.ts.map +1 -0
package/dist/types/storage/dynamo.d.ts +65 -0
package/dist/types/storage/dynamo.d.ts.map +1 -0
package/dist/types/storage/memory.d.ts +49 -0
package/dist/types/storage/memory.d.ts.map +1 -0
package/dist/types/storage/storage.d.ts +15 -0
package/dist/types/storage/storage.d.ts.map +1 -0
package/dist/types/subject.d.ts +122 -0
package/dist/types/subject.d.ts.map +1 -0
package/dist/types/ui/base.d.ts +5 -0
package/dist/types/ui/base.d.ts.map +1 -0
package/dist/types/ui/code.d.ts +104 -0
package/dist/types/ui/code.d.ts.map +1 -0
package/dist/types/ui/form.d.ts +6 -0
package/dist/types/ui/form.d.ts.map +1 -0
package/dist/types/ui/icon.d.ts +6 -0
package/dist/types/ui/icon.d.ts.map +1 -0
package/dist/types/ui/passkey.d.ts +5 -0
package/dist/types/ui/passkey.d.ts.map +1 -0
package/dist/types/ui/password.d.ts +139 -0
package/dist/types/ui/password.d.ts.map +1 -0
package/dist/types/ui/select.d.ts +55 -0
package/dist/types/ui/select.d.ts.map +1 -0
package/dist/types/ui/theme.d.ts +207 -0
package/dist/types/ui/theme.d.ts.map +1 -0
package/dist/types/util.d.ts +8 -0
package/dist/types/util.d.ts.map +1 -0
package/package.json +51 -0
package/src/client.ts +749 -0
package/src/css.d.ts +4 -0
package/src/error.ts +120 -0
package/src/index.ts +26 -0
package/src/issuer.ts +1302 -0
package/src/jwt.ts +17 -0
package/src/keys.ts +139 -0
package/src/pkce.ts +40 -0
package/src/provider/apple.ts +127 -0
package/src/provider/arctic.ts +66 -0
package/src/provider/code.ts +227 -0
package/src/provider/cognito.ts +74 -0
package/src/provider/discord.ts +45 -0
package/src/provider/facebook.ts +84 -0
package/src/provider/github.ts +45 -0
package/src/provider/google.ts +85 -0
package/src/provider/index.ts +3 -0
package/src/provider/jumpcloud.ts +45 -0
package/src/provider/keycloak.ts +75 -0
package/src/provider/linkedin.ts +12 -0
package/src/provider/m2m.ts +56 -0
package/src/provider/microsoft.ts +100 -0
package/src/provider/oauth2.ts +297 -0
package/src/provider/oidc.ts +179 -0
package/src/provider/passkey.ts +655 -0
package/src/provider/password.ts +672 -0
package/src/provider/provider.ts +33 -0
package/src/provider/slack.ts +67 -0
package/src/provider/spotify.ts +45 -0
package/src/provider/twitch.ts +45 -0
package/src/provider/x.ts +46 -0
package/src/provider/yahoo.ts +45 -0
package/src/random.ts +24 -0
package/src/storage/aws.ts +59 -0
package/src/storage/cloudflare.ts +77 -0
package/src/storage/dynamo.ts +193 -0
package/src/storage/memory.ts +135 -0
package/src/storage/storage.ts +46 -0
package/src/subject.ts +130 -0
package/src/ui/base.tsx +118 -0
package/src/ui/code.tsx +215 -0
package/src/ui/form.tsx +40 -0
package/src/ui/icon.tsx +95 -0
package/src/ui/passkey.tsx +321 -0
package/src/ui/password.tsx +405 -0
package/src/ui/select.tsx +221 -0
package/src/ui/theme.ts +319 -0
package/src/ui/ui.css +252 -0
package/src/util.ts +58 -0

package/src/provider/discord.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * Use this provider to authenticate with Discord.
+ *
+ * ```ts {5-8}
+ * import { DiscordProvider } from "@openauthjs/openauth/provider/discord"
+ *
+ * export default issuer({
+ *   providers: {
+ *     discord: DiscordProvider({
+ *       clientID: "1234567890",
+ *       clientSecret: "0987654321"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { Oauth2Provider, Oauth2WrappedConfig } from "./oauth2.js"
+export interface DiscordConfig extends Oauth2WrappedConfig {}
+/**
+ * Create a Discord OAuth2 provider.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * DiscordProvider({
+ *   clientID: "1234567890",
+ *   clientSecret: "0987654321"
+ * })
+ * ```
+ */
+export function DiscordProvider(config: DiscordConfig) {
+  return Oauth2Provider({
+    type: "discord",
+    ...config,
+    endpoint: {
+      authorization: "https://discord.com/oauth2/authorize",
+      token: "https://discord.com/api/oauth2/token",
+    },
+  })
+}

package/src/provider/facebook.ts ADDED Viewed

@@ -0,0 +1,84 @@
+/**
+ * Use this provider to authenticate with Facebook. Supports both OAuth2 and OIDC.
+ *
+ * #### Using OAuth
+ *
+ * ```ts {5-8}
+ * import { FacebookProvider } from "@openauthjs/openauth/provider/facebook"
+ *
+ * export default issuer({
+ *   providers: {
+ *     facebook: FacebookProvider({
+ *       clientID: "1234567890",
+ *       clientSecret: "0987654321"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * #### Using OIDC
+ *
+ * ```ts {5-7}
+ * import { FacebookOidcProvider } from "@openauthjs/openauth/provider/facebook"
+ *
+ * export default issuer({
+ *   providers: {
+ *     facebook: FacebookOidcProvider({
+ *       clientID: "1234567890"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { Oauth2Provider, Oauth2WrappedConfig } from "./oauth2.js"
+import { OidcProvider, OidcWrappedConfig } from "./oidc.js"
+export interface FacebookConfig extends Oauth2WrappedConfig {}
+export interface FacebookOidcConfig extends OidcWrappedConfig {}
+/**
+ * Create a Facebook OAuth2 provider.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * FacebookProvider({
+ *   clientID: "1234567890",
+ *   clientSecret: "0987654321"
+ * })
+ * ```
+ */
+export function FacebookProvider(config: FacebookConfig) {
+  return Oauth2Provider({
+    ...config,
+    type: "facebook",
+    endpoint: {
+      authorization: "https://www.facebook.com/v12.0/dialog/oauth",
+      token: "https://graph.facebook.com/v12.0/oauth/access_token",
+    },
+  })
+}
+/**
+ * Create a Facebook OIDC provider.
+ *
+ * This is useful if you just want to verify the user's email address.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * FacebookOidcProvider({
+ *   clientID: "1234567890"
+ * })
+ * ```
+ */
+export function FacebookOidcProvider(config: FacebookOidcConfig) {
+  return OidcProvider({
+    ...config,
+    type: "facebook",
+    issuer: "https://graph.facebook.com",
+  })
+}

package/src/provider/github.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * Use this provider to authenticate with Github.
+ *
+ * ```ts {5-8}
+ * import { GithubProvider } from "@openauthjs/openauth/provider/github"
+ *
+ * export default issuer({
+ *   providers: {
+ *     github: GithubProvider({
+ *       clientID: "1234567890",
+ *       clientSecret: "0987654321"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { Oauth2Provider, Oauth2WrappedConfig } from "./oauth2.js"
+export interface GithubConfig extends Oauth2WrappedConfig {}
+/**
+ * Create a Github OAuth2 provider.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * GithubProvider({
+ *   clientID: "1234567890",
+ *   clientSecret: "0987654321"
+ * })
+ * ```
+ */
+export function GithubProvider(config: GithubConfig) {
+  return Oauth2Provider({
+    ...config,
+    type: "github",
+    endpoint: {
+      authorization: "https://github.com/login/oauth/authorize",
+      token: "https://github.com/login/oauth/access_token",
+    },
+  })
+}

package/src/provider/google.ts ADDED Viewed

@@ -0,0 +1,85 @@
+/**
+ * Use this provider to authenticate with Google. Supports both OAuth2 and OIDC.
+ *
+ * #### Using OAuth
+ *
+ * ```ts {5-8}
+ * import { GoogleProvider } from "@openauthjs/openauth/provider/google"
+ *
+ * export default issuer({
+ *   providers: {
+ *     google: GoogleProvider({
+ *       clientID: "1234567890",
+ *       clientSecret: "0987654321"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * #### Using OIDC
+ *
+ * ```ts {5-7}
+ * import { GoogleOidcProvider } from "@openauthjs/openauth/provider/google"
+ *
+ * export default issuer({
+ *   providers: {
+ *     google: GoogleOidcProvider({
+ *       clientID: "1234567890"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { Oauth2Provider, Oauth2WrappedConfig } from "./oauth2.js"
+import { OidcProvider, OidcWrappedConfig } from "./oidc.js"
+export interface GoogleConfig extends Oauth2WrappedConfig {}
+export interface GoogleOidcConfig extends OidcWrappedConfig {}
+/**
+ * Create a Google OAuth2 provider.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * GoogleProvider({
+ *   clientID: "1234567890",
+ *   clientSecret: "0987654321"
+ * })
+ * ```
+ */
+export function GoogleProvider(config: GoogleConfig) {
+  return Oauth2Provider({
+    ...config,
+    type: "google",
+    endpoint: {
+      authorization: "https://accounts.google.com/o/oauth2/v2/auth",
+      token: "https://oauth2.googleapis.com/token",
+      jwks: "https://www.googleapis.com/oauth2/v3/certs",
+    },
+  })
+}
+/**
+ * Create a Google OIDC provider.
+ *
+ * This is useful if you just want to verify the user's email address.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * GoogleOidcProvider({
+ *   clientID: "1234567890"
+ * })
+ * ```
+ */
+export function GoogleOidcProvider(config: GoogleOidcConfig) {
+  return OidcProvider({
+    ...config,
+    type: "google",
+    issuer: "https://accounts.google.com",
+  })
+}

package/src/provider/index.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from "./code.js"
+export type { Provider as Provider } from "./provider.js"
+export * from "./spotify.js"

package/src/provider/jumpcloud.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * Use this provider to authenticate with JumpCloud.
+ *
+ * ```ts {5-8}
+ * import { JumpCloudProvider } from "@openauthjs/openauth/provider/jumpcloud"
+ *
+ * export default issuer({
+ *   providers: {
+ *     jumpcloud: JumpCloudProvider({
+ *       clientID: "1234567890",
+ *       clientSecret: "0987654321"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { Oauth2Provider, Oauth2WrappedConfig } from "./oauth2.js"
+export interface JumpCloudConfig extends Oauth2WrappedConfig {}
+/**
+ * Create a JumpCloud OAuth2 provider.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * JumpCloudProvider({
+ *   clientID: "1234567890",
+ *   clientSecret: "0987654321"
+ * })
+ * ```
+ */
+export function JumpCloudProvider(config: JumpCloudConfig) {
+  return Oauth2Provider({
+    type: "jumpcloud",
+    ...config,
+    endpoint: {
+      authorization: "https://oauth.id.jumpcloud.com/oauth2/auth",
+      token: "https://oauth.id.jumpcloud.com/oauth2/token",
+    },
+  })
+}

package/src/provider/keycloak.ts ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * Use this provider to authenticate with a Keycloak server.
+ *
+ * ```ts {5-10}
+ * import { KeycloakProvider } from "@openauthjs/openauth/provider/keycloak"
+ *
+ * export default issuer({
+ *   providers: {
+ *     keycloak: KeycloakProvider({
+ *       baseUrl: "https://your-keycloak-domain",
+ *       realm: "your-realm",
+ *       clientID: "1234567890",
+ *       clientSecret: "0987654321"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { Oauth2Provider, Oauth2WrappedConfig } from "./oauth2.js"
+export interface KeycloakConfig extends Oauth2WrappedConfig {
+  /**
+   * The base URL of the Keycloak server.
+   *
+   * @example
+   * ```ts
+   * {
+   *   baseUrl: "https://your-keycloak-domain"
+   * }
+   * ```
+   */
+  baseUrl: string
+  /**
+   * The realm in the Keycloak server to authenticate against.
+   *
+   * A realm in Keycloak is like a tenant or namespace that manages a set of
+   * users, credentials, roles, and groups.
+   *
+   * @example
+   * ```ts
+   * {
+   *   realm: "your-realm"
+   * }
+   * ```
+   */
+  realm: string
+}
+/**
+ * Create a Keycloak OAuth2 provider.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * KeycloakProvider({
+ *   baseUrl: "https://your-keycloak-domain",
+ *   realm: "your-realm",
+ *   clientID: "1234567890",
+ *   clientSecret: "0987654321"
+ * })
+ * ```
+ */
+export function KeycloakProvider(config: KeycloakConfig) {
+  const baseConfig = {
+    ...config,
+    endpoint: {
+      authorization: `${config.baseUrl}/realms/${config.realm}/protocol/openid-connect/auth`,
+      token: `${config.baseUrl}/realms/${config.realm}/protocol/openid-connect/token`,
+    },
+  }
+  return Oauth2Provider(baseConfig)
+}

package/src/provider/linkedin.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { Oauth2Provider, type Oauth2WrappedConfig } from "./oauth2.js"
+export function LinkedInAdapter(config: Oauth2WrappedConfig) {
+  return Oauth2Provider({
+    ...config,
+    type: "linkedin",
+    endpoint: {
+      authorization: "https://www.linkedin.com/oauth/v2/authorization",
+      token: "https://www.linkedin.com/oauth/v2/accessToken",
+    },
+  })
+}

package/src/provider/m2m.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import { Provider } from "./provider.js"
+export interface M2MProviderConfig {
+  /**
+   * Callback to verify client credentials.
+   * Should return data about the client (e.g., associated User or Org ID).
+   * Returning undefined or throwing indicates invalid credentials.
+   */
+  verify: (
+    clientID: string,
+    clientSecret: string,
+    params: Record<string, string>,
+  ) => Promise<
+    | {
+        id: string
+        [key: string]: any
+      }
+    | undefined
+  >
+}
+/**
+ * Creates a provider for Machine-to-Machine (M2M) authentication using the
+ * OAuth 2.0 `client_credentials` grant type.
+ *
+ * This provider does not have a UI and is intended for service-to-service
+ * communication where the client can securely store a secret.
+ *
+ * @example
+ * ```ts
+ * const m2m = M2MProvider({
+ *   verify: async (clientID, clientSecret) => {
+ *     const client = await db.clients.findUnique({ where: { clientID } })
+ *     if (client && client.secret === clientSecret) return client
+ *   }
+ * })
+ * ```
+ */
+export function M2MProvider(config: M2MProviderConfig): Provider<{
+  id: string
+  [key: string]: any
+}> {
+  return {
+    type: "m2m",
+    init() {},
+    async client(input) {
+      const result = await config.verify(
+        input.clientID,
+        input.clientSecret,
+        input.params,
+      )
+      if (!result) throw new Error("Invalid client credentials")
+      return result
+    },
+  }
+}

package/src/provider/microsoft.ts ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * Use this provider to authenticate with Microsoft. Supports both OAuth2 and OIDC.
+ *
+ * #### Using OAuth
+ *
+ * ```ts {5-9}
+ * import { MicrosoftProvider } from "@openauthjs/openauth/provider/microsoft"
+ *
+ * export default issuer({
+ *   providers: {
+ *     microsoft: MicrosoftProvider({
+ *       tenant: "1234567890",
+ *       clientID: "1234567890",
+ *       clientSecret: "0987654321"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * #### Using OIDC
+ *
+ * ```ts {5-7}
+ * import { MicrosoftOidcProvider } from "@openauthjs/openauth/provider/microsoft"
+ *
+ * export default issuer({
+ *   providers: {
+ *     microsoft: MicrosoftOidcProvider({
+ *       clientID: "1234567890"
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { Oauth2Provider, Oauth2WrappedConfig } from "./oauth2.js"
+import { OidcProvider, OidcWrappedConfig } from "./oidc.js"
+export interface MicrosoftConfig extends Oauth2WrappedConfig {
+  /**
+   * The tenant ID of the Microsoft account.
+   *
+   * This is usually the same as the client ID.
+   *
+   * @example
+   * ```ts
+   * {
+   *   tenant: "1234567890"
+   * }
+   * ```
+   */
+  tenant: string
+}
+export interface MicrosoftOidcConfig extends OidcWrappedConfig {}
+/**
+ * Create a Microsoft OAuth2 provider.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * MicrosoftProvider({
+ *   tenant: "1234567890",
+ *   clientID: "1234567890",
+ *   clientSecret: "0987654321"
+ * })
+ * ```
+ */
+export function MicrosoftProvider(config: MicrosoftConfig) {
+  return Oauth2Provider({
+    ...config,
+    type: "microsoft",
+    endpoint: {
+      authorization: `https://login.microsoftonline.com/${config?.tenant}/oauth2/v2.0/authorize`,
+      token: `https://login.microsoftonline.com/${config?.tenant}/oauth2/v2.0/token`,
+    },
+  })
+}
+/**
+ * Create a Microsoft OIDC provider.
+ *
+ * This is useful if you just want to verify the user's email address.
+ *
+ * @param config - The config for the provider.
+ * @example
+ * ```ts
+ * MicrosoftOidcProvider({
+ *   clientID: "1234567890"
+ * })
+ * ```
+ */
+export function MicrosoftOidcProvider(config: MicrosoftOidcConfig) {
+  return OidcProvider({
+    ...config,
+    type: "microsoft",
+    issuer: "https://graph.microsoft.com/oidc/userinfo",
+  })
+}