@alliance-droid/svelte-auth-core 1.0.0

package/dist/providers/github-oauth.js

@@ -0,0 +1,230 @@
+/**
+ * GitHub OAuth Provider
+ * Handles GitHub OAuth 2.0 flow
+ */
+export class GitHubOAuthProvider {
+    constructor(config) {
+        Object.defineProperty(this, "clientId", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "clientSecret", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "redirectUri", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "scope", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "allowSignup", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "authorizationEndpoint", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 'https://github.com/login/oauth/authorize'
+        });
+        Object.defineProperty(this, "tokenEndpoint", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 'https://github.com/login/oauth/access_token'
+        });
+        Object.defineProperty(this, "userinfoEndpoint", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 'https://api.github.com/user'
+        });
+        if (!config.clientId || !config.clientSecret || !config.redirectUri) {
+            throw new Error('GitHub OAuth configuration is missing required fields');
+        }
+        this.clientId = config.clientId;
+        this.clientSecret = config.clientSecret;
+        this.redirectUri = config.redirectUri;
+        this.scope = config.scope || ['read:user', 'user:email'];
+        this.allowSignup = config.allowSignup !== false;
+    }
+    /**
+     * Generate authorization URL
+     */
+    generateAuthorizationUrl(state) {
+        const params = new URLSearchParams({
+            client_id: this.clientId,
+            redirect_uri: this.redirectUri,
+            scope: this.scope.join(' '),
+            state,
+            allow_signup: this.allowSignup.toString()
+        });
+        return `${this.authorizationEndpoint}?${params.toString()}`;
+    }
+    /**
+     * Exchange authorization code for tokens
+     */
+    async exchangeCode(code) {
+        try {
+            const response = await fetch(this.tokenEndpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Accept: 'application/json'
+                },
+                body: JSON.stringify({
+                    code,
+                    client_id: this.clientId,
+                    client_secret: this.clientSecret,
+                    redirect_uri: this.redirectUri
+                })
+            });
+            if (!response.ok) {
+                throw new Error(`GitHub token exchange failed: ${response.statusText}`);
+            }
+            const data = await response.json();
+            if (data.error) {
+                throw new Error(`GitHub OAuth error: ${data.error}`);
+            }
+            return {
+                accessToken: data.access_token,
+                expiresIn: data.expires_in || 28800, // 8 hours default
+                tokenType: data.token_type || 'Bearer'
+            };
+        }
+        catch (error) {
+            throw new Error(`Failed to exchange GitHub authorization code: ${error}`);
+        }
+    }
+    /**
+     * Fetch user profile from GitHub
+     * Also fetches email if not in primary profile
+     */
+    async fetchUserProfile(accessToken) {
+        try {
+            // Fetch user profile
+            const profileResponse = await fetch(this.userinfoEndpoint, {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                    'User-Agent': 'svelte-auth-system'
+                }
+            });
+            if (!profileResponse.ok) {
+                throw new Error(`Failed to fetch GitHub user info: ${profileResponse.statusText}`);
+            }
+            const profileData = await profileResponse.json();
+            // If email is not public, fetch from emails endpoint
+            let email = profileData.email;
+            if (!email) {
+                email = await this.fetchUserEmail(accessToken);
+            }
+            if (!email) {
+                throw new Error('Could not retrieve email from GitHub');
+            }
+            return {
+                id: profileData.id.toString(),
+                email,
+                name: profileData.name,
+                avatar: profileData.avatar_url,
+                provider: 'github'
+            };
+        }
+        catch (error) {
+            throw new Error(`Failed to fetch GitHub user profile: ${error}`);
+        }
+    }
+    /**
+     * Fetch user email from GitHub emails endpoint
+     */
+    async fetchUserEmail(accessToken) {
+        try {
+            const response = await fetch('https://api.github.com/user/emails', {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                    'User-Agent': 'svelte-auth-system'
+                }
+            });
+            if (!response.ok) {
+                return null;
+            }
+            const emails = await response.json();
+            // Find primary email
+            const primaryEmail = emails.find((e) => e.primary);
+            if (primaryEmail) {
+                return primaryEmail.email;
+            }
+            // Find verified email
+            const verifiedEmail = emails.find((e) => e.verified);
+            if (verifiedEmail) {
+                return verifiedEmail.email;
+            }
+            // Return first email if available
+            return emails[0]?.email || null;
+        }
+        catch (error) {
+            console.error('Failed to fetch GitHub user email:', error);
+            return null;
+        }
+    }
+    /**
+     * GitHub does not support refresh tokens (token doesn't expire)
+     * This method is a no-op but included for API consistency
+     */
+    async refreshAccessToken(accessToken) {
+        // GitHub tokens don't expire, so we just return the same token
+        return {
+            accessToken,
+            expiresIn: 0,
+            tokenType: 'Bearer'
+        };
+    }
+    /**
+     * Validate authorization code format
+     */
+    validateAuthorizationCode(code) {
+        return !!(code && typeof code === 'string' && code.length > 0);
+    }
+    /**
+     * Validate access token format
+     */
+    validateAccessToken(token) {
+        return !!(token && typeof token === 'string' && token.length > 0);
+    }
+    /**
+     * Revoke access token
+     */
+    async revokeAccessToken(accessToken) {
+        try {
+            // GitHub requires basic auth with clientId:clientSecret
+            const auth = Buffer.from(`${this.clientId}:${this.clientSecret}`).toString('base64');
+            const response = await fetch(`https://api.github.com/applications/${this.clientId}/token`, {
+                method: 'DELETE',
+                headers: {
+                    Authorization: `Basic ${auth}`,
+                    'User-Agent': 'svelte-auth-system',
+                    'Content-Type': 'application/json'
+                },
+                body: JSON.stringify({ access_token: accessToken })
+            });
+            return response.ok;
+        }
+        catch (error) {
+            console.error('Failed to revoke GitHub access token:', error);
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=github-oauth.js.map

package/dist/providers/github-oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-oauth.js","sourceRoot":"","sources":["../../src/providers/github-oauth.ts"],"names":[],"mappings":"AAUA;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IAW/B,YAAY,MAAyB;QAV7B;;;;;WAAiB;QACjB;;;;;WAAqB;QACrB;;;;;WAAoB;QACpB;;;;;WAAgB;QAChB;;;;;WAAqB;QAEZ;;;;mBAAwB,0CAA0C;WAAC;QACnE;;;;mBAAgB,6CAA6C;WAAC;QAC9D;;;;mBAAmB,6BAA6B;WAAC;QAGjE,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACrE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACxC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACtC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QACzD,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,KAAK,KAAK,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,KAAa;QACrC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YAClC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,YAAY,EAAE,IAAI,CAAC,WAAW;YAC9B,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3B,KAAK;YACL,YAAY,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE;SACzC,CAAC,CAAC;QAEH,OAAO,GAAG,IAAI,CAAC,qBAAqB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,IAAY;QAC9B,IAAI,CAAC;YACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACR,cAAc,EAAE,kBAAkB;oBAClC,MAAM,EAAE,kBAAkB;iBAC1B;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACpB,IAAI;oBACJ,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;oBAChC,YAAY,EAAE,IAAI,CAAC,WAAW;iBAC9B,CAAC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YACzE,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CAAC,uBAAuB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC;YAED,OAAO;gBACN,WAAW,EAAE,IAAI,CAAC,YAAY;gBAC9B,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,KAAK,EAAE,kBAAkB;gBACvD,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,QAAQ;aACtC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,iDAAiD,KAAK,EAAE,CAAC,CAAC;QAC3E,CAAC;IACF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,WAAmB;QACzC,IAAI,CAAC;YACJ,qBAAqB;YACrB,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE;gBAC1D,OAAO,EAAE;oBACR,aAAa,EAAE,UAAU,WAAW,EAAE;oBACtC,YAAY,EAAE,oBAAoB;iBAClC;aACD,CAAC,CAAC;YAEH,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,qCAAqC,eAAe,CAAC,UAAU,EAAE,CAAC,CAAC;YACpF,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,CAAC;YAEjD,qDAAqD;YACrD,IAAI,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC;YAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACZ,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;YAChD,CAAC;YAED,IAAI,CAAC,KAAK,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACzD,CAAC;YAED,OAAO;gBACN,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,QAAQ,EAAE;gBAC7B,KAAK;gBACL,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,MAAM,EAAE,WAAW,CAAC,UAAU;gBAC9B,QAAQ,EAAE,QAAQ;aAClB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,wCAAwC,KAAK,EAAE,CAAC,CAAC;QAClE,CAAC;IACF,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAAC,WAAmB;QAC/C,IAAI,CAAC;YACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,oCAAoC,EAAE;gBAClE,OAAO,EAAE;oBACR,aAAa,EAAE,UAAU,WAAW,EAAE;oBACtC,YAAY,EAAE,oBAAoB;iBAClC;aACD,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,OAAO,IAAI,CAAC;YACb,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAErC,qBAAqB;YACrB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACxD,IAAI,YAAY,EAAE,CAAC;gBAClB,OAAO,YAAY,CAAC,KAAK,CAAC;YAC3B,CAAC;YAED,sBAAsB;YACtB,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YAC1D,IAAI,aAAa,EAAE,CAAC;gBACnB,OAAO,aAAa,CAAC,KAAK,CAAC;YAC5B,CAAC;YAED,kCAAkC;YAClC,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC3D,OAAO,IAAI,CAAC;QACb,CAAC;IACF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,kBAAkB,CAAC,WAAmB;QAC3C,+DAA+D;QAC/D,OAAO;YACN,WAAW;YACX,SAAS,EAAE,CAAC;YACZ,SAAS,EAAE,QAAQ;SACnB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,yBAAyB,CAAC,IAAY;QACrC,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAChE,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,KAAa;QAChC,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,WAAmB;QAC1C,IAAI,CAAC;YACJ,wDAAwD;YACxD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAErF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC3B,uCAAuC,IAAI,CAAC,QAAQ,QAAQ,EAC5D;gBACC,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE;oBACR,aAAa,EAAE,SAAS,IAAI,EAAE;oBAC9B,YAAY,EAAE,oBAAoB;oBAClC,cAAc,EAAE,kBAAkB;iBAClC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;aACnD,CACD,CAAC;YAEF,OAAO,QAAQ,CAAC,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC9D,OAAO,KAAK,CAAC;QACd,CAAC;IACF,CAAC;CACD"}

package/dist/providers/google-oauth.d.ts

@@ -0,0 +1,46 @@
+import type { OAuthProviderConfig, OAuthUserProfile, OAuthTokenResponse } from '../oauth-types';
+/**
+ * Google OAuth Configuration
+ */
+export interface GoogleOAuthConfig extends OAuthProviderConfig {
+    scope?: string[];
+}
+/**
+ * Google OAuth Provider
+ * Handles Google OAuth 2.0 flow
+ */
+export declare class GoogleOAuthProvider {
+    private clientId;
+    private clientSecret;
+    private redirectUri;
+    private scope;
+    private readonly authorizationEndpoint;
+    private readonly tokenEndpoint;
+    private readonly userinfoEndpoint;
+    constructor(config: GoogleOAuthConfig);
+    /**
+     * Generate authorization URL
+     */
+    generateAuthorizationUrl(state: string): string;
+    /**
+     * Exchange authorization code for tokens
+     */
+    exchangeCode(code: string): Promise<OAuthTokenResponse>;
+    /**
+     * Fetch user profile from Google
+     */
+    fetchUserProfile(accessToken: string): Promise<OAuthUserProfile>;
+    /**
+     * Refresh access token
+     */
+    refreshAccessToken(refreshToken: string): Promise<OAuthTokenResponse>;
+    /**
+     * Validate authorization code format
+     */
+    validateAuthorizationCode(code: string): boolean;
+    /**
+     * Validate access token format
+     */
+    validateAccessToken(token: string): boolean;
+}
+//# sourceMappingURL=google-oauth.d.ts.map

package/dist/providers/google-oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-oauth.d.ts","sourceRoot":"","sources":["../../src/providers/google-oauth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,mBAAmB;IAC7D,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;;GAGG;AACH,qBAAa,mBAAmB;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,KAAK,CAAW;IAExB,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAkD;IACxF,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgD;IAC9E,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmD;gBAExE,MAAM,EAAE,iBAAiB;IAWrC;;OAEG;IACH,wBAAwB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAc/C;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAiC7D;;OAEG;IACG,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IA2BtE;;OAEG;IACG,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAgC3E;;OAEG;IACH,yBAAyB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIhD;;OAEG;IACH,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAG3C"}

package/dist/providers/google-oauth.js

@@ -0,0 +1,177 @@
+/**
+ * Google OAuth Provider
+ * Handles Google OAuth 2.0 flow
+ */
+export class GoogleOAuthProvider {
+    constructor(config) {
+        Object.defineProperty(this, "clientId", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "clientSecret", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "redirectUri", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "scope", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "authorizationEndpoint", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 'https://accounts.google.com/o/oauth2/v2/auth'
+        });
+        Object.defineProperty(this, "tokenEndpoint", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 'https://www.googleapis.com/oauth2/v4/token'
+        });
+        Object.defineProperty(this, "userinfoEndpoint", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 'https://www.googleapis.com/oauth2/v2/userinfo'
+        });
+        if (!config.clientId || !config.clientSecret || !config.redirectUri) {
+            throw new Error('Google OAuth configuration is missing required fields');
+        }
+        this.clientId = config.clientId;
+        this.clientSecret = config.clientSecret;
+        this.redirectUri = config.redirectUri;
+        this.scope = config.scope || ['openid', 'email', 'profile'];
+    }
+    /**
+     * Generate authorization URL
+     */
+    generateAuthorizationUrl(state) {
+        const params = new URLSearchParams({
+            client_id: this.clientId,
+            redirect_uri: this.redirectUri,
+            response_type: 'code',
+            scope: this.scope.join(' '),
+            state,
+            access_type: 'offline',
+            prompt: 'consent'
+        });
+        return `${this.authorizationEndpoint}?${params.toString()}`;
+    }
+    /**
+     * Exchange authorization code for tokens
+     */
+    async exchangeCode(code) {
+        try {
+            const response = await fetch(this.tokenEndpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded'
+                },
+                body: new URLSearchParams({
+                    code,
+                    client_id: this.clientId,
+                    client_secret: this.clientSecret,
+                    redirect_uri: this.redirectUri,
+                    grant_type: 'authorization_code'
+                }).toString()
+            });
+            if (!response.ok) {
+                throw new Error(`Google token exchange failed: ${response.statusText}`);
+            }
+            const data = await response.json();
+            return {
+                accessToken: data.access_token,
+                refreshToken: data.refresh_token,
+                expiresIn: data.expires_in || 3600,
+                tokenType: data.token_type || 'Bearer'
+            };
+        }
+        catch (error) {
+            throw new Error(`Failed to exchange Google authorization code: ${error}`);
+        }
+    }
+    /**
+     * Fetch user profile from Google
+     */
+    async fetchUserProfile(accessToken) {
+        try {
+            const response = await fetch(this.userinfoEndpoint, {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                    'User-Agent': 'svelte-auth-system'
+                }
+            });
+            if (!response.ok) {
+                throw new Error(`Failed to fetch Google user info: ${response.statusText}`);
+            }
+            const data = await response.json();
+            return {
+                id: data.id,
+                email: data.email,
+                name: data.name,
+                avatar: data.picture,
+                provider: 'google'
+            };
+        }
+        catch (error) {
+            throw new Error(`Failed to fetch Google user profile: ${error}`);
+        }
+    }
+    /**
+     * Refresh access token
+     */
+    async refreshAccessToken(refreshToken) {
+        try {
+            const response = await fetch(this.tokenEndpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded'
+                },
+                body: new URLSearchParams({
+                    refresh_token: refreshToken,
+                    client_id: this.clientId,
+                    client_secret: this.clientSecret,
+                    grant_type: 'refresh_token'
+                }).toString()
+            });
+            if (!response.ok) {
+                throw new Error(`Google token refresh failed: ${response.statusText}`);
+            }
+            const data = await response.json();
+            return {
+                accessToken: data.access_token,
+                refreshToken: data.refresh_token || refreshToken,
+                expiresIn: data.expires_in || 3600,
+                tokenType: data.token_type || 'Bearer'
+            };
+        }
+        catch (error) {
+            throw new Error(`Failed to refresh Google access token: ${error}`);
+        }
+    }
+    /**
+     * Validate authorization code format
+     */
+    validateAuthorizationCode(code) {
+        return !!(code && typeof code === 'string' && code.length > 0);
+    }
+    /**
+     * Validate access token format
+     */
+    validateAccessToken(token) {
+        return !!(token && typeof token === 'string' && token.length > 0);
+    }
+}
+//# sourceMappingURL=google-oauth.js.map

package/dist/providers/google-oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-oauth.js","sourceRoot":"","sources":["../../src/providers/google-oauth.ts"],"names":[],"mappings":"AASA;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IAU/B,YAAY,MAAyB;QAT7B;;;;;WAAiB;QACjB;;;;;WAAqB;QACrB;;;;;WAAoB;QACpB;;;;;WAAgB;QAEP;;;;mBAAwB,8CAA8C;WAAC;QACvE;;;;mBAAgB,4CAA4C;WAAC;QAC7D;;;;mBAAmB,+CAA+C;WAAC;QAGnF,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACrE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACxC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACtC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,KAAa;QACrC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YAClC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,YAAY,EAAE,IAAI,CAAC,WAAW;YAC9B,aAAa,EAAE,MAAM;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3B,KAAK;YACL,WAAW,EAAE,SAAS;YACtB,MAAM,EAAE,SAAS;SACjB,CAAC,CAAC;QAEH,OAAO,GAAG,IAAI,CAAC,qBAAqB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,IAAY;QAC9B,IAAI,CAAC;YACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACR,cAAc,EAAE,mCAAmC;iBACnD;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACzB,IAAI;oBACJ,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;oBAChC,YAAY,EAAE,IAAI,CAAC,WAAW;oBAC9B,UAAU,EAAE,oBAAoB;iBAChC,CAAC,CAAC,QAAQ,EAAE;aACb,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YACzE,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,OAAO;gBACN,WAAW,EAAE,IAAI,CAAC,YAAY;gBAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;gBAChC,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;gBAClC,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,QAAQ;aACtC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,iDAAiD,KAAK,EAAE,CAAC,CAAC;QAC3E,CAAC;IACF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,WAAmB;QACzC,IAAI,CAAC;YACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE;gBACnD,OAAO,EAAE;oBACR,aAAa,EAAE,UAAU,WAAW,EAAE;oBACtC,YAAY,EAAE,oBAAoB;iBAClC;aACD,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YAC7E,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,OAAO;gBACN,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,MAAM,EAAE,IAAI,CAAC,OAAO;gBACpB,QAAQ,EAAE,QAAQ;aAClB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,wCAAwC,KAAK,EAAE,CAAC,CAAC;QAClE,CAAC;IACF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,YAAoB;QAC5C,IAAI,CAAC;YACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACR,cAAc,EAAE,mCAAmC;iBACnD;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACzB,aAAa,EAAE,YAAY;oBAC3B,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;oBAChC,UAAU,EAAE,eAAe;iBAC3B,CAAC,CAAC,QAAQ,EAAE;aACb,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YACxE,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,OAAO;gBACN,WAAW,EAAE,IAAI,CAAC,YAAY;gBAC9B,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,YAAY;gBAChD,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;gBAClC,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,QAAQ;aACtC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,0CAA0C,KAAK,EAAE,CAAC,CAAC;QACpE,CAAC;IACF,CAAC;IAED;;OAEG;IACH,yBAAyB,CAAC,IAAY;QACrC,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAChE,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,KAAa;QAChC,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnE,CAAC;CACD"}

package/dist/providers/oidc-oauth.d.ts

@@ -0,0 +1,85 @@
+import type { OAuthProviderConfig, OAuthUserProfile, OAuthTokenResponse } from '../oauth-types';
+/**
+ * OIDC Provider Configuration
+ */
+export interface OIDCProviderConfig extends OAuthProviderConfig {
+    discoveryUrl?: string;
+    authorizationEndpoint: string;
+    tokenEndpoint: string;
+    userInfoEndpoint: string;
+    scope?: string[];
+    responseType?: string;
+    responseMode?: string;
+}
+/**
+ * OIDC (OpenID Connect) Provider
+ * Handles generic OIDC 1.0 flow
+ */
+export declare class OIDCOAuthProvider {
+    private clientId;
+    private clientSecret;
+    private redirectUri;
+    private authorizationEndpoint;
+    private tokenEndpoint;
+    private userInfoEndpoint;
+    private scope;
+    private responseType;
+    private responseMode;
+    constructor(config: OIDCProviderConfig);
+    /**
+     * Discover OIDC endpoints from .well-known/openid-configuration
+     */
+    static discoverEndpoints(discoveryUrl: string): Promise<{
+        authorizationEndpoint: string;
+        tokenEndpoint: string;
+        userInfoEndpoint: string;
+    }>;
+    /**
+     * Create from discovery URL
+     */
+    static createFromDiscovery(config: Omit<OIDCProviderConfig, 'authorizationEndpoint' | 'tokenEndpoint' | 'userInfoEndpoint'> & {
+        discoveryUrl: string;
+    }): Promise<OIDCOAuthProvider>;
+    /**
+     * Generate authorization URL
+     */
+    generateAuthorizationUrl(state: string, nonce: string): string;
+    /**
+     * Exchange authorization code for tokens
+     */
+    exchangeCode(code: string): Promise<OAuthTokenResponse>;
+    /**
+     * Fetch user profile from OIDC userinfo endpoint
+     */
+    fetchUserProfile(accessToken: string): Promise<OAuthUserProfile>;
+    /**
+     * Refresh access token
+     */
+    refreshAccessToken(refreshToken: string): Promise<OAuthTokenResponse>;
+    /**
+     * Validate ID token (basic validation)
+     * In production, should use a JWT library to verify signature
+     */
+    validateIdToken(idToken: string): boolean;
+    /**
+     * Decode ID token (without validation - for debugging only)
+     */
+    decodeIdToken(idToken: string): Record<string, any>;
+    /**
+     * Extract provider name from authorization endpoint
+     */
+    private extractProviderName;
+    /**
+     * Validate authorization code format
+     */
+    validateAuthorizationCode(code: string): boolean;
+    /**
+     * Validate access token format
+     */
+    validateAccessToken(token: string): boolean;
+    /**
+     * Revoke access token
+     */
+    revokeAccessToken(accessToken: string): Promise<boolean>;
+}
+//# sourceMappingURL=oidc-oauth.d.ts.map

package/dist/providers/oidc-oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-oauth.d.ts","sourceRoot":"","sources":["../../src/providers/oidc-oauth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,mBAAmB;IAC9D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,iBAAiB;IAC7B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,KAAK,CAAW;IACxB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,YAAY,CAAS;gBAEjB,MAAM,EAAE,kBAAkB;IAuBtC;;OAEG;WACU,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC;QAC7D,qBAAqB,EAAE,MAAM,CAAC;QAC9B,aAAa,EAAE,MAAM,CAAC;QACtB,gBAAgB,EAAE,MAAM,CAAC;KACzB,CAAC;IAoBF;;OAEG;WACU,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,kBAAkB,EAAE,uBAAuB,GAAG,eAAe,GAAG,kBAAkB,CAAC,GAAG;QACnI,YAAY,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAS9B;;OAEG;IACH,wBAAwB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM;IAc9D;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAiC7D;;OAEG;IACG,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAkCtE;;OAEG;IACG,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAoC3E;;;OAGG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IASzC;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAWnD;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAS3B;;OAEG;IACH,yBAAyB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIhD;;OAEG;IACH,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAI3C;;OAEG;IACG,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAsB9D"}