@aura-stack/auth 0.4.0-rc.5 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (201) hide show
  1. package/dist/@types/index.d.ts +8 -3
  2. package/dist/@types/router.d.cjs +0 -17
  3. package/dist/@types/router.d.d.ts +7 -2
  4. package/dist/@types/router.d.js +0 -1
  5. package/dist/actions/callback/access-token.cjs +130 -71
  6. package/dist/actions/callback/access-token.d.ts +9 -4
  7. package/dist/actions/callback/access-token.js +3 -4
  8. package/dist/actions/callback/callback.cjs +428 -152
  9. package/dist/actions/callback/callback.d.ts +11 -3
  10. package/dist/actions/callback/callback.js +12 -10
  11. package/dist/actions/callback/userinfo.cjs +159 -65
  12. package/dist/actions/callback/userinfo.d.ts +8 -3
  13. package/dist/actions/callback/userinfo.js +7 -6
  14. package/dist/actions/csrfToken/csrfToken.cjs +70 -19
  15. package/dist/actions/csrfToken/csrfToken.js +8 -7
  16. package/dist/actions/index.cjs +780 -348
  17. package/dist/actions/index.d.ts +6 -2
  18. package/dist/actions/index.js +23 -18
  19. package/dist/actions/session/session.cjs +107 -26
  20. package/dist/actions/session/session.js +7 -5
  21. package/dist/actions/signIn/authorization-url.cjs +288 -0
  22. package/dist/actions/signIn/authorization-url.d.ts +31 -0
  23. package/dist/actions/signIn/authorization-url.js +16 -0
  24. package/dist/actions/signIn/authorization.cjs +209 -211
  25. package/dist/actions/signIn/authorization.d.ts +32 -21
  26. package/dist/actions/signIn/authorization.js +12 -9
  27. package/dist/actions/signIn/signIn.cjs +470 -235
  28. package/dist/actions/signIn/signIn.d.ts +12 -3
  29. package/dist/actions/signIn/signIn.js +11 -8
  30. package/dist/actions/signOut/signOut.cjs +376 -228
  31. package/dist/actions/signOut/signOut.d.ts +1 -1
  32. package/dist/actions/signOut/signOut.js +10 -9
  33. package/dist/api/createApi.cjs +750 -0
  34. package/dist/api/createApi.d.ts +12 -0
  35. package/dist/api/createApi.js +19 -0
  36. package/dist/api/getSession.cjs +141 -0
  37. package/dist/api/getSession.d.ts +16 -0
  38. package/dist/api/getSession.js +10 -0
  39. package/dist/api/signIn.cjs +549 -0
  40. package/dist/api/signIn.d.ts +26 -0
  41. package/dist/api/signIn.js +15 -0
  42. package/dist/api/signOut.cjs +279 -0
  43. package/dist/api/signOut.d.ts +16 -0
  44. package/dist/api/signOut.js +13 -0
  45. package/dist/assert.cjs +150 -5
  46. package/dist/assert.d.ts +26 -3
  47. package/dist/assert.js +17 -3
  48. package/dist/{chunk-YRCB5FLE.js → chunk-2A5B7GWR.js} +52 -6
  49. package/dist/chunk-2GQLSIJ2.js +40 -0
  50. package/dist/chunk-2IR674WX.js +44 -0
  51. package/dist/chunk-3J5TUH2I.js +50 -0
  52. package/dist/chunk-4RWSYUKX.js +98 -0
  53. package/dist/chunk-4YHJ4IEQ.js +25 -0
  54. package/dist/chunk-54CZPKR4.js +25 -0
  55. package/dist/chunk-5LZ7TOM3.js +25 -0
  56. package/dist/chunk-7BE46WWS.js +88 -0
  57. package/dist/chunk-7YYXFKLR.js +35 -0
  58. package/dist/chunk-C3A37LQC.js +33 -0
  59. package/dist/chunk-CITNGXDA.js +31 -0
  60. package/dist/chunk-CWX724AG.js +78 -0
  61. package/dist/chunk-D2CSIUKP.js +74 -0
  62. package/dist/chunk-E6G5YCI6.js +25 -0
  63. package/dist/chunk-EBAMFRB7.js +34 -0
  64. package/dist/chunk-EEE7UM5T.js +25 -0
  65. package/dist/{chunk-HT4YLL7N.js → chunk-FPCVZUVG.js} +10 -8
  66. package/dist/chunk-FW4W3REU.js +25 -0
  67. package/dist/chunk-GNNBM2WJ.js +83 -0
  68. package/dist/chunk-IPKO6UQN.js +25 -0
  69. package/dist/chunk-JOCGX3RP.js +59 -0
  70. package/dist/chunk-KBXWTD6E.js +94 -0
  71. package/dist/chunk-KMMAZFSJ.js +25 -0
  72. package/dist/chunk-LATR3NIV.js +117 -0
  73. package/dist/chunk-LAYPUDQF.js +39 -0
  74. package/dist/chunk-LDU7A2JE.js +25 -0
  75. package/dist/chunk-LX3TJ2TJ.js +294 -0
  76. package/dist/chunk-NHZBQNRR.js +143 -0
  77. package/dist/chunk-OVHNRULD.js +33 -0
  78. package/dist/chunk-PDP3PHB3.js +127 -0
  79. package/dist/chunk-PHYNROD4.js +47 -0
  80. package/dist/chunk-QQEKY4XP.js +29 -0
  81. package/dist/chunk-U4RK4LKJ.js +348 -0
  82. package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
  83. package/dist/chunk-UN7X6SU5.js +53 -0
  84. package/dist/chunk-UZQJJD6A.js +100 -0
  85. package/dist/chunk-V6LLEAR4.js +80 -0
  86. package/dist/chunk-WHNDRO3N.js +50 -0
  87. package/dist/{chunk-W6LG7BFW.js → chunk-XY5R3EHH.js} +30 -23
  88. package/dist/client/client.cjs +135 -0
  89. package/dist/client/client.d.ts +85 -0
  90. package/dist/client/client.js +9 -0
  91. package/dist/client/index.cjs +135 -0
  92. package/dist/client/index.d.ts +14 -0
  93. package/dist/client/index.js +10 -0
  94. package/dist/context.cjs +1237 -0
  95. package/dist/context.d.ts +16 -0
  96. package/dist/context.js +28 -0
  97. package/dist/cookie.cjs +57 -22
  98. package/dist/cookie.d.ts +11 -6
  99. package/dist/cookie.js +3 -2
  100. package/dist/createAuth.cjs +2320 -0
  101. package/dist/createAuth.d.ts +12 -0
  102. package/dist/createAuth.js +48 -0
  103. package/dist/env.cjs +78 -0
  104. package/dist/env.d.ts +10 -0
  105. package/dist/env.js +12 -0
  106. package/dist/errors.cjs +17 -0
  107. package/dist/errors.d.ts +15 -4
  108. package/dist/errors.js +5 -1
  109. package/dist/headers.cjs +28 -2
  110. package/dist/headers.d.ts +25 -1
  111. package/dist/headers.js +9 -3
  112. package/dist/index-_aXtxb_s.d.ts +1377 -0
  113. package/dist/index.cjs +1843 -610
  114. package/dist/index.d.ts +11 -92
  115. package/dist/index.js +53 -85
  116. package/dist/jose.cjs +113 -38
  117. package/dist/jose.d.ts +12 -23
  118. package/dist/jose.js +17 -7
  119. package/dist/logger.cjs +424 -0
  120. package/dist/logger.d.ts +12 -0
  121. package/dist/logger.js +17 -0
  122. package/dist/oauth/atlassian.cjs +57 -0
  123. package/dist/oauth/atlassian.d.ts +12 -0
  124. package/dist/oauth/atlassian.js +6 -0
  125. package/dist/oauth/bitbucket.cjs +19 -15
  126. package/dist/oauth/bitbucket.d.ts +7 -2
  127. package/dist/oauth/bitbucket.js +1 -1
  128. package/dist/oauth/discord.cjs +27 -24
  129. package/dist/oauth/discord.d.ts +7 -2
  130. package/dist/oauth/discord.js +1 -1
  131. package/dist/oauth/dropbox.cjs +53 -0
  132. package/dist/oauth/dropbox.d.ts +12 -0
  133. package/dist/oauth/dropbox.js +6 -0
  134. package/dist/oauth/figma.cjs +19 -16
  135. package/dist/oauth/figma.d.ts +7 -2
  136. package/dist/oauth/figma.js +1 -1
  137. package/dist/oauth/github.cjs +19 -8
  138. package/dist/oauth/github.d.ts +7 -2
  139. package/dist/oauth/github.js +1 -1
  140. package/dist/oauth/gitlab.cjs +19 -16
  141. package/dist/oauth/gitlab.d.ts +7 -2
  142. package/dist/oauth/gitlab.js +1 -1
  143. package/dist/oauth/index.cjs +529 -239
  144. package/dist/oauth/index.d.ts +7 -2
  145. package/dist/oauth/index.js +39 -22
  146. package/dist/oauth/mailchimp.cjs +19 -16
  147. package/dist/oauth/mailchimp.d.ts +7 -2
  148. package/dist/oauth/mailchimp.js +1 -1
  149. package/dist/oauth/notion.cjs +131 -0
  150. package/dist/oauth/notion.d.ts +12 -0
  151. package/dist/oauth/notion.js +9 -0
  152. package/dist/oauth/pinterest.cjs +19 -16
  153. package/dist/oauth/pinterest.d.ts +7 -2
  154. package/dist/oauth/pinterest.js +1 -1
  155. package/dist/oauth/spotify.cjs +19 -16
  156. package/dist/oauth/spotify.d.ts +7 -2
  157. package/dist/oauth/spotify.js +1 -1
  158. package/dist/oauth/strava.cjs +19 -16
  159. package/dist/oauth/strava.d.ts +7 -2
  160. package/dist/oauth/strava.js +1 -1
  161. package/dist/oauth/twitch.cjs +95 -0
  162. package/dist/oauth/twitch.d.ts +12 -0
  163. package/dist/oauth/twitch.js +7 -0
  164. package/dist/oauth/x.cjs +19 -16
  165. package/dist/oauth/x.d.ts +7 -2
  166. package/dist/oauth/x.js +1 -1
  167. package/dist/schemas.cjs +89 -42
  168. package/dist/schemas.d.ts +114 -18
  169. package/dist/schemas.js +5 -3
  170. package/dist/secure.cjs +73 -31
  171. package/dist/secure.d.ts +11 -11
  172. package/dist/secure.js +7 -6
  173. package/dist/utils.cjs +203 -90
  174. package/dist/utils.d.ts +21 -40
  175. package/dist/utils.js +21 -12
  176. package/package.json +9 -6
  177. package/dist/chunk-3EUWD5BB.js +0 -63
  178. package/dist/chunk-42XB3YCW.js +0 -22
  179. package/dist/chunk-6R2YZ4AC.js +0 -22
  180. package/dist/chunk-A3N4PVAT.js +0 -70
  181. package/dist/chunk-B737EUJV.js +0 -22
  182. package/dist/chunk-CXLATHS5.js +0 -143
  183. package/dist/chunk-E3OXBRYF.js +0 -22
  184. package/dist/chunk-EIL2FPSS.js +0 -22
  185. package/dist/chunk-EMKJA2GJ.js +0 -89
  186. package/dist/chunk-FIPU4MLT.js +0 -21
  187. package/dist/chunk-FKRDCWBF.js +0 -22
  188. package/dist/chunk-GA2SMTJO.js +0 -58
  189. package/dist/chunk-HP34YGGJ.js +0 -22
  190. package/dist/chunk-IKHPGFCW.js +0 -14
  191. package/dist/chunk-IUYZQTJV.js +0 -30
  192. package/dist/chunk-IVET23KF.js +0 -58
  193. package/dist/chunk-JVFTCTTE.js +0 -33
  194. package/dist/chunk-KRNOMBXQ.js +0 -22
  195. package/dist/chunk-KSWLO5ZU.js +0 -102
  196. package/dist/chunk-N2APGLXA.js +0 -71
  197. package/dist/chunk-N4SX7TZT.js +0 -96
  198. package/dist/chunk-STHEPPUZ.js +0 -11
  199. package/dist/chunk-TLE4PXY3.js +0 -39
  200. package/dist/index-B8jeIElf.d.ts +0 -679
  201. /package/dist/{chunk-DIVDFNAP.js → chunk-5X7JZMEF.js} +0 -0
@@ -20,233 +20,527 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
20
20
  // src/oauth/index.ts
21
21
  var oauth_exports = {};
22
22
  __export(oauth_exports, {
23
+ atlassian: () => atlassian,
23
24
  bitbucket: () => bitbucket,
24
25
  builtInOAuthProviders: () => builtInOAuthProviders,
25
26
  createBuiltInOAuthProviders: () => createBuiltInOAuthProviders,
26
27
  discord: () => discord,
28
+ dropbox: () => dropbox,
27
29
  figma: () => figma,
28
30
  github: () => github,
29
31
  gitlab: () => gitlab,
30
32
  mailchimp: () => mailchimp,
33
+ notion: () => notion,
31
34
  pinterest: () => pinterest,
32
35
  spotify: () => spotify,
33
36
  strava: () => strava,
37
+ twitch: () => twitch,
34
38
  x: () => x
35
39
  });
36
40
  module.exports = __toCommonJS(oauth_exports);
37
41
 
42
+ // src/env.ts
43
+ var import_meta = {};
44
+ var env = new Proxy({}, {
45
+ get(_, prop) {
46
+ if (typeof prop !== "string") return void 0;
47
+ const hasProperty = (process2) => {
48
+ return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
49
+ };
50
+ try {
51
+ if (typeof process !== "undefined" && hasProperty(process.env)) {
52
+ return process.env[prop];
53
+ }
54
+ if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
55
+ return import_meta.env[prop];
56
+ }
57
+ if (typeof Deno !== "undefined" && Deno.env?.get) {
58
+ return Deno.env.get(prop);
59
+ }
60
+ if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
61
+ return Bun.env[prop];
62
+ }
63
+ const globalValue = globalThis[prop];
64
+ return typeof globalValue === "string" ? globalValue : void 0;
65
+ } catch {
66
+ return void 0;
67
+ }
68
+ }
69
+ });
70
+ var getEnv = (key) => {
71
+ const keys = [`AURA_AUTH_${key.toUpperCase()}`, `AURA_${key.toUpperCase()}`, `AUTH_${key.toUpperCase()}`, key.toUpperCase()];
72
+ return env[keys.find((k) => env[k]) ?? ""];
73
+ };
74
+
38
75
  // src/oauth/github.ts
39
- var github = {
40
- id: "github",
41
- name: "GitHub",
42
- authorizeURL: "https://github.com/login/oauth/authorize",
43
- accessToken: "https://github.com/login/oauth/access_token",
44
- userInfo: "https://api.github.com/user",
45
- scope: "read:user user:email",
46
- responseType: "code"
76
+ var github = (options2) => {
77
+ return {
78
+ id: "github",
79
+ name: "GitHub",
80
+ authorizeURL: "https://github.com/login/oauth/authorize",
81
+ accessToken: "https://github.com/login/oauth/access_token",
82
+ userInfo: "https://api.github.com/user",
83
+ scope: "read:user user:email",
84
+ responseType: "code",
85
+ profile: (profile) => {
86
+ return {
87
+ sub: profile.id.toString(),
88
+ name: profile.name ?? profile.login,
89
+ email: profile.email ?? void 0,
90
+ image: profile.avatar_url
91
+ };
92
+ },
93
+ ...options2
94
+ };
47
95
  };
48
96
 
49
97
  // src/oauth/bitbucket.ts
50
- var bitbucket = {
51
- id: "bitbucket",
52
- name: "Bitbucket",
53
- authorizeURL: "https://bitbucket.org/site/oauth2/authorize",
54
- accessToken: "https://bitbucket.org/site/oauth2/access_token",
55
- userInfo: "https://api.bitbucket.org/2.0/user",
56
- scope: "account email",
57
- responseType: "code",
58
- profile(profile) {
59
- return {
60
- sub: profile.uuid ?? profile.account_id,
61
- name: profile.display_name ?? profile.nickname,
62
- image: profile.links.avatar.href
63
- };
64
- }
98
+ var bitbucket = (options2) => {
99
+ return {
100
+ id: "bitbucket",
101
+ name: "Bitbucket",
102
+ authorizeURL: "https://bitbucket.org/site/oauth2/authorize",
103
+ accessToken: "https://bitbucket.org/site/oauth2/access_token",
104
+ userInfo: "https://api.bitbucket.org/2.0/user",
105
+ scope: "account email",
106
+ responseType: "code",
107
+ profile(profile) {
108
+ return {
109
+ sub: profile.uuid ?? profile.account_id,
110
+ name: profile.display_name ?? profile.nickname,
111
+ image: profile.links.avatar?.href,
112
+ email: void 0
113
+ };
114
+ },
115
+ ...options2
116
+ };
65
117
  };
66
118
 
67
119
  // src/oauth/figma.ts
68
- var figma = {
69
- id: "figma",
70
- name: "Figma",
71
- authorizeURL: "https://www.figma.com/oauth",
72
- accessToken: "https://api.figma.com/v1/oauth/token",
73
- userInfo: "https://api.figma.com/v1/me",
74
- scope: "current_user:read",
75
- responseType: "code",
76
- profile(profile) {
77
- return {
78
- sub: profile.id,
79
- name: profile.handle,
80
- email: profile.email,
81
- image: profile.img_url
82
- };
83
- }
120
+ var figma = (options2) => {
121
+ return {
122
+ id: "figma",
123
+ name: "Figma",
124
+ authorizeURL: "https://www.figma.com/oauth",
125
+ accessToken: "https://api.figma.com/v1/oauth/token",
126
+ userInfo: "https://api.figma.com/v1/me",
127
+ scope: "current_user:read",
128
+ responseType: "code",
129
+ profile(profile) {
130
+ return {
131
+ sub: profile.id,
132
+ name: profile.handle,
133
+ email: profile.email,
134
+ image: profile.img_url
135
+ };
136
+ },
137
+ ...options2
138
+ };
84
139
  };
85
140
 
86
141
  // src/oauth/discord.ts
87
- var discord = {
88
- id: "discord",
89
- name: "Discord",
90
- authorizeURL: "https://discord.com/oauth2/authorize",
91
- accessToken: "https://discord.com/api/oauth2/token",
92
- userInfo: "https://discord.com/api/users/@me",
93
- scope: "identify email",
94
- responseType: "code",
95
- profile(profile) {
96
- let image = "";
97
- if (profile.avatar === null) {
98
- const index = profile.discriminator === "0" ? (BigInt(profile.id) >> 22n) % 6n : Number(profile.discriminator) % 5;
99
- image = `https://cdn.discordapp.com/embed/avatars/${index}.png`;
100
- } else {
101
- const format = profile.avatar.startsWith("a_") ? "gif" : "png";
102
- image = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
103
- }
104
- return {
105
- sub: profile.id,
106
- name: profile.global_name ?? profile.username,
107
- email: profile.email ?? "",
108
- image
109
- };
110
- }
142
+ var discord = (options2) => {
143
+ return {
144
+ id: "discord",
145
+ name: "Discord",
146
+ authorizeURL: "https://discord.com/oauth2/authorize",
147
+ accessToken: "https://discord.com/api/oauth2/token",
148
+ userInfo: "https://discord.com/api/users/@me",
149
+ scope: "identify email",
150
+ responseType: "code",
151
+ profile(profile) {
152
+ let image = "";
153
+ if (profile.avatar === null) {
154
+ const index = profile.discriminator === "0" ? (BigInt(profile.id) >> 22n) % 6n : Number(profile.discriminator) % 5;
155
+ image = `https://cdn.discordapp.com/embed/avatars/${index}.png`;
156
+ } else {
157
+ const format = profile.avatar.startsWith("a_") ? "gif" : "png";
158
+ image = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
159
+ }
160
+ return {
161
+ sub: profile.id,
162
+ name: profile.global_name ?? profile.username,
163
+ email: profile.email ?? "",
164
+ image
165
+ };
166
+ },
167
+ ...options2
168
+ };
111
169
  };
112
170
 
113
171
  // src/oauth/gitlab.ts
114
- var gitlab = {
115
- id: "gitlab",
116
- name: "GitLab",
117
- authorizeURL: "https://gitlab.com/oauth/authorize",
118
- accessToken: "https://gitlab.com/oauth/token",
119
- userInfo: "https://gitlab.com/api/v4/user",
120
- scope: "read_user",
121
- responseType: "code",
122
- profile(profile) {
123
- return {
124
- sub: profile.id.toString(),
125
- name: profile.name ?? profile.username,
126
- email: profile.email,
127
- avatar: profile.avatar_url
128
- };
129
- }
172
+ var gitlab = (options2) => {
173
+ return {
174
+ id: "gitlab",
175
+ name: "GitLab",
176
+ authorizeURL: "https://gitlab.com/oauth/authorize",
177
+ accessToken: "https://gitlab.com/oauth/token",
178
+ userInfo: "https://gitlab.com/api/v4/user",
179
+ scope: "read_user",
180
+ responseType: "code",
181
+ profile(profile) {
182
+ return {
183
+ sub: profile.id.toString(),
184
+ name: profile.name ?? profile.username,
185
+ email: profile.email,
186
+ image: profile.avatar_url
187
+ };
188
+ },
189
+ ...options2
190
+ };
130
191
  };
131
192
 
132
193
  // src/oauth/spotify.ts
133
- var spotify = {
134
- id: "spotify",
135
- name: "Spotify",
136
- authorizeURL: "https://accounts.spotify.com/authorize",
137
- accessToken: "https://accounts.spotify.com/api/token",
138
- userInfo: "https://api.spotify.com/v1/me",
139
- scope: "user-read-email user-read-private",
140
- responseType: "token",
141
- profile(profile) {
142
- return {
143
- sub: profile.id,
144
- name: profile.display_name,
145
- email: profile.email,
146
- image: profile.images?.[0]?.url
147
- };
148
- }
194
+ var spotify = (options2) => {
195
+ return {
196
+ id: "spotify",
197
+ name: "Spotify",
198
+ authorizeURL: "https://accounts.spotify.com/authorize",
199
+ accessToken: "https://accounts.spotify.com/api/token",
200
+ userInfo: "https://api.spotify.com/v1/me",
201
+ scope: "user-read-private user-read-email",
202
+ responseType: "code",
203
+ profile(profile) {
204
+ return {
205
+ sub: profile.id,
206
+ name: profile.display_name,
207
+ email: profile.email,
208
+ image: profile.images[0]?.url ?? void 0
209
+ };
210
+ },
211
+ ...options2
212
+ };
149
213
  };
150
214
 
151
215
  // src/oauth/x.ts
152
- var x = {
153
- id: "x",
154
- name: "X",
155
- authorizeURL: "https://x.com/i/oauth2/authorize",
156
- accessToken: "https://api.x.com/2/oauth2/token",
157
- userInfo: "https://api.x.com/2/users/me?user.fields=profile_image_url",
158
- scope: "users.read users.email tweet.read offline.access",
159
- responseType: "code",
160
- profile({ data }) {
161
- return {
162
- sub: data.id,
163
- name: data.name,
164
- image: data.profile_image_url,
165
- email: ""
166
- };
167
- }
216
+ var x = (options2) => {
217
+ return {
218
+ id: "x",
219
+ name: "X",
220
+ authorizeURL: "https://twitter.com/i/oauth2/authorize",
221
+ accessToken: "https://api.twitter.com/2/oauth2/token",
222
+ userInfo: "https://api.twitter.com/2/users/me?user.fields=profile_image_url",
223
+ scope: "tweet.read users.read offline.access",
224
+ responseType: "code",
225
+ profile(profile) {
226
+ return {
227
+ sub: profile.data.id,
228
+ name: profile.data.name,
229
+ image: profile.data.profile_image_url,
230
+ email: void 0
231
+ };
232
+ },
233
+ ...options2
234
+ };
168
235
  };
169
236
 
170
237
  // src/oauth/strava.ts
171
- var strava = {
172
- id: "strava",
173
- name: "Strava",
174
- authorizeURL: "https://www.strava.com/oauth/authorize",
175
- accessToken: "https://www.strava.com/oauth/token",
176
- userInfo: "https://www.strava.com/api/v3/athlete",
177
- scope: "read",
178
- responseType: "code",
179
- profile(profile) {
180
- return {
181
- sub: profile.id.toString(),
182
- name: `${profile.firstname} ${profile.lastname}`,
183
- image: profile.profile,
184
- email: ""
185
- };
186
- }
238
+ var strava = (options2) => {
239
+ return {
240
+ id: "strava",
241
+ name: "Strava",
242
+ authorizeURL: "https://www.strava.com/oauth/authorize",
243
+ accessToken: "https://www.strava.com/oauth/token",
244
+ userInfo: "https://www.strava.com/api/v3/athlete",
245
+ scope: "read",
246
+ responseType: "code",
247
+ profile(profile) {
248
+ return {
249
+ sub: profile.id.toString(),
250
+ name: `${profile.firstname} ${profile.lastname}`,
251
+ image: profile.profile,
252
+ email: void 0
253
+ };
254
+ },
255
+ ...options2
256
+ };
187
257
  };
188
258
 
189
259
  // src/oauth/mailchimp.ts
190
- var mailchimp = {
191
- id: "mailchimp",
192
- name: "Mailchimp",
193
- authorizeURL: "https://login.mailchimp.com/oauth2/authorize",
194
- accessToken: "https://login.mailchimp.com/oauth2/token",
195
- userInfo: "https://login.mailchimp.com/oauth2/metadata",
196
- scope: "",
197
- responseType: "code",
198
- profile(profile) {
199
- return {
200
- sub: profile.user_id,
201
- name: profile.accountname,
202
- email: profile.login.login_email,
203
- image: null
204
- };
205
- }
260
+ var mailchimp = (options2) => {
261
+ return {
262
+ id: "mailchimp",
263
+ name: "Mailchimp",
264
+ authorizeURL: "https://login.mailchimp.com/oauth2/authorize",
265
+ accessToken: "https://login.mailchimp.com/oauth2/token",
266
+ userInfo: "https://login.mailchimp.com/oauth2/metadata",
267
+ scope: "",
268
+ responseType: "code",
269
+ profile(profile) {
270
+ return {
271
+ sub: profile.user_id,
272
+ name: profile.accountname,
273
+ email: profile.login.email,
274
+ image: profile.login.avatar
275
+ };
276
+ },
277
+ ...options2
278
+ };
206
279
  };
207
280
 
208
281
  // src/oauth/pinterest.ts
209
- var pinterest = {
210
- id: "pinterest",
211
- name: "Pinterest",
212
- authorizeURL: "https://api.pinterest.com/oauth/",
213
- accessToken: "https://api.pinterest.com/v5/oauth/token",
214
- userInfo: "https://api.pinterest.com/v5/user_account",
215
- scope: "user_accounts:read",
216
- responseType: "code",
217
- profile(profile) {
282
+ var pinterest = (options2) => {
283
+ return {
284
+ id: "pinterest",
285
+ name: "Pinterest",
286
+ authorizeURL: "https://www.pinterest.com/oauth",
287
+ accessToken: "https://api.pinterest.com/v5/oauth/token",
288
+ userInfo: "https://api.pinterest.com/v5/user_account",
289
+ scope: "user_accounts:read",
290
+ responseType: "code",
291
+ profile(profile) {
292
+ return {
293
+ sub: profile.id,
294
+ name: profile.username,
295
+ image: profile.profile_image,
296
+ email: void 0
297
+ };
298
+ },
299
+ ...options2
300
+ };
301
+ };
302
+
303
+ // src/oauth/twitch.ts
304
+ var twitch = (options2) => {
305
+ const clientId = options2?.clientId ?? getEnv("TWITCH_CLIENT_ID");
306
+ return {
307
+ id: "twitch",
308
+ name: "Twitch",
309
+ authorize: {
310
+ url: "https://id.twitch.tv/oauth2/authorize",
311
+ params: { scope: "user:read:email", responseType: "code" }
312
+ },
313
+ accessToken: "https://id.twitch.tv/oauth2/token",
314
+ userInfo: {
315
+ url: "https://api.twitch.tv/helix/users",
316
+ headers: {
317
+ "Client-ID": clientId
318
+ }
319
+ },
320
+ profile(profile) {
321
+ const user = profile.data[0];
322
+ if (!user) {
323
+ throw new Error("No user data found in Twitch profile response");
324
+ }
325
+ return {
326
+ sub: user.id,
327
+ name: user.display_name,
328
+ email: user.email,
329
+ picture: user.profile_image_url
330
+ };
331
+ },
332
+ ...options2
333
+ };
334
+ };
335
+
336
+ // src/utils.ts
337
+ var import_router = require("@aura-stack/router");
338
+
339
+ // src/errors.ts
340
+ var AuthInternalError = class extends Error {
341
+ type = "AUTH_INTERNAL_ERROR";
342
+ code;
343
+ constructor(code, message, options2) {
344
+ super(message, options2);
345
+ this.code = code;
346
+ this.name = new.target.name;
347
+ Error.captureStackTrace(this, new.target);
348
+ }
349
+ };
350
+
351
+ // src/assert.ts
352
+ var import_crypto = require("@aura-stack/jose/crypto");
353
+
354
+ // src/utils.ts
355
+ var formatZodError = (error) => {
356
+ if (!error.issues || error.issues.length === 0) {
357
+ return {};
358
+ }
359
+ return error.issues.reduce((previous, issue) => {
360
+ const key = issue.path.join(".");
218
361
  return {
219
- sub: profile.id,
220
- name: profile.username,
221
- email: null,
222
- image: profile.profile_image
362
+ ...previous,
363
+ [key]: {
364
+ code: issue.code,
365
+ message: issue.message
366
+ }
223
367
  };
368
+ }, {});
369
+ };
370
+ var createBasicAuthHeader = (username, password) => {
371
+ const getUsername = getEnv(username.toUpperCase()) ?? username;
372
+ const getPassword = getEnv(password.toUpperCase()) ?? password;
373
+ if (!getUsername || !getPassword) {
374
+ throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", "Missing client credentials for OAuth provider configuration.");
224
375
  }
376
+ const credentials = `${getUsername}:${getPassword}`;
377
+ return `Basic ${btoa(credentials)}`;
378
+ };
379
+
380
+ // src/oauth/notion.ts
381
+ var notion = (options2) => {
382
+ return {
383
+ id: "notion",
384
+ name: "Notion",
385
+ authorize: {
386
+ url: "https://api.notion.com/v1/oauth/authorize",
387
+ params: {
388
+ owner: "user",
389
+ scope: "user:read",
390
+ responseType: "code"
391
+ }
392
+ },
393
+ accessToken: {
394
+ url: "https://api.notion.com/v1/oauth/token",
395
+ headers: {
396
+ Authorization: createBasicAuthHeader(
397
+ options2?.clientId ?? "NOTION_CLIENT_ID",
398
+ options2?.clientSecret ?? "NOTION_CLIENT_SECRET"
399
+ )
400
+ }
401
+ },
402
+ userInfo: {
403
+ url: "https://api.notion.com/v1/users/me",
404
+ headers: {
405
+ "Notion-Version": "2022-06-28"
406
+ }
407
+ },
408
+ profile(profile) {
409
+ return {
410
+ sub: profile.id,
411
+ name: profile.name,
412
+ image: profile.avatar_url ?? "",
413
+ email: profile?.bot?.owner?.user?.person?.email
414
+ };
415
+ },
416
+ ...options2
417
+ };
418
+ };
419
+
420
+ // src/oauth/dropbox.ts
421
+ var dropbox = (options2) => {
422
+ return {
423
+ id: "dropbox",
424
+ name: "Dropbox",
425
+ authorize: {
426
+ url: "https://www.dropbox.com/oauth2/authorize",
427
+ params: { scope: "account_info.read" }
428
+ },
429
+ accessToken: "https://api.dropboxapi.com/oauth2/token",
430
+ userInfo: {
431
+ method: "POST",
432
+ url: "https://api.dropboxapi.com/2/users/get_current_account"
433
+ },
434
+ profile(profile) {
435
+ return {
436
+ sub: profile.account_id,
437
+ name: profile.name.display_name,
438
+ email: profile.email,
439
+ image: profile.profile_photo_url
440
+ };
441
+ },
442
+ ...options2
443
+ };
444
+ };
445
+
446
+ // src/oauth/atlassian.ts
447
+ var atlassian = (options2) => {
448
+ return {
449
+ id: "atlassian",
450
+ name: "Atlassian",
451
+ authorize: {
452
+ url: "https://auth.atlassian.com/authorize",
453
+ params: {
454
+ audience: "api.atlassian.com",
455
+ scope: "read:me read:account",
456
+ prompt: "consent"
457
+ }
458
+ },
459
+ authorizeURL: "https://auth.atlassian.com/authorize",
460
+ accessToken: "https://auth.atlassian.com/oauth/token",
461
+ userInfo: "https://api.atlassian.com/me",
462
+ scope: "read:me read:account",
463
+ responseType: "code",
464
+ profile(profile) {
465
+ return {
466
+ sub: profile.account_id,
467
+ name: profile.name,
468
+ email: profile.email,
469
+ image: profile.picture
470
+ };
471
+ },
472
+ ...options2
473
+ };
225
474
  };
226
475
 
227
476
  // src/schemas.ts
228
- var import_zod = require("zod");
229
- var OAuthProviderConfigSchema = (0, import_zod.object)({
230
- authorizeURL: (0, import_zod.string)().url(),
231
- accessToken: (0, import_zod.string)().url(),
232
- scope: (0, import_zod.string)().optional(),
233
- userInfo: (0, import_zod.string)().url(),
234
- responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
235
- clientId: (0, import_zod.string)(),
236
- clientSecret: (0, import_zod.string)()
477
+ var import_v4 = require("zod/v4");
478
+ var AuthorizeConfigSchema = import_v4.z.union([
479
+ (0, import_v4.string)().url(),
480
+ (0, import_v4.object)({
481
+ url: (0, import_v4.string)().url(),
482
+ params: (0, import_v4.object)({
483
+ responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
484
+ scope: (0, import_v4.string)().optional()
485
+ })
486
+ })
487
+ ]);
488
+ var AccessTokenConfigSchema = import_v4.z.union([
489
+ (0, import_v4.string)().url(),
490
+ (0, import_v4.object)({
491
+ url: (0, import_v4.string)().url(),
492
+ headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional()
493
+ })
494
+ ]);
495
+ var UserInfoConfigSchema = import_v4.z.union([
496
+ (0, import_v4.string)().url(),
497
+ (0, import_v4.object)({
498
+ url: (0, import_v4.string)().url(),
499
+ headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional(),
500
+ method: (0, import_v4.string)().optional()
501
+ })
502
+ ]);
503
+ var OAuthProviderCredentialsSchema = (0, import_v4.object)({
504
+ id: (0, import_v4.string)(),
505
+ name: (0, import_v4.string)(),
506
+ authorize: AuthorizeConfigSchema.optional(),
507
+ /** @deprecated */
508
+ authorizeURL: (0, import_v4.string)().url().optional(),
509
+ accessToken: AccessTokenConfigSchema,
510
+ /** @deprecated */
511
+ scope: (0, import_v4.string)().optional(),
512
+ userInfo: UserInfoConfigSchema,
513
+ /** @deprecated */
514
+ responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
515
+ clientId: (0, import_v4.string)(),
516
+ clientSecret: (0, import_v4.string)(),
517
+ profile: import_v4.z.function().optional()
518
+ });
519
+ var OAuthProviderConfigSchema = (0, import_v4.object)({
520
+ authorize: AuthorizeConfigSchema.optional(),
521
+ /** @deprecated */
522
+ authorizeURL: (0, import_v4.string)().url().optional(),
523
+ accessToken: AccessTokenConfigSchema,
524
+ /** @deprecated */
525
+ scope: (0, import_v4.string)().optional(),
526
+ userInfo: UserInfoConfigSchema,
527
+ /** @deprecated */
528
+ responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
529
+ clientId: (0, import_v4.string)(),
530
+ clientSecret: (0, import_v4.string)()
237
531
  });
238
532
  var OAuthAuthorization = OAuthProviderConfigSchema.extend({
239
- redirectURI: (0, import_zod.string)(),
240
- state: (0, import_zod.string)(),
241
- codeChallenge: (0, import_zod.string)(),
242
- codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
533
+ redirectURI: (0, import_v4.string)(),
534
+ state: (0, import_v4.string)(),
535
+ codeChallenge: (0, import_v4.string)(),
536
+ codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
243
537
  });
244
- var OAuthAuthorizationResponse = (0, import_zod.object)({
245
- state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
246
- code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
538
+ var OAuthAuthorizationResponse = (0, import_v4.object)({
539
+ state: (0, import_v4.string)({ message: "Missing state parameter in the OAuth authorization response." }),
540
+ code: (0, import_v4.string)({ message: "Missing code parameter in the OAuth authorization response." })
247
541
  });
248
- var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
249
- error: (0, import_zod.enum)([
542
+ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
543
+ error: (0, import_v4.enum)([
250
544
  "invalid_request",
251
545
  "unauthorized_client",
252
546
  "access_denied",
@@ -255,24 +549,24 @@ var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
255
549
  "server_error",
256
550
  "temporarily_unavailable"
257
551
  ]),
258
- error_description: (0, import_zod.string)().optional(),
259
- error_uri: (0, import_zod.string)().optional(),
260
- state: (0, import_zod.string)()
552
+ error_description: (0, import_v4.string)().optional(),
553
+ error_uri: (0, import_v4.string)().optional(),
554
+ state: (0, import_v4.string)()
261
555
  });
262
556
  var OAuthAccessToken = OAuthProviderConfigSchema.extend({
263
- redirectURI: (0, import_zod.string)(),
264
- code: (0, import_zod.string)(),
265
- codeVerifier: (0, import_zod.string)().min(43).max(128)
557
+ redirectURI: (0, import_v4.string)(),
558
+ code: (0, import_v4.string)(),
559
+ codeVerifier: (0, import_v4.string)().min(43).max(128)
266
560
  });
267
- var OAuthAccessTokenResponse = (0, import_zod.object)({
268
- access_token: (0, import_zod.string)(),
269
- token_type: (0, import_zod.string)().optional(),
270
- expires_in: (0, import_zod.number)().optional(),
271
- refresh_token: (0, import_zod.string)().optional(),
272
- scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
561
+ var OAuthAccessTokenResponse = (0, import_v4.object)({
562
+ access_token: (0, import_v4.string)(),
563
+ token_type: (0, import_v4.string)().optional(),
564
+ expires_in: (0, import_v4.number)().optional(),
565
+ refresh_token: (0, import_v4.string)().optional(),
566
+ scope: (0, import_v4.union)([(0, import_v4.string)().optional().or((0, import_v4.null)()), (0, import_v4.array)((0, import_v4.string)()).optional()])
273
567
  });
274
- var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
275
- error: (0, import_zod.enum)([
568
+ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
569
+ error: (0, import_v4.enum)([
276
570
  "invalid_request",
277
571
  "invalid_client",
278
572
  "invalid_grant",
@@ -280,48 +574,18 @@ var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
280
574
  "unsupported_grant_type",
281
575
  "invalid_scope"
282
576
  ]),
283
- error_description: (0, import_zod.string)().optional(),
284
- error_uri: (0, import_zod.string)().optional()
577
+ error_description: (0, import_v4.string)().optional(),
578
+ error_uri: (0, import_v4.string)().optional()
285
579
  });
286
- var OAuthErrorResponse = (0, import_zod.object)({
287
- error: (0, import_zod.string)(),
288
- error_description: (0, import_zod.string)().optional()
580
+ var OAuthErrorResponse = (0, import_v4.object)({
581
+ error: (0, import_v4.string)(),
582
+ error_description: (0, import_v4.string)().optional()
289
583
  });
290
- var OAuthEnvSchema = (0, import_zod.object)({
291
- clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
292
- clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
584
+ var OAuthEnvSchema = (0, import_v4.object)({
585
+ clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
586
+ clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
293
587
  });
294
588
 
295
- // src/errors.ts
296
- var AuthInternalError = class extends Error {
297
- type = "AUTH_INTERNAL_ERROR";
298
- code;
299
- constructor(code, message, options2) {
300
- super(message, options2);
301
- this.code = code;
302
- this.name = new.target.name;
303
- Error.captureStackTrace(this, new.target);
304
- }
305
- };
306
-
307
- // src/utils.ts
308
- var import_router = require("@aura-stack/router");
309
- var formatZodError = (error) => {
310
- if (!error.issues || error.issues.length === 0) {
311
- return {};
312
- }
313
- return error.issues.reduce((previous, issue) => {
314
- const key = issue.path.join(".");
315
- return {
316
- ...previous,
317
- [key]: {
318
- code: issue.code,
319
- message: issue.message
320
- }
321
- };
322
- }, {});
323
- };
324
-
325
589
  // src/oauth/index.ts
326
590
  var builtInOAuthProviders = {
327
591
  github,
@@ -333,18 +597,19 @@ var builtInOAuthProviders = {
333
597
  x,
334
598
  strava,
335
599
  mailchimp,
336
- pinterest
600
+ pinterest,
601
+ twitch,
602
+ notion,
603
+ dropbox,
604
+ atlassian
337
605
  };
338
606
  var defineOAuthEnvironment = (oauth) => {
339
- const env = process.env;
340
- const clientIdSuffix = `${oauth.toUpperCase()}_CLIENT_ID`;
341
- const clientSecretSuffix = `${oauth.toUpperCase()}_CLIENT_SECRET`;
342
607
  const loadEnvs = OAuthEnvSchema.safeParse({
343
- clientId: env[`AURA_AUTH_${clientIdSuffix}`] ?? env[`AUTH_${clientIdSuffix}`] ?? env[`${clientIdSuffix}`],
344
- clientSecret: env[`AURA_AUTH_${clientSecretSuffix}`] ?? env[`AUTH_${clientSecretSuffix}`] ?? env[`${clientSecretSuffix}`]
608
+ clientId: getEnv(`${oauth.toUpperCase()}_CLIENT_ID`),
609
+ clientSecret: getEnv(`${oauth.toUpperCase()}_CLIENT_SECRET`)
345
610
  });
346
611
  if (!loadEnvs.success) {
347
- const msg = JSON.stringify(formatZodError(loadEnvs.error), null, 2);
612
+ const msg = JSON.stringify({ [oauth]: formatZodError(loadEnvs.error) }, null, 2);
348
613
  throw new AuthInternalError("INVALID_ENVIRONMENT_CONFIGURATION", msg);
349
614
  }
350
615
  return loadEnvs.data;
@@ -352,32 +617,57 @@ var defineOAuthEnvironment = (oauth) => {
352
617
  var defineOAuthProviderConfig = (config) => {
353
618
  if (typeof config === "string") {
354
619
  const definition = defineOAuthEnvironment(config);
355
- const oauthConfig = builtInOAuthProviders[config];
356
- return {
357
- ...oauthConfig,
358
- ...definition
359
- };
620
+ const oauthConfig = builtInOAuthProviders[config]();
621
+ const parsed2 = OAuthProviderCredentialsSchema.safeParse({ ...oauthConfig, ...definition });
622
+ if (!parsed2.success) {
623
+ const details = JSON.stringify({ [config]: formatZodError(parsed2.error) }, null, 2);
624
+ throw new AuthInternalError(
625
+ "INVALID_OAUTH_PROVIDER_CONFIGURATION",
626
+ `Invalid configuration for OAuth provider "${config}": ${details}`
627
+ );
628
+ }
629
+ return parsed2.data;
630
+ }
631
+ const hasCredentials = config.clientId && config.clientSecret;
632
+ const envConfig = hasCredentials ? {} : defineOAuthEnvironment(config.id);
633
+ const parsed = OAuthProviderCredentialsSchema.safeParse({ ...envConfig, ...config });
634
+ if (!parsed.success) {
635
+ const details = JSON.stringify({ [config.id]: formatZodError(parsed.error) }, null, 2);
636
+ throw new AuthInternalError(
637
+ "INVALID_OAUTH_PROVIDER_CONFIGURATION",
638
+ `Invalid configuration for OAuth provider "${config.id}": ${details}`
639
+ );
360
640
  }
361
- return config;
641
+ return parsed.data;
362
642
  };
363
643
  var createBuiltInOAuthProviders = (oauth = []) => {
364
644
  return oauth.reduce((previous, config) => {
365
645
  const oauthConfig = defineOAuthProviderConfig(config);
646
+ if (oauthConfig.id in previous) {
647
+ throw new AuthInternalError(
648
+ "DUPLICATED_OAUTH_PROVIDER_ID",
649
+ `Duplicate OAuth provider id "${oauthConfig.id}" found. Each provider must have a unique id.`
650
+ );
651
+ }
366
652
  return { ...previous, [oauthConfig.id]: oauthConfig };
367
653
  }, {});
368
654
  };
369
655
  // Annotate the CommonJS export names for ESM import in node:
370
656
  0 && (module.exports = {
657
+ atlassian,
371
658
  bitbucket,
372
659
  builtInOAuthProviders,
373
660
  createBuiltInOAuthProviders,
374
661
  discord,
662
+ dropbox,
375
663
  figma,
376
664
  github,
377
665
  gitlab,
378
666
  mailchimp,
667
+ notion,
379
668
  pinterest,
380
669
  spotify,
381
670
  strava,
671
+ twitch,
382
672
  x
383
673
  });