npm - @better-auth/core - Versions diffs - 1.3.26 → 1.3.28 - Mend

@better-auth/core 1.3.26 → 1.3.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

package/.turbo/turbo-build.log +60 -9
package/build.config.ts +7 -0
package/dist/db/adapter/index.cjs +2 -0
package/dist/db/adapter/index.d.cts +14 -0
package/dist/db/adapter/index.d.mts +14 -0
package/dist/db/adapter/index.d.ts +14 -0
package/dist/db/adapter/index.mjs +1 -0
package/dist/db/index.cjs +89 -0
package/dist/db/index.d.cts +16 -107
package/dist/db/index.d.mts +16 -107
package/dist/db/index.d.ts +16 -107
package/dist/db/index.mjs +69 -0
package/dist/env/index.cjs +312 -0
package/dist/env/index.d.cts +36 -0
package/dist/env/index.d.mts +36 -0
package/dist/env/index.d.ts +36 -0
package/dist/env/index.mjs +297 -0
package/dist/error/index.cjs +44 -0
package/dist/error/index.d.cts +33 -0
package/dist/error/index.d.mts +33 -0
package/dist/error/index.d.ts +33 -0
package/dist/error/index.mjs +41 -0
package/dist/index.d.cts +179 -1
package/dist/index.d.mts +179 -1
package/dist/index.d.ts +179 -1
package/dist/middleware/index.cjs +25 -0
package/dist/middleware/index.d.cts +14 -0
package/dist/middleware/index.d.mts +14 -0
package/dist/middleware/index.d.ts +14 -0
package/dist/middleware/index.mjs +21 -0
package/dist/oauth2/index.cjs +368 -0
package/dist/oauth2/index.d.cts +100 -0
package/dist/oauth2/index.d.mts +100 -0
package/dist/oauth2/index.d.ts +100 -0
package/dist/oauth2/index.mjs +357 -0
package/dist/shared/core.BJPBStdk.d.ts +1693 -0
package/dist/shared/core.Bl6TpxyD.d.mts +181 -0
package/dist/shared/core.Bqe5IGAi.d.ts +13 -0
package/dist/shared/core.BwoNUcJQ.d.cts +53 -0
package/dist/shared/core.BwoNUcJQ.d.mts +53 -0
package/dist/shared/core.BwoNUcJQ.d.ts +53 -0
package/dist/shared/core.CajxAutx.d.cts +143 -0
package/dist/shared/core.CajxAutx.d.mts +143 -0
package/dist/shared/core.CajxAutx.d.ts +143 -0
package/dist/shared/core.CkkLHQWc.d.mts +1693 -0
package/dist/shared/core.DkdZ1o38.d.ts +181 -0
package/dist/shared/core.Dl-70uns.d.cts +84 -0
package/dist/shared/core.Dl-70uns.d.mts +84 -0
package/dist/shared/core.Dl-70uns.d.ts +84 -0
package/dist/shared/core.DyEdx0m7.d.cts +181 -0
package/dist/shared/core.E9DfzGLz.d.mts +13 -0
package/dist/shared/core.HqYn20Fi.d.cts +13 -0
package/dist/shared/core.gYIBmdi1.d.cts +1693 -0
package/dist/social-providers/index.cjs +2793 -0
package/dist/social-providers/index.d.cts +3903 -0
package/dist/social-providers/index.d.mts +3903 -0
package/dist/social-providers/index.d.ts +3903 -0
package/dist/social-providers/index.mjs +2743 -0
package/dist/utils/index.cjs +7 -0
package/dist/utils/index.d.cts +10 -0
package/dist/utils/index.d.mts +10 -0
package/dist/utils/index.d.ts +10 -0
package/dist/utils/index.mjs +5 -0
package/package.json +109 -2
package/src/db/adapter/index.ts +448 -0
package/src/db/index.ts +13 -0
package/src/db/plugin.ts +11 -0
package/src/db/schema/account.ts +34 -0
package/src/db/schema/rate-limit.ts +21 -0
package/src/db/schema/session.ts +17 -0
package/src/db/schema/shared.ts +7 -0
package/src/db/schema/user.ts +16 -0
package/src/db/schema/verification.ts +15 -0
package/src/db/type.ts +50 -0
package/src/env/color-depth.ts +172 -0
package/src/env/env-impl.ts +123 -0
package/src/env/index.ts +23 -0
package/src/env/logger.test.ts +33 -0
package/src/env/logger.ts +145 -0
package/src/error/codes.ts +31 -0
package/src/error/index.ts +11 -0
package/src/index.ts +1 -1
package/src/middleware/index.ts +33 -0
package/src/oauth2/client-credentials-token.ts +102 -0
package/src/oauth2/create-authorization-url.ts +85 -0
package/src/oauth2/index.ts +22 -0
package/src/oauth2/oauth-provider.ts +194 -0
package/src/oauth2/refresh-access-token.ts +124 -0
package/src/oauth2/utils.ts +36 -0
package/src/oauth2/validate-authorization-code.ts +156 -0
package/src/social-providers/apple.ts +213 -0
package/src/social-providers/atlassian.ts +130 -0
package/src/social-providers/cognito.ts +269 -0
package/src/social-providers/discord.ts +172 -0
package/src/social-providers/dropbox.ts +112 -0
package/src/social-providers/facebook.ts +204 -0
package/src/social-providers/figma.ts +115 -0
package/src/social-providers/github.ts +154 -0
package/src/social-providers/gitlab.ts +152 -0
package/src/social-providers/google.ts +171 -0
package/src/social-providers/huggingface.ts +116 -0
package/src/social-providers/index.ts +118 -0
package/src/social-providers/kakao.ts +178 -0
package/src/social-providers/kick.ts +95 -0
package/src/social-providers/line.ts +169 -0
package/src/social-providers/linear.ts +120 -0
package/src/social-providers/linkedin.ts +110 -0
package/src/social-providers/microsoft-entra-id.ts +243 -0
package/src/social-providers/naver.ts +112 -0
package/src/social-providers/notion.ts +106 -0
package/src/social-providers/paypal.ts +261 -0
package/src/social-providers/reddit.ts +122 -0
package/src/social-providers/roblox.ts +110 -0
package/src/social-providers/salesforce.ts +157 -0
package/src/social-providers/slack.ts +114 -0
package/src/social-providers/spotify.ts +93 -0
package/src/social-providers/tiktok.ts +211 -0
package/src/social-providers/twitch.ts +111 -0
package/src/social-providers/twitter.ts +194 -0
package/src/social-providers/vk.ts +128 -0
package/src/social-providers/zoom.ts +218 -0
package/src/types/context.ts +313 -0
package/src/types/cookie.ts +7 -0
package/src/types/helper.ts +5 -0
package/src/types/index.ts +20 -1
package/src/types/init-options.ts +1161 -0
package/src/types/plugin-client.ts +69 -0
package/src/types/plugin.ts +134 -0
package/src/utils/error-codes.ts +51 -0
package/src/utils/index.ts +1 -0

package/dist/social-providers/index.mjs ADDED Viewed

@@ -0,0 +1,2743 @@
+import * as z from 'zod';
+import { betterFetch } from '@better-fetch/fetch';
+import { APIError } from 'better-call';
+import { decodeJwt, decodeProtectedHeader, jwtVerify, importJWK, createRemoteJWKSet } from 'jose';
+import { refreshAccessToken, validateAuthorizationCode, createAuthorizationURL, getOAuth2Tokens, generateCodeChallenge } from '@better-auth/core/oauth2';
+import { BetterAuthError } from '../error/index.mjs';
+import { logger } from '@better-auth/core/env';
+import { base64 } from '@better-auth/utils/base64';
+import '@better-auth/core/utils';
+const apple = (options) => {
+  const tokenEndpoint = "https://appleid.apple.com/auth/token";
+  return {
+    id: "apple",
+    name: "Apple",
+    async createAuthorizationURL({ state, scopes, redirectURI }) {
+      const _scope = options.disableDefaultScope ? [] : ["email", "name"];
+      options.scope && _scope.push(...options.scope);
+      scopes && _scope.push(...scopes);
+      const url = await createAuthorizationURL({
+        id: "apple",
+        options,
+        authorizationEndpoint: "https://appleid.apple.com/auth/authorize",
+        scopes: _scope,
+        state,
+        redirectURI,
+        responseMode: "form_post",
+        responseType: "code id_token"
+      });
+      return url;
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint
+      });
+    },
+    async verifyIdToken(token, nonce) {
+      if (options.disableIdTokenSignIn) {
+        return false;
+      }
+      if (options.verifyIdToken) {
+        return options.verifyIdToken(token, nonce);
+      }
+      const decodedHeader = decodeProtectedHeader(token);
+      const { kid, alg: jwtAlg } = decodedHeader;
+      if (!kid || !jwtAlg) return false;
+      const publicKey = await getApplePublicKey(kid);
+      const { payload: jwtClaims } = await jwtVerify(token, publicKey, {
+        algorithms: [jwtAlg],
+        issuer: "https://appleid.apple.com",
+        audience: options.audience && options.audience.length ? options.audience : options.appBundleIdentifier ? options.appBundleIdentifier : options.clientId,
+        maxTokenAge: "1h"
+      });
+      ["email_verified", "is_private_email"].forEach((field) => {
+        if (jwtClaims[field] !== void 0) {
+          jwtClaims[field] = Boolean(jwtClaims[field]);
+        }
+      });
+      if (nonce && jwtClaims.nonce !== nonce) {
+        return false;
+      }
+      return !!jwtClaims;
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://appleid.apple.com/auth/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      if (!token.idToken) {
+        return null;
+      }
+      const profile = decodeJwt(token.idToken);
+      if (!profile) {
+        return null;
+      }
+      const name = token.user ? `${token.user.name?.firstName} ${token.user.name?.lastName}` : profile.name || profile.email;
+      const emailVerified = typeof profile.email_verified === "boolean" ? profile.email_verified : profile.email_verified === "true";
+      const enrichedProfile = {
+        ...profile,
+        name
+      };
+      const userMap = await options.mapProfileToUser?.(enrichedProfile);
+      return {
+        user: {
+          id: profile.sub,
+          name: enrichedProfile.name,
+          emailVerified,
+          email: profile.email,
+          ...userMap
+        },
+        data: enrichedProfile
+      };
+    },
+    options
+  };
+};
+const getApplePublicKey = async (kid) => {
+  const APPLE_BASE_URL = "https://appleid.apple.com";
+  const JWKS_APPLE_URI = "/auth/keys";
+  const { data } = await betterFetch(`${APPLE_BASE_URL}${JWKS_APPLE_URI}`);
+  if (!data?.keys) {
+    throw new APIError("BAD_REQUEST", {
+      message: "Keys not found"
+    });
+  }
+  const jwk = data.keys.find((key) => key.kid === kid);
+  if (!jwk) {
+    throw new Error(`JWK with kid ${kid} not found`);
+  }
+  return await importJWK(jwk, jwk.alg);
+};
+const atlassian = (options) => {
+  return {
+    id: "atlassian",
+    name: "Atlassian",
+    async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+      if (!options.clientId || !options.clientSecret) {
+        logger.error("Client Id and Secret are required for Atlassian");
+        throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+      }
+      if (!codeVerifier) {
+        throw new BetterAuthError("codeVerifier is required for Atlassian");
+      }
+      const _scopes = options.disableDefaultScope ? [] : ["read:jira-user", "offline_access"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "atlassian",
+        options,
+        authorizationEndpoint: "https://auth.atlassian.com/authorize",
+        scopes: _scopes,
+        state,
+        codeVerifier,
+        redirectURI,
+        additionalParams: {
+          audience: "api.atlassian.com"
+        },
+        prompt: options.prompt
+      });
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://auth.atlassian.com/oauth/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://auth.atlassian.com/oauth/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      if (!token.accessToken) {
+        return null;
+      }
+      try {
+        const { data: profile } = await betterFetch("https://api.atlassian.com/me", {
+          headers: { Authorization: `Bearer ${token.accessToken}` }
+        });
+        if (!profile) return null;
+        const userMap = await options.mapProfileToUser?.(profile);
+        return {
+          user: {
+            id: profile.account_id,
+            name: profile.name,
+            email: profile.email,
+            image: profile.picture,
+            emailVerified: false,
+            ...userMap
+          },
+          data: profile
+        };
+      } catch (error) {
+        logger.error("Failed to fetch user info from Figma:", error);
+        return null;
+      }
+    },
+    options
+  };
+};
+const cognito = (options) => {
+  if (!options.domain || !options.region || !options.userPoolId) {
+    logger.error(
+      "Domain, region and userPoolId are required for Amazon Cognito. Make sure to provide them in the options."
+    );
+    throw new BetterAuthError("DOMAIN_AND_REGION_REQUIRED");
+  }
+  const cleanDomain = options.domain.replace(/^https?:\/\//, "");
+  const authorizationEndpoint = `https://${cleanDomain}/oauth2/authorize`;
+  const tokenEndpoint = `https://${cleanDomain}/oauth2/token`;
+  const userInfoEndpoint = `https://${cleanDomain}/oauth2/userinfo`;
+  return {
+    id: "cognito",
+    name: "Cognito",
+    async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+      if (!options.clientId) {
+        logger.error(
+          "ClientId is required for Amazon Cognito. Make sure to provide them in the options."
+        );
+        throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+      }
+      if (options.requireClientSecret && !options.clientSecret) {
+        logger.error(
+          "Client Secret is required when requireClientSecret is true. Make sure to provide it in the options."
+        );
+        throw new BetterAuthError("CLIENT_SECRET_REQUIRED");
+      }
+      const _scopes = options.disableDefaultScope ? [] : ["openid", "profile", "email"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      const url = await createAuthorizationURL({
+        id: "cognito",
+        options: {
+          ...options
+        },
+        authorizationEndpoint,
+        scopes: _scopes,
+        state,
+        codeVerifier,
+        redirectURI,
+        prompt: options.prompt
+      });
+      return url;
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint
+      });
+    },
+    async verifyIdToken(token, nonce) {
+      if (options.disableIdTokenSignIn) {
+        return false;
+      }
+      if (options.verifyIdToken) {
+        return options.verifyIdToken(token, nonce);
+      }
+      try {
+        const decodedHeader = decodeProtectedHeader(token);
+        const { kid, alg: jwtAlg } = decodedHeader;
+        if (!kid || !jwtAlg) return false;
+        const publicKey = await getCognitoPublicKey(
+          kid,
+          options.region,
+          options.userPoolId
+        );
+        const expectedIssuer = `https://cognito-idp.${options.region}.amazonaws.com/${options.userPoolId}`;
+        const { payload: jwtClaims } = await jwtVerify(token, publicKey, {
+          algorithms: [jwtAlg],
+          issuer: expectedIssuer,
+          audience: options.clientId,
+          maxTokenAge: "1h"
+        });
+        if (nonce && jwtClaims.nonce !== nonce) {
+          return false;
+        }
+        return true;
+      } catch (error) {
+        logger.error("Failed to verify ID token:", error);
+        return false;
+      }
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      if (token.idToken) {
+        try {
+          const profile = decodeJwt(token.idToken);
+          if (!profile) {
+            return null;
+          }
+          const name = profile.name || profile.given_name || profile.username || profile.email;
+          const enrichedProfile = {
+            ...profile,
+            name
+          };
+          const userMap = await options.mapProfileToUser?.(enrichedProfile);
+          return {
+            user: {
+              id: profile.sub,
+              name: enrichedProfile.name,
+              email: profile.email,
+              image: profile.picture,
+              emailVerified: profile.email_verified,
+              ...userMap
+            },
+            data: enrichedProfile
+          };
+        } catch (error) {
+          logger.error("Failed to decode ID token:", error);
+        }
+      }
+      if (token.accessToken) {
+        try {
+          const { data: userInfo } = await betterFetch(
+            userInfoEndpoint,
+            {
+              headers: {
+                Authorization: `Bearer ${token.accessToken}`
+              }
+            }
+          );
+          if (userInfo) {
+            const userMap = await options.mapProfileToUser?.(userInfo);
+            return {
+              user: {
+                id: userInfo.sub,
+                name: userInfo.name || userInfo.given_name || userInfo.username,
+                email: userInfo.email,
+                image: userInfo.picture,
+                emailVerified: userInfo.email_verified,
+                ...userMap
+              },
+              data: userInfo
+            };
+          }
+        } catch (error) {
+          logger.error("Failed to fetch user info from Cognito:", error);
+        }
+      }
+      return null;
+    },
+    options
+  };
+};
+const getCognitoPublicKey = async (kid, region, userPoolId) => {
+  const COGNITO_JWKS_URI = `https://cognito-idp.${region}.amazonaws.com/${userPoolId}/.well-known/jwks.json`;
+  try {
+    const { data } = await betterFetch(COGNITO_JWKS_URI);
+    if (!data?.keys) {
+      throw new APIError("BAD_REQUEST", {
+        message: "Keys not found"
+      });
+    }
+    const jwk = data.keys.find((key) => key.kid === kid);
+    if (!jwk) {
+      throw new Error(`JWK with kid ${kid} not found`);
+    }
+    return await importJWK(jwk, jwk.alg);
+  } catch (error) {
+    logger.error("Failed to fetch Cognito public key:", error);
+    throw error;
+  }
+};
+const discord = (options) => {
+  return {
+    id: "discord",
+    name: "Discord",
+    createAuthorizationURL({ state, scopes, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["identify", "email"];
+      scopes && _scopes.push(...scopes);
+      options.scope && _scopes.push(...options.scope);
+      const hasBotScope = _scopes.includes("bot");
+      const permissionsParam = hasBotScope && options.permissions !== void 0 ? `&permissions=${options.permissions}` : "";
+      return new URL(
+        `https://discord.com/api/oauth2/authorize?scope=${_scopes.join(
+          "+"
+        )}&response_type=code&client_id=${options.clientId}&redirect_uri=${encodeURIComponent(
+          options.redirectURI || redirectURI
+        )}&state=${state}&prompt=${options.prompt || "none"}${permissionsParam}`
+      );
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://discord.com/api/oauth2/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://discord.com/api/oauth2/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://discord.com/api/users/@me",
+        {
+          headers: {
+            authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      if (profile.avatar === null) {
+        const defaultAvatarNumber = profile.discriminator === "0" ? Number(BigInt(profile.id) >> BigInt(22)) % 6 : parseInt(profile.discriminator) % 5;
+        profile.image_url = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNumber}.png`;
+      } else {
+        const format = profile.avatar.startsWith("a_") ? "gif" : "png";
+        profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.id,
+          name: profile.global_name || profile.username || "",
+          email: profile.email,
+          emailVerified: profile.verified,
+          image: profile.image_url,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const facebook = (options) => {
+  return {
+    id: "facebook",
+    name: "Facebook",
+    async createAuthorizationURL({ state, scopes, redirectURI, loginHint }) {
+      const _scopes = options.disableDefaultScope ? [] : ["email", "public_profile"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return await createAuthorizationURL({
+        id: "facebook",
+        options,
+        authorizationEndpoint: "https://www.facebook.com/v21.0/dialog/oauth",
+        scopes: _scopes,
+        state,
+        redirectURI,
+        loginHint,
+        additionalParams: options.configId ? {
+          config_id: options.configId
+        } : {}
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://graph.facebook.com/oauth/access_token"
+      });
+    },
+    async verifyIdToken(token, nonce) {
+      if (options.disableIdTokenSignIn) {
+        return false;
+      }
+      if (options.verifyIdToken) {
+        return options.verifyIdToken(token, nonce);
+      }
+      if (token.split(".").length === 3) {
+        try {
+          const { payload: jwtClaims } = await jwtVerify(
+            token,
+            createRemoteJWKSet(
+              // https://developers.facebook.com/docs/facebook-login/limited-login/token/#jwks
+              new URL(
+                "https://limited.facebook.com/.well-known/oauth/openid/jwks/"
+              )
+            ),
+            {
+              algorithms: ["RS256"],
+              audience: options.clientId,
+              issuer: "https://www.facebook.com"
+            }
+          );
+          if (nonce && jwtClaims.nonce !== nonce) {
+            return false;
+          }
+          return !!jwtClaims;
+        } catch (error) {
+          return false;
+        }
+      }
+      return true;
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://graph.facebook.com/v18.0/oauth/access_token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      if (token.idToken && token.idToken.split(".").length === 3) {
+        const profile2 = decodeJwt(token.idToken);
+        const user = {
+          id: profile2.sub,
+          name: profile2.name,
+          email: profile2.email,
+          picture: {
+            data: {
+              url: profile2.picture,
+              height: 100,
+              width: 100,
+              is_silhouette: false
+            }
+          }
+        };
+        const userMap2 = await options.mapProfileToUser?.({
+          ...user,
+          email_verified: true
+        });
+        return {
+          user: {
+            ...user,
+            emailVerified: true,
+            ...userMap2
+          },
+          data: profile2
+        };
+      }
+      const fields = [
+        "id",
+        "name",
+        "email",
+        "picture",
+        ...options?.fields || []
+      ];
+      const { data: profile, error } = await betterFetch(
+        "https://graph.facebook.com/me?fields=" + fields.join(","),
+        {
+          auth: {
+            type: "Bearer",
+            token: token.accessToken
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.id,
+          name: profile.name,
+          email: profile.email,
+          image: profile.picture.data.url,
+          emailVerified: profile.email_verified,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const figma = (options) => {
+  return {
+    id: "figma",
+    name: "Figma",
+    async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+      if (!options.clientId || !options.clientSecret) {
+        logger.error(
+          "Client Id and Client Secret are required for Figma. Make sure to provide them in the options."
+        );
+        throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+      }
+      if (!codeVerifier) {
+        throw new BetterAuthError("codeVerifier is required for Figma");
+      }
+      const _scopes = options.disableDefaultScope ? [] : ["file_read"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      const url = await createAuthorizationURL({
+        id: "figma",
+        options,
+        authorizationEndpoint: "https://www.figma.com/oauth",
+        scopes: _scopes,
+        state,
+        codeVerifier,
+        redirectURI
+      });
+      return url;
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://www.figma.com/api/oauth/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://www.figma.com/api/oauth/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      try {
+        const { data: profile } = await betterFetch(
+          "https://api.figma.com/v1/me",
+          {
+            headers: {
+              Authorization: `Bearer ${token.accessToken}`
+            }
+          }
+        );
+        if (!profile) {
+          logger.error("Failed to fetch user from Figma");
+          return null;
+        }
+        const userMap = await options.mapProfileToUser?.(profile);
+        return {
+          user: {
+            id: profile.id,
+            name: profile.handle,
+            email: profile.email,
+            image: profile.img_url,
+            emailVerified: !!profile.email,
+            ...userMap
+          },
+          data: profile
+        };
+      } catch (error) {
+        logger.error("Failed to fetch user info from Figma:", error);
+        return null;
+      }
+    },
+    options
+  };
+};
+const github = (options) => {
+  const tokenEndpoint = "https://github.com/login/oauth/access_token";
+  return {
+    id: "github",
+    name: "GitHub",
+    createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["read:user", "user:email"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "github",
+        options,
+        authorizationEndpoint: "https://github.com/login/oauth/authorize",
+        scopes: _scopes,
+        state,
+        redirectURI,
+        loginHint,
+        prompt: options.prompt
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://github.com/login/oauth/access_token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://api.github.com/user",
+        {
+          headers: {
+            "User-Agent": "better-auth",
+            authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const { data: emails } = await betterFetch("https://api.github.com/user/emails", {
+        headers: {
+          Authorization: `Bearer ${token.accessToken}`,
+          "User-Agent": "better-auth"
+        }
+      });
+      if (!profile.email && emails) {
+        profile.email = (emails.find((e) => e.primary) ?? emails[0])?.email;
+      }
+      const emailVerified = emails?.find((e) => e.email === profile.email)?.verified ?? false;
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.id,
+          name: profile.name || profile.login,
+          email: profile.email,
+          image: profile.avatar_url,
+          emailVerified,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const google = (options) => {
+  return {
+    id: "google",
+    name: "Google",
+    async createAuthorizationURL({
+      state,
+      scopes,
+      codeVerifier,
+      redirectURI,
+      loginHint,
+      display
+    }) {
+      if (!options.clientId || !options.clientSecret) {
+        logger.error(
+          "Client Id and Client Secret is required for Google. Make sure to provide them in the options."
+        );
+        throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+      }
+      if (!codeVerifier) {
+        throw new BetterAuthError("codeVerifier is required for Google");
+      }
+      const _scopes = options.disableDefaultScope ? [] : ["email", "profile", "openid"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      const url = await createAuthorizationURL({
+        id: "google",
+        options,
+        authorizationEndpoint: "https://accounts.google.com/o/oauth2/auth",
+        scopes: _scopes,
+        state,
+        codeVerifier,
+        redirectURI,
+        prompt: options.prompt,
+        accessType: options.accessType,
+        display: display || options.display,
+        loginHint,
+        hd: options.hd,
+        additionalParams: {
+          include_granted_scopes: "true"
+        }
+      });
+      return url;
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://oauth2.googleapis.com/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://www.googleapis.com/oauth2/v4/token"
+      });
+    },
+    async verifyIdToken(token, nonce) {
+      if (options.disableIdTokenSignIn) {
+        return false;
+      }
+      if (options.verifyIdToken) {
+        return options.verifyIdToken(token, nonce);
+      }
+      const googlePublicKeyUrl = `https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${token}`;
+      const { data: tokenInfo } = await betterFetch(googlePublicKeyUrl);
+      if (!tokenInfo) {
+        return false;
+      }
+      const isValid = tokenInfo.aud === options.clientId && (tokenInfo.iss === "https://accounts.google.com" || tokenInfo.iss === "accounts.google.com");
+      return isValid;
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      if (!token.idToken) {
+        return null;
+      }
+      const user = decodeJwt(token.idToken);
+      const userMap = await options.mapProfileToUser?.(user);
+      return {
+        user: {
+          id: user.sub,
+          name: user.name,
+          email: user.email,
+          image: user.picture,
+          emailVerified: user.email_verified,
+          ...userMap
+        },
+        data: user
+      };
+    },
+    options
+  };
+};
+const kick = (options) => {
+  return {
+    id: "kick",
+    name: "Kick",
+    createAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {
+      const _scopes = options.disableDefaultScope ? [] : ["user:read"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "kick",
+        redirectURI,
+        options,
+        authorizationEndpoint: "https://id.kick.com/oauth/authorize",
+        scopes: _scopes,
+        codeVerifier,
+        state
+      });
+    },
+    async validateAuthorizationCode({ code, redirectURI, codeVerifier }) {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://id.kick.com/oauth/token",
+        codeVerifier
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data, error } = await betterFetch("https://api.kick.com/public/v1/users", {
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${token.accessToken}`
+        }
+      });
+      if (error) {
+        return null;
+      }
+      const profile = data.data[0];
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.user_id,
+          name: profile.name,
+          email: profile.email,
+          image: profile.profile_picture,
+          emailVerified: true,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const huggingface = (options) => {
+  return {
+    id: "huggingface",
+    name: "Hugging Face",
+    createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["openid", "profile", "email"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "huggingface",
+        options,
+        authorizationEndpoint: "https://huggingface.co/oauth/authorize",
+        scopes: _scopes,
+        state,
+        codeVerifier,
+        redirectURI
+      });
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://huggingface.co/oauth/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://huggingface.co/oauth/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://huggingface.co/oauth/userinfo",
+        {
+          method: "GET",
+          headers: {
+            Authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.sub,
+          name: profile.name || profile.preferred_username,
+          email: profile.email,
+          image: profile.picture,
+          emailVerified: profile.email_verified ?? false,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const microsoft = (options) => {
+  const tenant = options.tenantId || "common";
+  const authority = options.authority || "https://login.microsoftonline.com";
+  const authorizationEndpoint = `${authority}/${tenant}/oauth2/v2.0/authorize`;
+  const tokenEndpoint = `${authority}/${tenant}/oauth2/v2.0/token`;
+  return {
+    id: "microsoft",
+    name: "Microsoft EntraID",
+    createAuthorizationURL(data) {
+      const scopes = options.disableDefaultScope ? [] : ["openid", "profile", "email", "User.Read", "offline_access"];
+      options.scope && scopes.push(...options.scope);
+      data.scopes && scopes.push(...data.scopes);
+      return createAuthorizationURL({
+        id: "microsoft",
+        options,
+        authorizationEndpoint,
+        state: data.state,
+        codeVerifier: data.codeVerifier,
+        scopes,
+        redirectURI: data.redirectURI,
+        prompt: options.prompt,
+        loginHint: data.loginHint
+      });
+    },
+    validateAuthorizationCode({ code, codeVerifier, redirectURI }) {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      if (!token.idToken) {
+        return null;
+      }
+      const user = decodeJwt(token.idToken);
+      const profilePhotoSize = options.profilePhotoSize || 48;
+      await betterFetch(
+        `https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`,
+        {
+          headers: {
+            Authorization: `Bearer ${token.accessToken}`
+          },
+          async onResponse(context) {
+            if (options.disableProfilePhoto || !context.response.ok) {
+              return;
+            }
+            try {
+              const response = context.response.clone();
+              const pictureBuffer = await response.arrayBuffer();
+              const pictureBase64 = base64.encode(pictureBuffer);
+              user.picture = `data:image/jpeg;base64, ${pictureBase64}`;
+            } catch (e) {
+              logger.error(
+                e && typeof e === "object" && "name" in e ? e.name : "",
+                e
+              );
+            }
+          }
+        }
+      );
+      const userMap = await options.mapProfileToUser?.(user);
+      return {
+        user: {
+          id: user.sub,
+          name: user.name,
+          email: user.email,
+          image: user.picture,
+          emailVerified: true,
+          ...userMap
+        },
+        data: user
+      };
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      const scopes = options.disableDefaultScope ? [] : ["openid", "profile", "email", "User.Read", "offline_access"];
+      options.scope && scopes.push(...options.scope);
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientSecret: options.clientSecret
+        },
+        extraParams: {
+          scope: scopes.join(" ")
+          // Include the scopes in request to microsoft
+        },
+        tokenEndpoint
+      });
+    },
+    options
+  };
+};
+const slack = (options) => {
+  return {
+    id: "slack",
+    name: "Slack",
+    createAuthorizationURL({ state, scopes, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["openid", "profile", "email"];
+      scopes && _scopes.push(...scopes);
+      options.scope && _scopes.push(...options.scope);
+      const url = new URL("https://slack.com/openid/connect/authorize");
+      url.searchParams.set("scope", _scopes.join(" "));
+      url.searchParams.set("response_type", "code");
+      url.searchParams.set("client_id", options.clientId);
+      url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
+      url.searchParams.set("state", state);
+      return url;
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://slack.com/api/openid.connect.token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://slack.com/api/openid.connect.token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://slack.com/api/openid.connect.userInfo",
+        {
+          headers: {
+            authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile["https://slack.com/user_id"],
+          name: profile.name || "",
+          email: profile.email,
+          emailVerified: profile.email_verified,
+          image: profile.picture || profile["https://slack.com/user_image_512"],
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const notion = (options) => {
+  const tokenEndpoint = "https://api.notion.com/v1/oauth/token";
+  return {
+    id: "notion",
+    name: "Notion",
+    createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : [];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "notion",
+        options,
+        authorizationEndpoint: "https://api.notion.com/v1/oauth/authorize",
+        scopes: _scopes,
+        state,
+        redirectURI,
+        loginHint,
+        additionalParams: {
+          owner: "user"
+        }
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint,
+        authentication: "basic"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch("https://api.notion.com/v1/users/me", {
+        headers: {
+          Authorization: `Bearer ${token.accessToken}`,
+          "Notion-Version": "2022-06-28"
+        }
+      });
+      if (error || !profile) {
+        return null;
+      }
+      const userProfile = profile.bot?.owner?.user;
+      if (!userProfile) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(userProfile);
+      return {
+        user: {
+          id: userProfile.id,
+          name: userProfile.name || "Notion User",
+          email: userProfile.person?.email || null,
+          image: userProfile.avatar_url,
+          emailVerified: !!userProfile.person?.email,
+          ...userMap
+        },
+        data: userProfile
+      };
+    },
+    options
+  };
+};
+const spotify = (options) => {
+  return {
+    id: "spotify",
+    name: "Spotify",
+    createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["user-read-email"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "spotify",
+        options,
+        authorizationEndpoint: "https://accounts.spotify.com/authorize",
+        scopes: _scopes,
+        state,
+        codeVerifier,
+        redirectURI
+      });
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://accounts.spotify.com/api/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://accounts.spotify.com/api/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://api.spotify.com/v1/me",
+        {
+          method: "GET",
+          headers: {
+            Authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.id,
+          name: profile.display_name,
+          email: profile.email,
+          image: profile.images[0]?.url,
+          emailVerified: false,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const twitch = (options) => {
+  return {
+    id: "twitch",
+    name: "Twitch",
+    createAuthorizationURL({ state, scopes, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["user:read:email", "openid"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "twitch",
+        redirectURI,
+        options,
+        authorizationEndpoint: "https://id.twitch.tv/oauth2/authorize",
+        scopes: _scopes,
+        state,
+        claims: options.claims || [
+          "email",
+          "email_verified",
+          "preferred_username",
+          "picture"
+        ]
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://id.twitch.tv/oauth2/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://id.twitch.tv/oauth2/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const idToken = token.idToken;
+      if (!idToken) {
+        logger.error("No idToken found in token");
+        return null;
+      }
+      const profile = decodeJwt(idToken);
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.sub,
+          name: profile.preferred_username,
+          email: profile.email,
+          image: profile.picture,
+          emailVerified: profile.email_verified,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const twitter = (options) => {
+  return {
+    id: "twitter",
+    name: "Twitter",
+    createAuthorizationURL(data) {
+      const _scopes = options.disableDefaultScope ? [] : ["users.read", "tweet.read", "offline.access", "users.email"];
+      options.scope && _scopes.push(...options.scope);
+      data.scopes && _scopes.push(...data.scopes);
+      return createAuthorizationURL({
+        id: "twitter",
+        options,
+        authorizationEndpoint: "https://x.com/i/oauth2/authorize",
+        scopes: _scopes,
+        state: data.state,
+        codeVerifier: data.codeVerifier,
+        redirectURI: data.redirectURI
+      });
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        authentication: "basic",
+        redirectURI,
+        options,
+        tokenEndpoint: "https://api.x.com/2/oauth2/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        authentication: "basic",
+        tokenEndpoint: "https://api.x.com/2/oauth2/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error: profileError } = await betterFetch(
+        "https://api.x.com/2/users/me?user.fields=profile_image_url",
+        {
+          method: "GET",
+          headers: {
+            Authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (profileError) {
+        return null;
+      }
+      const { data: emailData, error: emailError } = await betterFetch("https://api.x.com/2/users/me?user.fields=confirmed_email", {
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${token.accessToken}`
+        }
+      });
+      let emailVerified = false;
+      if (!emailError && emailData?.data?.confirmed_email) {
+        profile.data.email = emailData.data.confirmed_email;
+        emailVerified = true;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.data.id,
+          name: profile.data.name,
+          email: profile.data.email || profile.data.username || null,
+          image: profile.data.profile_image_url,
+          emailVerified,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const dropbox = (options) => {
+  const tokenEndpoint = "https://api.dropboxapi.com/oauth2/token";
+  return {
+    id: "dropbox",
+    name: "Dropbox",
+    createAuthorizationURL: async ({
+      state,
+      scopes,
+      codeVerifier,
+      redirectURI
+    }) => {
+      const _scopes = options.disableDefaultScope ? [] : ["account_info.read"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      const additionalParams = {};
+      if (options.accessType) {
+        additionalParams.token_access_type = options.accessType;
+      }
+      return await createAuthorizationURL({
+        id: "dropbox",
+        options,
+        authorizationEndpoint: "https://www.dropbox.com/oauth2/authorize",
+        scopes: _scopes,
+        state,
+        redirectURI,
+        codeVerifier,
+        additionalParams
+      });
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return await validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://api.dropbox.com/oauth2/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://api.dropboxapi.com/2/users/get_current_account",
+        {
+          method: "POST",
+          headers: {
+            Authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.account_id,
+          name: profile.name?.display_name,
+          email: profile.email,
+          emailVerified: profile.email_verified || false,
+          image: profile.profile_photo_url,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const linear = (options) => {
+  const tokenEndpoint = "https://api.linear.app/oauth/token";
+  return {
+    id: "linear",
+    name: "Linear",
+    createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["read"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "linear",
+        options,
+        authorizationEndpoint: "https://linear.app/oauth/authorize",
+        scopes: _scopes,
+        state,
+        redirectURI,
+        loginHint
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://api.linear.app/graphql",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${token.accessToken}`
+          },
+          body: JSON.stringify({
+            query: `
+							query {
+								viewer {
+									id
+									name
+									email
+									avatarUrl
+									active
+									createdAt
+									updatedAt
+								}
+							}
+						`
+          })
+        }
+      );
+      if (error || !profile?.data?.viewer) {
+        return null;
+      }
+      const userData = profile.data.viewer;
+      const userMap = await options.mapProfileToUser?.(userData);
+      return {
+        user: {
+          id: profile.data.viewer.id,
+          name: profile.data.viewer.name,
+          email: profile.data.viewer.email,
+          image: profile.data.viewer.avatarUrl,
+          emailVerified: true,
+          ...userMap
+        },
+        data: userData
+      };
+    },
+    options
+  };
+};
+const linkedin = (options) => {
+  const authorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
+  const tokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
+  return {
+    id: "linkedin",
+    name: "Linkedin",
+    createAuthorizationURL: async ({
+      state,
+      scopes,
+      redirectURI,
+      loginHint
+    }) => {
+      const _scopes = options.disableDefaultScope ? [] : ["profile", "email", "openid"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return await createAuthorizationURL({
+        id: "linkedin",
+        options,
+        authorizationEndpoint,
+        scopes: _scopes,
+        state,
+        loginHint,
+        redirectURI
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return await validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://api.linkedin.com/v2/userinfo",
+        {
+          method: "GET",
+          headers: {
+            Authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.sub,
+          name: profile.name,
+          email: profile.email,
+          emailVerified: profile.email_verified || false,
+          image: profile.picture,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const cleanDoubleSlashes = (input = "") => {
+  return input.split("://").map((str) => str.replace(/\/{2,}/g, "/")).join("://");
+};
+const issuerToEndpoints = (issuer) => {
+  let baseUrl = issuer || "https://gitlab.com";
+  return {
+    authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
+    tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),
+    userinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`)
+  };
+};
+const gitlab = (options) => {
+  const { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } = issuerToEndpoints(options.issuer);
+  const issuerId = "gitlab";
+  const issuerName = "Gitlab";
+  return {
+    id: issuerId,
+    name: issuerName,
+    createAuthorizationURL: async ({
+      state,
+      scopes,
+      codeVerifier,
+      loginHint,
+      redirectURI
+    }) => {
+      const _scopes = options.disableDefaultScope ? [] : ["read_user"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return await createAuthorizationURL({
+        id: issuerId,
+        options,
+        authorizationEndpoint,
+        scopes: _scopes,
+        state,
+        redirectURI,
+        codeVerifier,
+        loginHint
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        codeVerifier,
+        tokenEndpoint
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        userinfoEndpoint,
+        { headers: { authorization: `Bearer ${token.accessToken}` } }
+      );
+      if (error || profile.state !== "active" || profile.locked) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.id,
+          name: profile.name ?? profile.username,
+          email: profile.email,
+          image: profile.avatar_url,
+          emailVerified: true,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const tiktok = (options) => {
+  return {
+    id: "tiktok",
+    name: "TikTok",
+    createAuthorizationURL({ state, scopes, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["user.info.profile"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return new URL(
+        `https://www.tiktok.com/v2/auth/authorize?scope=${_scopes.join(
+          ","
+        )}&response_type=code&client_key=${options.clientKey}&redirect_uri=${encodeURIComponent(
+          options.redirectURI || redirectURI
+        )}&state=${state}`
+      );
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI: options.redirectURI || redirectURI,
+        options: {
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/",
+        authentication: "post",
+        extraParams: {
+          client_key: options.clientKey
+        }
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const fields = [
+        "open_id",
+        "avatar_large_url",
+        "display_name",
+        "username"
+      ];
+      const { data: profile, error } = await betterFetch(
+        `https://open.tiktokapis.com/v2/user/info/?fields=${fields.join(",")}`,
+        {
+          headers: {
+            authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      return {
+        user: {
+          email: profile.data.user.email || profile.data.user.username,
+          id: profile.data.user.open_id,
+          name: profile.data.user.display_name || profile.data.user.username,
+          image: profile.data.user.avatar_large_url,
+          /** @note Tiktok does not provide emailVerified or even email*/
+          emailVerified: profile.data.user.email ? true : false
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const reddit = (options) => {
+  return {
+    id: "reddit",
+    name: "Reddit",
+    createAuthorizationURL({ state, scopes, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["identity"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "reddit",
+        options,
+        authorizationEndpoint: "https://www.reddit.com/api/v1/authorize",
+        scopes: _scopes,
+        state,
+        redirectURI,
+        duration: options.duration
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      const body = new URLSearchParams({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: options.redirectURI || redirectURI
+      });
+      const headers = {
+        "content-type": "application/x-www-form-urlencoded",
+        accept: "text/plain",
+        "user-agent": "better-auth",
+        Authorization: `Basic ${base64.encode(
+          `${options.clientId}:${options.clientSecret}`
+        )}`
+      };
+      const { data, error } = await betterFetch(
+        "https://www.reddit.com/api/v1/access_token",
+        {
+          method: "POST",
+          headers,
+          body: body.toString()
+        }
+      );
+      if (error) {
+        throw error;
+      }
+      return getOAuth2Tokens(data);
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        authentication: "basic",
+        tokenEndpoint: "https://www.reddit.com/api/v1/access_token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://oauth.reddit.com/api/v1/me",
+        {
+          headers: {
+            Authorization: `Bearer ${token.accessToken}`,
+            "User-Agent": "better-auth"
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.id,
+          name: profile.name,
+          email: profile.oauth_client_id,
+          emailVerified: profile.has_verified_email,
+          image: profile.icon_img?.split("?")[0],
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const roblox = (options) => {
+  return {
+    id: "roblox",
+    name: "Roblox",
+    createAuthorizationURL({ state, scopes, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["openid", "profile"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return new URL(
+        `https://apis.roblox.com/oauth/v1/authorize?scope=${_scopes.join(
+          "+"
+        )}&response_type=code&client_id=${options.clientId}&redirect_uri=${encodeURIComponent(
+          options.redirectURI || redirectURI
+        )}&state=${state}&prompt=${options.prompt || "select_account consent"}`
+      );
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI: options.redirectURI || redirectURI,
+        options,
+        tokenEndpoint: "https://apis.roblox.com/oauth/v1/token",
+        authentication: "post"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://apis.roblox.com/oauth/v1/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://apis.roblox.com/oauth/v1/userinfo",
+        {
+          headers: {
+            authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.sub,
+          name: profile.nickname || profile.preferred_username || "",
+          image: profile.picture,
+          email: profile.preferred_username || null,
+          // Roblox does not provide email
+          emailVerified: true,
+          ...userMap
+        },
+        data: {
+          ...profile
+        }
+      };
+    },
+    options
+  };
+};
+const salesforce = (options) => {
+  const environment = options.environment ?? "production";
+  const isSandbox = environment === "sandbox";
+  const authorizationEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/authorize` : isSandbox ? "https://test.salesforce.com/services/oauth2/authorize" : "https://login.salesforce.com/services/oauth2/authorize";
+  const tokenEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/token` : isSandbox ? "https://test.salesforce.com/services/oauth2/token" : "https://login.salesforce.com/services/oauth2/token";
+  const userInfoEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/userinfo` : isSandbox ? "https://test.salesforce.com/services/oauth2/userinfo" : "https://login.salesforce.com/services/oauth2/userinfo";
+  return {
+    id: "salesforce",
+    name: "Salesforce",
+    async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+      if (!options.clientId || !options.clientSecret) {
+        logger.error(
+          "Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options."
+        );
+        throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+      }
+      if (!codeVerifier) {
+        throw new BetterAuthError("codeVerifier is required for Salesforce");
+      }
+      const _scopes = options.disableDefaultScope ? [] : ["openid", "email", "profile"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "salesforce",
+        options,
+        authorizationEndpoint,
+        scopes: _scopes,
+        state,
+        codeVerifier,
+        redirectURI: options.redirectURI || redirectURI
+      });
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI: options.redirectURI || redirectURI,
+        options,
+        tokenEndpoint
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      try {
+        const { data: user } = await betterFetch(
+          userInfoEndpoint,
+          {
+            headers: {
+              Authorization: `Bearer ${token.accessToken}`
+            }
+          }
+        );
+        if (!user) {
+          logger.error("Failed to fetch user info from Salesforce");
+          return null;
+        }
+        const userMap = await options.mapProfileToUser?.(user);
+        return {
+          user: {
+            id: user.user_id,
+            name: user.name,
+            email: user.email,
+            image: user.photos?.picture || user.photos?.thumbnail,
+            emailVerified: user.email_verified ?? false,
+            ...userMap
+          },
+          data: user
+        };
+      } catch (error) {
+        logger.error("Failed to fetch user info from Salesforce:", error);
+        return null;
+      }
+    },
+    options
+  };
+};
+const vk = (options) => {
+  return {
+    id: "vk",
+    name: "VK",
+    async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["email", "phone"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      const authorizationEndpoint = "https://id.vk.com/authorize";
+      return createAuthorizationURL({
+        id: "vk",
+        options,
+        authorizationEndpoint,
+        scopes: _scopes,
+        state,
+        redirectURI,
+        codeVerifier
+      });
+    },
+    validateAuthorizationCode: async ({
+      code,
+      codeVerifier,
+      redirectURI,
+      deviceId
+    }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI: options.redirectURI || redirectURI,
+        options,
+        deviceId,
+        tokenEndpoint: "https://id.vk.com/oauth2/auth"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://id.vk.com/oauth2/auth"
+      });
+    },
+    async getUserInfo(data) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(data);
+      }
+      if (!data.accessToken) {
+        return null;
+      }
+      const formBody = new URLSearchParams({
+        access_token: data.accessToken,
+        client_id: options.clientId
+      }).toString();
+      const { data: profile, error } = await betterFetch(
+        "https://id.vk.com/oauth2/user_info",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/x-www-form-urlencoded"
+          },
+          body: formBody
+        }
+      );
+      if (error) {
+        return null;
+      }
+      if (!profile.user.email) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.user.user_id,
+          first_name: profile.user.first_name,
+          last_name: profile.user.last_name,
+          email: profile.user.email,
+          image: profile.user.avatar,
+          /** @note VK does not provide emailVerified*/
+          emailVerified: !!profile.user.email,
+          birthday: profile.user.birthday,
+          sex: profile.user.sex,
+          name: `${profile.user.first_name} ${profile.user.last_name}`,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const zoom = (userOptions) => {
+  const options = {
+    pkce: true,
+    ...userOptions
+  };
+  return {
+    id: "zoom",
+    name: "Zoom",
+    createAuthorizationURL: async ({ state, redirectURI, codeVerifier }) => {
+      const params = new URLSearchParams({
+        response_type: "code",
+        redirect_uri: options.redirectURI ? options.redirectURI : redirectURI,
+        client_id: options.clientId,
+        state
+      });
+      if (options.pkce) {
+        const codeChallenge = await generateCodeChallenge(codeVerifier);
+        params.set("code_challenge_method", "S256");
+        params.set("code_challenge", codeChallenge);
+      }
+      const url = new URL("https://zoom.us/oauth/authorize");
+      url.search = params.toString();
+      return url;
+    },
+    validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI: options.redirectURI || redirectURI,
+        codeVerifier,
+        options,
+        tokenEndpoint: "https://zoom.us/oauth/token",
+        authentication: "post"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://api.zoom.us/v2/users/me",
+        {
+          headers: {
+            authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      return {
+        user: {
+          id: profile.id,
+          name: profile.display_name,
+          image: profile.pic_url,
+          email: profile.email,
+          emailVerified: Boolean(profile.verified),
+          ...userMap
+        },
+        data: {
+          ...profile
+        }
+      };
+    }
+  };
+};
+const kakao = (options) => {
+  return {
+    id: "kakao",
+    name: "Kakao",
+    createAuthorizationURL({ state, scopes, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["account_email", "profile_image", "profile_nickname"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "kakao",
+        options,
+        authorizationEndpoint: "https://kauth.kakao.com/oauth/authorize",
+        scopes: _scopes,
+        state,
+        redirectURI
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://kauth.kakao.com/oauth/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://kauth.kakao.com/oauth/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://kapi.kakao.com/v2/user/me",
+        {
+          headers: {
+            Authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error || !profile) {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      const account = profile.kakao_account || {};
+      const kakaoProfile = account.profile || {};
+      const user = {
+        id: String(profile.id),
+        name: kakaoProfile.nickname || account.name || void 0,
+        email: account.email,
+        image: kakaoProfile.profile_image_url || kakaoProfile.thumbnail_image_url,
+        emailVerified: !!account.is_email_valid && !!account.is_email_verified,
+        ...userMap
+      };
+      return {
+        user,
+        data: profile
+      };
+    },
+    options
+  };
+};
+const naver = (options) => {
+  return {
+    id: "naver",
+    name: "Naver",
+    createAuthorizationURL({ state, scopes, redirectURI }) {
+      const _scopes = options.disableDefaultScope ? [] : ["profile", "email"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return createAuthorizationURL({
+        id: "naver",
+        options,
+        authorizationEndpoint: "https://nid.naver.com/oauth2.0/authorize",
+        scopes: _scopes,
+        state,
+        redirectURI
+      });
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        redirectURI,
+        options,
+        tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientKey: options.clientKey,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
+      });
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      const { data: profile, error } = await betterFetch(
+        "https://openapi.naver.com/v1/nid/me",
+        {
+          headers: {
+            Authorization: `Bearer ${token.accessToken}`
+          }
+        }
+      );
+      if (error || !profile || profile.resultcode !== "00") {
+        return null;
+      }
+      const userMap = await options.mapProfileToUser?.(profile);
+      const res = profile.response || {};
+      const user = {
+        id: res.id,
+        name: res.name || res.nickname,
+        email: res.email,
+        image: res.profile_image,
+        emailVerified: false,
+        ...userMap
+      };
+      return {
+        user,
+        data: profile
+      };
+    },
+    options
+  };
+};
+const line = (options) => {
+  const authorizationEndpoint = "https://access.line.me/oauth2/v2.1/authorize";
+  const tokenEndpoint = "https://api.line.me/oauth2/v2.1/token";
+  const userInfoEndpoint = "https://api.line.me/oauth2/v2.1/userinfo";
+  const verifyIdTokenEndpoint = "https://api.line.me/oauth2/v2.1/verify";
+  return {
+    id: "line",
+    name: "LINE",
+    async createAuthorizationURL({
+      state,
+      scopes,
+      codeVerifier,
+      redirectURI,
+      loginHint
+    }) {
+      const _scopes = options.disableDefaultScope ? [] : ["openid", "profile", "email"];
+      options.scope && _scopes.push(...options.scope);
+      scopes && _scopes.push(...scopes);
+      return await createAuthorizationURL({
+        id: "line",
+        options,
+        authorizationEndpoint,
+        scopes: _scopes,
+        state,
+        codeVerifier,
+        redirectURI,
+        loginHint
+      });
+    },
+    validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+      return validateAuthorizationCode({
+        code,
+        codeVerifier,
+        redirectURI,
+        options,
+        tokenEndpoint
+      });
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      return refreshAccessToken({
+        refreshToken,
+        options: {
+          clientId: options.clientId,
+          clientSecret: options.clientSecret
+        },
+        tokenEndpoint
+      });
+    },
+    async verifyIdToken(token, nonce) {
+      if (options.disableIdTokenSignIn) {
+        return false;
+      }
+      if (options.verifyIdToken) {
+        return options.verifyIdToken(token, nonce);
+      }
+      const body = new URLSearchParams();
+      body.set("id_token", token);
+      body.set("client_id", options.clientId);
+      if (nonce) body.set("nonce", nonce);
+      const { data, error } = await betterFetch(
+        verifyIdTokenEndpoint,
+        {
+          method: "POST",
+          headers: {
+            "content-type": "application/x-www-form-urlencoded"
+          },
+          body
+        }
+      );
+      if (error || !data) {
+        return false;
+      }
+      if (data.aud !== options.clientId) return false;
+      if (nonce && data.nonce && data.nonce !== nonce) return false;
+      return true;
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      let profile = null;
+      if (token.idToken) {
+        try {
+          profile = decodeJwt(token.idToken);
+        } catch {
+        }
+      }
+      if (!profile) {
+        const { data } = await betterFetch(userInfoEndpoint, {
+          headers: {
+            authorization: `Bearer ${token.accessToken}`
+          }
+        });
+        profile = data || null;
+      }
+      if (!profile) return null;
+      const userMap = await options.mapProfileToUser?.(profile);
+      const id = profile.sub || profile.userId;
+      const name = profile.name || profile.displayName;
+      const image = profile.picture || profile.pictureUrl || void 0;
+      const email = profile.email;
+      return {
+        user: {
+          id,
+          name,
+          email,
+          image,
+          // LINE does not expose email verification status in ID token/userinfo
+          emailVerified: false,
+          ...userMap
+        },
+        data: profile
+      };
+    },
+    options
+  };
+};
+const paypal = (options) => {
+  const environment = options.environment || "sandbox";
+  const isSandbox = environment === "sandbox";
+  const authorizationEndpoint = isSandbox ? "https://www.sandbox.paypal.com/signin/authorize" : "https://www.paypal.com/signin/authorize";
+  const tokenEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/oauth2/token" : "https://api-m.paypal.com/v1/oauth2/token";
+  const userInfoEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo" : "https://api-m.paypal.com/v1/identity/oauth2/userinfo";
+  return {
+    id: "paypal",
+    name: "PayPal",
+    async createAuthorizationURL({ state, codeVerifier, redirectURI }) {
+      if (!options.clientId || !options.clientSecret) {
+        logger.error(
+          "Client Id and Client Secret is required for PayPal. Make sure to provide them in the options."
+        );
+        throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+      }
+      const _scopes = [];
+      const url = await createAuthorizationURL({
+        id: "paypal",
+        options,
+        authorizationEndpoint,
+        scopes: _scopes,
+        state,
+        codeVerifier,
+        redirectURI,
+        prompt: options.prompt
+      });
+      return url;
+    },
+    validateAuthorizationCode: async ({ code, redirectURI }) => {
+      const credentials = base64.encode(
+        `${options.clientId}:${options.clientSecret}`
+      );
+      try {
+        const response = await betterFetch(tokenEndpoint, {
+          method: "POST",
+          headers: {
+            Authorization: `Basic ${credentials}`,
+            Accept: "application/json",
+            "Accept-Language": "en_US",
+            "Content-Type": "application/x-www-form-urlencoded"
+          },
+          body: new URLSearchParams({
+            grant_type: "authorization_code",
+            code,
+            redirect_uri: redirectURI
+          }).toString()
+        });
+        if (!response.data) {
+          throw new BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
+        }
+        const data = response.data;
+        const result = {
+          accessToken: data.access_token,
+          refreshToken: data.refresh_token,
+          accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0,
+          idToken: data.id_token
+        };
+        return result;
+      } catch (error) {
+        logger.error("PayPal token exchange failed:", error);
+        throw new BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
+      }
+    },
+    refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+      const credentials = base64.encode(
+        `${options.clientId}:${options.clientSecret}`
+      );
+      try {
+        const response = await betterFetch(tokenEndpoint, {
+          method: "POST",
+          headers: {
+            Authorization: `Basic ${credentials}`,
+            Accept: "application/json",
+            "Accept-Language": "en_US",
+            "Content-Type": "application/x-www-form-urlencoded"
+          },
+          body: new URLSearchParams({
+            grant_type: "refresh_token",
+            refresh_token: refreshToken
+          }).toString()
+        });
+        if (!response.data) {
+          throw new BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
+        }
+        const data = response.data;
+        return {
+          accessToken: data.access_token,
+          refreshToken: data.refresh_token,
+          accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0
+        };
+      } catch (error) {
+        logger.error("PayPal token refresh failed:", error);
+        throw new BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
+      }
+    },
+    async verifyIdToken(token, nonce) {
+      if (options.disableIdTokenSignIn) {
+        return false;
+      }
+      if (options.verifyIdToken) {
+        return options.verifyIdToken(token, nonce);
+      }
+      try {
+        const payload = decodeJwt(token);
+        return !!payload.sub;
+      } catch (error) {
+        logger.error("Failed to verify PayPal ID token:", error);
+        return false;
+      }
+    },
+    async getUserInfo(token) {
+      if (options.getUserInfo) {
+        return options.getUserInfo(token);
+      }
+      if (!token.accessToken) {
+        logger.error("Access token is required to fetch PayPal user info");
+        return null;
+      }
+      try {
+        const response = await betterFetch(
+          `${userInfoEndpoint}?schema=paypalv1.1`,
+          {
+            headers: {
+              Authorization: `Bearer ${token.accessToken}`,
+              Accept: "application/json"
+            }
+          }
+        );
+        if (!response.data) {
+          logger.error("Failed to fetch user info from PayPal");
+          return null;
+        }
+        const userInfo = response.data;
+        const userMap = await options.mapProfileToUser?.(userInfo);
+        const result = {
+          user: {
+            id: userInfo.user_id,
+            name: userInfo.name,
+            email: userInfo.email,
+            image: userInfo.picture,
+            emailVerified: userInfo.email_verified,
+            ...userMap
+          },
+          data: userInfo
+        };
+        return result;
+      } catch (error) {
+        logger.error("Failed to fetch user info from PayPal:", error);
+        return null;
+      }
+    },
+    options
+  };
+};
+const socialProviders = {
+  apple,
+  atlassian,
+  cognito,
+  discord,
+  facebook,
+  figma,
+  github,
+  microsoft,
+  google,
+  huggingface,
+  slack,
+  spotify,
+  twitch,
+  twitter,
+  dropbox,
+  kick,
+  linear,
+  linkedin,
+  gitlab,
+  tiktok,
+  reddit,
+  roblox,
+  salesforce,
+  vk,
+  zoom,
+  notion,
+  kakao,
+  naver,
+  line,
+  paypal
+};
+const socialProviderList = Object.keys(socialProviders);
+const SocialProviderListEnum = z.enum(socialProviderList).or(z.string());
+export { SocialProviderListEnum, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, github, gitlab, google, huggingface, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paypal, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vk, zoom };