@better-auth/core 1.4.0-beta.13 → 1.4.0-beta.15

package/src/social-providers/kakao.ts

@@ -2,79 +2,79 @@ import { betterFetch } from "@better-fetch/fetch";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
-	validateAuthorizationCode,
 	refreshAccessToken,
+	validateAuthorizationCode,
 } from "../oauth2";
 
 interface Partner {
 	/** Partner-specific ID (consent required: kakaotalk_message) */
-	uuid?: string;
+	uuid?: string | undefined;
 }
 
 interface Profile {
 	/** Nickname (consent required: profile/nickname) */
-	nickname?: string;
+	nickname?: string | undefined;
 	/** Thumbnail image URL (consent required: profile/profile image) */
-	thumbnail_image_url?: string;
+	thumbnail_image_url?: string | undefined;
 	/** Profile image URL (consent required: profile/profile image) */
-	profile_image_url?: string;
+	profile_image_url?: string | undefined;
 	/** Whether the profile image is the default */
-	is_default_image?: boolean;
+	is_default_image?: boolean | undefined;
 	/** Whether the nickname is the default */
-	is_default_nickname?: boolean;
+	is_default_nickname?: boolean | undefined;
 }
 
 interface KakaoAccount {
 	/** Consent required: profile info (nickname/profile image) */
-	profile_needs_agreement?: boolean;
+	profile_needs_agreement?: boolean | undefined;
 	/** Consent required: nickname */
-	profile_nickname_needs_agreement?: boolean;
+	profile_nickname_needs_agreement?: boolean | undefined;
 	/** Consent required: profile image */
-	profile_image_needs_agreement?: boolean;
+	profile_image_needs_agreement?: boolean | undefined;
 	/** Profile info */
-	profile?: Profile;
+	profile?: Profile | undefined;
 	/** Consent required: name */
-	name_needs_agreement?: boolean;
+	name_needs_agreement?: boolean | undefined;
 	/** Name */
-	name?: string;
+	name?: string | undefined;
 	/** Consent required: email */
-	email_needs_agreement?: boolean;
+	email_needs_agreement?: boolean | undefined;
 	/** Email valid */
-	is_email_valid?: boolean;
+	is_email_valid?: boolean | undefined;
 	/** Email verified */
-	is_email_verified?: boolean;
+	is_email_verified?: boolean | undefined;
 	/** Email */
-	email?: string;
+	email?: string | undefined;
 	/** Consent required: age range */
-	age_range_needs_agreement?: boolean;
+	age_range_needs_agreement?: boolean | undefined;
 	/** Age range */
-	age_range?: string;
+	age_range?: string | undefined;
 	/** Consent required: birth year */
-	birthyear_needs_agreement?: boolean;
+	birthyear_needs_agreement?: boolean | undefined;
 	/** Birth year (YYYY) */
-	birthyear?: string;
+	birthyear?: string | undefined;
 	/** Consent required: birthday */
-	birthday_needs_agreement?: boolean;
+	birthday_needs_agreement?: boolean | undefined;
 	/** Birthday (MMDD) */
-	birthday?: string;
+	birthday?: string | undefined;
 	/** Birthday type (SOLAR/LUNAR) */
-	birthday_type?: string;
+	birthday_type?: string | undefined;
 	/** Whether birthday is in a leap month */
-	is_leap_month?: boolean;
+	is_leap_month?: boolean | undefined;
 	/** Consent required: gender */
-	gender_needs_agreement?: boolean;
+	gender_needs_agreement?: boolean | undefined;
 	/** Gender (male/female) */
-	gender?: string;
+	gender?: string | undefined;
 	/** Consent required: phone number */
-	phone_number_needs_agreement?: boolean;
+	phone_number_needs_agreement?: boolean | undefined;
 	/** Phone number */
-	phone_number?: string;
+	phone_number?: string | undefined;
 	/** Consent required: CI */
-	ci_needs_agreement?: boolean;
+	ci_needs_agreement?: boolean | undefined;
 	/** CI (unique identifier) */
-	ci?: string;
+	ci?: string | undefined;
 	/** CI authentication time (UTC) */
-	ci_authenticated_at?: string;
+	ci_authenticated_at?: string | undefined;
 }
 
 export interface KakaoProfile {
@@ -84,17 +84,17 @@ export interface KakaoProfile {
 	 * Whether the user has signed up (only present if auto-connection is disabled)
 	 * false: preregistered, true: registered
 	 */
-	has_signed_up?: boolean;
+	has_signed_up?: boolean | undefined;
 	/** UTC datetime when the user connected the service */
-	connected_at?: string;
+	connected_at?: string | undefined;
 	/** UTC datetime when the user signed up via Kakao Sync */
-	synched_at?: string;
+	synched_at?: string | undefined;
 	/** Custom user properties */
-	properties?: Record<string, any>;
+	properties?: Record<string, any> | undefined;
 	/** Kakao account info */
 	kakao_account: KakaoAccount;
 	/** Partner info */
-	for_partner?: Partner;
+	for_partner?: Partner | undefined;
 }
 
 export interface KakaoOptions extends ProviderOptions<KakaoProfile> {
@@ -109,8 +109,8 @@ export const kakao = (options: KakaoOptions) => {
 			const _scopes = options.disableDefaultScope
 				? []
 				: ["account_email", "profile_image", "profile_nickname"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "kakao",
 				options,

package/src/social-providers/kick.ts

@@ -1,6 +1,6 @@
 import { betterFetch } from "@better-fetch/fetch";
-import { createAuthorizationURL, validateAuthorizationCode } from "../oauth2";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import { createAuthorizationURL, validateAuthorizationCode } from "../oauth2";
 
 export interface KickProfile {
 	/**
@@ -31,8 +31,8 @@ export const kick = (options: KickOptions) => {
 		name: "Kick",
 		createAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {
 			const _scopes = options.disableDefaultScope ? [] : ["user:read"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 
 			return createAuthorizationURL({
 				id: "kick",

package/src/social-providers/line.ts

@@ -13,18 +13,18 @@ export interface LineIdTokenPayload {
 	aud: string;
 	exp: number;
 	iat: number;
-	name?: string;
-	picture?: string;
-	email?: string;
-	amr?: string[];
-	nonce?: string;
+	name?: string | undefined;
+	picture?: string | undefined;
+	email?: string | undefined;
+	amr?: string[] | undefined;
+	nonce?: string | undefined;
 }
 
 export interface LineUserInfo {
 	sub: string;
-	name?: string;
-	picture?: string;
-	email?: string;
+	name?: string | undefined;
+	picture?: string | undefined;
+	email?: string | undefined;
 }
 
 export interface LineOptions
@@ -60,8 +60,8 @@ export const line = (options: LineOptions) => {
 			const _scopes = options.disableDefaultScope
 				? []
 				: ["openid", "profile", "email"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return await createAuthorizationURL({
 				id: "line",
 				options,

package/src/social-providers/linear.ts

@@ -6,11 +6,11 @@ import {
 	validateAuthorizationCode,
 } from "../oauth2";
 
-interface LinearUser {
+export interface LinearUser {
 	id: string;
 	name: string;
 	email: string;
-	avatarUrl?: string;
+	avatarUrl?: string | undefined;
 	active: boolean;
 	createdAt: string;
 	updatedAt: string;
@@ -33,8 +33,8 @@ export const linear = (options: LinearOptions) => {
 		name: "Linear",
 		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
 			const _scopes = options.disableDefaultScope ? [] : ["read"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "linear",
 				options,

package/src/social-providers/linkedin.ts

@@ -2,8 +2,8 @@ import { betterFetch } from "@better-fetch/fetch";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
-	validateAuthorizationCode,
 	refreshAccessToken,
+	validateAuthorizationCode,
 } from "../oauth2";
 
 export interface LinkedInProfile {
@@ -41,8 +41,8 @@ export const linkedin = (options: LinkedInOptions) => {
 			const _scopes = options.disableDefaultScope
 				? []
 				: ["profile", "email", "openid"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return await createAuthorizationURL({
 				id: "linkedin",
 				options,

package/src/social-providers/microsoft-entra-id.ts

@@ -1,13 +1,13 @@
+import { base64 } from "@better-auth/utils/base64";
+import { betterFetch } from "@better-fetch/fetch";
+import { decodeJwt } from "jose";
+import { logger } from "../env";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
-	validateAuthorizationCode,
 	createAuthorizationURL,
 	refreshAccessToken,
+	validateAuthorizationCode,
 } from "../oauth2";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import { betterFetch } from "@better-fetch/fetch";
-import { logger } from "../env";
-import { decodeJwt } from "jose";
-import { base64 } from "@better-auth/utils/base64";
 
 /**
  * @see [Microsoft Identity Platform - Optional claims reference](https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims-reference)
@@ -118,21 +118,23 @@ export interface MicrosoftOptions
 	 * The tenant ID of the Microsoft account
 	 * @default "common"
 	 */
-	tenantId?: string;
+	tenantId?: string | undefined;
 	/**
 	 * The authentication authority URL. Use the default "https://login.microsoftonline.com" for standard Entra ID or "https://<tenant-id>.ciamlogin.com" for CIAM scenarios.
 	 * @default "https://login.microsoftonline.com"
 	 */
-	authority?: string;
+	authority?: string | undefined;
 	/**
 	 * The size of the profile photo
 	 * @default 48
 	 */
-	profilePhotoSize?: 48 | 64 | 96 | 120 | 240 | 360 | 432 | 504 | 648;
+	profilePhotoSize?:
+		| (48 | 64 | 96 | 120 | 240 | 360 | 432 | 504 | 648)
+		| undefined;
 	/**
 	 * Disable profile photo
 	 */
-	disableProfilePhoto?: boolean;
+	disableProfilePhoto?: boolean | undefined;
 }
 
 export const microsoft = (options: MicrosoftOptions) => {
@@ -147,8 +149,8 @@ export const microsoft = (options: MicrosoftOptions) => {
 			const scopes = options.disableDefaultScope
 				? []
 				: ["openid", "profile", "email", "User.Read", "offline_access"];
-			options.scope && scopes.push(...options.scope);
-			data.scopes && scopes.push(...data.scopes);
+			if (options.scope) scopes.push(...options.scope);
+			if (data.scopes) scopes.push(...data.scopes);
 			return createAuthorizationURL({
 				id: "microsoft",
 				options,
@@ -224,7 +226,7 @@ export const microsoft = (options: MicrosoftOptions) => {
 					const scopes = options.disableDefaultScope
 						? []
 						: ["openid", "profile", "email", "User.Read", "offline_access"];
-					options.scope && scopes.push(...options.scope);
+					if (options.scope) scopes.push(...options.scope);
 
 					return refreshAccessToken({
 						refreshToken,

package/src/social-providers/naver.ts

@@ -2,8 +2,8 @@ import { betterFetch } from "@better-fetch/fetch";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
-	validateAuthorizationCode,
 	refreshAccessToken,
+	validateAuthorizationCode,
 } from "../oauth2";
 
 export interface NaverProfile {
@@ -45,8 +45,8 @@ export const naver = (options: NaverOptions) => {
 		name: "Naver",
 		createAuthorizationURL({ state, scopes, redirectURI }) {
 			const _scopes = options.disableDefaultScope ? [] : ["profile", "email"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "naver",
 				options,

package/src/social-providers/notion.ts

@@ -10,11 +10,13 @@ export interface NotionProfile {
 	object: "user";
 	id: string;
 	type: "person" | "bot";
-	name?: string;
-	avatar_url?: string;
-	person?: {
-		email?: string;
-	};
+	name?: string | undefined;
+	avatar_url?: string | undefined;
+	person?:
+		| {
+				email?: string;
+		  }
+		| undefined;
 }
 
 export interface NotionOptions extends ProviderOptions<NotionProfile> {
@@ -28,8 +30,8 @@ export const notion = (options: NotionOptions) => {
 		name: "Notion",
 		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
 			const _scopes: string[] = options.disableDefaultScope ? [] : [];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "notion",
 				options,

package/src/social-providers/paybin.ts

@@ -0,0 +1,122 @@
+import { decodeJwt } from "jose";
+import { logger } from "../env";
+import { BetterAuthError } from "../error";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	createAuthorizationURL,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+
+export interface PaybinProfile {
+	sub: string;
+	email: string;
+	email_verified?: boolean | undefined;
+	name?: string | undefined;
+	preferred_username?: string | undefined;
+	picture?: string | undefined;
+	given_name?: string | undefined;
+	family_name?: string | undefined;
+}
+
+export interface PaybinOptions extends ProviderOptions<PaybinProfile> {
+	clientId: string;
+	/**
+	 * The issuer URL of your Paybin OAuth server
+	 * @default "https://idp.paybin.io"
+	 */
+	issuer?: string | undefined;
+}
+
+export const paybin = (options: PaybinOptions) => {
+	const issuer = options.issuer || "https://idp.paybin.io";
+	const authorizationEndpoint = `${issuer}/oauth2/authorize`;
+	const tokenEndpoint = `${issuer}/oauth2/token`;
+
+	return {
+		id: "paybin",
+		name: "Paybin",
+		async createAuthorizationURL({
+			state,
+			scopes,
+			codeVerifier,
+			redirectURI,
+			loginHint,
+		}) {
+			if (!options.clientId || !options.clientSecret) {
+				logger.error(
+					"Client Id and Client Secret is required for Paybin. Make sure to provide them in the options.",
+				);
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			if (!codeVerifier) {
+				throw new BetterAuthError("codeVerifier is required for Paybin");
+			}
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["openid", "email", "profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			const url = await createAuthorizationURL({
+				id: "paybin",
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+				prompt: options.prompt,
+				loginHint,
+			});
+			return url;
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint,
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) => {
+					return refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint,
+					});
+				},
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			if (!token.idToken) {
+				return null;
+			}
+			const user = decodeJwt(token.idToken) as PaybinProfile;
+			const userMap = await options.mapProfileToUser?.(user);
+			return {
+				user: {
+					id: user.sub,
+					name:
+						user.name ||
+						user.preferred_username ||
+						(user.email ? user.email.split("@")[0] : "User") ||
+						"User",
+					email: user.email,
+					image: user.picture,
+					emailVerified: user.email_verified || false,
+					...userMap,
+				},
+				data: user,
+			};
+		},
+		options,
+	} satisfies OAuthProvider<PaybinProfile>;
+};

package/src/social-providers/paypal.ts

@@ -1,46 +1,48 @@
+import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
+import { decodeJwt } from "jose";
+import { logger } from "../env";
 import { BetterAuthError } from "../error";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import { createAuthorizationURL } from "../oauth2";
-import { logger } from "../env";
-import { decodeJwt } from "jose";
-import { base64 } from "@better-auth/utils/base64";
 
 export interface PayPalProfile {
 	user_id: string;
 	name: string;
 	given_name: string;
 	family_name: string;
-	middle_name?: string;
-	picture?: string;
+	middle_name?: string | undefined;
+	picture?: string | undefined;
 	email: string;
 	email_verified: boolean;
-	gender?: string;
-	birthdate?: string;
-	zoneinfo?: string;
-	locale?: string;
-	phone_number?: string;
-	address?: {
-		street_address?: string;
-		locality?: string;
-		region?: string;
-		postal_code?: string;
-		country?: string;
-	};
-	verified_account?: boolean;
-	account_type?: string;
-	age_range?: string;
-	payer_id?: string;
+	gender?: string | undefined;
+	birthdate?: string | undefined;
+	zoneinfo?: string | undefined;
+	locale?: string | undefined;
+	phone_number?: string | undefined;
+	address?:
+		| {
+				street_address?: string;
+				locality?: string;
+				region?: string;
+				postal_code?: string;
+				country?: string;
+		  }
+		| undefined;
+	verified_account?: boolean | undefined;
+	account_type?: string | undefined;
+	age_range?: string | undefined;
+	payer_id?: string | undefined;
 }
 
 export interface PayPalTokenResponse {
-	scope?: string;
+	scope?: string | undefined;
 	access_token: string;
-	refresh_token?: string;
+	refresh_token?: string | undefined;
 	token_type: "Bearer";
-	id_token?: string;
+	id_token?: string | undefined;
 	expires_in: number;
-	nonce?: string;
+	nonce?: string | undefined;
 }
 
 export interface PayPalOptions extends ProviderOptions<PayPalProfile> {
@@ -49,12 +51,12 @@ export interface PayPalOptions extends ProviderOptions<PayPalProfile> {
 	 * PayPal environment - 'sandbox' for testing, 'live' for production
 	 * @default 'sandbox'
 	 */
-	environment?: "sandbox" | "live";
+	environment?: ("sandbox" | "live") | undefined;
 	/**
 	 * Whether to request shipping address information
 	 * @default false
 	 */
-	requestShippingAddress?: boolean;
+	requestShippingAddress?: boolean | undefined;
 }
 
 export const paypal = (options: PayPalOptions) => {

package/src/social-providers/polar.ts

@@ -1,30 +1,32 @@
 import { betterFetch } from "@better-fetch/fetch";
-import type { OAuthProvider, ProviderOptions } from "@better-auth/core/oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
 	validateAuthorizationCode,
-} from "@better-auth/core/oauth2";
+} from "../oauth2";
 
 export interface PolarProfile {
 	id: string;
 	email: string;
 	username: string;
 	avatar_url: string;
-	github_username?: string;
-	account_id?: string;
-	public_name?: string;
-	profile_settings?: {
-		profile_settings_enabled?: boolean;
-		profile_settings_public_name?: string;
-		profile_settings_public_avatar?: string;
-		profile_settings_public_bio?: string;
-		profile_settings_public_location?: string;
-		profile_settings_public_website?: string;
-		profile_settings_public_twitter?: string;
-		profile_settings_public_github?: string;
-		profile_settings_public_email?: string;
-	};
+	github_username?: string | undefined;
+	account_id?: string | undefined;
+	public_name?: string | undefined;
+	profile_settings?:
+		| {
+				profile_settings_enabled?: boolean;
+				profile_settings_public_name?: string;
+				profile_settings_public_avatar?: string;
+				profile_settings_public_bio?: string;
+				profile_settings_public_location?: string;
+				profile_settings_public_website?: string;
+				profile_settings_public_twitter?: string;
+				profile_settings_public_github?: string;
+				profile_settings_public_email?: string;
+		  }
+		| undefined;
 }
 
 export interface PolarOptions extends ProviderOptions<PolarProfile> {}
@@ -37,8 +39,8 @@ export const polar = (options: PolarOptions) => {
 			const _scopes = options.disableDefaultScope
 				? []
 				: ["openid", "profile", "email"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "polar",
 				options,

package/src/social-providers/reddit.ts

@@ -1,3 +1,4 @@
+import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
@@ -5,7 +6,6 @@ import {
 	getOAuth2Tokens,
 	refreshAccessToken,
 } from "../oauth2";
-import { base64 } from "@better-auth/utils/base64";
 
 export interface RedditProfile {
 	id: string;
@@ -18,7 +18,7 @@ export interface RedditProfile {
 
 export interface RedditOptions extends ProviderOptions<RedditProfile> {
 	clientId: string;
-	duration?: string;
+	duration?: string | undefined;
 }
 
 export const reddit = (options: RedditOptions) => {
@@ -27,8 +27,8 @@ export const reddit = (options: RedditOptions) => {
 		name: "Reddit",
 		createAuthorizationURL({ state, scopes, redirectURI }) {
 			const _scopes = options.disableDefaultScope ? [] : ["identity"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "reddit",
 				options,