@better-auth/core 1.4.0-beta.13 → 1.4.0-beta.15

package/dist/social-providers/index.cjs

@@ -2,7 +2,7 @@ const require_chunk = require('../chunk-CUT6urMc.cjs');
 const require_env = require('../env-CuEMo0ZI.cjs');
 require('../utils-Bs-jKit4.cjs');
 const require_error = require('../error-k9KM7GAb.cjs');
-const require_oauth2 = require('../oauth2-C8-hfKTF.cjs');
+const require_oauth2 = require('../oauth2-C4Pt8KMZ.cjs');
 let better_call = require("better-call");
 better_call = require_chunk.__toESM(better_call);
 let zod = require("zod");
@@ -13,8 +13,6 @@ let __better_fetch_fetch = require("@better-fetch/fetch");
 __better_fetch_fetch = require_chunk.__toESM(__better_fetch_fetch);
 let jose = require("jose");
 jose = require_chunk.__toESM(jose);
-let __better_auth_core_oauth2 = require("@better-auth/core/oauth2");
-__better_auth_core_oauth2 = require_chunk.__toESM(__better_auth_core_oauth2);
 
 //#region src/social-providers/apple.ts
 const apple = (options) => {
@@ -24,8 +22,8 @@ const apple = (options) => {
 		name: "Apple",
 		async createAuthorizationURL({ state, scopes, redirectURI }) {
 			const _scope = options.disableDefaultScope ? [] : ["email", "name"];
-			options.scope && _scope.push(...options.scope);
-			scopes && _scope.push(...scopes);
+			if (options.scope) _scope.push(...options.scope);
+			if (scopes) _scope.push(...scopes);
 			return await require_oauth2.createAuthorizationURL({
 				id: "apple",
 				options,
@@ -121,8 +119,8 @@ const atlassian = (options) => {
 			}
 			if (!codeVerifier) throw new require_error.BetterAuthError("codeVerifier is required for Atlassian");
 			const _scopes = options.disableDefaultScope ? [] : ["read:jira-user", "offline_access"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return require_oauth2.createAuthorizationURL({
 				id: "atlassian",
 				options,
@@ -209,8 +207,8 @@ const cognito = (options) => {
 				"profile",
 				"email"
 			];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return await require_oauth2.createAuthorizationURL({
 				id: "cognito",
 				options: { ...options },
@@ -334,8 +332,8 @@ const discord = (options) => {
 		name: "Discord",
 		createAuthorizationURL({ state, scopes, redirectURI }) {
 			const _scopes = options.disableDefaultScope ? [] : ["identify", "email"];
-			scopes && _scopes.push(...scopes);
-			options.scope && _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
 			const permissionsParam = _scopes.includes("bot") && options.permissions !== void 0 ? `&permissions=${options.permissions}` : "";
 			return new URL(`https://discord.com/api/oauth2/authorize?scope=${_scopes.join("+")}&response_type=code&client_id=${options.clientId}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}&prompt=${options.prompt || "none"}${permissionsParam}`);
 		},
@@ -384,6 +382,74 @@ const discord = (options) => {
 	};
 };
 
+//#endregion
+//#region src/social-providers/dropbox.ts
+const dropbox = (options) => {
+	const tokenEndpoint = "https://api.dropboxapi.com/oauth2/token";
+	return {
+		id: "dropbox",
+		name: "Dropbox",
+		createAuthorizationURL: async ({ state, scopes, codeVerifier, redirectURI }) => {
+			const _scopes = options.disableDefaultScope ? [] : ["account_info.read"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			const additionalParams = {};
+			if (options.accessType) additionalParams.token_access_type = options.accessType;
+			return await require_oauth2.createAuthorizationURL({
+				id: "dropbox",
+				options,
+				authorizationEndpoint: "https://www.dropbox.com/oauth2/authorize",
+				scopes: _scopes,
+				state,
+				redirectURI,
+				codeVerifier,
+				additionalParams
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return await require_oauth2.validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return require_oauth2.refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://api.dropbox.com/oauth2/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account", {
+				method: "POST",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.account_id,
+					name: profile.name?.display_name,
+					email: profile.email,
+					emailVerified: profile.email_verified || false,
+					image: profile.profile_photo_url,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
 //#endregion
 //#region src/social-providers/facebook.ts
 const facebook = (options) => {
@@ -392,8 +458,8 @@ const facebook = (options) => {
 		name: "Facebook",
 		async createAuthorizationURL({ state, scopes, redirectURI, loginHint }) {
 			const _scopes = options.disableDefaultScope ? [] : ["email", "public_profile"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return await require_oauth2.createAuthorizationURL({
 				id: "facebook",
 				options,
@@ -509,8 +575,8 @@ const figma = (options) => {
 			}
 			if (!codeVerifier) throw new require_error.BetterAuthError("codeVerifier is required for Figma");
 			const _scopes = options.disableDefaultScope ? [] : ["file_read"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return await require_oauth2.createAuthorizationURL({
 				id: "figma",
 				options,
@@ -579,8 +645,8 @@ const github = (options) => {
 		name: "GitHub",
 		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
 			const _scopes = options.disableDefaultScope ? [] : ["read:user", "user:email"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return require_oauth2.createAuthorizationURL({
 				id: "github",
 				options,
@@ -641,6 +707,81 @@ const github = (options) => {
 	};
 };
 
+//#endregion
+//#region src/social-providers/gitlab.ts
+const cleanDoubleSlashes = (input = "") => {
+	return input.split("://").map((str) => str.replace(/\/{2,}/g, "/")).join("://");
+};
+const issuerToEndpoints = (issuer) => {
+	let baseUrl = issuer || "https://gitlab.com";
+	return {
+		authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
+		tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),
+		userinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`)
+	};
+};
+const gitlab = (options) => {
+	const { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } = issuerToEndpoints(options.issuer);
+	const issuerId = "gitlab";
+	return {
+		id: issuerId,
+		name: "Gitlab",
+		createAuthorizationURL: async ({ state, scopes, codeVerifier, loginHint, redirectURI }) => {
+			const _scopes = options.disableDefaultScope ? [] : ["read_user"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await require_oauth2.createAuthorizationURL({
+				id: issuerId,
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				redirectURI,
+				codeVerifier,
+				loginHint
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+			return require_oauth2.validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				codeVerifier,
+				tokenEndpoint
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return require_oauth2.refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)(userinfoEndpoint, { headers: { authorization: `Bearer ${token.accessToken}` } });
+			if (error || profile.state !== "active" || profile.locked) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.name ?? profile.username,
+					email: profile.email,
+					image: profile.avatar_url,
+					emailVerified: true,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
 //#endregion
 //#region src/social-providers/google.ts
 const google = (options) => {
@@ -658,8 +799,8 @@ const google = (options) => {
 				"profile",
 				"openid"
 			];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return await require_oauth2.createAuthorizationURL({
 				id: "google",
 				options,
@@ -724,60 +865,6 @@ const google = (options) => {
 	};
 };
 
-//#endregion
-//#region src/social-providers/kick.ts
-const kick = (options) => {
-	return {
-		id: "kick",
-		name: "Kick",
-		createAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {
-			const _scopes = options.disableDefaultScope ? [] : ["user:read"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			return require_oauth2.createAuthorizationURL({
-				id: "kick",
-				redirectURI,
-				options,
-				authorizationEndpoint: "https://id.kick.com/oauth/authorize",
-				scopes: _scopes,
-				codeVerifier,
-				state
-			});
-		},
-		async validateAuthorizationCode({ code, redirectURI, codeVerifier }) {
-			return require_oauth2.validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://id.kick.com/oauth/token",
-				codeVerifier
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.kick.com/public/v1/users", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (error) return null;
-			const profile = data.data[0];
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.user_id,
-					name: profile.name,
-					email: profile.email,
-					image: profile.profile_picture,
-					emailVerified: true,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
 //#endregion
 //#region src/social-providers/huggingface.ts
 const huggingface = (options) => {
@@ -790,8 +877,8 @@ const huggingface = (options) => {
 				"profile",
 				"email"
 			];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return require_oauth2.createAuthorizationURL({
 				id: "huggingface",
 				options,
@@ -847,152 +934,115 @@ const huggingface = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/microsoft-entra-id.ts
-const microsoft = (options) => {
-	const tenant = options.tenantId || "common";
-	const authority = options.authority || "https://login.microsoftonline.com";
-	const authorizationEndpoint = `${authority}/${tenant}/oauth2/v2.0/authorize`;
-	const tokenEndpoint = `${authority}/${tenant}/oauth2/v2.0/token`;
+//#region src/social-providers/kakao.ts
+const kakao = (options) => {
 	return {
-		id: "microsoft",
-		name: "Microsoft EntraID",
-		createAuthorizationURL(data) {
-			const scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email",
-				"User.Read",
-				"offline_access"
+		id: "kakao",
+		name: "Kakao",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"account_email",
+				"profile_image",
+				"profile_nickname"
 			];
-			options.scope && scopes.push(...options.scope);
-			data.scopes && scopes.push(...data.scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return require_oauth2.createAuthorizationURL({
-				id: "microsoft",
+				id: "kakao",
 				options,
-				authorizationEndpoint,
-				state: data.state,
-				codeVerifier: data.codeVerifier,
-				scopes,
-				redirectURI: data.redirectURI,
-				prompt: options.prompt,
-				loginHint: data.loginHint
+				authorizationEndpoint: "https://kauth.kakao.com/oauth/authorize",
+				scopes: _scopes,
+				state,
+				redirectURI
 			});
 		},
-		validateAuthorizationCode({ code, codeVerifier, redirectURI }) {
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
 			return require_oauth2.validateAuthorizationCode({
 				code,
-				codeVerifier,
 				redirectURI,
 				options,
-				tokenEndpoint
+				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return require_oauth2.refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			if (!token.idToken) return null;
-			const user = (0, jose.decodeJwt)(token.idToken);
-			const profilePhotoSize = options.profilePhotoSize || 48;
-			await (0, __better_fetch_fetch.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`, {
-				headers: { Authorization: `Bearer ${token.accessToken}` },
-				async onResponse(context) {
-					if (options.disableProfilePhoto || !context.response.ok) return;
-					try {
-						const pictureBuffer = await context.response.clone().arrayBuffer();
-						user.picture = `data:image/jpeg;base64, ${__better_auth_utils_base64.base64.encode(pictureBuffer)}`;
-					} catch (e) {
-						require_env.logger.error(e && typeof e === "object" && "name" in e ? e.name : "", e);
-					}
-				}
-			});
-			const userMap = await options.mapProfileToUser?.(user);
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://kapi.kakao.com/v2/user/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
+			if (error || !profile) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			const account = profile.kakao_account || {};
+			const kakaoProfile = account.profile || {};
 			return {
 				user: {
-					id: user.sub,
-					name: user.name,
-					email: user.email,
-					image: user.picture,
-					emailVerified: true,
+					id: String(profile.id),
+					name: kakaoProfile.nickname || account.name || void 0,
+					email: account.email,
+					image: kakaoProfile.profile_image_url || kakaoProfile.thumbnail_image_url,
+					emailVerified: !!account.is_email_valid && !!account.is_email_verified,
 					...userMap
 				},
-				data: user
+				data: profile
 			};
 		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			const scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email",
-				"User.Read",
-				"offline_access"
-			];
-			options.scope && scopes.push(...options.scope);
-			return require_oauth2.refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientSecret: options.clientSecret
-				},
-				extraParams: { scope: scopes.join(" ") },
-				tokenEndpoint
-			});
-		},
 		options
 	};
 };
 
 //#endregion
-//#region src/social-providers/slack.ts
-const slack = (options) => {
+//#region src/social-providers/kick.ts
+const kick = (options) => {
 	return {
-		id: "slack",
-		name: "Slack",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			scopes && _scopes.push(...scopes);
-			options.scope && _scopes.push(...options.scope);
-			const url = new URL("https://slack.com/openid/connect/authorize");
-			url.searchParams.set("scope", _scopes.join(" "));
-			url.searchParams.set("response_type", "code");
-			url.searchParams.set("client_id", options.clientId);
-			url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
-			url.searchParams.set("state", state);
-			return url;
+		id: "kick",
+		name: "Kick",
+		createAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user:read"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return require_oauth2.createAuthorizationURL({
+				id: "kick",
+				redirectURI,
+				options,
+				authorizationEndpoint: "https://id.kick.com/oauth/authorize",
+				scopes: _scopes,
+				codeVerifier,
+				state
+			});
 		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
+		async validateAuthorizationCode({ code, redirectURI, codeVerifier }) {
 			return require_oauth2.validateAuthorizationCode({
 				code,
 				redirectURI,
 				options,
-				tokenEndpoint: "https://slack.com/api/openid.connect.token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return require_oauth2.refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://slack.com/api/openid.connect.token"
+				tokenEndpoint: "https://id.kick.com/oauth/token",
+				codeVerifier
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://slack.com/api/openid.connect.userInfo", { headers: { authorization: `Bearer ${token.accessToken}` } });
+			const { data, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.kick.com/public/v1/users", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
 			if (error) return null;
+			const profile = data.data[0];
 			const userMap = await options.mapProfileToUser?.(profile);
 			return {
 				user: {
-					id: profile["https://slack.com/user_id"],
-					name: profile.name || "",
+					id: profile.user_id,
+					name: profile.name,
 					email: profile.email,
-					emailVerified: profile.email_verified,
-					image: profile.picture || profile["https://slack.com/user_image_512"],
+					image: profile.profile_picture,
+					emailVerified: true,
 					...userMap
 				},
 				data: profile
@@ -1003,34 +1053,50 @@ const slack = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/notion.ts
-const notion = (options) => {
-	const tokenEndpoint = "https://api.notion.com/v1/oauth/token";
+//#region src/social-providers/line.ts
+/**
+* LINE Login v2.1
+* - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize
+* - Token endpoint: https://api.line.me/oauth2/v2.1/token
+* - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo
+* - Verify ID token: https://api.line.me/oauth2/v2.1/verify
+*
+* Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token
+*/
+const line = (options) => {
+	const authorizationEndpoint = "https://access.line.me/oauth2/v2.1/authorize";
+	const tokenEndpoint = "https://api.line.me/oauth2/v2.1/token";
+	const userInfoEndpoint = "https://api.line.me/oauth2/v2.1/userinfo";
+	const verifyIdTokenEndpoint = "https://api.line.me/oauth2/v2.1/verify";
 	return {
-		id: "notion",
-		name: "Notion",
-		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			return require_oauth2.createAuthorizationURL({
-				id: "notion",
+		id: "line",
+		name: "LINE",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await require_oauth2.createAuthorizationURL({
+				id: "line",
 				options,
-				authorizationEndpoint: "https://api.notion.com/v1/oauth/authorize",
+				authorizationEndpoint,
 				scopes: _scopes,
 				state,
+				codeVerifier,
 				redirectURI,
-				loginHint,
-				additionalParams: { owner: "user" }
+				loginHint
 			});
 		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
 			return require_oauth2.validateAuthorizationCode({
 				code,
+				codeVerifier,
 				redirectURI,
 				options,
-				tokenEndpoint,
-				authentication: "basic"
+				tokenEndpoint
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -1038,32 +1104,53 @@ const notion = (options) => {
 				refreshToken,
 				options: {
 					clientId: options.clientId,
-					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
 				tokenEndpoint
 			});
 		},
+		async verifyIdToken(token, nonce) {
+			if (options.disableIdTokenSignIn) return false;
+			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
+			const body = new URLSearchParams();
+			body.set("id_token", token);
+			body.set("client_id", options.clientId);
+			if (nonce) body.set("nonce", nonce);
+			const { data, error } = await (0, __better_fetch_fetch.betterFetch)(verifyIdTokenEndpoint, {
+				method: "POST",
+				headers: { "content-type": "application/x-www-form-urlencoded" },
+				body
+			});
+			if (error || !data) return false;
+			if (data.aud !== options.clientId) return false;
+			if (nonce && data.nonce && data.nonce !== nonce) return false;
+			return true;
+		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.notion.com/v1/users/me", { headers: {
-				Authorization: `Bearer ${token.accessToken}`,
-				"Notion-Version": "2022-06-28"
-			} });
-			if (error || !profile) return null;
-			const userProfile = profile.bot?.owner?.user;
-			if (!userProfile) return null;
-			const userMap = await options.mapProfileToUser?.(userProfile);
+			let profile = null;
+			if (token.idToken) try {
+				profile = (0, jose.decodeJwt)(token.idToken);
+			} catch {}
+			if (!profile) {
+				const { data } = await (0, __better_fetch_fetch.betterFetch)(userInfoEndpoint, { headers: { authorization: `Bearer ${token.accessToken}` } });
+				profile = data || null;
+			}
+			if (!profile) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			const id = profile.sub || profile.userId;
+			const name = profile.name || profile.displayName;
+			const image = profile.picture || profile.pictureUrl || void 0;
 			return {
 				user: {
-					id: userProfile.id,
-					name: userProfile.name || "Notion User",
-					email: userProfile.person?.email || null,
-					image: userProfile.avatar_url,
-					emailVerified: !!userProfile.person?.email,
+					id,
+					name,
+					email: profile.email,
+					image,
+					emailVerified: false,
 					...userMap
 				},
-				data: userProfile
+				data: profile
 			};
 		},
 		options
@@ -1071,32 +1158,32 @@ const notion = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/spotify.ts
-const spotify = (options) => {
+//#region src/social-providers/linear.ts
+const linear = (options) => {
+	const tokenEndpoint = "https://api.linear.app/oauth/token";
 	return {
-		id: "spotify",
-		name: "Spotify",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["user-read-email"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+		id: "linear",
+		name: "Linear",
+		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["read"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return require_oauth2.createAuthorizationURL({
-				id: "spotify",
+				id: "linear",
 				options,
-				authorizationEndpoint: "https://accounts.spotify.com/authorize",
+				authorizationEndpoint: "https://linear.app/oauth/authorize",
 				scopes: _scopes,
 				state,
-				codeVerifier,
-				redirectURI
+				redirectURI,
+				loginHint
 			});
 		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
 			return require_oauth2.validateAuthorizationCode({
 				code,
-				codeVerifier,
 				redirectURI,
 				options,
-				tokenEndpoint: "https://accounts.spotify.com/api/token"
+				tokenEndpoint
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -1107,27 +1194,44 @@ const spotify = (options) => {
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint: "https://accounts.spotify.com/api/token"
+				tokenEndpoint
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.spotify.com/v1/me", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.linear.app/graphql", {
+				method: "POST",
+				headers: {
+					"Content-Type": "application/json",
+					Authorization: `Bearer ${token.accessToken}`
+				},
+				body: JSON.stringify({ query: `
+							query {
+								viewer {
+									id
+									name
+									email
+									avatarUrl
+									active
+									createdAt
+									updatedAt
+								}
+							}
+						` })
 			});
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
+			if (error || !profile?.data?.viewer) return null;
+			const userData = profile.data.viewer;
+			const userMap = await options.mapProfileToUser?.(userData);
 			return {
 				user: {
-					id: profile.id,
-					name: profile.display_name,
-					email: profile.email,
-					image: profile.images[0]?.url,
-					emailVerified: false,
+					id: profile.data.viewer.id,
+					name: profile.data.viewer.name,
+					email: profile.data.viewer.email,
+					image: profile.data.viewer.avatarUrl,
+					emailVerified: true,
 					...userMap
 				},
-				data: profile
+				data: userData
 			};
 		},
 		options
@@ -1135,36 +1239,37 @@ const spotify = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/twitch.ts
-const twitch = (options) => {
+//#region src/social-providers/linkedin.ts
+const linkedin = (options) => {
+	const authorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
+	const tokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
 	return {
-		id: "twitch",
-		name: "Twitch",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["user:read:email", "openid"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			return require_oauth2.createAuthorizationURL({
-				id: "twitch",
-				redirectURI,
+		id: "linkedin",
+		name: "Linkedin",
+		createAuthorizationURL: async ({ state, scopes, redirectURI, loginHint }) => {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"profile",
+				"email",
+				"openid"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await require_oauth2.createAuthorizationURL({
+				id: "linkedin",
 				options,
-				authorizationEndpoint: "https://id.twitch.tv/oauth2/authorize",
+				authorizationEndpoint,
 				scopes: _scopes,
 				state,
-				claims: options.claims || [
-					"email",
-					"email_verified",
-					"preferred_username",
-					"picture"
-				]
+				loginHint,
+				redirectURI
 			});
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return require_oauth2.validateAuthorizationCode({
+			return await require_oauth2.validateAuthorizationCode({
 				code,
 				redirectURI,
 				options,
-				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
+				tokenEndpoint
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -1175,25 +1280,24 @@ const twitch = (options) => {
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
+				tokenEndpoint
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const idToken = token.idToken;
-			if (!idToken) {
-				require_env.logger.error("No idToken found in token");
-				return null;
-			}
-			const profile = (0, jose.decodeJwt)(idToken);
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.linkedin.com/v2/userinfo", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (error) return null;
 			const userMap = await options.mapProfileToUser?.(profile);
 			return {
 				user: {
 					id: profile.sub,
-					name: profile.preferred_username,
+					name: profile.name,
 					email: profile.email,
+					emailVerified: profile.email_verified || false,
 					image: profile.picture,
-					emailVerified: profile.email_verified,
 					...userMap
 				},
 				data: profile
@@ -1204,116 +1308,124 @@ const twitch = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/twitter.ts
-const twitter = (options) => {
+//#region src/social-providers/microsoft-entra-id.ts
+const microsoft = (options) => {
+	const tenant = options.tenantId || "common";
+	const authority = options.authority || "https://login.microsoftonline.com";
+	const authorizationEndpoint = `${authority}/${tenant}/oauth2/v2.0/authorize`;
+	const tokenEndpoint = `${authority}/${tenant}/oauth2/v2.0/token`;
 	return {
-		id: "twitter",
-		name: "Twitter",
+		id: "microsoft",
+		name: "Microsoft EntraID",
 		createAuthorizationURL(data) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"users.read",
-				"tweet.read",
-				"offline.access",
-				"users.email"
+			const scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email",
+				"User.Read",
+				"offline_access"
 			];
-			options.scope && _scopes.push(...options.scope);
-			data.scopes && _scopes.push(...data.scopes);
+			if (options.scope) scopes.push(...options.scope);
+			if (data.scopes) scopes.push(...data.scopes);
 			return require_oauth2.createAuthorizationURL({
-				id: "twitter",
+				id: "microsoft",
 				options,
-				authorizationEndpoint: "https://x.com/i/oauth2/authorize",
-				scopes: _scopes,
+				authorizationEndpoint,
 				state: data.state,
 				codeVerifier: data.codeVerifier,
-				redirectURI: data.redirectURI
+				scopes,
+				redirectURI: data.redirectURI,
+				prompt: options.prompt,
+				loginHint: data.loginHint
 			});
 		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+		validateAuthorizationCode({ code, codeVerifier, redirectURI }) {
 			return require_oauth2.validateAuthorizationCode({
 				code,
 				codeVerifier,
-				authentication: "basic",
 				redirectURI,
 				options,
-				tokenEndpoint: "https://api.x.com/2/oauth2/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return require_oauth2.refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				authentication: "basic",
-				tokenEndpoint: "https://api.x.com/2/oauth2/token"
+				tokenEndpoint
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error: profileError } = await (0, __better_fetch_fetch.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (profileError) return null;
-			const { data: emailData, error: emailError } = await (0, __better_fetch_fetch.betterFetch)("https://api.x.com/2/users/me?user.fields=confirmed_email", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
+			if (!token.idToken) return null;
+			const user = (0, jose.decodeJwt)(token.idToken);
+			const profilePhotoSize = options.profilePhotoSize || 48;
+			await (0, __better_fetch_fetch.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`, {
+				headers: { Authorization: `Bearer ${token.accessToken}` },
+				async onResponse(context) {
+					if (options.disableProfilePhoto || !context.response.ok) return;
+					try {
+						const pictureBuffer = await context.response.clone().arrayBuffer();
+						user.picture = `data:image/jpeg;base64, ${__better_auth_utils_base64.base64.encode(pictureBuffer)}`;
+					} catch (e) {
+						require_env.logger.error(e && typeof e === "object" && "name" in e ? e.name : "", e);
+					}
+				}
 			});
-			let emailVerified = false;
-			if (!emailError && emailData?.data?.confirmed_email) {
-				profile.data.email = emailData.data.confirmed_email;
-				emailVerified = true;
-			}
-			const userMap = await options.mapProfileToUser?.(profile);
+			const userMap = await options.mapProfileToUser?.(user);
 			return {
 				user: {
-					id: profile.data.id,
-					name: profile.data.name,
-					email: profile.data.email || profile.data.username || null,
-					image: profile.data.profile_image_url,
-					emailVerified,
+					id: user.sub,
+					name: user.name,
+					email: user.email,
+					image: user.picture,
+					emailVerified: true,
 					...userMap
 				},
-				data: profile
+				data: user
 			};
 		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			const scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email",
+				"User.Read",
+				"offline_access"
+			];
+			if (options.scope) scopes.push(...options.scope);
+			return require_oauth2.refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientSecret: options.clientSecret
+				},
+				extraParams: { scope: scopes.join(" ") },
+				tokenEndpoint
+			});
+		},
 		options
 	};
 };
 
 //#endregion
-//#region src/social-providers/dropbox.ts
-const dropbox = (options) => {
-	const tokenEndpoint = "https://api.dropboxapi.com/oauth2/token";
+//#region src/social-providers/naver.ts
+const naver = (options) => {
 	return {
-		id: "dropbox",
-		name: "Dropbox",
-		createAuthorizationURL: async ({ state, scopes, codeVerifier, redirectURI }) => {
-			const _scopes = options.disableDefaultScope ? [] : ["account_info.read"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			const additionalParams = {};
-			if (options.accessType) additionalParams.token_access_type = options.accessType;
-			return await require_oauth2.createAuthorizationURL({
-				id: "dropbox",
+		id: "naver",
+		name: "Naver",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["profile", "email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return require_oauth2.createAuthorizationURL({
+				id: "naver",
 				options,
-				authorizationEndpoint: "https://www.dropbox.com/oauth2/authorize",
+				authorizationEndpoint: "https://nid.naver.com/oauth2.0/authorize",
 				scopes: _scopes,
 				state,
-				redirectURI,
-				codeVerifier,
-				additionalParams
+				redirectURI
 			});
 		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return await require_oauth2.validateAuthorizationCode({
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return require_oauth2.validateAuthorizationCode({
 				code,
-				codeVerifier,
 				redirectURI,
 				options,
-				tokenEndpoint
+				tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -1324,24 +1436,22 @@ const dropbox = (options) => {
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint: "https://api.dropbox.com/oauth2/token"
+				tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account", {
-				method: "POST",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (error) return null;
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://openapi.naver.com/v1/nid/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
+			if (error || !profile || profile.resultcode !== "00") return null;
 			const userMap = await options.mapProfileToUser?.(profile);
+			const res = profile.response || {};
 			return {
 				user: {
-					id: profile.account_id,
-					name: profile.name?.display_name,
-					email: profile.email,
-					emailVerified: profile.email_verified || false,
-					image: profile.profile_photo_url,
+					id: res.id,
+					name: res.name || res.nickname,
+					email: res.email,
+					image: res.profile_image,
+					emailVerified: false,
 					...userMap
 				},
 				data: profile
@@ -1352,24 +1462,25 @@ const dropbox = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/linear.ts
-const linear = (options) => {
-	const tokenEndpoint = "https://api.linear.app/oauth/token";
+//#region src/social-providers/notion.ts
+const notion = (options) => {
+	const tokenEndpoint = "https://api.notion.com/v1/oauth/token";
 	return {
-		id: "linear",
-		name: "Linear",
+		id: "notion",
+		name: "Notion",
 		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["read"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			const _scopes = options.disableDefaultScope ? [] : [];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return require_oauth2.createAuthorizationURL({
-				id: "linear",
+				id: "notion",
 				options,
-				authorizationEndpoint: "https://linear.app/oauth/authorize",
+				authorizationEndpoint: "https://api.notion.com/v1/oauth/authorize",
 				scopes: _scopes,
 				state,
 				redirectURI,
-				loginHint
+				loginHint,
+				additionalParams: { owner: "user" }
 			});
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
@@ -1377,7 +1488,8 @@ const linear = (options) => {
 				code,
 				redirectURI,
 				options,
-				tokenEndpoint
+				tokenEndpoint,
+				authentication: "basic"
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -1393,39 +1505,24 @@ const linear = (options) => {
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.linear.app/graphql", {
-				method: "POST",
-				headers: {
-					"Content-Type": "application/json",
-					Authorization: `Bearer ${token.accessToken}`
-				},
-				body: JSON.stringify({ query: `
-							query {
-								viewer {
-									id
-									name
-									email
-									avatarUrl
-									active
-									createdAt
-									updatedAt
-								}
-							}
-						` })
-			});
-			if (error || !profile?.data?.viewer) return null;
-			const userData = profile.data.viewer;
-			const userMap = await options.mapProfileToUser?.(userData);
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.notion.com/v1/users/me", { headers: {
+				Authorization: `Bearer ${token.accessToken}`,
+				"Notion-Version": "2022-06-28"
+			} });
+			if (error || !profile) return null;
+			const userProfile = profile.bot?.owner?.user;
+			if (!userProfile) return null;
+			const userMap = await options.mapProfileToUser?.(userProfile);
 			return {
 				user: {
-					id: profile.data.viewer.id,
-					name: profile.data.viewer.name,
-					email: profile.data.viewer.email,
-					image: profile.data.viewer.avatarUrl,
-					emailVerified: true,
+					id: userProfile.id,
+					name: userProfile.name || "Notion User",
+					email: userProfile.person?.email || null,
+					image: userProfile.avatar_url,
+					emailVerified: !!userProfile.person?.email,
 					...userMap
 				},
-				data: userData
+				data: userProfile
 			};
 		},
 		options
@@ -1433,34 +1530,43 @@ const linear = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/linkedin.ts
-const linkedin = (options) => {
-	const authorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
-	const tokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
+//#region src/social-providers/paybin.ts
+const paybin = (options) => {
+	const issuer = options.issuer || "https://idp.paybin.io";
+	const authorizationEndpoint = `${issuer}/oauth2/authorize`;
+	const tokenEndpoint = `${issuer}/oauth2/token`;
 	return {
-		id: "linkedin",
-		name: "Linkedin",
-		createAuthorizationURL: async ({ state, scopes, redirectURI, loginHint }) => {
+		id: "paybin",
+		name: "Paybin",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint }) {
+			if (!options.clientId || !options.clientSecret) {
+				require_env.logger.error("Client Id and Client Secret is required for Paybin. Make sure to provide them in the options.");
+				throw new require_error.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			if (!codeVerifier) throw new require_error.BetterAuthError("codeVerifier is required for Paybin");
 			const _scopes = options.disableDefaultScope ? [] : [
-				"profile",
+				"openid",
 				"email",
-				"openid"
+				"profile"
 			];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return await require_oauth2.createAuthorizationURL({
-				id: "linkedin",
+				id: "paybin",
 				options,
 				authorizationEndpoint,
 				scopes: _scopes,
 				state,
-				loginHint,
-				redirectURI
+				codeVerifier,
+				redirectURI,
+				prompt: options.prompt,
+				loginHint
 			});
 		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return await require_oauth2.validateAuthorizationCode({
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return require_oauth2.validateAuthorizationCode({
 				code,
+				codeVerifier,
 				redirectURI,
 				options,
 				tokenEndpoint
@@ -1479,22 +1585,19 @@ const linkedin = (options) => {
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.linkedin.com/v2/userinfo", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
+			if (!token.idToken) return null;
+			const user = (0, jose.decodeJwt)(token.idToken);
+			const userMap = await options.mapProfileToUser?.(user);
 			return {
 				user: {
-					id: profile.sub,
-					name: profile.name,
-					email: profile.email,
-					emailVerified: profile.email_verified || false,
-					image: profile.picture,
+					id: user.sub,
+					name: user.name || user.preferred_username || (user.email ? user.email.split("@")[0] : "User") || "User",
+					email: user.email,
+					image: user.picture,
+					emailVerified: user.email_verified || false,
 					...userMap
 				},
-				data: profile
+				data: user
 			};
 		},
 		options
@@ -1502,46 +1605,171 @@ const linkedin = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/gitlab.ts
-const cleanDoubleSlashes = (input = "") => {
-	return input.split("://").map((str) => str.replace(/\/{2,}/g, "/")).join("://");
-};
-const issuerToEndpoints = (issuer) => {
-	let baseUrl = issuer || "https://gitlab.com";
+//#region src/social-providers/paypal.ts
+const paypal = (options) => {
+	const isSandbox = (options.environment || "sandbox") === "sandbox";
+	const authorizationEndpoint = isSandbox ? "https://www.sandbox.paypal.com/signin/authorize" : "https://www.paypal.com/signin/authorize";
+	const tokenEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/oauth2/token" : "https://api-m.paypal.com/v1/oauth2/token";
+	const userInfoEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo" : "https://api-m.paypal.com/v1/identity/oauth2/userinfo";
 	return {
-		authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
-		tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),
-		userinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`)
+		id: "paypal",
+		name: "PayPal",
+		async createAuthorizationURL({ state, codeVerifier, redirectURI }) {
+			if (!options.clientId || !options.clientSecret) {
+				require_env.logger.error("Client Id and Client Secret is required for PayPal. Make sure to provide them in the options.");
+				throw new require_error.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			return await require_oauth2.createAuthorizationURL({
+				id: "paypal",
+				options,
+				authorizationEndpoint,
+				scopes: [],
+				state,
+				codeVerifier,
+				redirectURI,
+				prompt: options.prompt
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			/**
+			* PayPal requires Basic Auth for token exchange
+			**/
+			const credentials = __better_auth_utils_base64.base64.encode(`${options.clientId}:${options.clientSecret}`);
+			try {
+				const response = await (0, __better_fetch_fetch.betterFetch)(tokenEndpoint, {
+					method: "POST",
+					headers: {
+						Authorization: `Basic ${credentials}`,
+						Accept: "application/json",
+						"Accept-Language": "en_US",
+						"Content-Type": "application/x-www-form-urlencoded"
+					},
+					body: new URLSearchParams({
+						grant_type: "authorization_code",
+						code,
+						redirect_uri: redirectURI
+					}).toString()
+				});
+				if (!response.data) throw new require_error.BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
+				const data = response.data;
+				return {
+					accessToken: data.access_token,
+					refreshToken: data.refresh_token,
+					accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0,
+					idToken: data.id_token
+				};
+			} catch (error) {
+				require_env.logger.error("PayPal token exchange failed:", error);
+				throw new require_error.BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
+			}
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			const credentials = __better_auth_utils_base64.base64.encode(`${options.clientId}:${options.clientSecret}`);
+			try {
+				const response = await (0, __better_fetch_fetch.betterFetch)(tokenEndpoint, {
+					method: "POST",
+					headers: {
+						Authorization: `Basic ${credentials}`,
+						Accept: "application/json",
+						"Accept-Language": "en_US",
+						"Content-Type": "application/x-www-form-urlencoded"
+					},
+					body: new URLSearchParams({
+						grant_type: "refresh_token",
+						refresh_token: refreshToken
+					}).toString()
+				});
+				if (!response.data) throw new require_error.BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
+				const data = response.data;
+				return {
+					accessToken: data.access_token,
+					refreshToken: data.refresh_token,
+					accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0
+				};
+			} catch (error) {
+				require_env.logger.error("PayPal token refresh failed:", error);
+				throw new require_error.BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
+			}
+		},
+		async verifyIdToken(token, nonce) {
+			if (options.disableIdTokenSignIn) return false;
+			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
+			try {
+				return !!(0, jose.decodeJwt)(token).sub;
+			} catch (error) {
+				require_env.logger.error("Failed to verify PayPal ID token:", error);
+				return false;
+			}
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			if (!token.accessToken) {
+				require_env.logger.error("Access token is required to fetch PayPal user info");
+				return null;
+			}
+			try {
+				const response = await (0, __better_fetch_fetch.betterFetch)(`${userInfoEndpoint}?schema=paypalv1.1`, { headers: {
+					Authorization: `Bearer ${token.accessToken}`,
+					Accept: "application/json"
+				} });
+				if (!response.data) {
+					require_env.logger.error("Failed to fetch user info from PayPal");
+					return null;
+				}
+				const userInfo = response.data;
+				const userMap = await options.mapProfileToUser?.(userInfo);
+				return {
+					user: {
+						id: userInfo.user_id,
+						name: userInfo.name,
+						email: userInfo.email,
+						image: userInfo.picture,
+						emailVerified: userInfo.email_verified,
+						...userMap
+					},
+					data: userInfo
+				};
+			} catch (error) {
+				require_env.logger.error("Failed to fetch user info from PayPal:", error);
+				return null;
+			}
+		},
+		options
 	};
 };
-const gitlab = (options) => {
-	const { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } = issuerToEndpoints(options.issuer);
-	const issuerId = "gitlab";
+
+//#endregion
+//#region src/social-providers/polar.ts
+const polar = (options) => {
 	return {
-		id: issuerId,
-		name: "Gitlab",
-		createAuthorizationURL: async ({ state, scopes, codeVerifier, loginHint, redirectURI }) => {
-			const _scopes = options.disableDefaultScope ? [] : ["read_user"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			return await require_oauth2.createAuthorizationURL({
-				id: issuerId,
+		id: "polar",
+		name: "Polar",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return require_oauth2.createAuthorizationURL({
+				id: "polar",
 				options,
-				authorizationEndpoint,
+				authorizationEndpoint: "https://polar.sh/oauth2/authorize",
 				scopes: _scopes,
 				state,
-				redirectURI,
 				codeVerifier,
-				loginHint
+				redirectURI,
+				prompt: options.prompt
 			});
 		},
-		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
 			return require_oauth2.validateAuthorizationCode({
 				code,
+				codeVerifier,
 				redirectURI,
 				options,
-				codeVerifier,
-				tokenEndpoint
+				tokenEndpoint: "https://api.polar.sh/v1/oauth2/token"
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -1552,18 +1780,18 @@ const gitlab = (options) => {
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint
+				tokenEndpoint: "https://api.polar.sh/v1/oauth2/token"
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)(userinfoEndpoint, { headers: { authorization: `Bearer ${token.accessToken}` } });
-			if (error || profile.state !== "active" || profile.locked) return null;
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.polar.sh/v1/oauth2/userinfo", { headers: { Authorization: `Bearer ${token.accessToken}` } });
+			if (error) return null;
 			const userMap = await options.mapProfileToUser?.(profile);
 			return {
 				user: {
 					id: profile.id,
-					name: profile.name ?? profile.username,
+					name: profile.public_name || profile.username,
 					email: profile.email,
 					image: profile.avatar_url,
 					emailVerified: true,
@@ -1576,62 +1804,6 @@ const gitlab = (options) => {
 	};
 };
 
-//#endregion
-//#region src/social-providers/tiktok.ts
-const tiktok = (options) => {
-	return {
-		id: "tiktok",
-		name: "TikTok",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["user.info.profile"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			return new URL(`https://www.tiktok.com/v2/auth/authorize?scope=${_scopes.join(",")}&response_type=code&client_key=${options.clientKey}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}`);
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return require_oauth2.validateAuthorizationCode({
-				code,
-				redirectURI: options.redirectURI || redirectURI,
-				options: {
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return require_oauth2.refreshAccessToken({
-				refreshToken,
-				options: { clientSecret: options.clientSecret },
-				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/",
-				authentication: "post",
-				extraParams: { client_key: options.clientKey }
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)(`https://open.tiktokapis.com/v2/user/info/?fields=${[
-				"open_id",
-				"avatar_large_url",
-				"display_name",
-				"username"
-			].join(",")}`, { headers: { authorization: `Bearer ${token.accessToken}` } });
-			if (error) return null;
-			return {
-				user: {
-					email: profile.data.user.email || profile.data.user.username,
-					id: profile.data.user.open_id,
-					name: profile.data.user.display_name || profile.data.user.username,
-					image: profile.data.user.avatar_large_url,
-					emailVerified: profile.data.user.email ? true : false
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
 //#endregion
 //#region src/social-providers/reddit.ts
 const reddit = (options) => {
@@ -1640,8 +1812,8 @@ const reddit = (options) => {
 		name: "Reddit",
 		createAuthorizationURL({ state, scopes, redirectURI }) {
 			const _scopes = options.disableDefaultScope ? [] : ["identity"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return require_oauth2.createAuthorizationURL({
 				id: "reddit",
 				options,
@@ -1715,8 +1887,8 @@ const roblox = (options) => {
 		name: "Roblox",
 		createAuthorizationURL({ state, scopes, redirectURI }) {
 			const _scopes = options.disableDefaultScope ? [] : ["openid", "profile"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return new URL(`https://apis.roblox.com/oauth/v1/authorize?scope=${_scopes.join("+")}&response_type=code&client_id=${options.clientId}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}&prompt=${options.prompt || "select_account consent"}`);
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
@@ -1781,8 +1953,8 @@ const salesforce = (options) => {
 				"email",
 				"profile"
 			];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return require_oauth2.createAuthorizationURL({
 				id: "salesforce",
 				options,
@@ -1842,33 +2014,33 @@ const salesforce = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/vk.ts
-const vk = (options) => {
+//#region src/social-providers/slack.ts
+const slack = (options) => {
 	return {
-		id: "vk",
-		name: "VK",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["email", "phone"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			return require_oauth2.createAuthorizationURL({
-				id: "vk",
-				options,
-				authorizationEndpoint: "https://id.vk.com/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				codeVerifier
-			});
+		id: "slack",
+		name: "Slack",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email"
+			];
+			if (scopes) _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			const url = new URL("https://slack.com/openid/connect/authorize");
+			url.searchParams.set("scope", _scopes.join(" "));
+			url.searchParams.set("response_type", "code");
+			url.searchParams.set("client_id", options.clientId);
+			url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
+			url.searchParams.set("state", state);
+			return url;
 		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI, deviceId }) => {
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
 			return require_oauth2.validateAuthorizationCode({
 				code,
-				codeVerifier,
-				redirectURI: options.redirectURI || redirectURI,
+				redirectURI,
 				options,
-				deviceId,
-				tokenEndpoint: "https://id.vk.com/oauth2/auth"
+				tokenEndpoint: "https://slack.com/api/openid.connect.token"
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -1879,129 +2051,57 @@ const vk = (options) => {
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint: "https://id.vk.com/oauth2/auth"
-			});
-		},
-		async getUserInfo(data) {
-			if (options.getUserInfo) return options.getUserInfo(data);
-			if (!data.accessToken) return null;
-			const formBody = new URLSearchParams({
-				access_token: data.accessToken,
-				client_id: options.clientId
-			}).toString();
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://id.vk.com/oauth2/user_info", {
-				method: "POST",
-				headers: { "Content-Type": "application/x-www-form-urlencoded" },
-				body: formBody
-			});
-			if (error) return null;
-			if (!profile.user.email) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.user.user_id,
-					first_name: profile.user.first_name,
-					last_name: profile.user.last_name,
-					email: profile.user.email,
-					image: profile.user.avatar,
-					emailVerified: !!profile.user.email,
-					birthday: profile.user.birthday,
-					sex: profile.user.sex,
-					name: `${profile.user.first_name} ${profile.user.last_name}`,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/zoom.ts
-const zoom = (userOptions) => {
-	const options = {
-		pkce: true,
-		...userOptions
-	};
-	return {
-		id: "zoom",
-		name: "Zoom",
-		createAuthorizationURL: async ({ state, redirectURI, codeVerifier }) => {
-			const params = new URLSearchParams({
-				response_type: "code",
-				redirect_uri: options.redirectURI ? options.redirectURI : redirectURI,
-				client_id: options.clientId,
-				state
-			});
-			if (options.pkce) {
-				const codeChallenge = await require_oauth2.generateCodeChallenge(codeVerifier);
-				params.set("code_challenge_method", "S256");
-				params.set("code_challenge", codeChallenge);
-			}
-			const url = new URL("https://zoom.us/oauth/authorize");
-			url.search = params.toString();
-			return url;
-		},
-		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
-			return require_oauth2.validateAuthorizationCode({
-				code,
-				redirectURI: options.redirectURI || redirectURI,
-				codeVerifier,
-				options,
-				tokenEndpoint: "https://zoom.us/oauth/token",
-				authentication: "post"
+				tokenEndpoint: "https://slack.com/api/openid.connect.token"
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.zoom.us/v2/users/me", { headers: { authorization: `Bearer ${token.accessToken}` } });
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://slack.com/api/openid.connect.userInfo", { headers: { authorization: `Bearer ${token.accessToken}` } });
 			if (error) return null;
 			const userMap = await options.mapProfileToUser?.(profile);
 			return {
 				user: {
-					id: profile.id,
-					name: profile.display_name,
-					image: profile.pic_url,
+					id: profile["https://slack.com/user_id"],
+					name: profile.name || "",
 					email: profile.email,
-					emailVerified: Boolean(profile.verified),
+					emailVerified: profile.email_verified,
+					image: profile.picture || profile["https://slack.com/user_image_512"],
 					...userMap
 				},
-				data: { ...profile }
+				data: profile
 			};
-		}
+		},
+		options
 	};
 };
 
 //#endregion
-//#region src/social-providers/kakao.ts
-const kakao = (options) => {
+//#region src/social-providers/spotify.ts
+const spotify = (options) => {
 	return {
-		id: "kakao",
-		name: "Kakao",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"account_email",
-				"profile_image",
-				"profile_nickname"
-			];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
+		id: "spotify",
+		name: "Spotify",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user-read-email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return require_oauth2.createAuthorizationURL({
-				id: "kakao",
+				id: "spotify",
 				options,
-				authorizationEndpoint: "https://kauth.kakao.com/oauth/authorize",
+				authorizationEndpoint: "https://accounts.spotify.com/authorize",
 				scopes: _scopes,
 				state,
+				codeVerifier,
 				redirectURI
 			});
 		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
 			return require_oauth2.validateAuthorizationCode({
 				code,
+				codeVerifier,
 				redirectURI,
 				options,
-				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
+				tokenEndpoint: "https://accounts.spotify.com/api/token"
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -2012,23 +2112,24 @@ const kakao = (options) => {
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
+				tokenEndpoint: "https://accounts.spotify.com/api/token"
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://kapi.kakao.com/v2/user/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
-			if (error || !profile) return null;
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.spotify.com/v1/me", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (error) return null;
 			const userMap = await options.mapProfileToUser?.(profile);
-			const account = profile.kakao_account || {};
-			const kakaoProfile = account.profile || {};
 			return {
 				user: {
-					id: String(profile.id),
-					name: kakaoProfile.nickname || account.name || void 0,
-					email: account.email,
-					image: kakaoProfile.profile_image_url || kakaoProfile.thumbnail_image_url,
-					emailVerified: !!account.is_email_valid && !!account.is_email_verified,
+					id: profile.id,
+					name: profile.display_name,
+					email: profile.email,
+					image: profile.images[0]?.url,
+					emailVerified: false,
 					...userMap
 				},
 				data: profile
@@ -2039,57 +2140,53 @@ const kakao = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/naver.ts
-const naver = (options) => {
+//#region src/social-providers/tiktok.ts
+const tiktok = (options) => {
 	return {
-		id: "naver",
-		name: "Naver",
+		id: "tiktok",
+		name: "TikTok",
 		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["profile", "email"];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			return require_oauth2.createAuthorizationURL({
-				id: "naver",
-				options,
-				authorizationEndpoint: "https://nid.naver.com/oauth2.0/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI
-			});
+			const _scopes = options.disableDefaultScope ? [] : ["user.info.profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return new URL(`https://www.tiktok.com/v2/auth/authorize?scope=${_scopes.join(",")}&response_type=code&client_key=${options.clientKey}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}`);
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
 			return require_oauth2.validateAuthorizationCode({
 				code,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return require_oauth2.refreshAccessToken({
-				refreshToken,
+				redirectURI: options.redirectURI || redirectURI,
 				options: {
-					clientId: options.clientId,
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
+				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return require_oauth2.refreshAccessToken({
+				refreshToken,
+				options: { clientSecret: options.clientSecret },
+				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/",
+				authentication: "post",
+				extraParams: { client_key: options.clientKey }
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://openapi.naver.com/v1/nid/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
-			if (error || !profile || profile.resultcode !== "00") return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			const res = profile.response || {};
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)(`https://open.tiktokapis.com/v2/user/info/?fields=${[
+				"open_id",
+				"avatar_large_url",
+				"display_name",
+				"username"
+			].join(",")}`, { headers: { authorization: `Bearer ${token.accessToken}` } });
+			if (error) return null;
 			return {
 				user: {
-					id: res.id,
-					name: res.name || res.nickname,
-					email: res.email,
-					image: res.profile_image,
-					emailVerified: false,
-					...userMap
+					email: profile.data.user.email || profile.data.user.username,
+					id: profile.data.user.open_id,
+					name: profile.data.user.display_name || profile.data.user.username,
+					image: profile.data.user.avatar_large_url,
+					emailVerified: profile.data.user.email ? true : false
 				},
 				data: profile
 			};
@@ -2099,50 +2196,36 @@ const naver = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/line.ts
-/**
-* LINE Login v2.1
-* - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize
-* - Token endpoint: https://api.line.me/oauth2/v2.1/token
-* - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo
-* - Verify ID token: https://api.line.me/oauth2/v2.1/verify
-*
-* Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token
-*/
-const line = (options) => {
-	const authorizationEndpoint = "https://access.line.me/oauth2/v2.1/authorize";
-	const tokenEndpoint = "https://api.line.me/oauth2/v2.1/token";
-	const userInfoEndpoint = "https://api.line.me/oauth2/v2.1/userinfo";
-	const verifyIdTokenEndpoint = "https://api.line.me/oauth2/v2.1/verify";
+//#region src/social-providers/twitch.ts
+const twitch = (options) => {
 	return {
-		id: "line",
-		name: "LINE",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			return await require_oauth2.createAuthorizationURL({
-				id: "line",
+		id: "twitch",
+		name: "Twitch",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user:read:email", "openid"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return require_oauth2.createAuthorizationURL({
+				id: "twitch",
+				redirectURI,
 				options,
-				authorizationEndpoint,
+				authorizationEndpoint: "https://id.twitch.tv/oauth2/authorize",
 				scopes: _scopes,
 				state,
-				codeVerifier,
-				redirectURI,
-				loginHint
+				claims: options.claims || [
+					"email",
+					"email_verified",
+					"preferred_username",
+					"picture"
+				]
 			});
 		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
 			return require_oauth2.validateAuthorizationCode({
 				code,
-				codeVerifier,
 				redirectURI,
 				options,
-				tokenEndpoint
+				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -2150,50 +2233,28 @@ const line = (options) => {
 				refreshToken,
 				options: {
 					clientId: options.clientId,
+					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint
+				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
 			});
 		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			const body = new URLSearchParams();
-			body.set("id_token", token);
-			body.set("client_id", options.clientId);
-			if (nonce) body.set("nonce", nonce);
-			const { data, error } = await (0, __better_fetch_fetch.betterFetch)(verifyIdTokenEndpoint, {
-				method: "POST",
-				headers: { "content-type": "application/x-www-form-urlencoded" },
-				body
-			});
-			if (error || !data) return false;
-			if (data.aud !== options.clientId) return false;
-			if (nonce && data.nonce && data.nonce !== nonce) return false;
-			return true;
-		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			let profile = null;
-			if (token.idToken) try {
-				profile = (0, jose.decodeJwt)(token.idToken);
-			} catch {}
-			if (!profile) {
-				const { data } = await (0, __better_fetch_fetch.betterFetch)(userInfoEndpoint, { headers: { authorization: `Bearer ${token.accessToken}` } });
-				profile = data || null;
+			const idToken = token.idToken;
+			if (!idToken) {
+				require_env.logger.error("No idToken found in token");
+				return null;
 			}
-			if (!profile) return null;
+			const profile = (0, jose.decodeJwt)(idToken);
 			const userMap = await options.mapProfileToUser?.(profile);
-			const id = profile.sub || profile.userId;
-			const name = profile.name || profile.displayName;
-			const image = profile.picture || profile.pictureUrl || void 0;
 			return {
 				user: {
-					id,
-					name,
+					id: profile.sub,
+					name: profile.preferred_username,
 					email: profile.email,
-					image,
-					emailVerified: false,
+					image: profile.picture,
+					emailVerified: profile.email_verified,
 					...userMap
 				},
 				data: profile
@@ -2204,202 +2265,214 @@ const line = (options) => {
 };
 
 //#endregion
-//#region src/social-providers/paypal.ts
-const paypal = (options) => {
-	const isSandbox = (options.environment || "sandbox") === "sandbox";
-	const authorizationEndpoint = isSandbox ? "https://www.sandbox.paypal.com/signin/authorize" : "https://www.paypal.com/signin/authorize";
-	const tokenEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/oauth2/token" : "https://api-m.paypal.com/v1/oauth2/token";
-	const userInfoEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo" : "https://api-m.paypal.com/v1/identity/oauth2/userinfo";
+//#region src/social-providers/twitter.ts
+const twitter = (options) => {
 	return {
-		id: "paypal",
-		name: "PayPal",
-		async createAuthorizationURL({ state, codeVerifier, redirectURI }) {
-			if (!options.clientId || !options.clientSecret) {
-				require_env.logger.error("Client Id and Client Secret is required for PayPal. Make sure to provide them in the options.");
-				throw new require_error.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			return await require_oauth2.createAuthorizationURL({
-				id: "paypal",
+		id: "twitter",
+		name: "Twitter",
+		createAuthorizationURL(data) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"users.read",
+				"tweet.read",
+				"offline.access",
+				"users.email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (data.scopes) _scopes.push(...data.scopes);
+			return require_oauth2.createAuthorizationURL({
+				id: "twitter",
 				options,
-				authorizationEndpoint,
-				scopes: [],
-				state,
+				authorizationEndpoint: "https://x.com/i/oauth2/authorize",
+				scopes: _scopes,
+				state: data.state,
+				codeVerifier: data.codeVerifier,
+				redirectURI: data.redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return require_oauth2.validateAuthorizationCode({
+				code,
 				codeVerifier,
+				authentication: "basic",
 				redirectURI,
-				prompt: options.prompt
+				options,
+				tokenEndpoint: "https://api.x.com/2/oauth2/token"
 			});
 		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			/**
-			* PayPal requires Basic Auth for token exchange
-			**/
-			const credentials = __better_auth_utils_base64.base64.encode(`${options.clientId}:${options.clientSecret}`);
-			try {
-				const response = await (0, __better_fetch_fetch.betterFetch)(tokenEndpoint, {
-					method: "POST",
-					headers: {
-						Authorization: `Basic ${credentials}`,
-						Accept: "application/json",
-						"Accept-Language": "en_US",
-						"Content-Type": "application/x-www-form-urlencoded"
-					},
-					body: new URLSearchParams({
-						grant_type: "authorization_code",
-						code,
-						redirect_uri: redirectURI
-					}).toString()
-				});
-				if (!response.data) throw new require_error.BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
-				const data = response.data;
-				return {
-					accessToken: data.access_token,
-					refreshToken: data.refresh_token,
-					accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0,
-					idToken: data.id_token
-				};
-			} catch (error) {
-				require_env.logger.error("PayPal token exchange failed:", error);
-				throw new require_error.BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
-			}
-		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			const credentials = __better_auth_utils_base64.base64.encode(`${options.clientId}:${options.clientSecret}`);
-			try {
-				const response = await (0, __better_fetch_fetch.betterFetch)(tokenEndpoint, {
-					method: "POST",
-					headers: {
-						Authorization: `Basic ${credentials}`,
-						Accept: "application/json",
-						"Accept-Language": "en_US",
-						"Content-Type": "application/x-www-form-urlencoded"
-					},
-					body: new URLSearchParams({
-						grant_type: "refresh_token",
-						refresh_token: refreshToken
-					}).toString()
-				});
-				if (!response.data) throw new require_error.BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
-				const data = response.data;
-				return {
-					accessToken: data.access_token,
-					refreshToken: data.refresh_token,
-					accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0
-				};
-			} catch (error) {
-				require_env.logger.error("PayPal token refresh failed:", error);
-				throw new require_error.BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
-			}
-		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			try {
-				return !!(0, jose.decodeJwt)(token).sub;
-			} catch (error) {
-				require_env.logger.error("Failed to verify PayPal ID token:", error);
-				return false;
-			}
+			return require_oauth2.refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				authentication: "basic",
+				tokenEndpoint: "https://api.x.com/2/oauth2/token"
+			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			if (!token.accessToken) {
-				require_env.logger.error("Access token is required to fetch PayPal user info");
-				return null;
-			}
-			try {
-				const response = await (0, __better_fetch_fetch.betterFetch)(`${userInfoEndpoint}?schema=paypalv1.1`, { headers: {
-					Authorization: `Bearer ${token.accessToken}`,
-					Accept: "application/json"
-				} });
-				if (!response.data) {
-					require_env.logger.error("Failed to fetch user info from PayPal");
-					return null;
-				}
-				const userInfo = response.data;
-				const userMap = await options.mapProfileToUser?.(userInfo);
-				return {
-					user: {
-						id: userInfo.user_id,
-						name: userInfo.name,
-						email: userInfo.email,
-						image: userInfo.picture,
-						emailVerified: userInfo.email_verified,
-						...userMap
-					},
-					data: userInfo
-				};
-			} catch (error) {
-				require_env.logger.error("Failed to fetch user info from PayPal:", error);
-				return null;
+			const { data: profile, error: profileError } = await (0, __better_fetch_fetch.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (profileError) return null;
+			const { data: emailData, error: emailError } = await (0, __better_fetch_fetch.betterFetch)("https://api.x.com/2/users/me?user.fields=confirmed_email", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			let emailVerified = false;
+			if (!emailError && emailData?.data?.confirmed_email) {
+				profile.data.email = emailData.data.confirmed_email;
+				emailVerified = true;
 			}
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.data.id,
+					name: profile.data.name,
+					email: profile.data.email || profile.data.username || null,
+					image: profile.data.profile_image_url,
+					emailVerified,
+					...userMap
+				},
+				data: profile
+			};
 		},
 		options
 	};
 };
 
 //#endregion
-//#region src/social-providers/polar.ts
-const polar = (options) => {
+//#region src/social-providers/vk.ts
+const vk = (options) => {
 	return {
-		id: "polar",
-		name: "Polar",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			options.scope && _scopes.push(...options.scope);
-			scopes && _scopes.push(...scopes);
-			return (0, __better_auth_core_oauth2.createAuthorizationURL)({
-				id: "polar",
+		id: "vk",
+		name: "VK",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["email", "phone"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return require_oauth2.createAuthorizationURL({
+				id: "vk",
 				options,
-				authorizationEndpoint: "https://polar.sh/oauth2/authorize",
+				authorizationEndpoint: "https://id.vk.com/authorize",
 				scopes: _scopes,
 				state,
-				codeVerifier,
 				redirectURI,
-				prompt: options.prompt
+				codeVerifier
 			});
 		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return (0, __better_auth_core_oauth2.validateAuthorizationCode)({
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI, deviceId }) => {
+			return require_oauth2.validateAuthorizationCode({
 				code,
 				codeVerifier,
-				redirectURI,
+				redirectURI: options.redirectURI || redirectURI,
 				options,
-				tokenEndpoint: "https://api.polar.sh/v1/oauth2/token"
+				deviceId,
+				tokenEndpoint: "https://id.vk.com/oauth2/auth"
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return (0, __better_auth_core_oauth2.refreshAccessToken)({
+			return require_oauth2.refreshAccessToken({
 				refreshToken,
 				options: {
 					clientId: options.clientId,
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint: "https://api.polar.sh/v1/oauth2/token"
+				tokenEndpoint: "https://id.vk.com/oauth2/auth"
+			});
+		},
+		async getUserInfo(data) {
+			if (options.getUserInfo) return options.getUserInfo(data);
+			if (!data.accessToken) return null;
+			const formBody = new URLSearchParams({
+				access_token: data.accessToken,
+				client_id: options.clientId
+			}).toString();
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://id.vk.com/oauth2/user_info", {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: formBody
+			});
+			if (error) return null;
+			if (!profile.user.email) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.user.user_id,
+					first_name: profile.user.first_name,
+					last_name: profile.user.last_name,
+					email: profile.user.email,
+					image: profile.user.avatar,
+					emailVerified: !!profile.user.email,
+					birthday: profile.user.birthday,
+					sex: profile.user.sex,
+					name: `${profile.user.first_name} ${profile.user.last_name}`,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+//#region src/social-providers/zoom.ts
+const zoom = (userOptions) => {
+	const options = {
+		pkce: true,
+		...userOptions
+	};
+	return {
+		id: "zoom",
+		name: "Zoom",
+		createAuthorizationURL: async ({ state, redirectURI, codeVerifier }) => {
+			const params = new URLSearchParams({
+				response_type: "code",
+				redirect_uri: options.redirectURI ? options.redirectURI : redirectURI,
+				client_id: options.clientId,
+				state
+			});
+			if (options.pkce) {
+				const codeChallenge = await require_oauth2.generateCodeChallenge(codeVerifier);
+				params.set("code_challenge_method", "S256");
+				params.set("code_challenge", codeChallenge);
+			}
+			const url = new URL("https://zoom.us/oauth/authorize");
+			url.search = params.toString();
+			return url;
+		},
+		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+			return require_oauth2.validateAuthorizationCode({
+				code,
+				redirectURI: options.redirectURI || redirectURI,
+				codeVerifier,
+				options,
+				tokenEndpoint: "https://zoom.us/oauth/token",
+				authentication: "post"
 			});
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.polar.sh/v1/oauth2/userinfo", { headers: { Authorization: `Bearer ${token.accessToken}` } });
+			const { data: profile, error } = await (0, __better_fetch_fetch.betterFetch)("https://api.zoom.us/v2/users/me", { headers: { authorization: `Bearer ${token.accessToken}` } });
 			if (error) return null;
 			const userMap = await options.mapProfileToUser?.(profile);
 			return {
 				user: {
 					id: profile.id,
-					name: profile.public_name || profile.username,
+					name: profile.display_name,
+					image: profile.pic_url,
 					email: profile.email,
-					image: profile.avatar_url,
-					emailVerified: true,
+					emailVerified: Boolean(profile.verified),
 					...userMap
 				},
-				data: profile
+				data: { ...profile }
 			};
-		},
-		options
+		}
 	};
 };
 
@@ -2435,6 +2508,7 @@ const socialProviders = {
 	kakao,
 	naver,
 	line,
+	paybin,
 	paypal,
 	polar
 };
@@ -2464,6 +2538,7 @@ exports.linkedin = linkedin;
 exports.microsoft = microsoft;
 exports.naver = naver;
 exports.notion = notion;
+exports.paybin = paybin;
 exports.paypal = paypal;
 exports.polar = polar;
 exports.reddit = reddit;