@better-auth/core 1.4.12-beta.2 → 1.4.13

package/dist/social-providers/discord.d.mts

@@ -0,0 +1,126 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/discord.d.ts
+interface DiscordProfile extends Record<string, any> {
+  /** the user's id (i.e. the numerical snowflake) */
+  id: string;
+  /** the user's username, not unique across the platform */
+  username: string;
+  /** the user's Discord-tag */
+  discriminator: string;
+  /** the user's display name, if it is set  */
+  global_name: string | null;
+  /**
+   * the user's avatar hash:
+   * https://discord.com/developers/docs/reference#image-formatting
+   */
+  avatar: string | null;
+  /** whether the user belongs to an OAuth2 application */
+  bot?: boolean | undefined;
+  /**
+   * whether the user is an Official Discord System user (part of the urgent
+   * message system)
+   */
+  system?: boolean | undefined;
+  /** whether the user has two factor enabled on their account */
+  mfa_enabled: boolean;
+  /**
+   * the user's banner hash:
+   * https://discord.com/developers/docs/reference#image-formatting
+   */
+  banner: string | null;
+  /** the user's banner color encoded as an integer representation of hexadecimal color code */
+  accent_color: number | null;
+  /**
+   * the user's chosen language option:
+   * https://discord.com/developers/docs/reference#locales
+   */
+  locale: string;
+  /** whether the email on this account has been verified */
+  verified: boolean;
+  /** the user's email */
+  email: string;
+  /**
+   * the flags on a user's account:
+   * https://discord.com/developers/docs/resources/user#user-object-user-flags
+   */
+  flags: number;
+  /**
+   * the type of Nitro subscription on a user's account:
+   * https://discord.com/developers/docs/resources/user#user-object-premium-types
+   */
+  premium_type: number;
+  /**
+   * the public flags on a user's account:
+   * https://discord.com/developers/docs/resources/user#user-object-user-flags
+   */
+  public_flags: number;
+  /** undocumented field; corresponds to the user's custom nickname */
+  display_name: string | null;
+  /**
+   * undocumented field; corresponds to the Discord feature where you can e.g.
+   * put your avatar inside of an ice cube
+   */
+  avatar_decoration: string | null;
+  /**
+   * undocumented field; corresponds to the premium feature where you can
+   * select a custom banner color
+   */
+  banner_color: string | null;
+  /** undocumented field; the CDN URL of their profile picture */
+  image_url: string;
+}
+interface DiscordOptions extends ProviderOptions<DiscordProfile> {
+  clientId: string;
+  prompt?: ("none" | "consent") | undefined;
+  permissions?: number | undefined;
+}
+declare const discord: (options: DiscordOptions) => {
+  id: "discord";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): URL;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: DiscordOptions;
+};
+//#endregion
+export { DiscordOptions, DiscordProfile, discord };

package/dist/social-providers/discord.mjs

@@ -0,0 +1,64 @@
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/discord.ts
+const discord = (options) => {
+	return {
+		id: "discord",
+		name: "Discord",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["identify", "email"];
+			if (scopes) _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			const permissionsParam = _scopes.includes("bot") && options.permissions !== void 0 ? `&permissions=${options.permissions}` : "";
+			return new URL(`https://discord.com/api/oauth2/authorize?scope=${_scopes.join("+")}&response_type=code&client_id=${options.clientId}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}&prompt=${options.prompt || "none"}${permissionsParam}`);
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://discord.com/api/oauth2/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://discord.com/api/oauth2/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://discord.com/api/users/@me", { headers: { authorization: `Bearer ${token.accessToken}` } });
+			if (error) return null;
+			if (profile.avatar === null) profile.image_url = `https://cdn.discordapp.com/embed/avatars/${profile.discriminator === "0" ? Number(BigInt(profile.id) >> BigInt(22)) % 6 : parseInt(profile.discriminator) % 5}.png`;
+			else {
+				const format = profile.avatar.startsWith("a_") ? "gif" : "png";
+				profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
+			}
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.global_name || profile.username || "",
+					email: profile.email,
+					emailVerified: profile.verified,
+					image: profile.image_url,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { discord };

package/dist/social-providers/dropbox.d.mts

@@ -0,0 +1,71 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/dropbox.d.ts
+interface DropboxProfile {
+  account_id: string;
+  name: {
+    given_name: string;
+    surname: string;
+    familiar_name: string;
+    display_name: string;
+    abbreviated_name: string;
+  };
+  email: string;
+  email_verified: boolean;
+  profile_photo_url: string;
+}
+interface DropboxOptions extends ProviderOptions<DropboxProfile> {
+  clientId: string;
+  accessType?: ("offline" | "online" | "legacy") | undefined;
+}
+declare const dropbox: (options: DropboxOptions) => {
+  id: "dropbox";
+  name: string;
+  createAuthorizationURL: ({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }) => Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: DropboxOptions;
+};
+//#endregion
+export { DropboxOptions, DropboxProfile, dropbox };

package/dist/social-providers/dropbox.mjs

@@ -0,0 +1,75 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/dropbox.ts
+const dropbox = (options) => {
+	const tokenEndpoint = "https://api.dropboxapi.com/oauth2/token";
+	return {
+		id: "dropbox",
+		name: "Dropbox",
+		createAuthorizationURL: async ({ state, scopes, codeVerifier, redirectURI }) => {
+			const _scopes = options.disableDefaultScope ? [] : ["account_info.read"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			const additionalParams = {};
+			if (options.accessType) additionalParams.token_access_type = options.accessType;
+			return await createAuthorizationURL({
+				id: "dropbox",
+				options,
+				authorizationEndpoint: "https://www.dropbox.com/oauth2/authorize",
+				scopes: _scopes,
+				state,
+				redirectURI,
+				codeVerifier,
+				additionalParams
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return await validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://api.dropbox.com/oauth2/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://api.dropboxapi.com/2/users/get_current_account", {
+				method: "POST",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.account_id,
+					name: profile.name?.display_name,
+					email: profile.email,
+					emailVerified: profile.email_verified || false,
+					image: profile.profile_photo_url,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { dropbox };

package/dist/social-providers/facebook.d.mts

@@ -0,0 +1,81 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/facebook.d.ts
+interface FacebookProfile {
+  id: string;
+  name: string;
+  email: string;
+  email_verified: boolean;
+  picture: {
+    data: {
+      height: number;
+      is_silhouette: boolean;
+      url: string;
+      width: number;
+    };
+  };
+}
+interface FacebookOptions extends ProviderOptions<FacebookProfile> {
+  clientId: string;
+  /**
+   * Extend list of fields to retrieve from the Facebook user profile.
+   *
+   * @default ["id", "name", "email", "picture"]
+   */
+  fields?: string[] | undefined;
+  /**
+   * The config id to use when undergoing oauth
+   */
+  configId?: string | undefined;
+}
+declare const facebook: (options: FacebookOptions) => {
+  id: "facebook";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI,
+    loginHint
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: FacebookOptions;
+};
+//#endregion
+export { FacebookOptions, FacebookProfile, facebook };

package/dist/social-providers/facebook.mjs

@@ -0,0 +1,120 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+import { createRemoteJWKSet, decodeJwt, jwtVerify } from "jose";
+
+//#region src/social-providers/facebook.ts
+const facebook = (options) => {
+	return {
+		id: "facebook",
+		name: "Facebook",
+		async createAuthorizationURL({ state, scopes, redirectURI, loginHint }) {
+			const _scopes = options.disableDefaultScope ? [] : ["email", "public_profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: "facebook",
+				options,
+				authorizationEndpoint: "https://www.facebook.com/v21.0/dialog/oauth",
+				scopes: _scopes,
+				state,
+				redirectURI,
+				loginHint,
+				additionalParams: options.configId ? { config_id: options.configId } : {}
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://graph.facebook.com/oauth/access_token"
+			});
+		},
+		async verifyIdToken(token, nonce) {
+			if (options.disableIdTokenSignIn) return false;
+			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
+			if (token.split(".").length === 3) try {
+				const { payload: jwtClaims } = await jwtVerify(token, createRemoteJWKSet(new URL("https://limited.facebook.com/.well-known/oauth/openid/jwks/")), {
+					algorithms: ["RS256"],
+					audience: options.clientId,
+					issuer: "https://www.facebook.com"
+				});
+				if (nonce && jwtClaims.nonce !== nonce) return false;
+				return !!jwtClaims;
+			} catch {
+				return false;
+			}
+			return true;
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://graph.facebook.com/v18.0/oauth/access_token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			if (token.idToken && token.idToken.split(".").length === 3) {
+				const profile$1 = decodeJwt(token.idToken);
+				const user = {
+					id: profile$1.sub,
+					name: profile$1.name,
+					email: profile$1.email,
+					picture: { data: {
+						url: profile$1.picture,
+						height: 100,
+						width: 100,
+						is_silhouette: false
+					} }
+				};
+				const userMap$1 = await options.mapProfileToUser?.({
+					...user,
+					email_verified: false
+				});
+				return {
+					user: {
+						...user,
+						emailVerified: false,
+						...userMap$1
+					},
+					data: profile$1
+				};
+			}
+			const { data: profile, error } = await betterFetch("https://graph.facebook.com/me?fields=" + [
+				"id",
+				"name",
+				"email",
+				"picture",
+				...options?.fields || []
+			].join(","), { auth: {
+				type: "Bearer",
+				token: token.accessToken
+			} });
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.name,
+					email: profile.email,
+					image: profile.picture.data.url,
+					emailVerified: profile.email_verified,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { facebook };

package/dist/social-providers/figma.d.mts

@@ -0,0 +1,63 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/figma.d.ts
+interface FigmaProfile {
+  id: string;
+  email: string;
+  handle: string;
+  img_url: string;
+}
+interface FigmaOptions extends ProviderOptions<FigmaProfile> {
+  clientId: string;
+}
+declare const figma: (options: FigmaOptions) => {
+  id: "figma";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: FigmaOptions;
+};
+//#endregion
+export { FigmaOptions, FigmaProfile, figma };

package/dist/social-providers/figma.mjs

@@ -0,0 +1,84 @@
+import { logger } from "../env/logger.mjs";
+import "../env/index.mjs";
+import { BetterAuthError } from "../error/index.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/figma.ts
+const figma = (options) => {
+	return {
+		id: "figma",
+		name: "Figma",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			if (!options.clientId || !options.clientSecret) {
+				logger.error("Client Id and Client Secret are required for Figma. Make sure to provide them in the options.");
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Figma");
+			const _scopes = options.disableDefaultScope ? [] : ["file_read"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: "figma",
+				options,
+				authorizationEndpoint: "https://www.figma.com/oauth",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://www.figma.com/api/oauth/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://www.figma.com/api/oauth/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			try {
+				const { data: profile } = await betterFetch("https://api.figma.com/v1/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
+				if (!profile) {
+					logger.error("Failed to fetch user from Figma");
+					return null;
+				}
+				const userMap = await options.mapProfileToUser?.(profile);
+				return {
+					user: {
+						id: profile.id,
+						name: profile.handle,
+						email: profile.email,
+						image: profile.img_url,
+						emailVerified: false,
+						...userMap
+					},
+					data: profile
+				};
+			} catch (error) {
+				logger.error("Failed to fetch user info from Figma:", error);
+				return null;
+			}
+		},
+		options
+	};
+};
+
+//#endregion
+export { figma };