@better-auth/core 1.4.12-beta.2 → 1.4.13

package/dist/social-providers/index.mjs

@@ -1,2575 +1,38 @@
-import { i as logger } from "../env-DbssmzoK.mjs";
-import "../utils-U2L7n92V.mjs";
-import { t as BetterAuthError } from "../error-DP1xOn7P.mjs";
-import { a as validateAuthorizationCode, c as refreshAccessToken, d as getOAuth2Tokens, l as createAuthorizationURL, u as generateCodeChallenge } from "../oauth2-COJkghlT.mjs";
+import { apple, getApplePublicKey } from "./apple.mjs";
+import { atlassian } from "./atlassian.mjs";
+import { cognito, getCognitoPublicKey } from "./cognito.mjs";
+import { discord } from "./discord.mjs";
+import { dropbox } from "./dropbox.mjs";
+import { facebook } from "./facebook.mjs";
+import { figma } from "./figma.mjs";
+import { github } from "./github.mjs";
+import { gitlab } from "./gitlab.mjs";
+import { getGooglePublicKey, google } from "./google.mjs";
+import { huggingface } from "./huggingface.mjs";
+import { kakao } from "./kakao.mjs";
+import { kick } from "./kick.mjs";
+import { line } from "./line.mjs";
+import { linear } from "./linear.mjs";
+import { linkedin } from "./linkedin.mjs";
+import { microsoft } from "./microsoft-entra-id.mjs";
+import { naver } from "./naver.mjs";
+import { notion } from "./notion.mjs";
+import { paybin } from "./paybin.mjs";
+import { paypal } from "./paypal.mjs";
+import { polar } from "./polar.mjs";
+import { reddit } from "./reddit.mjs";
+import { roblox } from "./roblox.mjs";
+import { salesforce } from "./salesforce.mjs";
+import { slack } from "./slack.mjs";
+import { spotify } from "./spotify.mjs";
+import { tiktok } from "./tiktok.mjs";
+import { twitch } from "./twitch.mjs";
+import { twitter } from "./twitter.mjs";
+import { vercel } from "./vercel.mjs";
+import { vk } from "./vk.mjs";
+import { zoom } from "./zoom.mjs";
 import * as z from "zod";
-import { base64 } from "@better-auth/utils/base64";
-import { betterFetch } from "@better-fetch/fetch";
-import { createRemoteJWKSet, decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
-import { APIError } from "better-call";
 
-//#region src/social-providers/apple.ts
-const apple = (options) => {
-	const tokenEndpoint = "https://appleid.apple.com/auth/token";
-	return {
-		id: "apple",
-		name: "Apple",
-		async createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scope = options.disableDefaultScope ? [] : ["email", "name"];
-			if (options.scope) _scope.push(...options.scope);
-			if (scopes) _scope.push(...scopes);
-			return await createAuthorizationURL({
-				id: "apple",
-				options,
-				authorizationEndpoint: "https://appleid.apple.com/auth/authorize",
-				scopes: _scope,
-				state,
-				redirectURI,
-				responseMode: "form_post",
-				responseType: "code id_token"
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			const { kid, alg: jwtAlg } = decodeProtectedHeader(token);
-			if (!kid || !jwtAlg) return false;
-			const { payload: jwtClaims } = await jwtVerify(token, await getApplePublicKey(kid), {
-				algorithms: [jwtAlg],
-				issuer: "https://appleid.apple.com",
-				audience: options.audience && options.audience.length ? options.audience : options.appBundleIdentifier ? options.appBundleIdentifier : options.clientId,
-				maxTokenAge: "1h"
-			});
-			["email_verified", "is_private_email"].forEach((field) => {
-				if (jwtClaims[field] !== void 0) jwtClaims[field] = Boolean(jwtClaims[field]);
-			});
-			if (nonce && jwtClaims.nonce !== nonce) return false;
-			return !!jwtClaims;
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://appleid.apple.com/auth/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			if (!token.idToken) return null;
-			const profile = decodeJwt(token.idToken);
-			if (!profile) return null;
-			const name = token.user ? `${token.user.name?.firstName} ${token.user.name?.lastName}` : profile.name || profile.email;
-			const emailVerified = typeof profile.email_verified === "boolean" ? profile.email_verified : profile.email_verified === "true";
-			const enrichedProfile = {
-				...profile,
-				name
-			};
-			const userMap = await options.mapProfileToUser?.(enrichedProfile);
-			return {
-				user: {
-					id: profile.sub,
-					name: enrichedProfile.name,
-					emailVerified,
-					email: profile.email,
-					...userMap
-				},
-				data: enrichedProfile
-			};
-		},
-		options
-	};
-};
-const getApplePublicKey = async (kid) => {
-	const { data } = await betterFetch(`https://appleid.apple.com/auth/keys`);
-	if (!data?.keys) throw new APIError("BAD_REQUEST", { message: "Keys not found" });
-	const jwk = data.keys.find((key) => key.kid === kid);
-	if (!jwk) throw new Error(`JWK with kid ${kid} not found`);
-	return await importJWK(jwk, jwk.alg);
-};
-
-//#endregion
-//#region src/social-providers/atlassian.ts
-const atlassian = (options) => {
-	return {
-		id: "atlassian",
-		name: "Atlassian",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			if (!options.clientId || !options.clientSecret) {
-				logger.error("Client Id and Secret are required for Atlassian");
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Atlassian");
-			const _scopes = options.disableDefaultScope ? [] : ["read:jira-user", "offline_access"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "atlassian",
-				options,
-				authorizationEndpoint: "https://auth.atlassian.com/authorize",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				additionalParams: { audience: "api.atlassian.com" },
-				prompt: options.prompt
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://auth.atlassian.com/oauth/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://auth.atlassian.com/oauth/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			if (!token.accessToken) return null;
-			try {
-				const { data: profile } = await betterFetch("https://api.atlassian.com/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
-				if (!profile) return null;
-				const userMap = await options.mapProfileToUser?.(profile);
-				return {
-					user: {
-						id: profile.account_id,
-						name: profile.name,
-						email: profile.email,
-						image: profile.picture,
-						emailVerified: false,
-						...userMap
-					},
-					data: profile
-				};
-			} catch (error) {
-				logger.error("Failed to fetch user info from Figma:", error);
-				return null;
-			}
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/cognito.ts
-const cognito = (options) => {
-	if (!options.domain || !options.region || !options.userPoolId) {
-		logger.error("Domain, region and userPoolId are required for Amazon Cognito. Make sure to provide them in the options.");
-		throw new BetterAuthError("DOMAIN_AND_REGION_REQUIRED");
-	}
-	const cleanDomain = options.domain.replace(/^https?:\/\//, "");
-	const authorizationEndpoint = `https://${cleanDomain}/oauth2/authorize`;
-	const tokenEndpoint = `https://${cleanDomain}/oauth2/token`;
-	const userInfoEndpoint = `https://${cleanDomain}/oauth2/userinfo`;
-	return {
-		id: "cognito",
-		name: "Cognito",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			if (!options.clientId) {
-				logger.error("ClientId is required for Amazon Cognito. Make sure to provide them in the options.");
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			if (options.requireClientSecret && !options.clientSecret) {
-				logger.error("Client Secret is required when requireClientSecret is true. Make sure to provide it in the options.");
-				throw new BetterAuthError("CLIENT_SECRET_REQUIRED");
-			}
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			const url = await createAuthorizationURL({
-				id: "cognito",
-				options: { ...options },
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				prompt: options.prompt
-			});
-			const scopeValue = url.searchParams.get("scope");
-			if (scopeValue) {
-				url.searchParams.delete("scope");
-				const encodedScope = encodeURIComponent(scopeValue);
-				const urlString = url.toString();
-				const separator = urlString.includes("?") ? "&" : "?";
-				return new URL(`${urlString}${separator}scope=${encodedScope}`);
-			}
-			return url;
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			try {
-				const { kid, alg: jwtAlg } = decodeProtectedHeader(token);
-				if (!kid || !jwtAlg) return false;
-				const publicKey = await getCognitoPublicKey(kid, options.region, options.userPoolId);
-				const expectedIssuer = `https://cognito-idp.${options.region}.amazonaws.com/${options.userPoolId}`;
-				const { payload: jwtClaims } = await jwtVerify(token, publicKey, {
-					algorithms: [jwtAlg],
-					issuer: expectedIssuer,
-					audience: options.clientId,
-					maxTokenAge: "1h"
-				});
-				if (nonce && jwtClaims.nonce !== nonce) return false;
-				return true;
-			} catch (error) {
-				logger.error("Failed to verify ID token:", error);
-				return false;
-			}
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			if (token.idToken) try {
-				const profile = decodeJwt(token.idToken);
-				if (!profile) return null;
-				const name = profile.name || profile.given_name || profile.username || profile.email;
-				const enrichedProfile = {
-					...profile,
-					name
-				};
-				const userMap = await options.mapProfileToUser?.(enrichedProfile);
-				return {
-					user: {
-						id: profile.sub,
-						name: enrichedProfile.name,
-						email: profile.email,
-						image: profile.picture,
-						emailVerified: profile.email_verified,
-						...userMap
-					},
-					data: enrichedProfile
-				};
-			} catch (error) {
-				logger.error("Failed to decode ID token:", error);
-			}
-			if (token.accessToken) try {
-				const { data: userInfo } = await betterFetch(userInfoEndpoint, { headers: { Authorization: `Bearer ${token.accessToken}` } });
-				if (userInfo) {
-					const userMap = await options.mapProfileToUser?.(userInfo);
-					return {
-						user: {
-							id: userInfo.sub,
-							name: userInfo.name || userInfo.given_name || userInfo.username,
-							email: userInfo.email,
-							image: userInfo.picture,
-							emailVerified: userInfo.email_verified,
-							...userMap
-						},
-						data: userInfo
-					};
-				}
-			} catch (error) {
-				logger.error("Failed to fetch user info from Cognito:", error);
-			}
-			return null;
-		},
-		options
-	};
-};
-const getCognitoPublicKey = async (kid, region, userPoolId) => {
-	const COGNITO_JWKS_URI = `https://cognito-idp.${region}.amazonaws.com/${userPoolId}/.well-known/jwks.json`;
-	try {
-		const { data } = await betterFetch(COGNITO_JWKS_URI);
-		if (!data?.keys) throw new APIError("BAD_REQUEST", { message: "Keys not found" });
-		const jwk = data.keys.find((key) => key.kid === kid);
-		if (!jwk) throw new Error(`JWK with kid ${kid} not found`);
-		return await importJWK(jwk, jwk.alg);
-	} catch (error) {
-		logger.error("Failed to fetch Cognito public key:", error);
-		throw error;
-	}
-};
-
-//#endregion
-//#region src/social-providers/discord.ts
-const discord = (options) => {
-	return {
-		id: "discord",
-		name: "Discord",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["identify", "email"];
-			if (scopes) _scopes.push(...scopes);
-			if (options.scope) _scopes.push(...options.scope);
-			const permissionsParam = _scopes.includes("bot") && options.permissions !== void 0 ? `&permissions=${options.permissions}` : "";
-			return new URL(`https://discord.com/api/oauth2/authorize?scope=${_scopes.join("+")}&response_type=code&client_id=${options.clientId}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}&prompt=${options.prompt || "none"}${permissionsParam}`);
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://discord.com/api/oauth2/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://discord.com/api/oauth2/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://discord.com/api/users/@me", { headers: { authorization: `Bearer ${token.accessToken}` } });
-			if (error) return null;
-			if (profile.avatar === null) profile.image_url = `https://cdn.discordapp.com/embed/avatars/${profile.discriminator === "0" ? Number(BigInt(profile.id) >> BigInt(22)) % 6 : parseInt(profile.discriminator) % 5}.png`;
-			else {
-				const format = profile.avatar.startsWith("a_") ? "gif" : "png";
-				profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
-			}
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.id,
-					name: profile.global_name || profile.username || "",
-					email: profile.email,
-					emailVerified: profile.verified,
-					image: profile.image_url,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/dropbox.ts
-const dropbox = (options) => {
-	const tokenEndpoint = "https://api.dropboxapi.com/oauth2/token";
-	return {
-		id: "dropbox",
-		name: "Dropbox",
-		createAuthorizationURL: async ({ state, scopes, codeVerifier, redirectURI }) => {
-			const _scopes = options.disableDefaultScope ? [] : ["account_info.read"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			const additionalParams = {};
-			if (options.accessType) additionalParams.token_access_type = options.accessType;
-			return await createAuthorizationURL({
-				id: "dropbox",
-				options,
-				authorizationEndpoint: "https://www.dropbox.com/oauth2/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				codeVerifier,
-				additionalParams
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return await validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://api.dropbox.com/oauth2/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.dropboxapi.com/2/users/get_current_account", {
-				method: "POST",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.account_id,
-					name: profile.name?.display_name,
-					email: profile.email,
-					emailVerified: profile.email_verified || false,
-					image: profile.profile_photo_url,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/facebook.ts
-const facebook = (options) => {
-	return {
-		id: "facebook",
-		name: "Facebook",
-		async createAuthorizationURL({ state, scopes, redirectURI, loginHint }) {
-			const _scopes = options.disableDefaultScope ? [] : ["email", "public_profile"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return await createAuthorizationURL({
-				id: "facebook",
-				options,
-				authorizationEndpoint: "https://www.facebook.com/v21.0/dialog/oauth",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				loginHint,
-				additionalParams: options.configId ? { config_id: options.configId } : {}
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://graph.facebook.com/oauth/access_token"
-			});
-		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			if (token.split(".").length === 3) try {
-				const { payload: jwtClaims } = await jwtVerify(token, createRemoteJWKSet(new URL("https://limited.facebook.com/.well-known/oauth/openid/jwks/")), {
-					algorithms: ["RS256"],
-					audience: options.clientId,
-					issuer: "https://www.facebook.com"
-				});
-				if (nonce && jwtClaims.nonce !== nonce) return false;
-				return !!jwtClaims;
-			} catch {
-				return false;
-			}
-			return true;
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://graph.facebook.com/v18.0/oauth/access_token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			if (token.idToken && token.idToken.split(".").length === 3) {
-				const profile$1 = decodeJwt(token.idToken);
-				const user = {
-					id: profile$1.sub,
-					name: profile$1.name,
-					email: profile$1.email,
-					picture: { data: {
-						url: profile$1.picture,
-						height: 100,
-						width: 100,
-						is_silhouette: false
-					} }
-				};
-				const userMap$1 = await options.mapProfileToUser?.({
-					...user,
-					email_verified: false
-				});
-				return {
-					user: {
-						...user,
-						emailVerified: false,
-						...userMap$1
-					},
-					data: profile$1
-				};
-			}
-			const { data: profile, error } = await betterFetch("https://graph.facebook.com/me?fields=" + [
-				"id",
-				"name",
-				"email",
-				"picture",
-				...options?.fields || []
-			].join(","), { auth: {
-				type: "Bearer",
-				token: token.accessToken
-			} });
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.id,
-					name: profile.name,
-					email: profile.email,
-					image: profile.picture.data.url,
-					emailVerified: profile.email_verified,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/figma.ts
-const figma = (options) => {
-	return {
-		id: "figma",
-		name: "Figma",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			if (!options.clientId || !options.clientSecret) {
-				logger.error("Client Id and Client Secret are required for Figma. Make sure to provide them in the options.");
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Figma");
-			const _scopes = options.disableDefaultScope ? [] : ["file_read"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return await createAuthorizationURL({
-				id: "figma",
-				options,
-				authorizationEndpoint: "https://www.figma.com/oauth",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://www.figma.com/api/oauth/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://www.figma.com/api/oauth/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			try {
-				const { data: profile } = await betterFetch("https://api.figma.com/v1/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
-				if (!profile) {
-					logger.error("Failed to fetch user from Figma");
-					return null;
-				}
-				const userMap = await options.mapProfileToUser?.(profile);
-				return {
-					user: {
-						id: profile.id,
-						name: profile.handle,
-						email: profile.email,
-						image: profile.img_url,
-						emailVerified: false,
-						...userMap
-					},
-					data: profile
-				};
-			} catch (error) {
-				logger.error("Failed to fetch user info from Figma:", error);
-				return null;
-			}
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/github.ts
-const github = (options) => {
-	const tokenEndpoint = "https://github.com/login/oauth/access_token";
-	return {
-		id: "github",
-		name: "GitHub",
-		createAuthorizationURL({ state, scopes, loginHint, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["read:user", "user:email"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "github",
-				options,
-				authorizationEndpoint: "https://github.com/login/oauth/authorize",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				loginHint,
-				prompt: options.prompt
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://github.com/login/oauth/access_token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.github.com/user", { headers: {
-				"User-Agent": "better-auth",
-				authorization: `Bearer ${token.accessToken}`
-			} });
-			if (error) return null;
-			const { data: emails } = await betterFetch("https://api.github.com/user/emails", { headers: {
-				Authorization: `Bearer ${token.accessToken}`,
-				"User-Agent": "better-auth"
-			} });
-			if (!profile.email && emails) profile.email = (emails.find((e) => e.primary) ?? emails[0])?.email;
-			const emailVerified = emails?.find((e) => e.email === profile.email)?.verified ?? false;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.id,
-					name: profile.name || profile.login,
-					email: profile.email,
-					image: profile.avatar_url,
-					emailVerified,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/gitlab.ts
-const cleanDoubleSlashes = (input = "") => {
-	return input.split("://").map((str) => str.replace(/\/{2,}/g, "/")).join("://");
-};
-const issuerToEndpoints = (issuer) => {
-	let baseUrl = issuer || "https://gitlab.com";
-	return {
-		authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
-		tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),
-		userinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`)
-	};
-};
-const gitlab = (options) => {
-	const { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } = issuerToEndpoints(options.issuer);
-	const issuerId = "gitlab";
-	return {
-		id: issuerId,
-		name: "Gitlab",
-		createAuthorizationURL: async ({ state, scopes, codeVerifier, loginHint, redirectURI }) => {
-			const _scopes = options.disableDefaultScope ? [] : ["read_user"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return await createAuthorizationURL({
-				id: issuerId,
-				options,
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				redirectURI,
-				codeVerifier,
-				loginHint
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				codeVerifier,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch(userinfoEndpoint, { headers: { authorization: `Bearer ${token.accessToken}` } });
-			if (error || profile.state !== "active" || profile.locked) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.id,
-					name: profile.name ?? profile.username,
-					email: profile.email,
-					image: profile.avatar_url,
-					emailVerified: profile.email_verified ?? false,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/google.ts
-const google = (options) => {
-	return {
-		id: "google",
-		name: "Google",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, display }) {
-			if (!options.clientId || !options.clientSecret) {
-				logger.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options.");
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Google");
-			const _scopes = options.disableDefaultScope ? [] : [
-				"email",
-				"profile",
-				"openid"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return await createAuthorizationURL({
-				id: "google",
-				options,
-				authorizationEndpoint: "https://accounts.google.com/o/oauth2/auth",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				prompt: options.prompt,
-				accessType: options.accessType,
-				display: display || options.display,
-				loginHint,
-				hd: options.hd,
-				additionalParams: { include_granted_scopes: "true" }
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://oauth2.googleapis.com/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://www.googleapis.com/oauth2/v4/token"
-			});
-		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			const { kid, alg: jwtAlg } = decodeProtectedHeader(token);
-			if (!kid || !jwtAlg) return false;
-			const { payload: jwtClaims } = await jwtVerify(token, await getGooglePublicKey(kid), {
-				algorithms: [jwtAlg],
-				issuer: ["https://accounts.google.com", "accounts.google.com"],
-				audience: options.clientId,
-				maxTokenAge: "1h"
-			});
-			if (nonce && jwtClaims.nonce !== nonce) return false;
-			return true;
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			if (!token.idToken) return null;
-			const user = decodeJwt(token.idToken);
-			const userMap = await options.mapProfileToUser?.(user);
-			return {
-				user: {
-					id: user.sub,
-					name: user.name,
-					email: user.email,
-					image: user.picture,
-					emailVerified: user.email_verified,
-					...userMap
-				},
-				data: user
-			};
-		},
-		options
-	};
-};
-const getGooglePublicKey = async (kid) => {
-	const { data } = await betterFetch("https://www.googleapis.com/oauth2/v3/certs");
-	if (!data?.keys) throw new APIError("BAD_REQUEST", { message: "Keys not found" });
-	const jwk = data.keys.find((key) => key.kid === kid);
-	if (!jwk) throw new Error(`JWK with kid ${kid} not found`);
-	return await importJWK(jwk, jwk.alg);
-};
-
-//#endregion
-//#region src/social-providers/huggingface.ts
-const huggingface = (options) => {
-	return {
-		id: "huggingface",
-		name: "Hugging Face",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "huggingface",
-				options,
-				authorizationEndpoint: "https://huggingface.co/oauth/authorize",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://huggingface.co/oauth/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://huggingface.co/oauth/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://huggingface.co/oauth/userinfo", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.sub,
-					name: profile.name || profile.preferred_username,
-					email: profile.email,
-					image: profile.picture,
-					emailVerified: profile.email_verified ?? false,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/kakao.ts
-const kakao = (options) => {
-	return {
-		id: "kakao",
-		name: "Kakao",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"account_email",
-				"profile_image",
-				"profile_nickname"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "kakao",
-				options,
-				authorizationEndpoint: "https://kauth.kakao.com/oauth/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://kapi.kakao.com/v2/user/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
-			if (error || !profile) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			const account = profile.kakao_account || {};
-			const kakaoProfile = account.profile || {};
-			return {
-				user: {
-					id: String(profile.id),
-					name: kakaoProfile.nickname || account.name || void 0,
-					email: account.email,
-					image: kakaoProfile.profile_image_url || kakaoProfile.thumbnail_image_url,
-					emailVerified: !!account.is_email_valid && !!account.is_email_verified,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/kick.ts
-const kick = (options) => {
-	return {
-		id: "kick",
-		name: "Kick",
-		createAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {
-			const _scopes = options.disableDefaultScope ? [] : ["user:read"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "kick",
-				redirectURI,
-				options,
-				authorizationEndpoint: "https://id.kick.com/oauth/authorize",
-				scopes: _scopes,
-				codeVerifier,
-				state
-			});
-		},
-		async validateAuthorizationCode({ code, redirectURI, codeVerifier }) {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://id.kick.com/oauth/token",
-				codeVerifier
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://id.kick.com/oauth/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data, error } = await betterFetch("https://api.kick.com/public/v1/users", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (error) return null;
-			const profile = data.data[0];
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.user_id,
-					name: profile.name,
-					email: profile.email,
-					image: profile.profile_picture,
-					emailVerified: false,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/line.ts
-/**
-* LINE Login v2.1
-* - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize
-* - Token endpoint: https://api.line.me/oauth2/v2.1/token
-* - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo
-* - Verify ID token: https://api.line.me/oauth2/v2.1/verify
-*
-* Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token
-*/
-const line = (options) => {
-	const authorizationEndpoint = "https://access.line.me/oauth2/v2.1/authorize";
-	const tokenEndpoint = "https://api.line.me/oauth2/v2.1/token";
-	const userInfoEndpoint = "https://api.line.me/oauth2/v2.1/userinfo";
-	const verifyIdTokenEndpoint = "https://api.line.me/oauth2/v2.1/verify";
-	return {
-		id: "line",
-		name: "LINE",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return await createAuthorizationURL({
-				id: "line",
-				options,
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				loginHint
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			const body = new URLSearchParams();
-			body.set("id_token", token);
-			body.set("client_id", options.clientId);
-			if (nonce) body.set("nonce", nonce);
-			const { data, error } = await betterFetch(verifyIdTokenEndpoint, {
-				method: "POST",
-				headers: { "content-type": "application/x-www-form-urlencoded" },
-				body
-			});
-			if (error || !data) return false;
-			if (data.aud !== options.clientId) return false;
-			if (data.nonce && data.nonce !== nonce) return false;
-			return true;
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			let profile = null;
-			if (token.idToken) try {
-				profile = decodeJwt(token.idToken);
-			} catch {}
-			if (!profile) {
-				const { data } = await betterFetch(userInfoEndpoint, { headers: { authorization: `Bearer ${token.accessToken}` } });
-				profile = data || null;
-			}
-			if (!profile) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			const id = profile.sub || profile.userId;
-			const name = profile.name || profile.displayName;
-			const image = profile.picture || profile.pictureUrl || void 0;
-			return {
-				user: {
-					id,
-					name,
-					email: profile.email,
-					image,
-					emailVerified: false,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/linear.ts
-const linear = (options) => {
-	const tokenEndpoint = "https://api.linear.app/oauth/token";
-	return {
-		id: "linear",
-		name: "Linear",
-		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["read"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "linear",
-				options,
-				authorizationEndpoint: "https://linear.app/oauth/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				loginHint
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.linear.app/graphql", {
-				method: "POST",
-				headers: {
-					"Content-Type": "application/json",
-					Authorization: `Bearer ${token.accessToken}`
-				},
-				body: JSON.stringify({ query: `
-							query {
-								viewer {
-									id
-									name
-									email
-									avatarUrl
-									active
-									createdAt
-									updatedAt
-								}
-							}
-						` })
-			});
-			if (error || !profile?.data?.viewer) return null;
-			const userData = profile.data.viewer;
-			const userMap = await options.mapProfileToUser?.(userData);
-			return {
-				user: {
-					id: profile.data.viewer.id,
-					name: profile.data.viewer.name,
-					email: profile.data.viewer.email,
-					image: profile.data.viewer.avatarUrl,
-					emailVerified: false,
-					...userMap
-				},
-				data: userData
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/linkedin.ts
-const linkedin = (options) => {
-	const authorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
-	const tokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
-	return {
-		id: "linkedin",
-		name: "Linkedin",
-		createAuthorizationURL: async ({ state, scopes, redirectURI, loginHint }) => {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"profile",
-				"email",
-				"openid"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return await createAuthorizationURL({
-				id: "linkedin",
-				options,
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				loginHint,
-				redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return await validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.linkedin.com/v2/userinfo", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.sub,
-					name: profile.name,
-					email: profile.email,
-					emailVerified: profile.email_verified || false,
-					image: profile.picture,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/microsoft-entra-id.ts
-const microsoft = (options) => {
-	const tenant = options.tenantId || "common";
-	const authority = options.authority || "https://login.microsoftonline.com";
-	const authorizationEndpoint = `${authority}/${tenant}/oauth2/v2.0/authorize`;
-	const tokenEndpoint = `${authority}/${tenant}/oauth2/v2.0/token`;
-	return {
-		id: "microsoft",
-		name: "Microsoft EntraID",
-		createAuthorizationURL(data) {
-			const scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email",
-				"User.Read",
-				"offline_access"
-			];
-			if (options.scope) scopes.push(...options.scope);
-			if (data.scopes) scopes.push(...data.scopes);
-			return createAuthorizationURL({
-				id: "microsoft",
-				options,
-				authorizationEndpoint,
-				state: data.state,
-				codeVerifier: data.codeVerifier,
-				scopes,
-				redirectURI: data.redirectURI,
-				prompt: options.prompt,
-				loginHint: data.loginHint
-			});
-		},
-		validateAuthorizationCode({ code, codeVerifier, redirectURI }) {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			if (!token.idToken) return null;
-			const user = decodeJwt(token.idToken);
-			const profilePhotoSize = options.profilePhotoSize || 48;
-			await betterFetch(`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`, {
-				headers: { Authorization: `Bearer ${token.accessToken}` },
-				async onResponse(context) {
-					if (options.disableProfilePhoto || !context.response.ok) return;
-					try {
-						const pictureBuffer = await context.response.clone().arrayBuffer();
-						user.picture = `data:image/jpeg;base64, ${base64.encode(pictureBuffer)}`;
-					} catch (e) {
-						logger.error(e && typeof e === "object" && "name" in e ? e.name : "", e);
-					}
-				}
-			});
-			const userMap = await options.mapProfileToUser?.(user);
-			const emailVerified = user.email_verified !== void 0 ? user.email_verified : user.email && (user.verified_primary_email?.includes(user.email) || user.verified_secondary_email?.includes(user.email)) ? true : false;
-			return {
-				user: {
-					id: user.sub,
-					name: user.name,
-					email: user.email,
-					image: user.picture,
-					emailVerified,
-					...userMap
-				},
-				data: user
-			};
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			const scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email",
-				"User.Read",
-				"offline_access"
-			];
-			if (options.scope) scopes.push(...options.scope);
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientSecret: options.clientSecret
-				},
-				extraParams: { scope: scopes.join(" ") },
-				tokenEndpoint
-			});
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/naver.ts
-const naver = (options) => {
-	return {
-		id: "naver",
-		name: "Naver",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["profile", "email"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "naver",
-				options,
-				authorizationEndpoint: "https://nid.naver.com/oauth2.0/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://openapi.naver.com/v1/nid/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
-			if (error || !profile || profile.resultcode !== "00") return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			const res = profile.response || {};
-			return {
-				user: {
-					id: res.id,
-					name: res.name || res.nickname,
-					email: res.email,
-					image: res.profile_image,
-					emailVerified: false,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/notion.ts
-const notion = (options) => {
-	const tokenEndpoint = "https://api.notion.com/v1/oauth/token";
-	return {
-		id: "notion",
-		name: "Notion",
-		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "notion",
-				options,
-				authorizationEndpoint: "https://api.notion.com/v1/oauth/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				loginHint,
-				additionalParams: { owner: "user" }
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint,
-				authentication: "basic"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.notion.com/v1/users/me", { headers: {
-				Authorization: `Bearer ${token.accessToken}`,
-				"Notion-Version": "2022-06-28"
-			} });
-			if (error || !profile) return null;
-			const userProfile = profile.bot?.owner?.user;
-			if (!userProfile) return null;
-			const userMap = await options.mapProfileToUser?.(userProfile);
-			return {
-				user: {
-					id: userProfile.id,
-					name: userProfile.name || "Notion User",
-					email: userProfile.person?.email || null,
-					image: userProfile.avatar_url,
-					emailVerified: false,
-					...userMap
-				},
-				data: userProfile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/paybin.ts
-const paybin = (options) => {
-	const issuer = options.issuer || "https://idp.paybin.io";
-	const authorizationEndpoint = `${issuer}/oauth2/authorize`;
-	const tokenEndpoint = `${issuer}/oauth2/token`;
-	return {
-		id: "paybin",
-		name: "Paybin",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint }) {
-			if (!options.clientId || !options.clientSecret) {
-				logger.error("Client Id and Client Secret is required for Paybin. Make sure to provide them in the options.");
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Paybin");
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"email",
-				"profile"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return await createAuthorizationURL({
-				id: "paybin",
-				options,
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				prompt: options.prompt,
-				loginHint
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			if (!token.idToken) return null;
-			const user = decodeJwt(token.idToken);
-			const userMap = await options.mapProfileToUser?.(user);
-			return {
-				user: {
-					id: user.sub,
-					name: user.name || user.preferred_username || (user.email ? user.email.split("@")[0] : "User") || "User",
-					email: user.email,
-					image: user.picture,
-					emailVerified: user.email_verified || false,
-					...userMap
-				},
-				data: user
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/paypal.ts
-const paypal = (options) => {
-	const isSandbox = (options.environment || "sandbox") === "sandbox";
-	const authorizationEndpoint = isSandbox ? "https://www.sandbox.paypal.com/signin/authorize" : "https://www.paypal.com/signin/authorize";
-	const tokenEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/oauth2/token" : "https://api-m.paypal.com/v1/oauth2/token";
-	const userInfoEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo" : "https://api-m.paypal.com/v1/identity/oauth2/userinfo";
-	return {
-		id: "paypal",
-		name: "PayPal",
-		async createAuthorizationURL({ state, codeVerifier, redirectURI }) {
-			if (!options.clientId || !options.clientSecret) {
-				logger.error("Client Id and Client Secret is required for PayPal. Make sure to provide them in the options.");
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			return await createAuthorizationURL({
-				id: "paypal",
-				options,
-				authorizationEndpoint,
-				scopes: [],
-				state,
-				codeVerifier,
-				redirectURI,
-				prompt: options.prompt
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			/**
-			* PayPal requires Basic Auth for token exchange
-			**/
-			const credentials = base64.encode(`${options.clientId}:${options.clientSecret}`);
-			try {
-				const response = await betterFetch(tokenEndpoint, {
-					method: "POST",
-					headers: {
-						Authorization: `Basic ${credentials}`,
-						Accept: "application/json",
-						"Accept-Language": "en_US",
-						"Content-Type": "application/x-www-form-urlencoded"
-					},
-					body: new URLSearchParams({
-						grant_type: "authorization_code",
-						code,
-						redirect_uri: redirectURI
-					}).toString()
-				});
-				if (!response.data) throw new BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
-				const data = response.data;
-				return {
-					accessToken: data.access_token,
-					refreshToken: data.refresh_token,
-					accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0,
-					idToken: data.id_token
-				};
-			} catch (error) {
-				logger.error("PayPal token exchange failed:", error);
-				throw new BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
-			}
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			const credentials = base64.encode(`${options.clientId}:${options.clientSecret}`);
-			try {
-				const response = await betterFetch(tokenEndpoint, {
-					method: "POST",
-					headers: {
-						Authorization: `Basic ${credentials}`,
-						Accept: "application/json",
-						"Accept-Language": "en_US",
-						"Content-Type": "application/x-www-form-urlencoded"
-					},
-					body: new URLSearchParams({
-						grant_type: "refresh_token",
-						refresh_token: refreshToken
-					}).toString()
-				});
-				if (!response.data) throw new BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
-				const data = response.data;
-				return {
-					accessToken: data.access_token,
-					refreshToken: data.refresh_token,
-					accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0
-				};
-			} catch (error) {
-				logger.error("PayPal token refresh failed:", error);
-				throw new BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
-			}
-		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			try {
-				return !!decodeJwt(token).sub;
-			} catch (error) {
-				logger.error("Failed to verify PayPal ID token:", error);
-				return false;
-			}
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			if (!token.accessToken) {
-				logger.error("Access token is required to fetch PayPal user info");
-				return null;
-			}
-			try {
-				const response = await betterFetch(`${userInfoEndpoint}?schema=paypalv1.1`, { headers: {
-					Authorization: `Bearer ${token.accessToken}`,
-					Accept: "application/json"
-				} });
-				if (!response.data) {
-					logger.error("Failed to fetch user info from PayPal");
-					return null;
-				}
-				const userInfo = response.data;
-				const userMap = await options.mapProfileToUser?.(userInfo);
-				return {
-					user: {
-						id: userInfo.user_id,
-						name: userInfo.name,
-						email: userInfo.email,
-						image: userInfo.picture,
-						emailVerified: userInfo.email_verified,
-						...userMap
-					},
-					data: userInfo
-				};
-			} catch (error) {
-				logger.error("Failed to fetch user info from PayPal:", error);
-				return null;
-			}
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/polar.ts
-const polar = (options) => {
-	return {
-		id: "polar",
-		name: "Polar",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "polar",
-				options,
-				authorizationEndpoint: "https://polar.sh/oauth2/authorize",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				prompt: options.prompt
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://api.polar.sh/v1/oauth2/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://api.polar.sh/v1/oauth2/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.polar.sh/v1/oauth2/userinfo", { headers: { Authorization: `Bearer ${token.accessToken}` } });
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.id,
-					name: profile.public_name || profile.username,
-					email: profile.email,
-					image: profile.avatar_url,
-					emailVerified: profile.email_verified ?? false,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/reddit.ts
-const reddit = (options) => {
-	return {
-		id: "reddit",
-		name: "Reddit",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["identity"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "reddit",
-				options,
-				authorizationEndpoint: "https://www.reddit.com/api/v1/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				duration: options.duration
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			const body = new URLSearchParams({
-				grant_type: "authorization_code",
-				code,
-				redirect_uri: options.redirectURI || redirectURI
-			});
-			const { data, error } = await betterFetch("https://www.reddit.com/api/v1/access_token", {
-				method: "POST",
-				headers: {
-					"content-type": "application/x-www-form-urlencoded",
-					accept: "text/plain",
-					"user-agent": "better-auth",
-					Authorization: `Basic ${base64.encode(`${options.clientId}:${options.clientSecret}`)}`
-				},
-				body: body.toString()
-			});
-			if (error) throw error;
-			return getOAuth2Tokens(data);
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				authentication: "basic",
-				tokenEndpoint: "https://www.reddit.com/api/v1/access_token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://oauth.reddit.com/api/v1/me", { headers: {
-				Authorization: `Bearer ${token.accessToken}`,
-				"User-Agent": "better-auth"
-			} });
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.id,
-					name: profile.name,
-					email: profile.oauth_client_id,
-					emailVerified: profile.has_verified_email,
-					image: profile.icon_img?.split("?")[0],
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/roblox.ts
-const roblox = (options) => {
-	return {
-		id: "roblox",
-		name: "Roblox",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["openid", "profile"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return new URL(`https://apis.roblox.com/oauth/v1/authorize?scope=${_scopes.join("+")}&response_type=code&client_id=${options.clientId}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}&prompt=${options.prompt || "select_account consent"}`);
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI: options.redirectURI || redirectURI,
-				options,
-				tokenEndpoint: "https://apis.roblox.com/oauth/v1/token",
-				authentication: "post"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://apis.roblox.com/oauth/v1/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://apis.roblox.com/oauth/v1/userinfo", { headers: { authorization: `Bearer ${token.accessToken}` } });
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.sub,
-					name: profile.nickname || profile.preferred_username || "",
-					image: profile.picture,
-					email: profile.preferred_username || null,
-					emailVerified: false,
-					...userMap
-				},
-				data: { ...profile }
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/salesforce.ts
-const salesforce = (options) => {
-	const isSandbox = (options.environment ?? "production") === "sandbox";
-	const authorizationEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/authorize` : isSandbox ? "https://test.salesforce.com/services/oauth2/authorize" : "https://login.salesforce.com/services/oauth2/authorize";
-	const tokenEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/token` : isSandbox ? "https://test.salesforce.com/services/oauth2/token" : "https://login.salesforce.com/services/oauth2/token";
-	const userInfoEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/userinfo` : isSandbox ? "https://test.salesforce.com/services/oauth2/userinfo" : "https://login.salesforce.com/services/oauth2/userinfo";
-	return {
-		id: "salesforce",
-		name: "Salesforce",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			if (!options.clientId || !options.clientSecret) {
-				logger.error("Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options.");
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Salesforce");
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"email",
-				"profile"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "salesforce",
-				options,
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI: options.redirectURI || redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI: options.redirectURI || redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			try {
-				const { data: user } = await betterFetch(userInfoEndpoint, { headers: { Authorization: `Bearer ${token.accessToken}` } });
-				if (!user) {
-					logger.error("Failed to fetch user info from Salesforce");
-					return null;
-				}
-				const userMap = await options.mapProfileToUser?.(user);
-				return {
-					user: {
-						id: user.user_id,
-						name: user.name,
-						email: user.email,
-						image: user.photos?.picture || user.photos?.thumbnail,
-						emailVerified: user.email_verified ?? false,
-						...userMap
-					},
-					data: user
-				};
-			} catch (error) {
-				logger.error("Failed to fetch user info from Salesforce:", error);
-				return null;
-			}
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/slack.ts
-const slack = (options) => {
-	return {
-		id: "slack",
-		name: "Slack",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			if (scopes) _scopes.push(...scopes);
-			if (options.scope) _scopes.push(...options.scope);
-			const url = new URL("https://slack.com/openid/connect/authorize");
-			url.searchParams.set("scope", _scopes.join(" "));
-			url.searchParams.set("response_type", "code");
-			url.searchParams.set("client_id", options.clientId);
-			url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
-			url.searchParams.set("state", state);
-			return url;
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://slack.com/api/openid.connect.token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://slack.com/api/openid.connect.token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://slack.com/api/openid.connect.userInfo", { headers: { authorization: `Bearer ${token.accessToken}` } });
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile["https://slack.com/user_id"],
-					name: profile.name || "",
-					email: profile.email,
-					emailVerified: profile.email_verified,
-					image: profile.picture || profile["https://slack.com/user_image_512"],
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/spotify.ts
-const spotify = (options) => {
-	return {
-		id: "spotify",
-		name: "Spotify",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["user-read-email"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "spotify",
-				options,
-				authorizationEndpoint: "https://accounts.spotify.com/authorize",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://accounts.spotify.com/api/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://accounts.spotify.com/api/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.spotify.com/v1/me", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.id,
-					name: profile.display_name,
-					email: profile.email,
-					image: profile.images[0]?.url,
-					emailVerified: false,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/tiktok.ts
-const tiktok = (options) => {
-	return {
-		id: "tiktok",
-		name: "TikTok",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["user.info.profile"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return new URL(`https://www.tiktok.com/v2/auth/authorize?scope=${_scopes.join(",")}&response_type=code&client_key=${options.clientKey}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}`);
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI: options.redirectURI || redirectURI,
-				options: {
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: { clientSecret: options.clientSecret },
-				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/",
-				authentication: "post",
-				extraParams: { client_key: options.clientKey }
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch(`https://open.tiktokapis.com/v2/user/info/?fields=${[
-				"open_id",
-				"avatar_large_url",
-				"display_name",
-				"username"
-			].join(",")}`, { headers: { authorization: `Bearer ${token.accessToken}` } });
-			if (error) return null;
-			return {
-				user: {
-					email: profile.data.user.email || profile.data.user.username,
-					id: profile.data.user.open_id,
-					name: profile.data.user.display_name || profile.data.user.username,
-					image: profile.data.user.avatar_large_url,
-					emailVerified: false
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/twitch.ts
-const twitch = (options) => {
-	return {
-		id: "twitch",
-		name: "Twitch",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["user:read:email", "openid"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "twitch",
-				redirectURI,
-				options,
-				authorizationEndpoint: "https://id.twitch.tv/oauth2/authorize",
-				scopes: _scopes,
-				state,
-				claims: options.claims || [
-					"email",
-					"email_verified",
-					"preferred_username",
-					"picture"
-				]
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const idToken = token.idToken;
-			if (!idToken) {
-				logger.error("No idToken found in token");
-				return null;
-			}
-			const profile = decodeJwt(idToken);
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.sub,
-					name: profile.preferred_username,
-					email: profile.email,
-					image: profile.picture,
-					emailVerified: profile.email_verified,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/twitter.ts
-const twitter = (options) => {
-	return {
-		id: "twitter",
-		name: "Twitter",
-		createAuthorizationURL(data) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"users.read",
-				"tweet.read",
-				"offline.access",
-				"users.email"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (data.scopes) _scopes.push(...data.scopes);
-			return createAuthorizationURL({
-				id: "twitter",
-				options,
-				authorizationEndpoint: "https://x.com/i/oauth2/authorize",
-				scopes: _scopes,
-				state: data.state,
-				codeVerifier: data.codeVerifier,
-				redirectURI: data.redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				authentication: "basic",
-				redirectURI,
-				options,
-				tokenEndpoint: "https://api.x.com/2/oauth2/token"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				authentication: "basic",
-				tokenEndpoint: "https://api.x.com/2/oauth2/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error: profileError } = await betterFetch("https://api.x.com/2/users/me?user.fields=profile_image_url", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (profileError) return null;
-			const { data: emailData, error: emailError } = await betterFetch("https://api.x.com/2/users/me?user.fields=confirmed_email", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			let emailVerified = false;
-			if (!emailError && emailData?.data?.confirmed_email) {
-				profile.data.email = emailData.data.confirmed_email;
-				emailVerified = true;
-			}
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.data.id,
-					name: profile.data.name,
-					email: profile.data.email || profile.data.username || null,
-					image: profile.data.profile_image_url,
-					emailVerified,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/vercel.ts
-const vercel = (options) => {
-	return {
-		id: "vercel",
-		name: "Vercel",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Vercel");
-			let _scopes = void 0;
-			if (options.scope !== void 0 || scopes !== void 0) {
-				_scopes = [];
-				if (options.scope) _scopes.push(...options.scope);
-				if (scopes) _scopes.push(...scopes);
-			}
-			return createAuthorizationURL({
-				id: "vercel",
-				options,
-				authorizationEndpoint: "https://vercel.com/oauth/authorize",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint: "https://api.vercel.com/login/oauth/token"
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.vercel.com/login/oauth/userinfo", { headers: { Authorization: `Bearer ${token.accessToken}` } });
-			if (error || !profile) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.sub,
-					name: profile.name ?? profile.preferred_username,
-					email: profile.email,
-					image: profile.picture,
-					emailVerified: profile.email_verified ?? false,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/vk.ts
-const vk = (options) => {
-	return {
-		id: "vk",
-		name: "VK",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["email", "phone"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "vk",
-				options,
-				authorizationEndpoint: "https://id.vk.com/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				codeVerifier
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI, deviceId }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI: options.redirectURI || redirectURI,
-				options,
-				deviceId,
-				tokenEndpoint: "https://id.vk.com/oauth2/auth"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint: "https://id.vk.com/oauth2/auth"
-			});
-		},
-		async getUserInfo(data) {
-			if (options.getUserInfo) return options.getUserInfo(data);
-			if (!data.accessToken) return null;
-			const formBody = new URLSearchParams({
-				access_token: data.accessToken,
-				client_id: options.clientId
-			}).toString();
-			const { data: profile, error } = await betterFetch("https://id.vk.com/oauth2/user_info", {
-				method: "POST",
-				headers: { "Content-Type": "application/x-www-form-urlencoded" },
-				body: formBody
-			});
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			if (!profile.user.email && !userMap?.email) return null;
-			return {
-				user: {
-					id: profile.user.user_id,
-					first_name: profile.user.first_name,
-					last_name: profile.user.last_name,
-					email: profile.user.email,
-					image: profile.user.avatar,
-					emailVerified: false,
-					birthday: profile.user.birthday,
-					sex: profile.user.sex,
-					name: `${profile.user.first_name} ${profile.user.last_name}`,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-
-//#endregion
-//#region src/social-providers/zoom.ts
-const zoom = (userOptions) => {
-	const options = {
-		pkce: true,
-		...userOptions
-	};
-	return {
-		id: "zoom",
-		name: "Zoom",
-		createAuthorizationURL: async ({ state, redirectURI, codeVerifier }) => {
-			const params = new URLSearchParams({
-				response_type: "code",
-				redirect_uri: options.redirectURI ? options.redirectURI : redirectURI,
-				client_id: options.clientId,
-				state
-			});
-			if (options.pkce) {
-				const codeChallenge = await generateCodeChallenge(codeVerifier);
-				params.set("code_challenge_method", "S256");
-				params.set("code_challenge", codeChallenge);
-			}
-			const url = new URL("https://zoom.us/oauth/authorize");
-			url.search = params.toString();
-			return url;
-		},
-		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI: options.redirectURI || redirectURI,
-				codeVerifier,
-				options,
-				tokenEndpoint: "https://zoom.us/oauth/token",
-				authentication: "post"
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => refreshAccessToken({
-			refreshToken,
-			options: {
-				clientId: options.clientId,
-				clientKey: options.clientKey,
-				clientSecret: options.clientSecret
-			},
-			tokenEndpoint: "https://zoom.us/oauth/token"
-		}),
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.zoom.us/v2/users/me", { headers: { authorization: `Bearer ${token.accessToken}` } });
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.id,
-					name: profile.display_name,
-					image: profile.pic_url,
-					email: profile.email,
-					emailVerified: Boolean(profile.verified),
-					...userMap
-				},
-				data: { ...profile }
-			};
-		}
-	};
-};
-
-//#endregion
 //#region src/social-providers/index.ts
 const socialProviders = {
 	apple,