@better-auth/core 1.4.12-beta.2 → 1.4.13

package/dist/social-providers/kakao.d.mts

@@ -0,0 +1,163 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/kakao.d.ts
+interface Partner {
+  /** Partner-specific ID (consent required: kakaotalk_message) */
+  uuid?: string | undefined;
+}
+interface Profile {
+  /** Nickname (consent required: profile/nickname) */
+  nickname?: string | undefined;
+  /** Thumbnail image URL (consent required: profile/profile image) */
+  thumbnail_image_url?: string | undefined;
+  /** Profile image URL (consent required: profile/profile image) */
+  profile_image_url?: string | undefined;
+  /** Whether the profile image is the default */
+  is_default_image?: boolean | undefined;
+  /** Whether the nickname is the default */
+  is_default_nickname?: boolean | undefined;
+}
+interface KakaoAccount {
+  /** Consent required: profile info (nickname/profile image) */
+  profile_needs_agreement?: boolean | undefined;
+  /** Consent required: nickname */
+  profile_nickname_needs_agreement?: boolean | undefined;
+  /** Consent required: profile image */
+  profile_image_needs_agreement?: boolean | undefined;
+  /** Profile info */
+  profile?: Profile | undefined;
+  /** Consent required: name */
+  name_needs_agreement?: boolean | undefined;
+  /** Name */
+  name?: string | undefined;
+  /** Consent required: email */
+  email_needs_agreement?: boolean | undefined;
+  /** Email valid */
+  is_email_valid?: boolean | undefined;
+  /** Email verified */
+  is_email_verified?: boolean | undefined;
+  /** Email */
+  email?: string | undefined;
+  /** Consent required: age range */
+  age_range_needs_agreement?: boolean | undefined;
+  /** Age range */
+  age_range?: string | undefined;
+  /** Consent required: birth year */
+  birthyear_needs_agreement?: boolean | undefined;
+  /** Birth year (YYYY) */
+  birthyear?: string | undefined;
+  /** Consent required: birthday */
+  birthday_needs_agreement?: boolean | undefined;
+  /** Birthday (MMDD) */
+  birthday?: string | undefined;
+  /** Birthday type (SOLAR/LUNAR) */
+  birthday_type?: string | undefined;
+  /** Whether birthday is in a leap month */
+  is_leap_month?: boolean | undefined;
+  /** Consent required: gender */
+  gender_needs_agreement?: boolean | undefined;
+  /** Gender (male/female) */
+  gender?: string | undefined;
+  /** Consent required: phone number */
+  phone_number_needs_agreement?: boolean | undefined;
+  /** Phone number */
+  phone_number?: string | undefined;
+  /** Consent required: CI */
+  ci_needs_agreement?: boolean | undefined;
+  /** CI (unique identifier) */
+  ci?: string | undefined;
+  /** CI authentication time (UTC) */
+  ci_authenticated_at?: string | undefined;
+}
+interface KakaoProfile {
+  /** Kakao user ID */
+  id: number;
+  /**
+   * Whether the user has signed up (only present if auto-connection is disabled)
+   * false: preregistered, true: registered
+   */
+  has_signed_up?: boolean | undefined;
+  /** UTC datetime when the user connected the service */
+  connected_at?: string | undefined;
+  /** UTC datetime when the user signed up via Kakao Sync */
+  synched_at?: string | undefined;
+  /** Custom user properties */
+  properties?: Record<string, any> | undefined;
+  /** Kakao account info */
+  kakao_account: KakaoAccount;
+  /** Partner info */
+  for_partner?: Partner | undefined;
+}
+interface KakaoOptions extends ProviderOptions<KakaoProfile> {
+  clientId: string;
+}
+declare const kakao: (options: KakaoOptions) => {
+  id: "kakao";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | {
+    user: {
+      id: string;
+      name: string | undefined;
+      email: string | undefined;
+      image: string | undefined;
+      emailVerified: boolean;
+    } | {
+      id: string;
+      name: string;
+      email: string | null;
+      image: string;
+      emailVerified: boolean;
+    } | {
+      id: string;
+      name: string;
+      email: string | null;
+      image: string;
+      emailVerified: boolean;
+    };
+    data: KakaoProfile;
+  } | null>;
+  options: KakaoOptions;
+};
+//#endregion
+export { KakaoOptions, KakaoProfile, kakao };

package/dist/social-providers/kakao.mjs

@@ -0,0 +1,72 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/kakao.ts
+const kakao = (options) => {
+	return {
+		id: "kakao",
+		name: "Kakao",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"account_email",
+				"profile_image",
+				"profile_nickname"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "kakao",
+				options,
+				authorizationEndpoint: "https://kauth.kakao.com/oauth/authorize",
+				scopes: _scopes,
+				state,
+				redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://kapi.kakao.com/v2/user/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
+			if (error || !profile) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			const account = profile.kakao_account || {};
+			const kakaoProfile = account.profile || {};
+			return {
+				user: {
+					id: String(profile.id),
+					name: kakaoProfile.nickname || account.name || void 0,
+					email: account.email,
+					image: kakaoProfile.profile_image_url || kakaoProfile.thumbnail_image_url,
+					emailVerified: !!account.is_email_valid && !!account.is_email_verified,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { kakao };

package/dist/social-providers/kick.d.mts

@@ -0,0 +1,75 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/kick.d.ts
+interface KickProfile {
+  /**
+   * The user id of the user
+   */
+  user_id: string;
+  /**
+   * The name of the user
+   */
+  name: string;
+  /**
+   * The email of the user
+   */
+  email: string;
+  /**
+   * The picture of the user
+   */
+  profile_picture: string;
+}
+interface KickOptions extends ProviderOptions<KickProfile> {
+  clientId: string;
+}
+declare const kick: (options: KickOptions) => {
+  id: "kick";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI,
+    codeVerifier
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode({
+    code,
+    redirectURI,
+    codeVerifier
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }): Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: KickOptions;
+};
+//#endregion
+export { KickOptions, KickProfile, kick };

package/dist/social-providers/kick.mjs

@@ -0,0 +1,71 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/kick.ts
+const kick = (options) => {
+	return {
+		id: "kick",
+		name: "Kick",
+		createAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user:read"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "kick",
+				redirectURI,
+				options,
+				authorizationEndpoint: "https://id.kick.com/oauth/authorize",
+				scopes: _scopes,
+				codeVerifier,
+				state
+			});
+		},
+		async validateAuthorizationCode({ code, redirectURI, codeVerifier }) {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://id.kick.com/oauth/token",
+				codeVerifier
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://id.kick.com/oauth/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data, error } = await betterFetch("https://api.kick.com/public/v1/users", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (error) return null;
+			const profile = data.data[0];
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.user_id,
+					name: profile.name,
+					email: profile.email,
+					image: profile.profile_picture,
+					emailVerified: false,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { kick };

package/dist/social-providers/line.d.mts

@@ -0,0 +1,107 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/line.d.ts
+interface LineIdTokenPayload {
+  iss: string;
+  sub: string;
+  aud: string;
+  exp: number;
+  iat: number;
+  name?: string | undefined;
+  picture?: string | undefined;
+  email?: string | undefined;
+  amr?: string[] | undefined;
+  nonce?: string | undefined;
+}
+interface LineUserInfo {
+  sub: string;
+  name?: string | undefined;
+  picture?: string | undefined;
+  email?: string | undefined;
+}
+interface LineOptions extends ProviderOptions<LineUserInfo | LineIdTokenPayload> {
+  clientId: string;
+}
+/**
+ * LINE Login v2.1
+ * - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize
+ * - Token endpoint: https://api.line.me/oauth2/v2.1/token
+ * - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo
+ * - Verify ID token: https://api.line.me/oauth2/v2.1/verify
+ *
+ * Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token
+ */
+declare const line: (options: LineOptions) => {
+  id: "line";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI,
+    loginHint
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | {
+    user: {
+      id: any;
+      name: any;
+      email: any;
+      image: any;
+      emailVerified: false;
+    } | {
+      id: any;
+      name: any;
+      email: any;
+      image: any;
+      emailVerified: boolean;
+    } | {
+      id: any;
+      name: any;
+      email: any;
+      image: any;
+      emailVerified: boolean;
+    };
+    data: any;
+  } | null>;
+  options: LineOptions;
+};
+//#endregion
+export { LineIdTokenPayload, LineOptions, LineUserInfo, line };

package/dist/social-providers/line.mjs

@@ -0,0 +1,113 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+import { decodeJwt } from "jose";
+
+//#region src/social-providers/line.ts
+/**
+* LINE Login v2.1
+* - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize
+* - Token endpoint: https://api.line.me/oauth2/v2.1/token
+* - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo
+* - Verify ID token: https://api.line.me/oauth2/v2.1/verify
+*
+* Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token
+*/
+const line = (options) => {
+	const authorizationEndpoint = "https://access.line.me/oauth2/v2.1/authorize";
+	const tokenEndpoint = "https://api.line.me/oauth2/v2.1/token";
+	const userInfoEndpoint = "https://api.line.me/oauth2/v2.1/userinfo";
+	const verifyIdTokenEndpoint = "https://api.line.me/oauth2/v2.1/verify";
+	return {
+		id: "line",
+		name: "LINE",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: "line",
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+				loginHint
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint
+			});
+		},
+		async verifyIdToken(token, nonce) {
+			if (options.disableIdTokenSignIn) return false;
+			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
+			const body = new URLSearchParams();
+			body.set("id_token", token);
+			body.set("client_id", options.clientId);
+			if (nonce) body.set("nonce", nonce);
+			const { data, error } = await betterFetch(verifyIdTokenEndpoint, {
+				method: "POST",
+				headers: { "content-type": "application/x-www-form-urlencoded" },
+				body
+			});
+			if (error || !data) return false;
+			if (data.aud !== options.clientId) return false;
+			if (data.nonce && data.nonce !== nonce) return false;
+			return true;
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			let profile = null;
+			if (token.idToken) try {
+				profile = decodeJwt(token.idToken);
+			} catch {}
+			if (!profile) {
+				const { data } = await betterFetch(userInfoEndpoint, { headers: { authorization: `Bearer ${token.accessToken}` } });
+				profile = data || null;
+			}
+			if (!profile) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			const id = profile.sub || profile.userId;
+			const name = profile.name || profile.displayName;
+			const image = profile.picture || profile.pictureUrl || void 0;
+			return {
+				user: {
+					id,
+					name,
+					email: profile.email,
+					image,
+					emailVerified: false,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { line };

package/dist/social-providers/linear.d.mts

@@ -0,0 +1,70 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/linear.d.ts
+interface LinearUser {
+  id: string;
+  name: string;
+  email: string;
+  avatarUrl?: string | undefined;
+  active: boolean;
+  createdAt: string;
+  updatedAt: string;
+}
+interface LinearProfile {
+  data: {
+    viewer: LinearUser;
+  };
+}
+interface LinearOptions extends ProviderOptions<LinearUser> {
+  clientId: string;
+}
+declare const linear: (options: LinearOptions) => {
+  id: "linear";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    loginHint,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: LinearOptions;
+};
+//#endregion
+export { LinearOptions, LinearProfile, LinearUser, linear };