@better-auth/core 1.4.12-beta.2 → 1.4.13

package/dist/social-providers/notion.d.mts

@@ -0,0 +1,66 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/notion.d.ts
+interface NotionProfile {
+  object: "user";
+  id: string;
+  type: "person" | "bot";
+  name?: string | undefined;
+  avatar_url?: string | undefined;
+  person?: {
+    email?: string;
+  } | undefined;
+}
+interface NotionOptions extends ProviderOptions<NotionProfile> {
+  clientId: string;
+}
+declare const notion: (options: NotionOptions) => {
+  id: "notion";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    loginHint,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: NotionOptions;
+};
+//#endregion
+export { NotionOptions, NotionProfile, notion };

package/dist/social-providers/notion.mjs

@@ -0,0 +1,75 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/notion.ts
+const notion = (options) => {
+	const tokenEndpoint = "https://api.notion.com/v1/oauth/token";
+	return {
+		id: "notion",
+		name: "Notion",
+		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : [];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "notion",
+				options,
+				authorizationEndpoint: "https://api.notion.com/v1/oauth/authorize",
+				scopes: _scopes,
+				state,
+				redirectURI,
+				loginHint,
+				additionalParams: { owner: "user" }
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint,
+				authentication: "basic"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://api.notion.com/v1/users/me", { headers: {
+				Authorization: `Bearer ${token.accessToken}`,
+				"Notion-Version": "2022-06-28"
+			} });
+			if (error || !profile) return null;
+			const userProfile = profile.bot?.owner?.user;
+			if (!userProfile) return null;
+			const userMap = await options.mapProfileToUser?.(userProfile);
+			return {
+				user: {
+					id: userProfile.id,
+					name: userProfile.name || "Notion User",
+					email: userProfile.person?.email || null,
+					image: userProfile.avatar_url,
+					emailVerified: false,
+					...userMap
+				},
+				data: userProfile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { notion };

package/dist/social-providers/paybin.d.mts

@@ -0,0 +1,73 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/paybin.d.ts
+interface PaybinProfile {
+  sub: string;
+  email: string;
+  email_verified?: boolean | undefined;
+  name?: string | undefined;
+  preferred_username?: string | undefined;
+  picture?: string | undefined;
+  given_name?: string | undefined;
+  family_name?: string | undefined;
+}
+interface PaybinOptions extends ProviderOptions<PaybinProfile> {
+  clientId: string;
+  /**
+   * The issuer URL of your Paybin OAuth server
+   * @default "https://idp.paybin.io"
+   */
+  issuer?: string | undefined;
+}
+declare const paybin: (options: PaybinOptions) => {
+  id: "paybin";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI,
+    loginHint
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: PaybinOptions;
+};
+//#endregion
+export { PaybinOptions, PaybinProfile, paybin };

package/dist/social-providers/paybin.mjs

@@ -0,0 +1,85 @@
+import { logger } from "../env/logger.mjs";
+import "../env/index.mjs";
+import { BetterAuthError } from "../error/index.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { decodeJwt } from "jose";
+
+//#region src/social-providers/paybin.ts
+const paybin = (options) => {
+	const issuer = options.issuer || "https://idp.paybin.io";
+	const authorizationEndpoint = `${issuer}/oauth2/authorize`;
+	const tokenEndpoint = `${issuer}/oauth2/token`;
+	return {
+		id: "paybin",
+		name: "Paybin",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint }) {
+			if (!options.clientId || !options.clientSecret) {
+				logger.error("Client Id and Client Secret is required for Paybin. Make sure to provide them in the options.");
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Paybin");
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"email",
+				"profile"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: "paybin",
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+				prompt: options.prompt,
+				loginHint
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			if (!token.idToken) return null;
+			const user = decodeJwt(token.idToken);
+			const userMap = await options.mapProfileToUser?.(user);
+			return {
+				user: {
+					id: user.sub,
+					name: user.name || user.preferred_username || (user.email ? user.email.split("@")[0] : "User") || "User",
+					email: user.email,
+					image: user.picture,
+					emailVerified: user.email_verified || false,
+					...userMap
+				},
+				data: user
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { paybin };

package/dist/social-providers/paypal.d.mts

@@ -0,0 +1,131 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/paypal.d.ts
+interface PayPalProfile {
+  user_id: string;
+  name: string;
+  given_name: string;
+  family_name: string;
+  middle_name?: string | undefined;
+  picture?: string | undefined;
+  email: string;
+  email_verified: boolean;
+  gender?: string | undefined;
+  birthdate?: string | undefined;
+  zoneinfo?: string | undefined;
+  locale?: string | undefined;
+  phone_number?: string | undefined;
+  address?: {
+    street_address?: string;
+    locality?: string;
+    region?: string;
+    postal_code?: string;
+    country?: string;
+  } | undefined;
+  verified_account?: boolean | undefined;
+  account_type?: string | undefined;
+  age_range?: string | undefined;
+  payer_id?: string | undefined;
+}
+interface PayPalTokenResponse {
+  scope?: string | undefined;
+  access_token: string;
+  refresh_token?: string | undefined;
+  token_type: "Bearer";
+  id_token?: string | undefined;
+  expires_in: number;
+  nonce?: string | undefined;
+}
+interface PayPalOptions extends ProviderOptions<PayPalProfile> {
+  clientId: string;
+  /**
+   * PayPal environment - 'sandbox' for testing, 'live' for production
+   * @default 'sandbox'
+   */
+  environment?: ("sandbox" | "live") | undefined;
+  /**
+   * Whether to request shipping address information
+   * @default false
+   */
+  requestShippingAddress?: boolean | undefined;
+}
+declare const paypal: (options: PayPalOptions) => {
+  id: "paypal";
+  name: string;
+  createAuthorizationURL({
+    state,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<{
+    accessToken: string;
+    refreshToken: string | undefined;
+    accessTokenExpiresAt: Date | undefined;
+    idToken: string | undefined;
+  }>;
+  refreshAccessToken: ((refreshToken: string) => Promise<OAuth2Tokens>) | ((refreshToken: string) => Promise<{
+    accessToken: any;
+    refreshToken: any;
+    accessTokenExpiresAt: Date | undefined;
+  }>);
+  verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | {
+    user: {
+      id: string;
+      name: string;
+      email: string;
+      image: string | undefined;
+      emailVerified: boolean;
+    } | {
+      id: string;
+      name: string;
+      email: string | null;
+      image: string;
+      emailVerified: boolean;
+    } | {
+      id: string;
+      name: string;
+      email: string | null;
+      image: string;
+      emailVerified: boolean;
+    };
+    data: PayPalProfile;
+  } | null>;
+  options: PayPalOptions;
+};
+//#endregion
+export { PayPalOptions, PayPalProfile, PayPalTokenResponse, paypal };

package/dist/social-providers/paypal.mjs

@@ -0,0 +1,144 @@
+import { logger } from "../env/logger.mjs";
+import "../env/index.mjs";
+import { BetterAuthError } from "../error/index.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import "../oauth2/index.mjs";
+import { base64 } from "@better-auth/utils/base64";
+import { betterFetch } from "@better-fetch/fetch";
+import { decodeJwt } from "jose";
+
+//#region src/social-providers/paypal.ts
+const paypal = (options) => {
+	const isSandbox = (options.environment || "sandbox") === "sandbox";
+	const authorizationEndpoint = isSandbox ? "https://www.sandbox.paypal.com/signin/authorize" : "https://www.paypal.com/signin/authorize";
+	const tokenEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/oauth2/token" : "https://api-m.paypal.com/v1/oauth2/token";
+	const userInfoEndpoint = isSandbox ? "https://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo" : "https://api-m.paypal.com/v1/identity/oauth2/userinfo";
+	return {
+		id: "paypal",
+		name: "PayPal",
+		async createAuthorizationURL({ state, codeVerifier, redirectURI }) {
+			if (!options.clientId || !options.clientSecret) {
+				logger.error("Client Id and Client Secret is required for PayPal. Make sure to provide them in the options.");
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			return await createAuthorizationURL({
+				id: "paypal",
+				options,
+				authorizationEndpoint,
+				scopes: [],
+				state,
+				codeVerifier,
+				redirectURI,
+				prompt: options.prompt
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			/**
+			* PayPal requires Basic Auth for token exchange
+			**/
+			const credentials = base64.encode(`${options.clientId}:${options.clientSecret}`);
+			try {
+				const response = await betterFetch(tokenEndpoint, {
+					method: "POST",
+					headers: {
+						Authorization: `Basic ${credentials}`,
+						Accept: "application/json",
+						"Accept-Language": "en_US",
+						"Content-Type": "application/x-www-form-urlencoded"
+					},
+					body: new URLSearchParams({
+						grant_type: "authorization_code",
+						code,
+						redirect_uri: redirectURI
+					}).toString()
+				});
+				if (!response.data) throw new BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
+				const data = response.data;
+				return {
+					accessToken: data.access_token,
+					refreshToken: data.refresh_token,
+					accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0,
+					idToken: data.id_token
+				};
+			} catch (error) {
+				logger.error("PayPal token exchange failed:", error);
+				throw new BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
+			}
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			const credentials = base64.encode(`${options.clientId}:${options.clientSecret}`);
+			try {
+				const response = await betterFetch(tokenEndpoint, {
+					method: "POST",
+					headers: {
+						Authorization: `Basic ${credentials}`,
+						Accept: "application/json",
+						"Accept-Language": "en_US",
+						"Content-Type": "application/x-www-form-urlencoded"
+					},
+					body: new URLSearchParams({
+						grant_type: "refresh_token",
+						refresh_token: refreshToken
+					}).toString()
+				});
+				if (!response.data) throw new BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
+				const data = response.data;
+				return {
+					accessToken: data.access_token,
+					refreshToken: data.refresh_token,
+					accessTokenExpiresAt: data.expires_in ? new Date(Date.now() + data.expires_in * 1e3) : void 0
+				};
+			} catch (error) {
+				logger.error("PayPal token refresh failed:", error);
+				throw new BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
+			}
+		},
+		async verifyIdToken(token, nonce) {
+			if (options.disableIdTokenSignIn) return false;
+			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
+			try {
+				return !!decodeJwt(token).sub;
+			} catch (error) {
+				logger.error("Failed to verify PayPal ID token:", error);
+				return false;
+			}
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			if (!token.accessToken) {
+				logger.error("Access token is required to fetch PayPal user info");
+				return null;
+			}
+			try {
+				const response = await betterFetch(`${userInfoEndpoint}?schema=paypalv1.1`, { headers: {
+					Authorization: `Bearer ${token.accessToken}`,
+					Accept: "application/json"
+				} });
+				if (!response.data) {
+					logger.error("Failed to fetch user info from PayPal");
+					return null;
+				}
+				const userInfo = response.data;
+				const userMap = await options.mapProfileToUser?.(userInfo);
+				return {
+					user: {
+						id: userInfo.user_id,
+						name: userInfo.name,
+						email: userInfo.email,
+						image: userInfo.picture,
+						emailVerified: userInfo.email_verified,
+						...userMap
+					},
+					data: userInfo
+				};
+			} catch (error) {
+				logger.error("Failed to fetch user info from PayPal:", error);
+				return null;
+			}
+		},
+		options
+	};
+};
+
+//#endregion
+export { paypal };

package/dist/social-providers/polar.d.mts

@@ -0,0 +1,76 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/polar.d.ts
+interface PolarProfile {
+  id: string;
+  email: string;
+  username: string;
+  avatar_url: string;
+  github_username?: string | undefined;
+  account_id?: string | undefined;
+  public_name?: string | undefined;
+  email_verified?: boolean | undefined;
+  profile_settings?: {
+    profile_settings_enabled?: boolean;
+    profile_settings_public_name?: string;
+    profile_settings_public_avatar?: string;
+    profile_settings_public_bio?: string;
+    profile_settings_public_location?: string;
+    profile_settings_public_website?: string;
+    profile_settings_public_twitter?: string;
+    profile_settings_public_github?: string;
+    profile_settings_public_email?: string;
+  } | undefined;
+}
+interface PolarOptions extends ProviderOptions<PolarProfile> {}
+declare const polar: (options: PolarOptions) => {
+  id: "polar";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: PolarOptions;
+};
+//#endregion
+export { PolarOptions, PolarProfile, polar };