@better-auth/core 1.4.12-beta.2 → 1.4.13

package/dist/social-providers/polar.mjs

@@ -0,0 +1,73 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/polar.ts
+const polar = (options) => {
+	return {
+		id: "polar",
+		name: "Polar",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "polar",
+				options,
+				authorizationEndpoint: "https://polar.sh/oauth2/authorize",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+				prompt: options.prompt
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://api.polar.sh/v1/oauth2/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://api.polar.sh/v1/oauth2/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://api.polar.sh/v1/oauth2/userinfo", { headers: { Authorization: `Bearer ${token.accessToken}` } });
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.public_name || profile.username,
+					email: profile.email,
+					image: profile.avatar_url,
+					emailVerified: profile.email_verified ?? false,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { polar };

package/dist/social-providers/reddit.d.mts

@@ -0,0 +1,64 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/reddit.d.ts
+interface RedditProfile {
+  id: string;
+  name: string;
+  icon_img: string | null;
+  has_verified_email: boolean;
+  oauth_client_id: string;
+  verified: boolean;
+}
+interface RedditOptions extends ProviderOptions<RedditProfile> {
+  clientId: string;
+  duration?: string | undefined;
+}
+declare const reddit: (options: RedditOptions) => {
+  id: "reddit";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: RedditOptions;
+};
+//#endregion
+export { RedditOptions, RedditProfile, reddit };

package/dist/social-providers/reddit.mjs

@@ -0,0 +1,83 @@
+import { getOAuth2Tokens } from "../oauth2/utils.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import "../oauth2/index.mjs";
+import { base64 } from "@better-auth/utils/base64";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/reddit.ts
+const reddit = (options) => {
+	return {
+		id: "reddit",
+		name: "Reddit",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["identity"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "reddit",
+				options,
+				authorizationEndpoint: "https://www.reddit.com/api/v1/authorize",
+				scopes: _scopes,
+				state,
+				redirectURI,
+				duration: options.duration
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			const body = new URLSearchParams({
+				grant_type: "authorization_code",
+				code,
+				redirect_uri: options.redirectURI || redirectURI
+			});
+			const { data, error } = await betterFetch("https://www.reddit.com/api/v1/access_token", {
+				method: "POST",
+				headers: {
+					"content-type": "application/x-www-form-urlencoded",
+					accept: "text/plain",
+					"user-agent": "better-auth",
+					Authorization: `Basic ${base64.encode(`${options.clientId}:${options.clientSecret}`)}`
+				},
+				body: body.toString()
+			});
+			if (error) throw error;
+			return getOAuth2Tokens(data);
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				authentication: "basic",
+				tokenEndpoint: "https://www.reddit.com/api/v1/access_token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://oauth.reddit.com/api/v1/me", { headers: {
+				Authorization: `Bearer ${token.accessToken}`,
+				"User-Agent": "better-auth"
+			} });
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.name,
+					email: profile.oauth_client_id,
+					emailVerified: profile.has_verified_email,
+					image: profile.icon_img?.split("?")[0],
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { reddit };

package/dist/social-providers/roblox.d.mts

@@ -0,0 +1,72 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/roblox.d.ts
+interface RobloxProfile extends Record<string, any> {
+  /** the user's id */
+  sub: string;
+  /** the user's username */
+  preferred_username: string;
+  /** the user's display name, will return the same value as the preferred_username if not set */
+  nickname: string;
+  /** the user's display name, again, will return the same value as the preferred_username if not set */
+  name: string;
+  /** the account creation date as a unix timestamp in seconds */
+  created_at: number;
+  /** the user's profile URL */
+  profile: string;
+  /** the user's avatar URL */
+  picture: string;
+}
+interface RobloxOptions extends ProviderOptions<RobloxProfile> {
+  clientId: string;
+  prompt?: ("none" | "consent" | "login" | "select_account" | "select_account consent") | undefined;
+}
+declare const roblox: (options: RobloxOptions) => {
+  id: "roblox";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): URL;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: RobloxOptions;
+};
+//#endregion
+export { RobloxOptions, RobloxProfile, roblox };

package/dist/social-providers/roblox.mjs

@@ -0,0 +1,59 @@
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/roblox.ts
+const roblox = (options) => {
+	return {
+		id: "roblox",
+		name: "Roblox",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["openid", "profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return new URL(`https://apis.roblox.com/oauth/v1/authorize?scope=${_scopes.join("+")}&response_type=code&client_id=${options.clientId}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}&prompt=${options.prompt || "select_account consent"}`);
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI: options.redirectURI || redirectURI,
+				options,
+				tokenEndpoint: "https://apis.roblox.com/oauth/v1/token",
+				authentication: "post"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://apis.roblox.com/oauth/v1/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://apis.roblox.com/oauth/v1/userinfo", { headers: { authorization: `Bearer ${token.accessToken}` } });
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.sub,
+					name: profile.nickname || profile.preferred_username || "",
+					image: profile.picture,
+					email: profile.preferred_username || null,
+					emailVerified: false,
+					...userMap
+				},
+				data: { ...profile }
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { roblox };

package/dist/social-providers/salesforce.d.mts

@@ -0,0 +1,81 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/salesforce.d.ts
+interface SalesforceProfile {
+  sub: string;
+  user_id: string;
+  organization_id: string;
+  preferred_username?: string | undefined;
+  email: string;
+  email_verified?: boolean | undefined;
+  name: string;
+  given_name?: string | undefined;
+  family_name?: string | undefined;
+  zoneinfo?: string | undefined;
+  photos?: {
+    picture?: string;
+    thumbnail?: string;
+  } | undefined;
+}
+interface SalesforceOptions extends ProviderOptions<SalesforceProfile> {
+  clientId: string;
+  environment?: ("sandbox" | "production") | undefined;
+  loginUrl?: string | undefined;
+  /**
+   * Override the redirect URI if auto-detection fails.
+   * Should match the Callback URL configured in your Salesforce Connected App.
+   * @example "http://localhost:3000/api/auth/callback/salesforce"
+   */
+  redirectURI?: string | undefined;
+}
+declare const salesforce: (options: SalesforceOptions) => {
+  id: "salesforce";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: SalesforceOptions;
+};
+//#endregion
+export { SalesforceOptions, SalesforceProfile, salesforce };

package/dist/social-providers/salesforce.mjs

@@ -0,0 +1,91 @@
+import { logger } from "../env/logger.mjs";
+import "../env/index.mjs";
+import { BetterAuthError } from "../error/index.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/salesforce.ts
+const salesforce = (options) => {
+	const isSandbox = (options.environment ?? "production") === "sandbox";
+	const authorizationEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/authorize` : isSandbox ? "https://test.salesforce.com/services/oauth2/authorize" : "https://login.salesforce.com/services/oauth2/authorize";
+	const tokenEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/token` : isSandbox ? "https://test.salesforce.com/services/oauth2/token" : "https://login.salesforce.com/services/oauth2/token";
+	const userInfoEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/userinfo` : isSandbox ? "https://test.salesforce.com/services/oauth2/userinfo" : "https://login.salesforce.com/services/oauth2/userinfo";
+	return {
+		id: "salesforce",
+		name: "Salesforce",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			if (!options.clientId || !options.clientSecret) {
+				logger.error("Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options.");
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Salesforce");
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"email",
+				"profile"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "salesforce",
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI: options.redirectURI || redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI: options.redirectURI || redirectURI,
+				options,
+				tokenEndpoint
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			try {
+				const { data: user } = await betterFetch(userInfoEndpoint, { headers: { Authorization: `Bearer ${token.accessToken}` } });
+				if (!user) {
+					logger.error("Failed to fetch user info from Salesforce");
+					return null;
+				}
+				const userMap = await options.mapProfileToUser?.(user);
+				return {
+					user: {
+						id: user.user_id,
+						name: user.name,
+						email: user.email,
+						image: user.photos?.picture || user.photos?.thumbnail,
+						emailVerified: user.email_verified ?? false,
+						...userMap
+					},
+					data: user
+				};
+			} catch (error) {
+				logger.error("Failed to fetch user info from Salesforce:", error);
+				return null;
+			}
+		},
+		options
+	};
+};
+
+//#endregion
+export { salesforce };

package/dist/social-providers/slack.d.mts

@@ -0,0 +1,85 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/slack.d.ts
+interface SlackProfile extends Record<string, any> {
+  ok: boolean;
+  sub: string;
+  "https://slack.com/user_id": string;
+  "https://slack.com/team_id": string;
+  email: string;
+  email_verified: boolean;
+  date_email_verified: number;
+  name: string;
+  picture: string;
+  given_name: string;
+  family_name: string;
+  locale: string;
+  "https://slack.com/team_name": string;
+  "https://slack.com/team_domain": string;
+  "https://slack.com/user_image_24": string;
+  "https://slack.com/user_image_32": string;
+  "https://slack.com/user_image_48": string;
+  "https://slack.com/user_image_72": string;
+  "https://slack.com/user_image_192": string;
+  "https://slack.com/user_image_512": string;
+  "https://slack.com/team_image_34": string;
+  "https://slack.com/team_image_44": string;
+  "https://slack.com/team_image_68": string;
+  "https://slack.com/team_image_88": string;
+  "https://slack.com/team_image_102": string;
+  "https://slack.com/team_image_132": string;
+  "https://slack.com/team_image_230": string;
+  "https://slack.com/team_image_default": boolean;
+}
+interface SlackOptions extends ProviderOptions<SlackProfile> {
+  clientId: string;
+}
+declare const slack: (options: SlackOptions) => {
+  id: "slack";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): URL;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: SlackOptions;
+};
+//#endregion
+export { SlackOptions, SlackProfile, slack };

package/dist/social-providers/slack.mjs

@@ -0,0 +1,68 @@
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/slack.ts
+const slack = (options) => {
+	return {
+		id: "slack",
+		name: "Slack",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email"
+			];
+			if (scopes) _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
+			const url = new URL("https://slack.com/openid/connect/authorize");
+			url.searchParams.set("scope", _scopes.join(" "));
+			url.searchParams.set("response_type", "code");
+			url.searchParams.set("client_id", options.clientId);
+			url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
+			url.searchParams.set("state", state);
+			return url;
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://slack.com/api/openid.connect.token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://slack.com/api/openid.connect.token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://slack.com/api/openid.connect.userInfo", { headers: { authorization: `Bearer ${token.accessToken}` } });
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile["https://slack.com/user_id"],
+					name: profile.name || "",
+					email: profile.email,
+					emailVerified: profile.email_verified,
+					image: profile.picture || profile["https://slack.com/user_image_512"],
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { slack };