@better-auth/core 1.4.12-beta.2 → 1.4.13

package/dist/social-providers/spotify.d.mts

@@ -0,0 +1,65 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/spotify.d.ts
+interface SpotifyProfile {
+  id: string;
+  display_name: string;
+  email: string;
+  images: {
+    url: string;
+  }[];
+}
+interface SpotifyOptions extends ProviderOptions<SpotifyProfile> {
+  clientId: string;
+}
+declare const spotify: (options: SpotifyOptions) => {
+  id: "spotify";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: SpotifyOptions;
+};
+//#endregion
+export { SpotifyOptions, SpotifyProfile, spotify };

package/dist/social-providers/spotify.mjs

@@ -0,0 +1,71 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/spotify.ts
+const spotify = (options) => {
+	return {
+		id: "spotify",
+		name: "Spotify",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user-read-email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "spotify",
+				options,
+				authorizationEndpoint: "https://accounts.spotify.com/authorize",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://accounts.spotify.com/api/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://accounts.spotify.com/api/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://api.spotify.com/v1/me", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.display_name,
+					email: profile.email,
+					image: profile.images[0]?.url,
+					emailVerified: false,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { spotify };

package/dist/social-providers/tiktok.d.mts

@@ -0,0 +1,171 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/tiktok.d.ts
+/**
+ * [More info](https://developers.tiktok.com/doc/tiktok-api-v2-get-user-info/)
+ */
+interface TiktokProfile extends Record<string, any> {
+  data: {
+    user: {
+      /**
+       * The unique identification of the user in the current application.Open id
+       * for the client.
+       *
+       * To return this field, add `fields=open_id` in the user profile request's query parameter.
+       */
+      open_id: string;
+      /**
+       * The unique identification of the user across different apps for the same developer.
+       * For example, if a partner has X number of clients,
+       * it will get X number of open_id for the same TikTok user,
+       * but one persistent union_id for the particular user.
+       *
+       * To return this field, add `fields=union_id` in the user profile request's query parameter.
+       */
+      union_id?: string | undefined;
+      /**
+       * User's profile image.
+       *
+       * To return this field, add `fields=avatar_url` in the user profile request's query parameter.
+       */
+      avatar_url?: string | undefined;
+      /**
+       * User`s profile image in 100x100 size.
+       *
+       * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.
+       */
+      avatar_url_100?: string | undefined;
+      /**
+       * User's profile image with higher resolution
+       *
+       * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.
+       */
+      avatar_large_url: string;
+      /**
+       * User's profile name
+       *
+       * To return this field, add `fields=display_name` in the user profile request's query parameter.
+       */
+      display_name: string;
+      /**
+       * User's username.
+       *
+       * To return this field, add `fields=username` in the user profile request's query parameter.
+       */
+      username: string;
+      /** @note Email is currently unsupported by TikTok  */
+      email?: string | undefined;
+      /**
+       * User's bio description if there is a valid one.
+       *
+       * To return this field, add `fields=bio_description` in the user profile request's query parameter.
+       */
+      bio_description?: string | undefined;
+      /**
+       * The link to user's TikTok profile page.
+       *
+       * To return this field, add `fields=profile_deep_link` in the user profile request's query parameter.
+       */
+      profile_deep_link?: string | undefined;
+      /**
+       * Whether TikTok has provided a verified badge to the account after confirming
+       * that it belongs to the user it represents.
+       *
+       * To return this field, add `fields=is_verified` in the user profile request's query parameter.
+       */
+      is_verified?: boolean | undefined;
+      /**
+       * User's followers count.
+       *
+       * To return this field, add `fields=follower_count` in the user profile request's query parameter.
+       */
+      follower_count?: number | undefined;
+      /**
+       * The number of accounts that the user is following.
+       *
+       * To return this field, add `fields=following_count` in the user profile request's query parameter.
+       */
+      following_count?: number | undefined;
+      /**
+       * The total number of likes received by the user across all of their videos.
+       *
+       * To return this field, add `fields=likes_count` in the user profile request's query parameter.
+       */
+      likes_count?: number | undefined;
+      /**
+       * The total number of publicly posted videos by the user.
+       *
+       * To return this field, add `fields=video_count` in the user profile request's query parameter.
+       */
+      video_count?: number | undefined;
+    };
+  };
+  error?: {
+    /**
+     * The error category in string.
+     */
+    code?: string;
+    /**
+     * The error message in string.
+     */
+    message?: string;
+    /**
+     * The error message in string.
+     */
+    log_id?: string;
+  } | undefined;
+}
+interface TiktokOptions extends ProviderOptions {
+  clientId?: never | undefined;
+  clientSecret: string;
+  clientKey: string;
+}
+declare const tiktok: (options: TiktokOptions) => {
+  id: "tiktok";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): URL;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: TiktokOptions;
+};
+//#endregion
+export { TiktokOptions, TiktokProfile, tiktok };

package/dist/social-providers/tiktok.mjs

@@ -0,0 +1,62 @@
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/tiktok.ts
+const tiktok = (options) => {
+	return {
+		id: "tiktok",
+		name: "TikTok",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user.info.profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return new URL(`https://www.tiktok.com/v2/auth/authorize?scope=${_scopes.join(",")}&response_type=code&client_key=${options.clientKey}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}`);
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI: options.redirectURI || redirectURI,
+				options: {
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: { clientSecret: options.clientSecret },
+				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/",
+				authentication: "post",
+				extraParams: { client_key: options.clientKey }
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch(`https://open.tiktokapis.com/v2/user/info/?fields=${[
+				"open_id",
+				"avatar_large_url",
+				"display_name",
+				"username"
+			].join(",")}`, { headers: { authorization: `Bearer ${token.accessToken}` } });
+			if (error) return null;
+			return {
+				user: {
+					email: profile.data.user.email || profile.data.user.username,
+					id: profile.data.user.open_id,
+					name: profile.data.user.display_name || profile.data.user.username,
+					image: profile.data.user.avatar_large_url,
+					emailVerified: false
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { tiktok };

package/dist/social-providers/twitch.d.mts

@@ -0,0 +1,81 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/twitch.d.ts
+/**
+ * @see https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#requesting-claims
+ */
+interface TwitchProfile {
+  /**
+   * The sub of the user
+   */
+  sub: string;
+  /**
+   * The preferred username of the user
+   */
+  preferred_username: string;
+  /**
+   * The email of the user
+   */
+  email: string;
+  /**
+   * Indicate if this user has a verified email.
+   */
+  email_verified: boolean;
+  /**
+   * The picture of the user
+   */
+  picture: string;
+}
+interface TwitchOptions extends ProviderOptions<TwitchProfile> {
+  clientId: string;
+  claims?: string[] | undefined;
+}
+declare const twitch: (options: TwitchOptions) => {
+  id: "twitch";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: TwitchOptions;
+};
+//#endregion
+export { TwitchOptions, TwitchProfile, twitch };

package/dist/social-providers/twitch.mjs

@@ -0,0 +1,78 @@
+import { logger } from "../env/logger.mjs";
+import "../env/index.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { decodeJwt } from "jose";
+
+//#region src/social-providers/twitch.ts
+const twitch = (options) => {
+	return {
+		id: "twitch",
+		name: "Twitch",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user:read:email", "openid"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "twitch",
+				redirectURI,
+				options,
+				authorizationEndpoint: "https://id.twitch.tv/oauth2/authorize",
+				scopes: _scopes,
+				state,
+				claims: options.claims || [
+					"email",
+					"email_verified",
+					"preferred_username",
+					"picture"
+				]
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const idToken = token.idToken;
+			if (!idToken) {
+				logger.error("No idToken found in token");
+				return null;
+			}
+			const profile = decodeJwt(idToken);
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.sub,
+					name: profile.preferred_username,
+					email: profile.email,
+					image: profile.picture,
+					emailVerified: profile.email_verified,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { twitch };

package/dist/social-providers/twitter.d.mts

@@ -0,0 +1,140 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/twitter.d.ts
+interface TwitterProfile {
+  data: {
+    /**
+     * Unique identifier of this user. This is returned as a string in order to avoid complications with languages and tools
+     * that cannot handle large integers.
+     */
+    id: string;
+    /** The friendly name of this user, as shown on their profile. */
+    name: string;
+    /** The email address of this user. */
+    email?: string | undefined;
+    /** The Twitter handle (screen name) of this user. */
+    username: string;
+    /**
+     * The location specified in the user's profile, if the user provided one.
+     * As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries.
+     *
+     * To return this field, add `user.fields=location` in the authorization request's query parameter.
+     */
+    location?: string | undefined;
+    /**
+     * This object and its children fields contain details about text that has a special meaning in the user's description.
+     *
+     *To return this field, add `user.fields=entities` in the authorization request's query parameter.
+     */
+    entities?: {
+      /** Contains details about the user's profile website. */
+      url: {
+        /** Contains details about the user's profile website. */
+        urls: Array<{
+          /** The start position (zero-based) of the recognized user's profile website. All start indices are inclusive. */
+          start: number;
+          /** The end position (zero-based) of the recognized user's profile website. This end index is exclusive. */
+          end: number;
+          /** The URL in the format entered by the user. */
+          url: string;
+          /** The fully resolved URL. */
+          expanded_url: string;
+          /** The URL as displayed in the user's profile. */
+          display_url: string;
+        }>;
+      };
+      /** Contains details about URLs, Hashtags, Cashtags, or mentions located within a user's description. */
+      description: {
+        hashtags: Array<{
+          start: number;
+          end: number;
+          tag: string;
+        }>;
+      };
+    } | undefined;
+    /**
+     * Indicate if this user is a verified Twitter user.
+     *
+     * To return this field, add `user.fields=verified` in the authorization request's query parameter.
+     */
+    verified?: boolean | undefined;
+    /**
+     * The text of this user's profile description (also known as bio), if the user provided one.
+     *
+     * To return this field, add `user.fields=description` in the authorization request's query parameter.
+     */
+    description?: string | undefined;
+    /**
+     * The URL specified in the user's profile, if present.
+     *
+     * To return this field, add `user.fields=url` in the authorization request's query parameter.
+     */
+    url?: string | undefined;
+    /** The URL to the profile image for this user, as shown on the user's profile. */
+    profile_image_url?: string | undefined;
+    protected?: boolean | undefined;
+    /**
+     * Unique identifier of this user's pinned Tweet.
+     *
+     *  You can obtain the expanded object in `includes.tweets` by adding `expansions=pinned_tweet_id` in the authorization request's query parameter.
+     */
+    pinned_tweet_id?: string | undefined;
+    created_at?: string | undefined;
+  };
+  includes?: {
+    tweets?: Array<{
+      id: string;
+      text: string;
+    }>;
+  } | undefined;
+  [claims: string]: unknown;
+}
+interface TwitterOption extends ProviderOptions<TwitterProfile> {
+  clientId: string;
+}
+declare const twitter: (options: TwitterOption) => {
+  id: "twitter";
+  name: string;
+  createAuthorizationURL(data: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: TwitterOption;
+};
+//#endregion
+export { TwitterOption, TwitterProfile, twitter };