@better-auth/core 1.4.12-beta.2 → 1.4.13

package/dist/social-providers/twitter.mjs

@@ -0,0 +1,87 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/twitter.ts
+const twitter = (options) => {
+	return {
+		id: "twitter",
+		name: "Twitter",
+		createAuthorizationURL(data) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"users.read",
+				"tweet.read",
+				"offline.access",
+				"users.email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (data.scopes) _scopes.push(...data.scopes);
+			return createAuthorizationURL({
+				id: "twitter",
+				options,
+				authorizationEndpoint: "https://x.com/i/oauth2/authorize",
+				scopes: _scopes,
+				state: data.state,
+				codeVerifier: data.codeVerifier,
+				redirectURI: data.redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				authentication: "basic",
+				redirectURI,
+				options,
+				tokenEndpoint: "https://api.x.com/2/oauth2/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				authentication: "basic",
+				tokenEndpoint: "https://api.x.com/2/oauth2/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error: profileError } = await betterFetch("https://api.x.com/2/users/me?user.fields=profile_image_url", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (profileError) return null;
+			const { data: emailData, error: emailError } = await betterFetch("https://api.x.com/2/users/me?user.fields=confirmed_email", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			let emailVerified = false;
+			if (!emailError && emailData?.data?.confirmed_email) {
+				profile.data.email = emailData.data.confirmed_email;
+				emailVerified = true;
+			}
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.data.id,
+					name: profile.data.name,
+					email: profile.data.email || profile.data.username || null,
+					image: profile.data.profile_image_url,
+					emailVerified,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { twitter };

package/dist/social-providers/vercel.d.mts

@@ -0,0 +1,64 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/vercel.d.ts
+interface VercelProfile {
+  sub: string;
+  name?: string;
+  preferred_username?: string;
+  email?: string;
+  email_verified?: boolean;
+  picture?: string;
+}
+interface VercelOptions extends ProviderOptions<VercelProfile> {
+  clientId: string;
+}
+declare const vercel: (options: VercelOptions) => {
+  id: "vercel";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: VercelOptions;
+};
+//#endregion
+export { VercelOptions, VercelProfile, vercel };

package/dist/social-providers/vercel.mjs

@@ -0,0 +1,61 @@
+import { BetterAuthError } from "../error/index.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/vercel.ts
+const vercel = (options) => {
+	return {
+		id: "vercel",
+		name: "Vercel",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Vercel");
+			let _scopes = void 0;
+			if (options.scope !== void 0 || scopes !== void 0) {
+				_scopes = [];
+				if (options.scope) _scopes.push(...options.scope);
+				if (scopes) _scopes.push(...scopes);
+			}
+			return createAuthorizationURL({
+				id: "vercel",
+				options,
+				authorizationEndpoint: "https://vercel.com/oauth/authorize",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://api.vercel.com/login/oauth/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://api.vercel.com/login/oauth/userinfo", { headers: { Authorization: `Bearer ${token.accessToken}` } });
+			if (error || !profile) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.sub,
+					name: profile.name ?? profile.preferred_username,
+					email: profile.email,
+					image: profile.picture,
+					emailVerified: profile.email_verified ?? false,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { vercel };

package/dist/social-providers/vk.d.mts

@@ -0,0 +1,72 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/vk.d.ts
+interface VkProfile {
+  user: {
+    user_id: string;
+    first_name: string;
+    last_name: string;
+    email?: string | undefined;
+    phone?: number | undefined;
+    avatar?: string | undefined;
+    sex?: number | undefined;
+    verified?: boolean | undefined;
+    birthday: string;
+  };
+}
+interface VkOption extends ProviderOptions {
+  clientId: string;
+  scheme?: ("light" | "dark") | undefined;
+}
+declare const vk: (options: VkOption) => {
+  id: "vk";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI,
+    deviceId
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(data: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: VkOption;
+};
+//#endregion
+export { VkOption, VkProfile, vk };

package/dist/social-providers/vk.mjs

@@ -0,0 +1,83 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/vk.ts
+const vk = (options) => {
+	return {
+		id: "vk",
+		name: "VK",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["email", "phone"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "vk",
+				options,
+				authorizationEndpoint: "https://id.vk.com/authorize",
+				scopes: _scopes,
+				state,
+				redirectURI,
+				codeVerifier
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI, deviceId }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI: options.redirectURI || redirectURI,
+				options,
+				deviceId,
+				tokenEndpoint: "https://id.vk.com/oauth2/auth"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://id.vk.com/oauth2/auth"
+			});
+		},
+		async getUserInfo(data) {
+			if (options.getUserInfo) return options.getUserInfo(data);
+			if (!data.accessToken) return null;
+			const formBody = new URLSearchParams({
+				access_token: data.accessToken,
+				client_id: options.clientId
+			}).toString();
+			const { data: profile, error } = await betterFetch("https://id.vk.com/oauth2/user_info", {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: formBody
+			});
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			if (!profile.user.email && !userMap?.email) return null;
+			return {
+				user: {
+					id: profile.user.user_id,
+					first_name: profile.user.first_name,
+					last_name: profile.user.last_name,
+					email: profile.user.email,
+					image: profile.user.avatar,
+					emailVerified: false,
+					birthday: profile.user.birthday,
+					sex: profile.user.sex,
+					name: `${profile.user.first_name} ${profile.user.last_name}`,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { vk };

package/dist/social-providers/zoom.d.mts

@@ -0,0 +1,173 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/zoom.d.ts
+type LoginType = 0 /** Facebook OAuth */ | 1 /** Google OAuth */ | 24 /** Apple OAuth */ | 27 /** Microsoft OAuth */ | 97 /** Mobile device */ | 98 /** RingCentral OAuth */ | 99 /** API user */ | 100 /** Zoom Work email */ | 101;
+/** Single Sign-On (SSO) */
+type AccountStatus = "pending" | "active" | "inactive";
+type PronounOption = 1 /** Ask the user every time */ | 2 /** Always display */ | 3;
+/** Do not display */
+interface PhoneNumber {
+  /** The country code of the phone number (Example: "+1") */
+  code: string;
+  /** The country of the phone number (Example: "US") */
+  country: string;
+  /** The label for the phone number (Example: "Mobile") */
+  label: string;
+  /** The phone number itself (Example: "800000000") */
+  number: string;
+  /** Whether the phone number has been verified (Example: true) */
+  verified: boolean;
+}
+/**
+ * See the full documentation below:
+ * https://developers.zoom.us/docs/api/users/#tag/users/GET/users/{userId}
+ */
+interface ZoomProfile extends Record<string, any> {
+  /** The user's account ID (Example: "q6gBJVO5TzexKYTb_I2rpg") */
+  account_id: string;
+  /** The user's account number (Example: 10009239) */
+  account_number: number;
+  /** The user's cluster (Example: "us04") */
+  cluster: string;
+  /** The user's CMS ID. Only enabled for Kaltura integration (Example: "KDcuGIm1QgePTO8WbOqwIQ") */
+  cms_user_id: string;
+  /** The user's cost center (Example: "cost center") */
+  cost_center: string;
+  /** User create time (Example: "2018-10-31T04:32:37Z") */
+  created_at: string;
+  /** Department (Example: "Developers") */
+  dept: string;
+  /** User's display name (Example: "Jill Chill") */
+  display_name: string;
+  /** User's email address (Example: "jchill@example.com") */
+  email: string;
+  /** User's first name (Example: "Jill") */
+  first_name: string;
+  /** IDs of the web groups that the user belongs to (Example: ["RSMaSp8sTEGK0_oamiA2_w"]) */
+  group_ids: string[];
+  /** User ID (Example: "zJKyaiAyTNC-MWjiWC18KQ") */
+  id: string;
+  /** IM IDs of the groups that the user belongs to (Example: ["t-_-d56CSWG-7BF15LLrOw"]) */
+  im_group_ids: string[];
+  /** The user's JID (Example: "jchill@example.com") */
+  jid: string;
+  /** The user's job title (Example: "API Developer") */
+  job_title: string;
+  /** Default language for the Zoom Web Portal (Example: "en-US") */
+  language: string;
+  /** User last login client version (Example: "5.9.6.4993(mac)") */
+  last_client_version: string;
+  /** User last login time (Example: "2021-05-05T20:40:30Z") */
+  last_login_time: string;
+  /** User's last name (Example: "Chill") */
+  last_name: string;
+  /** The time zone of the user (Example: "Asia/Shanghai") */
+  timezone: string;
+  /** User's location (Example: "Paris") */
+  location: string;
+  /** The user's login method (Example: 101) */
+  login_types: LoginType[];
+  /** User's personal meeting URL (Example: "example.com") */
+  personal_meeting_url: string;
+  /** This field has been deprecated and will not be supported in the future.
+   * Use the phone_numbers field instead of this field.
+   * The user's phone number (Example: "+1 800000000") */
+  phone_number?: string | undefined;
+  /** The URL for user's profile picture (Example: "example.com") */
+  pic_url: string;
+  /** Personal Meeting ID (PMI) (Example: 3542471135) */
+  pmi: number;
+  /** Unique identifier of the user's assigned role (Example: "0") */
+  role_id: string;
+  /** User's role name (Example: "Admin") */
+  role_name: string;
+  /** Status of user's account (Example: "pending") */
+  status: AccountStatus;
+  /** Use the personal meeting ID (PMI) for instant meetings (Example: false) */
+  use_pmi: boolean;
+  /** The time and date when the user was created (Example: "2018-10-31T04:32:37Z") */
+  user_created_at: string;
+  /** Displays whether user is verified or not (Example: 1) */
+  verified: number;
+  /** The user's Zoom Workplace plan option (Example: 64) */
+  zoom_one_type: number;
+  /** The user's company (Example: "Jill") */
+  company?: string | undefined;
+  /** Custom attributes that have been assigned to the user (Example: [{ "key": "cbf_cywdkexrtqc73f97gd4w6g", "name": "A1", "value": "1" }]) */
+  custom_attributes?: {
+    key: string;
+    name: string;
+    value: string;
+  }[] | undefined;
+  /** The employee's unique ID. This field only returns when SAML single sign-on (SSO) is enabled. The `login_type` value is `101` (SSO) (Example: "HqDyI037Qjili1kNsSIrIg") */
+  employee_unique_id?: string | undefined;
+  /** The manager for the user (Example: "thill@example.com") */
+  manager?: string | undefined;
+  /** The user's country for the company phone number (Example: "US")
+   * @deprecated true */
+  phone_country?: string | undefined;
+  /** The phone number's ISO country code (Example: "+1") */
+  phone_numbers?: PhoneNumber[] | undefined;
+  /** The user's plan type (Example: "1") */
+  plan_united_type?: string | undefined;
+  /** The user's pronouns (Example: "3123") */
+  pronouns?: string | undefined;
+  /** The user's display pronouns setting (Example: 1) */
+  pronouns_option?: PronounOption | undefined;
+  /** Personal meeting room URL, if the user has one (Example: "example.com") */
+  vanity_url?: string | undefined;
+}
+interface ZoomOptions extends ProviderOptions<ZoomProfile> {
+  clientId: string;
+  pkce?: boolean | undefined;
+}
+declare const zoom: (userOptions: ZoomOptions) => {
+  id: "zoom";
+  name: string;
+  createAuthorizationURL: ({
+    state,
+    redirectURI,
+    codeVerifier
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }) => Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI,
+    codeVerifier
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name
+      /** The user's cluster (Example: "us04") */? /** The user's cluster (Example: "us04") */: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+};
+//#endregion
+export { AccountStatus, LoginType, PhoneNumber, PronounOption, ZoomOptions, ZoomProfile, zoom };

package/dist/social-providers/zoom.mjs

@@ -0,0 +1,72 @@
+import { generateCodeChallenge } from "../oauth2/utils.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/zoom.ts
+const zoom = (userOptions) => {
+	const options = {
+		pkce: true,
+		...userOptions
+	};
+	return {
+		id: "zoom",
+		name: "Zoom",
+		createAuthorizationURL: async ({ state, redirectURI, codeVerifier }) => {
+			const params = new URLSearchParams({
+				response_type: "code",
+				redirect_uri: options.redirectURI ? options.redirectURI : redirectURI,
+				client_id: options.clientId,
+				state
+			});
+			if (options.pkce) {
+				const codeChallenge = await generateCodeChallenge(codeVerifier);
+				params.set("code_challenge_method", "S256");
+				params.set("code_challenge", codeChallenge);
+			}
+			const url = new URL("https://zoom.us/oauth/authorize");
+			url.search = params.toString();
+			return url;
+		},
+		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI: options.redirectURI || redirectURI,
+				codeVerifier,
+				options,
+				tokenEndpoint: "https://zoom.us/oauth/token",
+				authentication: "post"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => refreshAccessToken({
+			refreshToken,
+			options: {
+				clientId: options.clientId,
+				clientKey: options.clientKey,
+				clientSecret: options.clientSecret
+			},
+			tokenEndpoint: "https://zoom.us/oauth/token"
+		}),
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://api.zoom.us/v2/users/me", { headers: { authorization: `Bearer ${token.accessToken}` } });
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.display_name,
+					image: profile.pic_url,
+					email: profile.email,
+					emailVerified: Boolean(profile.verified),
+					...userMap
+				},
+				data: { ...profile }
+			};
+		}
+	};
+};
+
+//#endregion
+export { zoom };