npm - @better-auth/core - Versions diffs - 1.5.0-beta.2 → 1.5.0-beta.20 - Mend

@better-auth/core 1.5.0-beta.2 → 1.5.0-beta.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (331) hide show

package/LICENSE.md +15 -12
package/README.md +17 -0
package/dist/api/index.d.mts +280 -2
package/dist/api/index.mjs +4 -2
package/dist/api/index.mjs.map +1 -0
package/dist/async_hooks/index.d.mts +2 -1
package/dist/async_hooks/index.mjs +2 -1
package/dist/async_hooks/index.mjs.map +1 -0
package/dist/async_hooks/pure.index.d.mts +2 -1
package/dist/async_hooks/pure.index.mjs +2 -1
package/dist/async_hooks/pure.index.mjs.map +1 -0
package/dist/context/endpoint-context.d.mts +20 -0
package/dist/context/endpoint-context.mjs +32 -0
package/dist/context/endpoint-context.mjs.map +1 -0
package/dist/context/global.d.mts +7 -0
package/dist/context/global.mjs +38 -0
package/dist/context/global.mjs.map +1 -0
package/dist/context/index.d.mts +5 -53
package/dist/context/index.mjs +5 -2
package/dist/context/request-state.d.mts +28 -0
package/dist/context/request-state.mjs +50 -0
package/dist/context/request-state.mjs.map +1 -0
package/dist/context/transaction.d.mts +25 -0
package/dist/context/transaction.mjs +96 -0
package/dist/context/transaction.mjs.map +1 -0
package/dist/db/adapter/factory.d.mts +20 -0
package/dist/db/adapter/factory.mjs +725 -0
package/dist/db/adapter/factory.mjs.map +1 -0
package/dist/db/adapter/get-default-field-name.d.mts +19 -0
package/dist/db/adapter/get-default-field-name.mjs +39 -0
package/dist/db/adapter/get-default-field-name.mjs.map +1 -0
package/dist/db/adapter/get-default-model-name.d.mts +13 -0
package/dist/db/adapter/get-default-model-name.mjs +33 -0
package/dist/db/adapter/get-default-model-name.mjs.map +1 -0
package/dist/db/adapter/get-field-attributes.d.mts +30 -0
package/dist/db/adapter/get-field-attributes.mjs +40 -0
package/dist/db/adapter/get-field-attributes.mjs.map +1 -0
package/dist/db/adapter/get-field-name.d.mts +19 -0
package/dist/db/adapter/get-field-name.mjs +34 -0
package/dist/db/adapter/get-field-name.mjs.map +1 -0
package/dist/db/adapter/get-id-field.d.mts +40 -0
package/dist/db/adapter/get-id-field.mjs +68 -0
package/dist/db/adapter/get-id-field.mjs.map +1 -0
package/dist/db/adapter/get-model-name.d.mts +13 -0
package/dist/db/adapter/get-model-name.mjs +24 -0
package/dist/db/adapter/get-model-name.mjs.map +1 -0
package/dist/db/adapter/index.d.mts +520 -2
package/dist/db/adapter/index.mjs +27 -972
package/dist/db/adapter/index.mjs.map +1 -0
package/dist/db/adapter/types.d.mts +108 -0
package/dist/db/adapter/utils.d.mts +8 -0
package/dist/db/adapter/utils.mjs +39 -0
package/dist/db/adapter/utils.mjs.map +1 -0
package/dist/db/get-tables.d.mts +9 -0
package/dist/{get-tables-CMc_Emww.mjs → db/get-tables.mjs} +52 -39
package/dist/db/get-tables.mjs.map +1 -0
package/dist/db/index.d.mts +10 -2
package/dist/db/index.mjs +7 -60
package/dist/db/plugin.d.mts +13 -0
package/dist/db/schema/account.d.mts +30 -0
package/dist/db/schema/account.mjs +20 -0
package/dist/db/schema/account.mjs.map +1 -0
package/dist/db/schema/rate-limit.d.mts +20 -0
package/dist/db/schema/rate-limit.mjs +12 -0
package/dist/db/schema/rate-limit.mjs.map +1 -0
package/dist/db/schema/session.d.mts +25 -0
package/dist/db/schema/session.mjs +15 -0
package/dist/db/schema/session.mjs.map +1 -0
package/dist/db/schema/shared.d.mts +11 -0
package/dist/db/schema/shared.mjs +12 -0
package/dist/db/schema/shared.mjs.map +1 -0
package/dist/db/schema/user.d.mts +24 -0
package/dist/db/schema/user.mjs +14 -0
package/dist/db/schema/user.mjs.map +1 -0
package/dist/db/schema/verification.d.mts +23 -0
package/dist/db/schema/verification.mjs +13 -0
package/dist/db/schema/verification.mjs.map +1 -0
package/dist/db/type.d.mts +169 -0
package/dist/env/color-depth.d.mts +5 -0
package/dist/env/color-depth.mjs +89 -0
package/dist/env/color-depth.mjs.map +1 -0
package/dist/env/env-impl.d.mts +33 -0
package/dist/env/env-impl.mjs +83 -0
package/dist/env/env-impl.mjs.map +1 -0
package/dist/env/index.d.mts +4 -2
package/dist/env/index.mjs +3 -1
package/dist/{index-BRBu0-5h.d.mts → env/logger.d.mts} +2 -35
package/dist/env/logger.mjs +82 -0
package/dist/env/logger.mjs.map +1 -0
package/dist/error/codes.d.mts +69 -0
package/dist/{error-C7mY-p0f.mjs → error/codes.mjs} +7 -30
package/dist/error/codes.mjs.map +1 -0
package/dist/error/index.d.mts +6 -187
package/dist/error/index.mjs +29 -4
package/dist/error/index.mjs.map +1 -0
package/dist/index.d.mts +8 -2
package/dist/oauth2/client-credentials-token.d.mts +58 -0
package/dist/oauth2/client-credentials-token.mjs +67 -0
package/dist/oauth2/client-credentials-token.mjs.map +1 -0
package/dist/oauth2/create-authorization-url.d.mts +48 -0
package/dist/oauth2/create-authorization-url.mjs +44 -0
package/dist/oauth2/create-authorization-url.mjs.map +1 -0
package/dist/oauth2/index.d.mts +8 -2
package/dist/oauth2/index.mjs +7 -3
package/dist/oauth2/oauth-provider.d.mts +195 -0
package/dist/oauth2/refresh-access-token.d.mts +56 -0
package/dist/oauth2/refresh-access-token.mjs +76 -0
package/dist/oauth2/refresh-access-token.mjs.map +1 -0
package/dist/oauth2/utils.d.mts +8 -0
package/dist/oauth2/utils.mjs +28 -0
package/dist/oauth2/utils.mjs.map +1 -0
package/dist/oauth2/validate-authorization-code.d.mts +88 -0
package/dist/oauth2/validate-authorization-code.mjs +83 -0
package/dist/oauth2/validate-authorization-code.mjs.map +1 -0
package/dist/oauth2/verify.d.mts +43 -0
package/dist/oauth2/verify.mjs +96 -0
package/dist/oauth2/verify.mjs.map +1 -0
package/dist/social-providers/apple.d.mts +120 -0
package/dist/social-providers/apple.mjs +105 -0
package/dist/social-providers/apple.mjs.map +1 -0
package/dist/social-providers/atlassian.d.mts +73 -0
package/dist/social-providers/atlassian.mjs +84 -0
package/dist/social-providers/atlassian.mjs.map +1 -0
package/dist/social-providers/cognito.d.mts +88 -0
package/dist/social-providers/cognito.mjs +166 -0
package/dist/social-providers/cognito.mjs.map +1 -0
package/dist/social-providers/discord.d.mts +127 -0
package/dist/social-providers/discord.mjs +65 -0
package/dist/social-providers/discord.mjs.map +1 -0
package/dist/social-providers/dropbox.d.mts +72 -0
package/dist/social-providers/dropbox.mjs +76 -0
package/dist/social-providers/dropbox.mjs.map +1 -0
package/dist/social-providers/facebook.d.mts +82 -0
package/dist/social-providers/facebook.mjs +121 -0
package/dist/social-providers/facebook.mjs.map +1 -0
package/dist/social-providers/figma.d.mts +64 -0
package/dist/social-providers/figma.mjs +87 -0
package/dist/social-providers/figma.mjs.map +1 -0
package/dist/social-providers/github.d.mts +105 -0
package/dist/social-providers/github.mjs +97 -0
package/dist/social-providers/github.mjs.map +1 -0
package/dist/social-providers/gitlab.d.mts +126 -0
package/dist/social-providers/gitlab.mjs +83 -0
package/dist/social-providers/gitlab.mjs.map +1 -0
package/dist/social-providers/google.d.mts +100 -0
package/dist/social-providers/google.mjs +113 -0
package/dist/social-providers/google.mjs.map +1 -0
package/dist/social-providers/huggingface.d.mts +86 -0
package/dist/social-providers/huggingface.mjs +76 -0
package/dist/social-providers/huggingface.mjs.map +1 -0
package/dist/social-providers/index.d.mts +1777 -2
package/dist/social-providers/index.mjs +37 -2570
package/dist/social-providers/index.mjs.map +1 -0
package/dist/social-providers/kakao.d.mts +164 -0
package/dist/social-providers/kakao.mjs +73 -0
package/dist/social-providers/kakao.mjs.map +1 -0
package/dist/social-providers/kick.d.mts +76 -0
package/dist/social-providers/kick.mjs +72 -0
package/dist/social-providers/kick.mjs.map +1 -0
package/dist/social-providers/line.d.mts +108 -0
package/dist/social-providers/line.mjs +114 -0
package/dist/social-providers/line.mjs.map +1 -0
package/dist/social-providers/linear.d.mts +71 -0
package/dist/social-providers/linear.mjs +89 -0
package/dist/social-providers/linear.mjs.map +1 -0
package/dist/social-providers/linkedin.d.mts +70 -0
package/dist/social-providers/linkedin.mjs +77 -0
package/dist/social-providers/linkedin.mjs.map +1 -0
package/dist/social-providers/microsoft-entra-id.d.mts +177 -0
package/dist/social-providers/microsoft-entra-id.mjs +140 -0
package/dist/social-providers/microsoft-entra-id.mjs.map +1 -0
package/dist/social-providers/naver.d.mts +95 -0
package/dist/social-providers/naver.mjs +68 -0
package/dist/social-providers/naver.mjs.map +1 -0
package/dist/social-providers/notion.d.mts +67 -0
package/dist/social-providers/notion.mjs +76 -0
package/dist/social-providers/notion.mjs.map +1 -0
package/dist/social-providers/paybin.d.mts +74 -0
package/dist/social-providers/paybin.mjs +86 -0
package/dist/social-providers/paybin.mjs.map +1 -0
package/dist/social-providers/paypal.d.mts +132 -0
package/dist/social-providers/paypal.mjs +145 -0
package/dist/social-providers/paypal.mjs.map +1 -0
package/dist/social-providers/polar.d.mts +77 -0
package/dist/social-providers/polar.mjs +74 -0
package/dist/social-providers/polar.mjs.map +1 -0
package/dist/social-providers/railway.d.mts +68 -0
package/dist/social-providers/railway.mjs +78 -0
package/dist/social-providers/railway.mjs.map +1 -0
package/dist/social-providers/reddit.d.mts +65 -0
package/dist/social-providers/reddit.mjs +84 -0
package/dist/social-providers/reddit.mjs.map +1 -0
package/dist/social-providers/roblox.d.mts +73 -0
package/dist/social-providers/roblox.mjs +60 -0
package/dist/social-providers/roblox.mjs.map +1 -0
package/dist/social-providers/salesforce.d.mts +82 -0
package/dist/social-providers/salesforce.mjs +92 -0
package/dist/social-providers/salesforce.mjs.map +1 -0
package/dist/social-providers/slack.d.mts +86 -0
package/dist/social-providers/slack.mjs +69 -0
package/dist/social-providers/slack.mjs.map +1 -0
package/dist/social-providers/spotify.d.mts +66 -0
package/dist/social-providers/spotify.mjs +72 -0
package/dist/social-providers/spotify.mjs.map +1 -0
package/dist/social-providers/tiktok.d.mts +171 -0
package/dist/social-providers/tiktok.mjs +63 -0
package/dist/social-providers/tiktok.mjs.map +1 -0
package/dist/social-providers/twitch.d.mts +82 -0
package/dist/social-providers/twitch.mjs +79 -0
package/dist/social-providers/twitch.mjs.map +1 -0
package/dist/social-providers/twitter.d.mts +129 -0
package/dist/social-providers/twitter.mjs +88 -0
package/dist/social-providers/twitter.mjs.map +1 -0
package/dist/social-providers/vercel.d.mts +65 -0
package/dist/social-providers/vercel.mjs +62 -0
package/dist/social-providers/vercel.mjs.map +1 -0
package/dist/social-providers/vk.d.mts +73 -0
package/dist/social-providers/vk.mjs +84 -0
package/dist/social-providers/vk.mjs.map +1 -0
package/dist/social-providers/zoom.d.mts +166 -0
package/dist/social-providers/zoom.mjs +73 -0
package/dist/social-providers/zoom.mjs.map +1 -0
package/dist/types/context.d.mts +274 -0
package/dist/types/cookie.d.mts +16 -0
package/dist/types/helper.d.mts +11 -0
package/dist/types/index.d.mts +8 -0
package/dist/types/init-options.d.mts +1298 -0
package/dist/types/plugin-client.d.mts +113 -0
package/dist/types/plugin.d.mts +125 -0
package/dist/utils/db.d.mts +12 -0
package/dist/utils/db.mjs +17 -0
package/dist/utils/db.mjs.map +1 -0
package/dist/utils/deprecate.d.mts +10 -0
package/dist/utils/deprecate.mjs +18 -0
package/dist/utils/deprecate.mjs.map +1 -0
package/dist/utils/{index.d.mts → error-codes.d.mts} +9 -16
package/dist/utils/error-codes.mjs +12 -0
package/dist/utils/error-codes.mjs.map +1 -0
package/dist/utils/id.d.mts +5 -0
package/dist/utils/id.mjs +10 -0
package/dist/utils/id.mjs.map +1 -0
package/dist/utils/ip.d.mts +55 -0
package/dist/utils/ip.mjs +119 -0
package/dist/utils/ip.mjs.map +1 -0
package/dist/utils/json.d.mts +5 -0
package/dist/utils/json.mjs +26 -0
package/dist/utils/json.mjs.map +1 -0
package/dist/utils/string.d.mts +5 -0
package/dist/utils/string.mjs +8 -0
package/dist/utils/string.mjs.map +1 -0
package/dist/utils/url.d.mts +21 -0
package/dist/utils/url.mjs +33 -0
package/dist/utils/url.mjs.map +1 -0
package/package.json +36 -18
package/src/context/endpoint-context.ts +7 -6
package/src/context/global.ts +57 -0
package/src/context/index.ts +2 -0
package/src/context/request-state.ts +7 -6
package/src/context/transaction.ts +77 -14
package/src/db/adapter/factory.ts +54 -86
package/src/db/adapter/get-default-model-name.ts +1 -1
package/src/db/adapter/get-id-field.ts +4 -6
package/src/db/adapter/index.ts +20 -15
package/src/db/adapter/types.ts +2 -41
package/src/db/get-tables.ts +54 -37
package/src/db/index.ts +30 -5
package/src/db/schema/account.ts +16 -3
package/src/db/schema/rate-limit.ts +16 -1
package/src/db/schema/session.ts +15 -3
package/src/db/schema/user.ts +15 -3
package/src/db/schema/verification.ts +16 -3
package/src/db/test/get-tables.test.ts +33 -0
package/src/db/type.ts +154 -1
package/src/env/env-impl.ts +2 -2
package/src/env/logger.ts +1 -1
package/src/error/codes.ts +18 -1
package/src/error/index.ts +2 -3
package/src/oauth2/client-credentials-token.ts +26 -2
package/src/oauth2/create-authorization-url.ts +4 -2
package/src/oauth2/index.ts +3 -0
package/src/oauth2/oauth-provider.ts +7 -1
package/src/oauth2/refresh-access-token.test.ts +90 -0
package/src/oauth2/refresh-access-token.ts +37 -4
package/src/oauth2/validate-authorization-code.ts +55 -29
package/src/oauth2/validate-token.test.ts +229 -0
package/src/social-providers/apple.ts +38 -29
package/src/social-providers/cognito.ts +6 -5
package/src/social-providers/dropbox.ts +1 -1
package/src/social-providers/facebook.ts +3 -3
package/src/social-providers/figma.ts +5 -3
package/src/social-providers/github.ts +26 -4
package/src/social-providers/gitlab.ts +2 -2
package/src/social-providers/google.ts +18 -14
package/src/social-providers/huggingface.ts +1 -1
package/src/social-providers/index.ts +9 -5
package/src/social-providers/kakao.ts +1 -1
package/src/social-providers/line.ts +1 -1
package/src/social-providers/microsoft-entra-id.ts +84 -1
package/src/social-providers/naver.ts +1 -1
package/src/social-providers/notion.ts +1 -1
package/src/social-providers/paybin.ts +1 -5
package/src/social-providers/polar.ts +1 -1
package/src/social-providers/railway.ts +100 -0
package/src/social-providers/tiktok.ts +2 -1
package/src/social-providers/vercel.ts +1 -1
package/src/social-providers/zoom.ts +0 -8
package/src/types/context.ts +241 -132
package/src/types/cookie.ts +6 -4
package/src/types/helper.ts +9 -0
package/src/types/index.ts +19 -2
package/src/types/init-options.ts +301 -186
package/src/types/plugin-client.ts +1 -0
package/src/types/plugin.ts +11 -6
package/src/utils/db.ts +20 -0
package/src/utils/deprecate.test.ts +71 -0
package/src/utils/deprecate.ts +21 -0
package/src/utils/error-codes.ts +12 -9
package/src/utils/ip.test.ts +255 -0
package/src/utils/ip.ts +211 -0
package/src/utils/url.ts +43 -0
package/.turbo/turbo-build.log +0 -43
package/dist/context-DblZrIwO.mjs +0 -114
package/dist/env-DbssmzoK.mjs +0 -245
package/dist/index-BpRqx5_q.d.mts +0 -7833
package/dist/oauth2-BjWM15hm.mjs +0 -326
package/dist/utils/index.mjs +0 -4
package/dist/utils-s65Fz0OM.mjs +0 -47
package/src/utils/index.ts +0 -4
package/tsconfig.json +0 -7
package/tsdown.config.ts +0 -22
package/vitest.config.ts +0 -3

package/dist/social-providers/gitlab.d.mts ADDED Viewed

@@ -0,0 +1,126 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+//#region src/social-providers/gitlab.d.ts
+interface GitlabProfile extends Record<string, any> {
+  id: number;
+  username: string;
+  email: string;
+  name: string;
+  state: string;
+  avatar_url: string;
+  web_url: string;
+  created_at: string;
+  bio: string;
+  location?: string | undefined;
+  public_email: string;
+  skype: string;
+  linkedin: string;
+  twitter: string;
+  website_url: string;
+  organization: string;
+  job_title: string;
+  pronouns: string;
+  bot: boolean;
+  work_information?: string | undefined;
+  followers: number;
+  following: number;
+  local_time: string;
+  last_sign_in_at: string;
+  confirmed_at: string;
+  theme_id: number;
+  last_activity_on: string;
+  color_scheme_id: number;
+  projects_limit: number;
+  current_sign_in_at: string;
+  identities: Array<{
+    provider: string;
+    extern_uid: string;
+  }>;
+  can_create_group: boolean;
+  can_create_project: boolean;
+  two_factor_enabled: boolean;
+  external: boolean;
+  private_profile: boolean;
+  commit_email: string;
+  shared_runners_minutes_limit: number;
+  extra_shared_runners_minutes_limit: number;
+  email_verified?: boolean | undefined;
+}
+interface GitlabOptions extends ProviderOptions<GitlabProfile> {
+  clientId: string;
+  issuer?: string | undefined;
+}
+declare const gitlab: (options: GitlabOptions) => {
+  id: "gitlab";
+  name: string;
+  createAuthorizationURL: ({
+    state,
+    scopes,
+    codeVerifier,
+    loginHint,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }) => Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI,
+    codeVerifier
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | {
+    user: {
+      id: number;
+      name: string;
+      email: string;
+      image: string;
+      emailVerified: boolean;
+    } | {
+      id: string | number;
+      name: string;
+      email: string | null;
+      image: string;
+      emailVerified: boolean;
+    } | {
+      id: string | number;
+      name: string;
+      email: string | null;
+      image: string;
+      emailVerified: boolean;
+    };
+    data: GitlabProfile;
+  } | null>;
+  options: GitlabOptions;
+};
+//#endregion
+export { GitlabOptions, GitlabProfile, gitlab };
+//# sourceMappingURL=gitlab.d.mts.map

package/dist/social-providers/gitlab.mjs ADDED Viewed

@@ -0,0 +1,83 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+//#region src/social-providers/gitlab.ts
+const cleanDoubleSlashes = (input = "") => {
+	return input.split("://").map((str) => str.replace(/\/{2,}/g, "/")).join("://");
+};
+const issuerToEndpoints = (issuer) => {
+	const baseUrl = issuer || "https://gitlab.com";
+	return {
+		authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
+		tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),
+		userinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`)
+	};
+};
+const gitlab = (options) => {
+	const { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } = issuerToEndpoints(options.issuer);
+	const issuerId = "gitlab";
+	return {
+		id: issuerId,
+		name: "Gitlab",
+		createAuthorizationURL: async ({ state, scopes, codeVerifier, loginHint, redirectURI }) => {
+			const _scopes = options.disableDefaultScope ? [] : ["read_user"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: issuerId,
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				redirectURI,
+				codeVerifier,
+				loginHint
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				codeVerifier,
+				tokenEndpoint
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch(userinfoEndpoint, { headers: { authorization: `Bearer ${token.accessToken}` } });
+			if (error || profile.state !== "active" || profile.locked) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.name ?? profile.username ?? "",
+					email: profile.email,
+					image: profile.avatar_url,
+					emailVerified: profile.email_verified ?? false,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+//#endregion
+export { gitlab };
+//# sourceMappingURL=gitlab.mjs.map

package/dist/social-providers/gitlab.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gitlab.mjs","names":[],"sources":["../../src/social-providers/gitlab.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface GitlabProfile extends Record<string, any> {\n\tid: number;\n\tusername: string;\n\temail: string;\n\tname: string;\n\tstate: string;\n\tavatar_url: string;\n\tweb_url: string;\n\tcreated_at: string;\n\tbio: string;\n\tlocation?: string | undefined;\n\tpublic_email: string;\n\tskype: string;\n\tlinkedin: string;\n\ttwitter: string;\n\twebsite_url: string;\n\torganization: string;\n\tjob_title: string;\n\tpronouns: string;\n\tbot: boolean;\n\twork_information?: string | undefined;\n\tfollowers: number;\n\tfollowing: number;\n\tlocal_time: string;\n\tlast_sign_in_at: string;\n\tconfirmed_at: string;\n\ttheme_id: number;\n\tlast_activity_on: string;\n\tcolor_scheme_id: number;\n\tprojects_limit: number;\n\tcurrent_sign_in_at: string;\n\tidentities: Array<{\n\t\tprovider: string;\n\t\textern_uid: string;\n\t}>;\n\tcan_create_group: boolean;\n\tcan_create_project: boolean;\n\ttwo_factor_enabled: boolean;\n\texternal: boolean;\n\tprivate_profile: boolean;\n\tcommit_email: string;\n\tshared_runners_minutes_limit: number;\n\textra_shared_runners_minutes_limit: number;\n\temail_verified?: boolean | undefined;\n}\n\nexport interface GitlabOptions extends ProviderOptions<GitlabProfile> {\n\tclientId: string;\n\tissuer?: string | undefined;\n}\n\nconst cleanDoubleSlashes = (input: string = \"\") => {\n\treturn input\n\t\t.split(\"://\")\n\t\t.map((str) => str.replace(/\\/{2,}/g, \"/\"))\n\t\t.join(\"://\");\n};\n\nconst issuerToEndpoints = (issuer?: string | undefined) => {\n\tconst baseUrl = issuer || \"https://gitlab.com\";\n\treturn {\n\t\tauthorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),\n\t\ttokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),\n\t\tuserinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`),\n\t};\n};\n\nexport const gitlab = (options: GitlabOptions) => {\n\tconst { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } =\n\t\tissuerToEndpoints(options.issuer);\n\tconst issuerId = \"gitlab\";\n\tconst issuerName = \"Gitlab\";\n\treturn {\n\t\tid: issuerId,\n\t\tname: issuerName,\n\t\tcreateAuthorizationURL: async ({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tcodeVerifier,\n\t\t\tloginHint,\n\t\t\tredirectURI,\n\t\t}) => {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"read_user\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: issuerId,\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tcodeVerifier,\n\t\t\t\tloginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\tcodeVerifier,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: tokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<GitlabProfile>(\n\t\t\t\tuserinfoEndpoint,\n\t\t\t\t{ headers: { authorization: `Bearer ${token.accessToken}` } },\n\t\t\t);\n\t\t\tif (error || profile.state !== \"active\" || profile.locked) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\t// GitLab may provide email_verified claim, but it's not guaranteed.\n\t\t\t// We check for it first, then default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.name ?? profile.username ?? \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.avatar_url,\n\t\t\t\t\temailVerified: profile.email_verified ?? false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<GitlabProfile>;\n};\n"],"mappings":";;;;;;;AA2DA,MAAM,sBAAsB,QAAgB,OAAO;AAClD,QAAO,MACL,MAAM,MAAM,CACZ,KAAK,QAAQ,IAAI,QAAQ,WAAW,IAAI,CAAC,CACzC,KAAK,MAAM;;AAGd,MAAM,qBAAqB,WAAgC;CAC1D,MAAM,UAAU,UAAU;AAC1B,QAAO;EACN,uBAAuB,mBAAmB,GAAG,QAAQ,kBAAkB;EACvE,eAAe,mBAAmB,GAAG,QAAQ,cAAc;EAC3D,kBAAkB,mBAAmB,GAAG,QAAQ,cAAc;EAC9D;;AAGF,MAAa,UAAU,YAA2B;CACjD,MAAM,EAAE,uBAAuB,eAAe,qBAC7C,kBAAkB,QAAQ,OAAO;CAClC,MAAM,WAAW;AAEjB,QAAO;EACN,IAAI;EACJ,MAHkB;EAIlB,wBAAwB,OAAO,EAC9B,OACA,QACA,cACA,WACA,kBACK;GACL,MAAM,UAAU,QAAQ,sBAAsB,EAAE,GAAG,CAAC,YAAY;AAChE,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,MAAM,uBAAuB;IACnC,IAAI;IACJ;IACA;IACA,QAAQ;IACR;IACA;IACA;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,aAAa,mBAAmB;AACzE,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACc;IACf,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,kBACA,EAAE,SAAS,EAAE,eAAe,UAAU,MAAM,eAAe,EAAE,CAC7D;AACD,OAAI,SAAS,QAAQ,UAAU,YAAY,QAAQ,OAClD,QAAO;GAER,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;AAGzD,UAAO;IACN,MAAM;KACL,IAAI,QAAQ;KACZ,MAAM,QAAQ,QAAQ,QAAQ,YAAY;KAC1C,OAAO,QAAQ;KACf,OAAO,QAAQ;KACf,eAAe,QAAQ,kBAAkB;KACzC,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}

package/dist/social-providers/google.d.mts ADDED Viewed

@@ -0,0 +1,100 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+//#region src/social-providers/google.d.ts
+interface GoogleProfile {
+  aud: string;
+  azp: string;
+  email: string;
+  email_verified: boolean;
+  exp: number;
+  /**
+   * The family name of the user, or last name in most
+   * Western languages.
+   */
+  family_name: string;
+  /**
+   * The given name of the user, or first name in most
+   * Western languages.
+   */
+  given_name: string;
+  hd?: string | undefined;
+  iat: number;
+  iss: string;
+  jti?: string | undefined;
+  locale?: string | undefined;
+  name: string;
+  nbf?: number | undefined;
+  picture: string;
+  sub: string;
+}
+interface GoogleOptions extends ProviderOptions<GoogleProfile> {
+  clientId: string;
+  /**
+   * The access type to use for the authorization code request
+   */
+  accessType?: ("offline" | "online") | undefined;
+  /**
+   * The display mode to use for the authorization code request
+   */
+  display?: ("page" | "popup" | "touch" | "wap") | undefined;
+  /**
+   * The hosted domain of the user
+   */
+  hd?: string | undefined;
+}
+declare const google: (options: GoogleOptions) => {
+  id: "google";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI,
+    loginHint,
+    display
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: GoogleOptions;
+};
+declare const getGooglePublicKey: (kid: string) => Promise<Uint8Array<ArrayBufferLike> | CryptoKey>;
+//#endregion
+export { GoogleOptions, GoogleProfile, getGooglePublicKey, google };
+//# sourceMappingURL=google.d.mts.map

package/dist/social-providers/google.mjs ADDED Viewed

@@ -0,0 +1,113 @@
+import { logger } from "../env/logger.mjs";
+import "../env/index.mjs";
+import { APIError, BetterAuthError } from "../error/index.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+import { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
+//#region src/social-providers/google.ts
+const google = (options) => {
+	return {
+		id: "google",
+		name: "Google",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, display }) {
+			if (!options.clientId || !options.clientSecret) {
+				logger.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options.");
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Google");
+			const _scopes = options.disableDefaultScope ? [] : [
+				"email",
+				"profile",
+				"openid"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: "google",
+				options,
+				authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+				prompt: options.prompt,
+				accessType: options.accessType,
+				display: display || options.display,
+				loginHint,
+				hd: options.hd,
+				additionalParams: { include_granted_scopes: "true" }
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://oauth2.googleapis.com/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://oauth2.googleapis.com/token"
+			});
+		},
+		async verifyIdToken(token, nonce) {
+			if (options.disableIdTokenSignIn) return false;
+			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
+			try {
+				const { kid, alg: jwtAlg } = decodeProtectedHeader(token);
+				if (!kid || !jwtAlg) return false;
+				const { payload: jwtClaims } = await jwtVerify(token, await getGooglePublicKey(kid), {
+					algorithms: [jwtAlg],
+					issuer: ["https://accounts.google.com", "accounts.google.com"],
+					audience: options.clientId,
+					maxTokenAge: "1h"
+				});
+				if (nonce && jwtClaims.nonce !== nonce) return false;
+				return true;
+			} catch {
+				return false;
+			}
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			if (!token.idToken) return null;
+			const user = decodeJwt(token.idToken);
+			const userMap = await options.mapProfileToUser?.(user);
+			return {
+				user: {
+					id: user.sub,
+					name: user.name,
+					email: user.email,
+					image: user.picture,
+					emailVerified: user.email_verified,
+					...userMap
+				},
+				data: user
+			};
+		},
+		options
+	};
+};
+const getGooglePublicKey = async (kid) => {
+	const { data } = await betterFetch("https://www.googleapis.com/oauth2/v3/certs");
+	if (!data?.keys) throw new APIError("BAD_REQUEST", { message: "Keys not found" });
+	const jwk = data.keys.find((key) => key.kid === kid);
+	if (!jwk) throw new Error(`JWK with kid ${kid} not found`);
+	return await importJWK(jwk, jwk.alg);
+};
+//#endregion
+export { getGooglePublicKey, google };
+//# sourceMappingURL=google.mjs.map

package/dist/social-providers/google.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"google.mjs","names":[],"sources":["../../src/social-providers/google.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from \"jose\";\nimport { logger } from \"../env\";\nimport { APIError, BetterAuthError } from \"../error\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface GoogleProfile {\n\taud: string;\n\tazp: string;\n\temail: string;\n\temail_verified: boolean;\n\texp: number;\n\t/**\n\t * The family name of the user, or last name in most\n\t * Western languages.\n\t */\n\tfamily_name: string;\n\t/**\n\t * The given name of the user, or first name in most\n\t * Western languages.\n\t */\n\tgiven_name: string;\n\thd?: string | undefined;\n\tiat: number;\n\tiss: string;\n\tjti?: string | undefined;\n\tlocale?: string | undefined;\n\tname: string;\n\tnbf?: number | undefined;\n\tpicture: string;\n\tsub: string;\n}\n\nexport interface GoogleOptions extends ProviderOptions<GoogleProfile> {\n\tclientId: string;\n\t/**\n\t * The access type to use for the authorization code request\n\t */\n\taccessType?: (\"offline\" | \"online\") | undefined;\n\t/**\n\t * The display mode to use for the authorization code request\n\t */\n\tdisplay?: (\"page\" | \"popup\" | \"touch\" | \"wap\") | undefined;\n\t/**\n\t * The hosted domain of the user\n\t */\n\thd?: string | undefined;\n}\n\nexport const google = (options: GoogleOptions) => {\n\treturn {\n\t\tid: \"google\",\n\t\tname: \"Google\",\n\t\tasync createAuthorizationURL({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tcodeVerifier,\n\t\t\tredirectURI,\n\t\t\tloginHint,\n\t\t\tdisplay,\n\t\t}) {\n\t\t\tif (!options.clientId || !options.clientSecret) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client Id and Client Secret is required for Google. Make sure to provide them in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new BetterAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new BetterAuthError(\"codeVerifier is required for Google\");\n\t\t\t}\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"email\", \"profile\", \"openid\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\tconst url = await createAuthorizationURL({\n\t\t\t\tid: \"google\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://accounts.google.com/o/oauth2/v2/auth\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tprompt: options.prompt,\n\t\t\t\taccessType: options.accessType,\n\t\t\t\tdisplay: display || options.display,\n\t\t\t\tloginHint,\n\t\t\t\thd: options.hd,\n\t\t\t\tadditionalParams: {\n\t\t\t\t\tinclude_granted_scopes: \"true\",\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn url;\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://oauth2.googleapis.com/token\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://oauth2.googleapis.com/token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\n\t\t\t// Verify JWT integrity\n\t\t\t// See https://developers.google.com/identity/sign-in/web/backend-auth#verify-the-integrity-of-the-id-token\n\n\t\t\ttry {\n\t\t\t\tconst { kid, alg: jwtAlg } = decodeProtectedHeader(token);\n\t\t\t\tif (!kid || !jwtAlg) return false;\n\n\t\t\t\tconst publicKey = await getGooglePublicKey(kid);\n\t\t\t\tconst { payload: jwtClaims } = await jwtVerify(token, publicKey, {\n\t\t\t\t\talgorithms: [jwtAlg],\n\t\t\t\t\tissuer: [\"https://accounts.google.com\", \"accounts.google.com\"],\n\t\t\t\t\taudience: options.clientId,\n\t\t\t\t\tmaxTokenAge: \"1h\",\n\t\t\t\t});\n\n\t\t\t\tif (nonce && jwtClaims.nonce !== nonce) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\n\t\t\t\treturn true;\n\t\t\t} catch {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tif (!token.idToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst user = decodeJwt(token.idToken) as GoogleProfile;\n\t\t\tconst userMap = await options.mapProfileToUser?.(user);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: user.sub,\n\t\t\t\t\tname: user.name,\n\t\t\t\t\temail: user.email,\n\t\t\t\t\timage: user.picture,\n\t\t\t\t\temailVerified: user.email_verified,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: user,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<GoogleProfile>;\n};\n\nexport const getGooglePublicKey = async (kid: string) => {\n\tconst { data } = await betterFetch<{\n\t\tkeys: Array<{\n\t\t\tkid: string;\n\t\t\talg: string;\n\t\t\tkty: string;\n\t\t\tuse: string;\n\t\t\tn: string;\n\t\t\te: string;\n\t\t}>;\n\t}>(\"https://www.googleapis.com/oauth2/v3/certs\");\n\n\tif (!data?.keys) {\n\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\tmessage: \"Keys not found\",\n\t\t});\n\t}\n\n\tconst jwk = data.keys.find((key) => key.kid === kid);\n\tif (!jwk) {\n\t\tthrow new Error(`JWK with kid ${kid} not found`);\n\t}\n\n\treturn await importJWK(jwk, jwk.alg);\n};\n"],"mappings":";;;;;;;;;;;AAsDA,MAAa,UAAU,YAA2B;AACjD,QAAO;EACN,IAAI;EACJ,MAAM;EACN,MAAM,uBAAuB,EAC5B,OACA,QACA,cACA,aACA,WACA,WACE;AACF,OAAI,CAAC,QAAQ,YAAY,CAAC,QAAQ,cAAc;AAC/C,WAAO,MACN,gGACA;AACD,UAAM,IAAI,gBAAgB,gCAAgC;;AAE3D,OAAI,CAAC,aACJ,OAAM,IAAI,gBAAgB,sCAAsC;GAEjE,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAS;IAAW;IAAS;AACjC,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AAkBnC,UAjBY,MAAM,uBAAuB;IACxC,IAAI;IACJ;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA;IACA,QAAQ,QAAQ;IAChB,YAAY,QAAQ;IACpB,SAAS,WAAW,QAAQ;IAC5B;IACA,IAAI,QAAQ;IACZ,kBAAkB,EACjB,wBAAwB,QACxB;IACD,CAAC;;EAGH,2BAA2B,OAAO,EAAE,MAAM,cAAc,kBAAkB;AACzE,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA,eAAe;IACf,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD,eAAe;IACf,CAAC;;EAEL,MAAM,cAAc,OAAO,OAAO;AACjC,OAAI,QAAQ,qBACX,QAAO;AAER,OAAI,QAAQ,cACX,QAAO,QAAQ,cAAc,OAAO,MAAM;AAM3C,OAAI;IACH,MAAM,EAAE,KAAK,KAAK,WAAW,sBAAsB,MAAM;AACzD,QAAI,CAAC,OAAO,CAAC,OAAQ,QAAO;IAG5B,MAAM,EAAE,SAAS,cAAc,MAAM,UAAU,OAD7B,MAAM,mBAAmB,IAAI,EACkB;KAChE,YAAY,CAAC,OAAO;KACpB,QAAQ,CAAC,+BAA+B,sBAAsB;KAC9D,UAAU,QAAQ;KAClB,aAAa;KACb,CAAC;AAEF,QAAI,SAAS,UAAU,UAAU,MAChC,QAAO;AAGR,WAAO;WACA;AACP,WAAO;;;EAGT,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;AAElC,OAAI,CAAC,MAAM,QACV,QAAO;GAER,MAAM,OAAO,UAAU,MAAM,QAAQ;GACrC,MAAM,UAAU,MAAM,QAAQ,mBAAmB,KAAK;AACtD,UAAO;IACN,MAAM;KACL,IAAI,KAAK;KACT,MAAM,KAAK;KACX,OAAO,KAAK;KACZ,OAAO,KAAK;KACZ,eAAe,KAAK;KACpB,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA;;AAGF,MAAa,qBAAqB,OAAO,QAAgB;CACxD,MAAM,EAAE,SAAS,MAAM,YASpB,6CAA6C;AAEhD,KAAI,CAAC,MAAM,KACV,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;CAGH,MAAM,MAAM,KAAK,KAAK,MAAM,QAAQ,IAAI,QAAQ,IAAI;AACpD,KAAI,CAAC,IACJ,OAAM,IAAI,MAAM,gBAAgB,IAAI,YAAY;AAGjD,QAAO,MAAM,UAAU,KAAK,IAAI,IAAI"}

package/dist/social-providers/huggingface.d.mts ADDED Viewed

@@ -0,0 +1,86 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+//#region src/social-providers/huggingface.d.ts
+interface HuggingFaceProfile {
+  sub: string;
+  name: string;
+  preferred_username: string;
+  profile: string;
+  picture: string;
+  website?: string | undefined;
+  email?: string | undefined;
+  email_verified?: boolean | undefined;
+  isPro: boolean;
+  canPay?: boolean | undefined;
+  orgs?: {
+    sub: string;
+    name: string;
+    picture: string;
+    preferred_username: string;
+    isEnterprise: boolean | "plus";
+    canPay?: boolean;
+    roleInOrg?: "admin" | "write" | "contributor" | "read";
+    pendingSSO?: boolean;
+    missingMFA?: boolean;
+    resourceGroups?: {
+      sub: string;
+      name: string;
+      role: "admin" | "write" | "contributor" | "read";
+    }[];
+  } | undefined;
+}
+interface HuggingFaceOptions extends ProviderOptions<HuggingFaceProfile> {
+  clientId: string;
+}
+declare const huggingface: (options: HuggingFaceOptions) => {
+  id: "huggingface";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: HuggingFaceOptions;
+};
+//#endregion
+export { HuggingFaceOptions, HuggingFaceProfile, huggingface };
+//# sourceMappingURL=huggingface.d.mts.map

package/dist/social-providers/huggingface.mjs ADDED Viewed

@@ -0,0 +1,76 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+//#region src/social-providers/huggingface.ts
+const huggingface = (options) => {
+	return {
+		id: "huggingface",
+		name: "Hugging Face",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "huggingface",
+				options,
+				authorizationEndpoint: "https://huggingface.co/oauth/authorize",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://huggingface.co/oauth/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://huggingface.co/oauth/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://huggingface.co/oauth/userinfo", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.sub,
+					name: profile.name || profile.preferred_username || "",
+					email: profile.email,
+					image: profile.picture,
+					emailVerified: profile.email_verified ?? false,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+//#endregion
+export { huggingface };
+//# sourceMappingURL=huggingface.mjs.map

package/dist/social-providers/huggingface.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"huggingface.mjs","names":[],"sources":["../../src/social-providers/huggingface.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface HuggingFaceProfile {\n\tsub: string;\n\tname: string;\n\tpreferred_username: string;\n\tprofile: string;\n\tpicture: string;\n\twebsite?: string | undefined;\n\temail?: string | undefined;\n\temail_verified?: boolean | undefined;\n\tisPro: boolean;\n\tcanPay?: boolean | undefined;\n\torgs?:\n\t\t| {\n\t\t\t\tsub: string;\n\t\t\t\tname: string;\n\t\t\t\tpicture: string;\n\t\t\t\tpreferred_username: string;\n\t\t\t\tisEnterprise: boolean | \"plus\";\n\t\t\t\tcanPay?: boolean;\n\t\t\t\troleInOrg?: \"admin\" | \"write\" | \"contributor\" | \"read\";\n\t\t\t\tpendingSSO?: boolean;\n\t\t\t\tmissingMFA?: boolean;\n\t\t\t\tresourceGroups?: {\n\t\t\t\t\tsub: string;\n\t\t\t\t\tname: string;\n\t\t\t\t\trole: \"admin\" | \"write\" | \"contributor\" | \"read\";\n\t\t\t\t}[];\n\t\t }\n\t\t| undefined;\n}\n\nexport interface HuggingFaceOptions\n\textends ProviderOptions<HuggingFaceProfile> {\n\tclientId: string;\n}\n\nexport const huggingface = (options: HuggingFaceOptions) => {\n\treturn {\n\t\tid: \"huggingface\",\n\t\tname: \"Hugging Face\",\n\t\tcreateAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"huggingface\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://huggingface.co/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://huggingface.co/oauth/token\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://huggingface.co/oauth/token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<HuggingFaceProfile>(\n\t\t\t\t\"https://huggingface.co/oauth/userinfo\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.name || profile.preferred_username || \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\temailVerified: profile.email_verified ?? false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<HuggingFaceProfile>;\n};\n"],"mappings":";;;;;;;AA4CA,MAAa,eAAe,YAAgC;AAC3D,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,cAAc,eAAe;GACpE,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAU;IAAW;IAAQ;AACjC,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,cAAc,kBAAkB;AACzE,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA,eAAe;IACf,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD,eAAe;IACf,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,yCACA;IACC,QAAQ;IACR,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B;IACD,CACD;AACD,OAAI,MACH,QAAO;GAER,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;AACzD,UAAO;IACN,MAAM;KACL,IAAI,QAAQ;KACZ,MAAM,QAAQ,QAAQ,QAAQ,sBAAsB;KACpD,OAAO,QAAQ;KACf,OAAO,QAAQ;KACf,eAAe,QAAQ,kBAAkB;KACzC,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}