@better-auth/core 1.5.0-beta.4 → 1.5.0-beta.5

package/dist/social-providers/facebook.d.mts

@@ -0,0 +1,81 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/facebook.d.ts
+interface FacebookProfile {
+  id: string;
+  name: string;
+  email: string;
+  email_verified: boolean;
+  picture: {
+    data: {
+      height: number;
+      is_silhouette: boolean;
+      url: string;
+      width: number;
+    };
+  };
+}
+interface FacebookOptions extends ProviderOptions<FacebookProfile> {
+  clientId: string;
+  /**
+   * Extend list of fields to retrieve from the Facebook user profile.
+   *
+   * @default ["id", "name", "email", "picture"]
+   */
+  fields?: string[] | undefined;
+  /**
+   * The config id to use when undergoing oauth
+   */
+  configId?: string | undefined;
+}
+declare const facebook: (options: FacebookOptions) => {
+  id: "facebook";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI,
+    loginHint
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: FacebookOptions;
+};
+//#endregion
+export { FacebookOptions, FacebookProfile, facebook };

package/dist/social-providers/facebook.mjs

@@ -0,0 +1,120 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+import { createRemoteJWKSet, decodeJwt, jwtVerify } from "jose";
+
+//#region src/social-providers/facebook.ts
+const facebook = (options) => {
+	return {
+		id: "facebook",
+		name: "Facebook",
+		async createAuthorizationURL({ state, scopes, redirectURI, loginHint }) {
+			const _scopes = options.disableDefaultScope ? [] : ["email", "public_profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: "facebook",
+				options,
+				authorizationEndpoint: "https://www.facebook.com/v21.0/dialog/oauth",
+				scopes: _scopes,
+				state,
+				redirectURI,
+				loginHint,
+				additionalParams: options.configId ? { config_id: options.configId } : {}
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://graph.facebook.com/oauth/access_token"
+			});
+		},
+		async verifyIdToken(token, nonce) {
+			if (options.disableIdTokenSignIn) return false;
+			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
+			if (token.split(".").length === 3) try {
+				const { payload: jwtClaims } = await jwtVerify(token, createRemoteJWKSet(new URL("https://limited.facebook.com/.well-known/oauth/openid/jwks/")), {
+					algorithms: ["RS256"],
+					audience: options.clientId,
+					issuer: "https://www.facebook.com"
+				});
+				if (nonce && jwtClaims.nonce !== nonce) return false;
+				return !!jwtClaims;
+			} catch {
+				return false;
+			}
+			return true;
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://graph.facebook.com/v18.0/oauth/access_token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			if (token.idToken && token.idToken.split(".").length === 3) {
+				const profile$1 = decodeJwt(token.idToken);
+				const user = {
+					id: profile$1.sub,
+					name: profile$1.name,
+					email: profile$1.email,
+					picture: { data: {
+						url: profile$1.picture,
+						height: 100,
+						width: 100,
+						is_silhouette: false
+					} }
+				};
+				const userMap$1 = await options.mapProfileToUser?.({
+					...user,
+					email_verified: false
+				});
+				return {
+					user: {
+						...user,
+						emailVerified: false,
+						...userMap$1
+					},
+					data: profile$1
+				};
+			}
+			const { data: profile, error } = await betterFetch("https://graph.facebook.com/me?fields=" + [
+				"id",
+				"name",
+				"email",
+				"picture",
+				...options?.fields || []
+			].join(","), { auth: {
+				type: "Bearer",
+				token: token.accessToken
+			} });
+			if (error) return null;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.name,
+					email: profile.email,
+					image: profile.picture.data.url,
+					emailVerified: profile.email_verified,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { facebook };

package/dist/social-providers/figma.d.mts

@@ -0,0 +1,63 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/figma.d.ts
+interface FigmaProfile {
+  id: string;
+  email: string;
+  handle: string;
+  img_url: string;
+}
+interface FigmaOptions extends ProviderOptions<FigmaProfile> {
+  clientId: string;
+}
+declare const figma: (options: FigmaOptions) => {
+  id: "figma";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: FigmaOptions;
+};
+//#endregion
+export { FigmaOptions, FigmaProfile, figma };

package/dist/social-providers/figma.mjs

@@ -0,0 +1,84 @@
+import { logger } from "../env/logger.mjs";
+import "../env/index.mjs";
+import { BetterAuthError } from "../error/index.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/figma.ts
+const figma = (options) => {
+	return {
+		id: "figma",
+		name: "Figma",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			if (!options.clientId || !options.clientSecret) {
+				logger.error("Client Id and Client Secret are required for Figma. Make sure to provide them in the options.");
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Figma");
+			const _scopes = options.disableDefaultScope ? [] : ["file_read"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: "figma",
+				options,
+				authorizationEndpoint: "https://www.figma.com/oauth",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://www.figma.com/api/oauth/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://www.figma.com/api/oauth/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			try {
+				const { data: profile } = await betterFetch("https://api.figma.com/v1/me", { headers: { Authorization: `Bearer ${token.accessToken}` } });
+				if (!profile) {
+					logger.error("Failed to fetch user from Figma");
+					return null;
+				}
+				const userMap = await options.mapProfileToUser?.(profile);
+				return {
+					user: {
+						id: profile.id,
+						name: profile.handle,
+						email: profile.email,
+						image: profile.img_url,
+						emailVerified: false,
+						...userMap
+					},
+					data: profile
+				};
+			} catch (error) {
+				logger.error("Failed to fetch user info from Figma:", error);
+				return null;
+			}
+		},
+		options
+	};
+};
+
+//#endregion
+export { figma };

package/dist/social-providers/github.d.mts

@@ -0,0 +1,104 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/github.d.ts
+interface GithubProfile {
+  login: string;
+  id: string;
+  node_id: string;
+  avatar_url: string;
+  gravatar_id: string;
+  url: string;
+  html_url: string;
+  followers_url: string;
+  following_url: string;
+  gists_url: string;
+  starred_url: string;
+  subscriptions_url: string;
+  organizations_url: string;
+  repos_url: string;
+  events_url: string;
+  received_events_url: string;
+  type: string;
+  site_admin: boolean;
+  name: string;
+  company: string;
+  blog: string;
+  location: string;
+  email: string;
+  hireable: boolean;
+  bio: string;
+  twitter_username: string;
+  public_repos: string;
+  public_gists: string;
+  followers: string;
+  following: string;
+  created_at: string;
+  updated_at: string;
+  private_gists: string;
+  total_private_repos: string;
+  owned_private_repos: string;
+  disk_usage: string;
+  collaborators: string;
+  two_factor_authentication: boolean;
+  plan: {
+    name: string;
+    space: string;
+    private_repos: string;
+    collaborators: string;
+  };
+}
+interface GithubOptions extends ProviderOptions<GithubProfile> {
+  clientId: string;
+}
+declare const github: (options: GithubOptions) => {
+  id: "github";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    loginHint,
+    codeVerifier,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: GithubOptions;
+};
+//#endregion
+export { GithubOptions, GithubProfile, github };

package/dist/social-providers/github.mjs

@@ -0,0 +1,80 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/github.ts
+const github = (options) => {
+	const tokenEndpoint = "https://github.com/login/oauth/access_token";
+	return {
+		id: "github",
+		name: "GitHub",
+		createAuthorizationURL({ state, scopes, loginHint, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["read:user", "user:email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "github",
+				options,
+				authorizationEndpoint: "https://github.com/login/oauth/authorize",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+				loginHint,
+				prompt: options.prompt
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://github.com/login/oauth/access_token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch("https://api.github.com/user", { headers: {
+				"User-Agent": "better-auth",
+				authorization: `Bearer ${token.accessToken}`
+			} });
+			if (error) return null;
+			const { data: emails } = await betterFetch("https://api.github.com/user/emails", { headers: {
+				Authorization: `Bearer ${token.accessToken}`,
+				"User-Agent": "better-auth"
+			} });
+			if (!profile.email && emails) profile.email = (emails.find((e) => e.primary) ?? emails[0])?.email;
+			const emailVerified = emails?.find((e) => e.email === profile.email)?.verified ?? false;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.name || profile.login,
+					email: profile.email,
+					image: profile.avatar_url,
+					emailVerified,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { github };

package/dist/social-providers/gitlab.d.mts

@@ -0,0 +1,125 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/gitlab.d.ts
+interface GitlabProfile extends Record<string, any> {
+  id: number;
+  username: string;
+  email: string;
+  name: string;
+  state: string;
+  avatar_url: string;
+  web_url: string;
+  created_at: string;
+  bio: string;
+  location?: string | undefined;
+  public_email: string;
+  skype: string;
+  linkedin: string;
+  twitter: string;
+  website_url: string;
+  organization: string;
+  job_title: string;
+  pronouns: string;
+  bot: boolean;
+  work_information?: string | undefined;
+  followers: number;
+  following: number;
+  local_time: string;
+  last_sign_in_at: string;
+  confirmed_at: string;
+  theme_id: number;
+  last_activity_on: string;
+  color_scheme_id: number;
+  projects_limit: number;
+  current_sign_in_at: string;
+  identities: Array<{
+    provider: string;
+    extern_uid: string;
+  }>;
+  can_create_group: boolean;
+  can_create_project: boolean;
+  two_factor_enabled: boolean;
+  external: boolean;
+  private_profile: boolean;
+  commit_email: string;
+  shared_runners_minutes_limit: number;
+  extra_shared_runners_minutes_limit: number;
+  email_verified?: boolean | undefined;
+}
+interface GitlabOptions extends ProviderOptions<GitlabProfile> {
+  clientId: string;
+  issuer?: string | undefined;
+}
+declare const gitlab: (options: GitlabOptions) => {
+  id: "gitlab";
+  name: string;
+  createAuthorizationURL: ({
+    state,
+    scopes,
+    codeVerifier,
+    loginHint,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }) => Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI,
+    codeVerifier
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | {
+    user: {
+      id: number;
+      name: string;
+      email: string;
+      image: string;
+      emailVerified: boolean;
+    } | {
+      id: string | number;
+      name: string;
+      email: string | null;
+      image: string;
+      emailVerified: boolean;
+    } | {
+      id: string | number;
+      name: string;
+      email: string | null;
+      image: string;
+      emailVerified: boolean;
+    };
+    data: GitlabProfile;
+  } | null>;
+  options: GitlabOptions;
+};
+//#endregion
+export { GitlabOptions, GitlabProfile, gitlab };