@better-auth/core 1.5.5 → 1.5.7-beta.1

package/dist/social-providers/index.d.mts

@@ -32,10 +32,9 @@ import { PayPalOptions, PayPalProfile, PayPalTokenResponse, paypal } from "./pay
 import { PolarOptions, PolarProfile, polar } from "./polar.mjs";
 import { RailwayOptions, RailwayProfile, railway } from "./railway.mjs";
 import { VercelOptions, VercelProfile, vercel } from "./vercel.mjs";
+import { WeChatOptions, WeChatProfile, wechat } from "./wechat.mjs";
 import { AwaitableFunction } from "../types/helper.mjs";
-import "../types/index.mjs";
 import { OAuth2Tokens } from "../oauth2/oauth-provider.mjs";
-import "../oauth2/index.mjs";
 import * as z from "zod";
 
 //#region src/social-providers/index.d.ts
@@ -1764,6 +1763,65 @@ declare const socialProviders: {
     } | null>;
     options: VercelOptions;
   };
+  wechat: (options: WeChatOptions) => {
+    id: "wechat";
+    name: string;
+    createAuthorizationURL({
+      state,
+      scopes,
+      redirectURI
+    }: {
+      state: string;
+      codeVerifier: string;
+      scopes?: string[] | undefined;
+      redirectURI: string;
+      display?: string | undefined;
+      loginHint?: string | undefined;
+    }): URL;
+    validateAuthorizationCode: ({
+      code
+    }: {
+      code: string;
+      redirectURI: string;
+      codeVerifier?: string | undefined;
+      deviceId?: string | undefined;
+    }) => Promise<{
+      tokenType: "Bearer";
+      accessToken: string;
+      refreshToken: string;
+      accessTokenExpiresAt: Date;
+      scopes: string[];
+      openid: string;
+      unionid: string | undefined;
+    }>;
+    refreshAccessToken: ((refreshToken: string) => Promise<OAuth2Tokens>) | ((refreshToken: string) => Promise<{
+      tokenType: "Bearer";
+      accessToken: string;
+      refreshToken: string;
+      accessTokenExpiresAt: Date;
+      scopes: string[];
+    }>);
+    getUserInfo(token: OAuth2Tokens & {
+      user?: {
+        name?: {
+          firstName?: string;
+          lastName?: string;
+        };
+        email?: string;
+      } | undefined;
+    }): Promise<{
+      user: {
+        id: string;
+        name?: string;
+        email?: string | null;
+        image?: string;
+        emailVerified: boolean;
+        [key: string]: any;
+      };
+      data: any;
+    } | null>;
+    options: WeChatOptions;
+  };
 };
 declare const socialProviderList: ["github", ...(keyof typeof socialProviders)[]];
 declare const SocialProviderListEnum: z.ZodType<SocialProviderList[number] | (string & {})>;
@@ -1773,5 +1831,5 @@ type SocialProviders = { [K in SocialProviderList[number]]?: AwaitableFunction<P
 }> };
 type SocialProviderList = typeof socialProviderList;
 //#endregion
-export { AccountStatus, AppleNonConformUser, AppleOptions, AppleProfile, AtlassianOptions, AtlassianProfile, CognitoOptions, CognitoProfile, DiscordOptions, DiscordProfile, DropboxOptions, DropboxProfile, FacebookOptions, FacebookProfile, FigmaOptions, FigmaProfile, GithubOptions, GithubProfile, GitlabOptions, GitlabProfile, GoogleOptions, GoogleProfile, HuggingFaceOptions, HuggingFaceProfile, KakaoOptions, KakaoProfile, KickOptions, KickProfile, LineIdTokenPayload, LineOptions, LineUserInfo, LinearOptions, LinearProfile, LinearUser, LinkedInOptions, LinkedInProfile, LoginType, MicrosoftEntraIDProfile, MicrosoftOptions, NaverOptions, NaverProfile, NotionOptions, NotionProfile, PayPalOptions, PayPalProfile, PayPalTokenResponse, PaybinOptions, PaybinProfile, PhoneNumber, PolarOptions, PolarProfile, PronounOption, RailwayOptions, RailwayProfile, RedditOptions, RedditProfile, RobloxOptions, RobloxProfile, SalesforceOptions, SalesforceProfile, SlackOptions, SlackProfile, SocialProvider, SocialProviderList, SocialProviderListEnum, SocialProviders, SpotifyOptions, SpotifyProfile, TiktokOptions, TiktokProfile, TwitchOptions, TwitchProfile, TwitterOption, TwitterProfile, VercelOptions, VercelProfile, VkOption, VkProfile, ZoomOptions, ZoomProfile, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, getGooglePublicKey, getMicrosoftPublicKey, github, gitlab, google, huggingface, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paybin, paypal, polar, railway, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vercel, vk, zoom };
+export { AccountStatus, AppleNonConformUser, AppleOptions, AppleProfile, AtlassianOptions, AtlassianProfile, CognitoOptions, CognitoProfile, DiscordOptions, DiscordProfile, DropboxOptions, DropboxProfile, FacebookOptions, FacebookProfile, FigmaOptions, FigmaProfile, GithubOptions, GithubProfile, GitlabOptions, GitlabProfile, GoogleOptions, GoogleProfile, HuggingFaceOptions, HuggingFaceProfile, KakaoOptions, KakaoProfile, KickOptions, KickProfile, LineIdTokenPayload, LineOptions, LineUserInfo, LinearOptions, LinearProfile, LinearUser, LinkedInOptions, LinkedInProfile, LoginType, MicrosoftEntraIDProfile, MicrosoftOptions, NaverOptions, NaverProfile, NotionOptions, NotionProfile, PayPalOptions, PayPalProfile, PayPalTokenResponse, PaybinOptions, PaybinProfile, PhoneNumber, PolarOptions, PolarProfile, PronounOption, RailwayOptions, RailwayProfile, RedditOptions, RedditProfile, RobloxOptions, RobloxProfile, SalesforceOptions, SalesforceProfile, SlackOptions, SlackProfile, SocialProvider, SocialProviderList, SocialProviderListEnum, SocialProviders, SpotifyOptions, SpotifyProfile, TiktokOptions, TiktokProfile, TwitchOptions, TwitchProfile, TwitterOption, TwitterProfile, VercelOptions, VercelProfile, VkOption, VkProfile, WeChatOptions, WeChatProfile, ZoomOptions, ZoomProfile, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, getGooglePublicKey, getMicrosoftPublicKey, github, gitlab, google, huggingface, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paybin, paypal, polar, railway, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vercel, vk, wechat, zoom };
 //# sourceMappingURL=index.d.mts.map

package/dist/social-providers/index.mjs

@@ -31,9 +31,9 @@ import { twitch } from "./twitch.mjs";
 import { twitter } from "./twitter.mjs";
 import { vercel } from "./vercel.mjs";
 import { vk } from "./vk.mjs";
+import { wechat } from "./wechat.mjs";
 import { zoom } from "./zoom.mjs";
 import * as z from "zod";
-
 //#region src/social-providers/index.ts
 const socialProviders = {
 	apple,
@@ -69,11 +69,12 @@ const socialProviders = {
 	paypal,
 	polar,
 	railway,
-	vercel
+	vercel,
+	wechat
 };
 const socialProviderList = Object.keys(socialProviders);
 const SocialProviderListEnum = z.enum(socialProviderList).or(z.string());
-
 //#endregion
-export { SocialProviderListEnum, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, getGooglePublicKey, getMicrosoftPublicKey, github, gitlab, google, huggingface, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paybin, paypal, polar, railway, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vercel, vk, zoom };
+export { SocialProviderListEnum, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, getGooglePublicKey, getMicrosoftPublicKey, github, gitlab, google, huggingface, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paybin, paypal, polar, railway, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vercel, vk, wechat, zoom };
+
 //# sourceMappingURL=index.mjs.map

package/dist/social-providers/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","names":[],"sources":["../../src/social-providers/index.ts"],"sourcesContent":["import * as z from \"zod\";\nimport type { AwaitableFunction } from \"../types\";\nimport { apple } from \"./apple\";\nimport { atlassian } from \"./atlassian\";\nimport { cognito } from \"./cognito\";\nimport { discord } from \"./discord\";\nimport { dropbox } from \"./dropbox\";\nimport { facebook } from \"./facebook\";\nimport { figma } from \"./figma\";\nimport { github } from \"./github\";\nimport { gitlab } from \"./gitlab\";\nimport { google } from \"./google\";\nimport { huggingface } from \"./huggingface\";\nimport { kakao } from \"./kakao\";\nimport { kick } from \"./kick\";\nimport { line } from \"./line\";\nimport { linear } from \"./linear\";\nimport { linkedin } from \"./linkedin\";\nimport { microsoft } from \"./microsoft-entra-id\";\nimport { naver } from \"./naver\";\nimport { notion } from \"./notion\";\nimport { paybin } from \"./paybin\";\nimport { paypal } from \"./paypal\";\nimport { polar } from \"./polar\";\nimport { railway } from \"./railway\";\nimport { reddit } from \"./reddit\";\nimport { roblox } from \"./roblox\";\nimport { salesforce } from \"./salesforce\";\nimport { slack } from \"./slack\";\nimport { spotify } from \"./spotify\";\nimport { tiktok } from \"./tiktok\";\nimport { twitch } from \"./twitch\";\nimport { twitter } from \"./twitter\";\nimport { vercel } from \"./vercel\";\nimport { vk } from \"./vk\";\nimport { zoom } from \"./zoom\";\n\nexport const socialProviders = {\n\tapple,\n\tatlassian,\n\tcognito,\n\tdiscord,\n\tfacebook,\n\tfigma,\n\tgithub,\n\tmicrosoft,\n\tgoogle,\n\thuggingface,\n\tslack,\n\tspotify,\n\ttwitch,\n\ttwitter,\n\tdropbox,\n\tkick,\n\tlinear,\n\tlinkedin,\n\tgitlab,\n\ttiktok,\n\treddit,\n\troblox,\n\tsalesforce,\n\tvk,\n\tzoom,\n\tnotion,\n\tkakao,\n\tnaver,\n\tline,\n\tpaybin,\n\tpaypal,\n\tpolar,\n\trailway,\n\tvercel,\n};\n\nexport const socialProviderList = Object.keys(socialProviders) as [\n\t\"github\",\n\t...(keyof typeof socialProviders)[],\n];\n\nexport const SocialProviderListEnum = z\n\t.enum(socialProviderList)\n\t.or(z.string()) as z.ZodType<SocialProviderList[number] | (string & {})>;\n\nexport type SocialProvider = z.infer<typeof SocialProviderListEnum>;\n\nexport type SocialProviders = {\n\t[K in SocialProviderList[number]]?: AwaitableFunction<\n\t\tParameters<(typeof socialProviders)[K]>[0] & {\n\t\t\tenabled?: boolean | undefined;\n\t\t}\n\t>;\n};\n\nexport * from \"./apple\";\nexport * from \"./atlassian\";\nexport * from \"./cognito\";\nexport * from \"./discord\";\nexport * from \"./dropbox\";\nexport * from \"./facebook\";\nexport * from \"./figma\";\nexport * from \"./github\";\nexport * from \"./gitlab\";\nexport * from \"./google\";\nexport * from \"./huggingface\";\nexport * from \"./kakao\";\nexport * from \"./kick\";\nexport * from \"./kick\";\nexport * from \"./line\";\nexport * from \"./linear\";\nexport * from \"./linkedin\";\nexport * from \"./linkedin\";\nexport * from \"./microsoft-entra-id\";\nexport * from \"./naver\";\nexport * from \"./notion\";\nexport * from \"./paybin\";\nexport * from \"./paypal\";\nexport * from \"./polar\";\nexport * from \"./railway\";\nexport * from \"./reddit\";\nexport * from \"./roblox\";\nexport * from \"./salesforce\";\nexport * from \"./slack\";\nexport * from \"./spotify\";\nexport * from \"./tiktok\";\nexport * from \"./twitch\";\nexport * from \"./twitter\";\nexport * from \"./vercel\";\nexport * from \"./vk\";\nexport * from \"./zoom\";\n\nexport type SocialProviderList = typeof socialProviderList;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCA,MAAa,kBAAkB;CAC9B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;AAED,MAAa,qBAAqB,OAAO,KAAK,gBAAgB;AAK9D,MAAa,yBAAyB,EACpC,KAAK,mBAAmB,CACxB,GAAG,EAAE,QAAQ,CAAC"}
+{"version":3,"file":"index.mjs","names":[],"sources":["../../src/social-providers/index.ts"],"sourcesContent":["import * as z from \"zod\";\nimport type { AwaitableFunction } from \"../types\";\nimport { apple } from \"./apple\";\nimport { atlassian } from \"./atlassian\";\nimport { cognito } from \"./cognito\";\nimport { discord } from \"./discord\";\nimport { dropbox } from \"./dropbox\";\nimport { facebook } from \"./facebook\";\nimport { figma } from \"./figma\";\nimport { github } from \"./github\";\nimport { gitlab } from \"./gitlab\";\nimport { google } from \"./google\";\nimport { huggingface } from \"./huggingface\";\nimport { kakao } from \"./kakao\";\nimport { kick } from \"./kick\";\nimport { line } from \"./line\";\nimport { linear } from \"./linear\";\nimport { linkedin } from \"./linkedin\";\nimport { microsoft } from \"./microsoft-entra-id\";\nimport { naver } from \"./naver\";\nimport { notion } from \"./notion\";\nimport { paybin } from \"./paybin\";\nimport { paypal } from \"./paypal\";\nimport { polar } from \"./polar\";\nimport { railway } from \"./railway\";\nimport { reddit } from \"./reddit\";\nimport { roblox } from \"./roblox\";\nimport { salesforce } from \"./salesforce\";\nimport { slack } from \"./slack\";\nimport { spotify } from \"./spotify\";\nimport { tiktok } from \"./tiktok\";\nimport { twitch } from \"./twitch\";\nimport { twitter } from \"./twitter\";\nimport { vercel } from \"./vercel\";\nimport { vk } from \"./vk\";\nimport { wechat } from \"./wechat\";\nimport { zoom } from \"./zoom\";\n\nexport const socialProviders = {\n\tapple,\n\tatlassian,\n\tcognito,\n\tdiscord,\n\tfacebook,\n\tfigma,\n\tgithub,\n\tmicrosoft,\n\tgoogle,\n\thuggingface,\n\tslack,\n\tspotify,\n\ttwitch,\n\ttwitter,\n\tdropbox,\n\tkick,\n\tlinear,\n\tlinkedin,\n\tgitlab,\n\ttiktok,\n\treddit,\n\troblox,\n\tsalesforce,\n\tvk,\n\tzoom,\n\tnotion,\n\tkakao,\n\tnaver,\n\tline,\n\tpaybin,\n\tpaypal,\n\tpolar,\n\trailway,\n\tvercel,\n\twechat,\n};\n\nexport const socialProviderList = Object.keys(socialProviders) as [\n\t\"github\",\n\t...(keyof typeof socialProviders)[],\n];\n\nexport const SocialProviderListEnum = z\n\t.enum(socialProviderList)\n\t.or(z.string()) as z.ZodType<SocialProviderList[number] | (string & {})>;\n\nexport type SocialProvider = z.infer<typeof SocialProviderListEnum>;\n\nexport type SocialProviders = {\n\t[K in SocialProviderList[number]]?: AwaitableFunction<\n\t\tParameters<(typeof socialProviders)[K]>[0] & {\n\t\t\tenabled?: boolean | undefined;\n\t\t}\n\t>;\n};\n\nexport * from \"./apple\";\nexport * from \"./atlassian\";\nexport * from \"./cognito\";\nexport * from \"./discord\";\nexport * from \"./dropbox\";\nexport * from \"./facebook\";\nexport * from \"./figma\";\nexport * from \"./github\";\nexport * from \"./gitlab\";\nexport * from \"./google\";\nexport * from \"./huggingface\";\nexport * from \"./kakao\";\nexport * from \"./kick\";\nexport * from \"./kick\";\nexport * from \"./line\";\nexport * from \"./linear\";\nexport * from \"./linkedin\";\nexport * from \"./linkedin\";\nexport * from \"./microsoft-entra-id\";\nexport * from \"./naver\";\nexport * from \"./notion\";\nexport * from \"./paybin\";\nexport * from \"./paypal\";\nexport * from \"./polar\";\nexport * from \"./railway\";\nexport * from \"./reddit\";\nexport * from \"./roblox\";\nexport * from \"./salesforce\";\nexport * from \"./slack\";\nexport * from \"./spotify\";\nexport * from \"./tiktok\";\nexport * from \"./twitch\";\nexport * from \"./twitter\";\nexport * from \"./vercel\";\nexport * from \"./vk\";\nexport * from \"./wechat\";\nexport * from \"./zoom\";\n\nexport type SocialProviderList = typeof socialProviderList;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCA,MAAa,kBAAkB;CAC9B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;AAED,MAAa,qBAAqB,OAAO,KAAK,gBAAgB;AAK9D,MAAa,yBAAyB,EACpC,KAAK,mBAAmB,CACxB,GAAG,EAAE,QAAQ,CAAC"}

package/dist/social-providers/kakao.d.mts

@@ -1,6 +1,4 @@
 import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-import "../oauth2/index.mjs";
-
 //#region src/social-providers/kakao.d.ts
 interface Partner {
   /** Partner-specific ID (consent required: kakaotalk_message) */

package/dist/social-providers/kakao.mjs

@@ -3,9 +3,9 @@ import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import "../oauth2/index.mjs";
 import { betterFetch } from "@better-fetch/fetch";
-
 //#region src/social-providers/kakao.ts
 const kakao = (options) => {
+	const tokenEndpoint = "https://kauth.kakao.com/oauth/token";
 	return {
 		id: "kakao",
 		name: "Kakao",
@@ -31,7 +31,7 @@ const kakao = (options) => {
 				code,
 				redirectURI,
 				options,
-				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
+				tokenEndpoint
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -42,7 +42,7 @@ const kakao = (options) => {
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint: "https://kauth.kakao.com/oauth/token"
+				tokenEndpoint
 			});
 		},
 		async getUserInfo(token) {
@@ -67,7 +67,7 @@ const kakao = (options) => {
 		options
 	};
 };
-
 //#endregion
 export { kakao };
+
 //# sourceMappingURL=kakao.mjs.map

package/dist/social-providers/kakao.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"kakao.mjs","names":[],"sources":["../../src/social-providers/kakao.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\ninterface Partner {\n\t/** Partner-specific ID (consent required: kakaotalk_message) */\n\tuuid?: string | undefined;\n}\n\ninterface Profile {\n\t/** Nickname (consent required: profile/nickname) */\n\tnickname?: string | undefined;\n\t/** Thumbnail image URL (consent required: profile/profile image) */\n\tthumbnail_image_url?: string | undefined;\n\t/** Profile image URL (consent required: profile/profile image) */\n\tprofile_image_url?: string | undefined;\n\t/** Whether the profile image is the default */\n\tis_default_image?: boolean | undefined;\n\t/** Whether the nickname is the default */\n\tis_default_nickname?: boolean | undefined;\n}\n\ninterface KakaoAccount {\n\t/** Consent required: profile info (nickname/profile image) */\n\tprofile_needs_agreement?: boolean | undefined;\n\t/** Consent required: nickname */\n\tprofile_nickname_needs_agreement?: boolean | undefined;\n\t/** Consent required: profile image */\n\tprofile_image_needs_agreement?: boolean | undefined;\n\t/** Profile info */\n\tprofile?: Profile | undefined;\n\t/** Consent required: name */\n\tname_needs_agreement?: boolean | undefined;\n\t/** Name */\n\tname?: string | undefined;\n\t/** Consent required: email */\n\temail_needs_agreement?: boolean | undefined;\n\t/** Email valid */\n\tis_email_valid?: boolean | undefined;\n\t/** Email verified */\n\tis_email_verified?: boolean | undefined;\n\t/** Email */\n\temail?: string | undefined;\n\t/** Consent required: age range */\n\tage_range_needs_agreement?: boolean | undefined;\n\t/** Age range */\n\tage_range?: string | undefined;\n\t/** Consent required: birth year */\n\tbirthyear_needs_agreement?: boolean | undefined;\n\t/** Birth year (YYYY) */\n\tbirthyear?: string | undefined;\n\t/** Consent required: birthday */\n\tbirthday_needs_agreement?: boolean | undefined;\n\t/** Birthday (MMDD) */\n\tbirthday?: string | undefined;\n\t/** Birthday type (SOLAR/LUNAR) */\n\tbirthday_type?: string | undefined;\n\t/** Whether birthday is in a leap month */\n\tis_leap_month?: boolean | undefined;\n\t/** Consent required: gender */\n\tgender_needs_agreement?: boolean | undefined;\n\t/** Gender (male/female) */\n\tgender?: string | undefined;\n\t/** Consent required: phone number */\n\tphone_number_needs_agreement?: boolean | undefined;\n\t/** Phone number */\n\tphone_number?: string | undefined;\n\t/** Consent required: CI */\n\tci_needs_agreement?: boolean | undefined;\n\t/** CI (unique identifier) */\n\tci?: string | undefined;\n\t/** CI authentication time (UTC) */\n\tci_authenticated_at?: string | undefined;\n}\n\nexport interface KakaoProfile {\n\t/** Kakao user ID */\n\tid: number;\n\t/**\n\t * Whether the user has signed up (only present if auto-connection is disabled)\n\t * false: preregistered, true: registered\n\t */\n\thas_signed_up?: boolean | undefined;\n\t/** UTC datetime when the user connected the service */\n\tconnected_at?: string | undefined;\n\t/** UTC datetime when the user signed up via Kakao Sync */\n\tsynched_at?: string | undefined;\n\t/** Custom user properties */\n\tproperties?: Record<string, any> | undefined;\n\t/** Kakao account info */\n\tkakao_account: KakaoAccount;\n\t/** Partner info */\n\tfor_partner?: Partner | undefined;\n}\n\nexport interface KakaoOptions extends ProviderOptions<KakaoProfile> {\n\tclientId: string;\n}\n\nexport const kakao = (options: KakaoOptions) => {\n\treturn {\n\t\tid: \"kakao\",\n\t\tname: \"Kakao\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"account_email\", \"profile_image\", \"profile_nickname\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"kakao\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://kauth.kakao.com/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://kauth.kakao.com/oauth/token\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://kauth.kakao.com/oauth/token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<KakaoProfile>(\n\t\t\t\t\"https://kapi.kakao.com/v2/user/me\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !profile) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\tconst account = profile.kakao_account || {};\n\t\t\tconst kakaoProfile = account.profile || {};\n\t\t\tconst user = {\n\t\t\t\tid: String(profile.id),\n\t\t\t\tname: kakaoProfile.nickname || account.name || \"\",\n\t\t\t\temail: account.email,\n\t\t\t\timage:\n\t\t\t\t\tkakaoProfile.profile_image_url || kakaoProfile.thumbnail_image_url,\n\t\t\t\temailVerified: !!account.is_email_valid && !!account.is_email_verified,\n\t\t\t\t...userMap,\n\t\t\t};\n\t\t\treturn {\n\t\t\t\tuser,\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<KakaoProfile>;\n};\n"],"mappings":";;;;;;;AAuGA,MAAa,SAAS,YAA0B;AAC/C,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,eAAe;GACtD,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAiB;IAAiB;IAAmB;AACzD,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,0BAA0B;IAChC;IACA;IACA;IACA,eAAe;IACf,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD,eAAe;IACf,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,qCACA,EACC,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B,EACD,CACD;AACD,OAAI,SAAS,CAAC,QACb,QAAO;GAER,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;GACzD,MAAM,UAAU,QAAQ,iBAAiB,EAAE;GAC3C,MAAM,eAAe,QAAQ,WAAW,EAAE;AAU1C,UAAO;IACN,MAVY;KACZ,IAAI,OAAO,QAAQ,GAAG;KACtB,MAAM,aAAa,YAAY,QAAQ,QAAQ;KAC/C,OAAO,QAAQ;KACf,OACC,aAAa,qBAAqB,aAAa;KAChD,eAAe,CAAC,CAAC,QAAQ,kBAAkB,CAAC,CAAC,QAAQ;KACrD,GAAG;KACH;IAGA,MAAM;IACN;;EAEF;EACA"}
+{"version":3,"file":"kakao.mjs","names":[],"sources":["../../src/social-providers/kakao.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\ninterface Partner {\n\t/** Partner-specific ID (consent required: kakaotalk_message) */\n\tuuid?: string | undefined;\n}\n\ninterface Profile {\n\t/** Nickname (consent required: profile/nickname) */\n\tnickname?: string | undefined;\n\t/** Thumbnail image URL (consent required: profile/profile image) */\n\tthumbnail_image_url?: string | undefined;\n\t/** Profile image URL (consent required: profile/profile image) */\n\tprofile_image_url?: string | undefined;\n\t/** Whether the profile image is the default */\n\tis_default_image?: boolean | undefined;\n\t/** Whether the nickname is the default */\n\tis_default_nickname?: boolean | undefined;\n}\n\ninterface KakaoAccount {\n\t/** Consent required: profile info (nickname/profile image) */\n\tprofile_needs_agreement?: boolean | undefined;\n\t/** Consent required: nickname */\n\tprofile_nickname_needs_agreement?: boolean | undefined;\n\t/** Consent required: profile image */\n\tprofile_image_needs_agreement?: boolean | undefined;\n\t/** Profile info */\n\tprofile?: Profile | undefined;\n\t/** Consent required: name */\n\tname_needs_agreement?: boolean | undefined;\n\t/** Name */\n\tname?: string | undefined;\n\t/** Consent required: email */\n\temail_needs_agreement?: boolean | undefined;\n\t/** Email valid */\n\tis_email_valid?: boolean | undefined;\n\t/** Email verified */\n\tis_email_verified?: boolean | undefined;\n\t/** Email */\n\temail?: string | undefined;\n\t/** Consent required: age range */\n\tage_range_needs_agreement?: boolean | undefined;\n\t/** Age range */\n\tage_range?: string | undefined;\n\t/** Consent required: birth year */\n\tbirthyear_needs_agreement?: boolean | undefined;\n\t/** Birth year (YYYY) */\n\tbirthyear?: string | undefined;\n\t/** Consent required: birthday */\n\tbirthday_needs_agreement?: boolean | undefined;\n\t/** Birthday (MMDD) */\n\tbirthday?: string | undefined;\n\t/** Birthday type (SOLAR/LUNAR) */\n\tbirthday_type?: string | undefined;\n\t/** Whether birthday is in a leap month */\n\tis_leap_month?: boolean | undefined;\n\t/** Consent required: gender */\n\tgender_needs_agreement?: boolean | undefined;\n\t/** Gender (male/female) */\n\tgender?: string | undefined;\n\t/** Consent required: phone number */\n\tphone_number_needs_agreement?: boolean | undefined;\n\t/** Phone number */\n\tphone_number?: string | undefined;\n\t/** Consent required: CI */\n\tci_needs_agreement?: boolean | undefined;\n\t/** CI (unique identifier) */\n\tci?: string | undefined;\n\t/** CI authentication time (UTC) */\n\tci_authenticated_at?: string | undefined;\n}\n\nexport interface KakaoProfile {\n\t/** Kakao user ID */\n\tid: number;\n\t/**\n\t * Whether the user has signed up (only present if auto-connection is disabled)\n\t * false: preregistered, true: registered\n\t */\n\thas_signed_up?: boolean | undefined;\n\t/** UTC datetime when the user connected the service */\n\tconnected_at?: string | undefined;\n\t/** UTC datetime when the user signed up via Kakao Sync */\n\tsynched_at?: string | undefined;\n\t/** Custom user properties */\n\tproperties?: Record<string, any> | undefined;\n\t/** Kakao account info */\n\tkakao_account: KakaoAccount;\n\t/** Partner info */\n\tfor_partner?: Partner | undefined;\n}\n\nexport interface KakaoOptions extends ProviderOptions<KakaoProfile> {\n\tclientId: string;\n}\n\nexport const kakao = (options: KakaoOptions) => {\n\tconst tokenEndpoint = \"https://kauth.kakao.com/oauth/token\";\n\treturn {\n\t\tid: \"kakao\",\n\t\tname: \"Kakao\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"account_email\", \"profile_image\", \"profile_nickname\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"kakao\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://kauth.kakao.com/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<KakaoProfile>(\n\t\t\t\t\"https://kapi.kakao.com/v2/user/me\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !profile) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\tconst account = profile.kakao_account || {};\n\t\t\tconst kakaoProfile = account.profile || {};\n\t\t\tconst user = {\n\t\t\t\tid: String(profile.id),\n\t\t\t\tname: kakaoProfile.nickname || account.name || \"\",\n\t\t\t\temail: account.email,\n\t\t\t\timage:\n\t\t\t\t\tkakaoProfile.profile_image_url || kakaoProfile.thumbnail_image_url,\n\t\t\t\temailVerified: !!account.is_email_valid && !!account.is_email_verified,\n\t\t\t\t...userMap,\n\t\t\t};\n\t\t\treturn {\n\t\t\t\tuser,\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<KakaoProfile>;\n};\n"],"mappings":";;;;;;AAuGA,MAAa,SAAS,YAA0B;CAC/C,MAAM,gBAAgB;AACtB,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,eAAe;GACtD,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAiB;IAAiB;IAAmB;AACzD,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD;IACA,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,qCACA,EACC,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B,EACD,CACD;AACD,OAAI,SAAS,CAAC,QACb,QAAO;GAER,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;GACzD,MAAM,UAAU,QAAQ,iBAAiB,EAAE;GAC3C,MAAM,eAAe,QAAQ,WAAW,EAAE;AAU1C,UAAO;IACN,MAVY;KACZ,IAAI,OAAO,QAAQ,GAAG;KACtB,MAAM,aAAa,YAAY,QAAQ,QAAQ;KAC/C,OAAO,QAAQ;KACf,OACC,aAAa,qBAAqB,aAAa;KAChD,eAAe,CAAC,CAAC,QAAQ,kBAAkB,CAAC,CAAC,QAAQ;KACrD,GAAG;KACH;IAGA,MAAM;IACN;;EAEF;EACA"}

package/dist/social-providers/kick.d.mts

@@ -1,6 +1,4 @@
 import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-import "../oauth2/index.mjs";
-
 //#region src/social-providers/kick.d.ts
 interface KickProfile {
   /**

package/dist/social-providers/kick.mjs

@@ -3,7 +3,6 @@ import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import "../oauth2/index.mjs";
 import { betterFetch } from "@better-fetch/fetch";
-
 //#region src/social-providers/kick.ts
 const kick = (options) => {
 	return {
@@ -66,7 +65,7 @@ const kick = (options) => {
 		options
 	};
 };
-
 //#endregion
 export { kick };
+
 //# sourceMappingURL=kick.mjs.map

package/dist/social-providers/kick.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"kick.mjs","names":[],"sources":["../../src/social-providers/kick.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface KickProfile {\n\t/**\n\t * The user id of the user\n\t */\n\tuser_id: string;\n\t/**\n\t * The name of the user\n\t */\n\tname: string;\n\t/**\n\t * The email of the user\n\t */\n\temail: string;\n\t/**\n\t * The picture of the user\n\t */\n\tprofile_picture: string;\n}\n\nexport interface KickOptions extends ProviderOptions<KickProfile> {\n\tclientId: string;\n}\n\nexport const kick = (options: KickOptions) => {\n\treturn {\n\t\tid: \"kick\",\n\t\tname: \"Kick\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"user:read\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"kick\",\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://id.kick.com/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t});\n\t\t},\n\t\tasync validateAuthorizationCode({ code, redirectURI, codeVerifier }) {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://id.kick.com/oauth/token\",\n\t\t\t\tcodeVerifier,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://id.kick.com/oauth/token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst { data, error } = await betterFetch<{\n\t\t\t\tdata: KickProfile[];\n\t\t\t}>(\"https://api.kick.com/public/v1/users\", {\n\t\t\t\tmethod: \"GET\",\n\t\t\t\theaders: {\n\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst profile = data.data[0]!;\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\t// Kick does not provide email_verified claim.\n\t\t\t// We default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.user_id,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.profile_picture,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<KickProfile>;\n};\n"],"mappings":";;;;;;;AA+BA,MAAa,QAAQ,YAAyB;AAC7C,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,aAAa,gBAAgB;GACpE,MAAM,UAAU,QAAQ,sBAAsB,EAAE,GAAG,CAAC,YAAY;AAChE,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AAEnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA,CAAC;;EAEH,MAAM,0BAA0B,EAAE,MAAM,aAAa,gBAAgB;AACpE,UAAO,0BAA0B;IAChC;IACA;IACA;IACA,eAAe;IACf;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,cAAc,QAAQ;KACtB;IACD,eAAe;IACf,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAGlC,MAAM,EAAE,MAAM,UAAU,MAAM,YAE3B,wCAAwC;IAC1C,QAAQ;IACR,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B;IACD,CAAC;AAEF,OAAI,MACH,QAAO;GAGR,MAAM,UAAU,KAAK,KAAK;GAE1B,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;AAGzD,UAAO;IACN,MAAM;KACL,IAAI,QAAQ;KACZ,MAAM,QAAQ;KACd,OAAO,QAAQ;KACf,OAAO,QAAQ;KACf,eAAe;KACf,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}
+{"version":3,"file":"kick.mjs","names":[],"sources":["../../src/social-providers/kick.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface KickProfile {\n\t/**\n\t * The user id of the user\n\t */\n\tuser_id: string;\n\t/**\n\t * The name of the user\n\t */\n\tname: string;\n\t/**\n\t * The email of the user\n\t */\n\temail: string;\n\t/**\n\t * The picture of the user\n\t */\n\tprofile_picture: string;\n}\n\nexport interface KickOptions extends ProviderOptions<KickProfile> {\n\tclientId: string;\n}\n\nexport const kick = (options: KickOptions) => {\n\treturn {\n\t\tid: \"kick\",\n\t\tname: \"Kick\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"user:read\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"kick\",\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://id.kick.com/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t});\n\t\t},\n\t\tasync validateAuthorizationCode({ code, redirectURI, codeVerifier }) {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://id.kick.com/oauth/token\",\n\t\t\t\tcodeVerifier,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://id.kick.com/oauth/token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst { data, error } = await betterFetch<{\n\t\t\t\tdata: KickProfile[];\n\t\t\t}>(\"https://api.kick.com/public/v1/users\", {\n\t\t\t\tmethod: \"GET\",\n\t\t\t\theaders: {\n\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst profile = data.data[0]!;\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\t// Kick does not provide email_verified claim.\n\t\t\t// We default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.user_id,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.profile_picture,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<KickProfile>;\n};\n"],"mappings":";;;;;;AA+BA,MAAa,QAAQ,YAAyB;AAC7C,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,aAAa,gBAAgB;GACpE,MAAM,UAAU,QAAQ,sBAAsB,EAAE,GAAG,CAAC,YAAY;AAChE,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AAEnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA,CAAC;;EAEH,MAAM,0BAA0B,EAAE,MAAM,aAAa,gBAAgB;AACpE,UAAO,0BAA0B;IAChC;IACA;IACA;IACA,eAAe;IACf;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,cAAc,QAAQ;KACtB;IACD,eAAe;IACf,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAGlC,MAAM,EAAE,MAAM,UAAU,MAAM,YAE3B,wCAAwC;IAC1C,QAAQ;IACR,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B;IACD,CAAC;AAEF,OAAI,MACH,QAAO;GAGR,MAAM,UAAU,KAAK,KAAK;GAE1B,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;AAGzD,UAAO;IACN,MAAM;KACL,IAAI,QAAQ;KACZ,MAAM,QAAQ;KACd,OAAO,QAAQ;KACf,OAAO,QAAQ;KACf,eAAe;KACf,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}

package/dist/social-providers/line.d.mts

@@ -1,6 +1,4 @@
 import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-import "../oauth2/index.mjs";
-
 //#region src/social-providers/line.d.ts
 interface LineIdTokenPayload {
   iss: string;

package/dist/social-providers/line.mjs

@@ -4,7 +4,6 @@ import { validateAuthorizationCode } from "../oauth2/validate-authorization-code
 import "../oauth2/index.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 import { decodeJwt } from "jose";
-
 //#region src/social-providers/line.ts
 /**
 * LINE Login v2.1
@@ -108,7 +107,7 @@ const line = (options) => {
 		options
 	};
 };
-
 //#endregion
 export { line };
+
 //# sourceMappingURL=line.mjs.map

package/dist/social-providers/line.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"line.mjs","names":[],"sources":["../../src/social-providers/line.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { decodeJwt } from \"jose\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface LineIdTokenPayload {\n\tiss: string;\n\tsub: string;\n\taud: string;\n\texp: number;\n\tiat: number;\n\tname?: string | undefined;\n\tpicture?: string | undefined;\n\temail?: string | undefined;\n\tamr?: string[] | undefined;\n\tnonce?: string | undefined;\n}\n\nexport interface LineUserInfo {\n\tsub: string;\n\tname?: string | undefined;\n\tpicture?: string | undefined;\n\temail?: string | undefined;\n}\n\nexport interface LineOptions\n\textends ProviderOptions<LineUserInfo | LineIdTokenPayload> {\n\tclientId: string;\n}\n\n/**\n * LINE Login v2.1\n * - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize\n * - Token endpoint: https://api.line.me/oauth2/v2.1/token\n * - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo\n * - Verify ID token: https://api.line.me/oauth2/v2.1/verify\n *\n * Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token\n */\nexport const line = (options: LineOptions) => {\n\tconst authorizationEndpoint = \"https://access.line.me/oauth2/v2.1/authorize\";\n\tconst tokenEndpoint = \"https://api.line.me/oauth2/v2.1/token\";\n\tconst userInfoEndpoint = \"https://api.line.me/oauth2/v2.1/userinfo\";\n\tconst verifyIdTokenEndpoint = \"https://api.line.me/oauth2/v2.1/verify\";\n\n\treturn {\n\t\tid: \"line\",\n\t\tname: \"LINE\",\n\t\tasync createAuthorizationURL({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tcodeVerifier,\n\t\t\tredirectURI,\n\t\t\tloginHint,\n\t\t}) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: \"line\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tloginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\t\t\tconst body = new URLSearchParams();\n\t\t\tbody.set(\"id_token\", token);\n\t\t\tbody.set(\"client_id\", options.clientId);\n\t\t\tif (nonce) body.set(\"nonce\", nonce);\n\t\t\tconst { data, error } = await betterFetch<LineIdTokenPayload>(\n\t\t\t\tverifyIdTokenEndpoint,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t\"content-type\": \"application/x-www-form-urlencoded\",\n\t\t\t\t\t},\n\t\t\t\t\tbody,\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !data) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\t// aud must match clientId; nonce (if provided) must also match nonce\n\t\t\tif (data.aud !== options.clientId) return false;\n\t\t\tif (data.nonce && data.nonce !== nonce) return false;\n\t\t\treturn true;\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tlet profile: LineUserInfo | LineIdTokenPayload | null = null;\n\t\t\t// Prefer ID token if available\n\t\t\tif (token.idToken) {\n\t\t\t\ttry {\n\t\t\t\t\tprofile = decodeJwt(token.idToken) as LineIdTokenPayload;\n\t\t\t\t} catch {}\n\t\t\t}\n\t\t\t// Fallback to UserInfo endpoint\n\t\t\tif (!profile) {\n\t\t\t\tconst { data } = await betterFetch<LineUserInfo>(userInfoEndpoint, {\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tprofile = data || null;\n\t\t\t}\n\t\t\tif (!profile) return null;\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile as any);\n\t\t\t// ID preference order\n\t\t\tconst id = (profile as any).sub || (profile as any).userId;\n\t\t\tconst name = (profile as any).name || (profile as any).displayName || \"\";\n\t\t\tconst image =\n\t\t\t\t(profile as any).picture || (profile as any).pictureUrl || undefined;\n\t\t\tconst email = (profile as any).email;\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid,\n\t\t\t\t\tname,\n\t\t\t\t\temail,\n\t\t\t\t\timage,\n\t\t\t\t\t// LINE does not expose email verification status in ID token/userinfo\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile as any,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<LineUserInfo | LineIdTokenPayload, LineOptions>;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AA2CA,MAAa,QAAQ,YAAyB;CAC7C,MAAM,wBAAwB;CAC9B,MAAM,gBAAgB;CACtB,MAAM,mBAAmB;CACzB,MAAM,wBAAwB;AAE9B,QAAO;EACN,IAAI;EACJ,MAAM;EACN,MAAM,uBAAuB,EAC5B,OACA,QACA,cACA,aACA,aACE;GACF,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAU;IAAW;IAAQ;AACjC,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,MAAM,uBAAuB;IACnC,IAAI;IACJ;IACA;IACA,QAAQ;IACR;IACA;IACA;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,cAAc,kBAAkB;AACzE,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,cAAc,QAAQ;KACtB;IACD;IACA,CAAC;;EAEL,MAAM,cAAc,OAAO,OAAO;AACjC,OAAI,QAAQ,qBACX,QAAO;AAER,OAAI,QAAQ,cACX,QAAO,QAAQ,cAAc,OAAO,MAAM;GAE3C,MAAM,OAAO,IAAI,iBAAiB;AAClC,QAAK,IAAI,YAAY,MAAM;AAC3B,QAAK,IAAI,aAAa,QAAQ,SAAS;AACvC,OAAI,MAAO,MAAK,IAAI,SAAS,MAAM;GACnC,MAAM,EAAE,MAAM,UAAU,MAAM,YAC7B,uBACA;IACC,QAAQ;IACR,SAAS,EACR,gBAAgB,qCAChB;IACD;IACA,CACD;AACD,OAAI,SAAS,CAAC,KACb,QAAO;AAGR,OAAI,KAAK,QAAQ,QAAQ,SAAU,QAAO;AAC1C,OAAI,KAAK,SAAS,KAAK,UAAU,MAAO,QAAO;AAC/C,UAAO;;EAER,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,IAAI,UAAoD;AAExD,OAAI,MAAM,QACT,KAAI;AACH,cAAU,UAAU,MAAM,QAAQ;WAC3B;AAGT,OAAI,CAAC,SAAS;IACb,MAAM,EAAE,SAAS,MAAM,YAA0B,kBAAkB,EAClE,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B,EACD,CAAC;AACF,cAAU,QAAQ;;AAEnB,OAAI,CAAC,QAAS,QAAO;GACrB,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAe;GAEhE,MAAM,KAAM,QAAgB,OAAQ,QAAgB;GACpD,MAAM,OAAQ,QAAgB,QAAS,QAAgB,eAAe;GACtE,MAAM,QACJ,QAAgB,WAAY,QAAgB,cAAc;AAE5D,UAAO;IACN,MAAM;KACL;KACA;KACA,OALa,QAAgB;KAM7B;KAEA,eAAe;KACf,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}
+{"version":3,"file":"line.mjs","names":[],"sources":["../../src/social-providers/line.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { decodeJwt } from \"jose\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface LineIdTokenPayload {\n\tiss: string;\n\tsub: string;\n\taud: string;\n\texp: number;\n\tiat: number;\n\tname?: string | undefined;\n\tpicture?: string | undefined;\n\temail?: string | undefined;\n\tamr?: string[] | undefined;\n\tnonce?: string | undefined;\n}\n\nexport interface LineUserInfo {\n\tsub: string;\n\tname?: string | undefined;\n\tpicture?: string | undefined;\n\temail?: string | undefined;\n}\n\nexport interface LineOptions\n\textends ProviderOptions<LineUserInfo | LineIdTokenPayload> {\n\tclientId: string;\n}\n\n/**\n * LINE Login v2.1\n * - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize\n * - Token endpoint: https://api.line.me/oauth2/v2.1/token\n * - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo\n * - Verify ID token: https://api.line.me/oauth2/v2.1/verify\n *\n * Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token\n */\nexport const line = (options: LineOptions) => {\n\tconst authorizationEndpoint = \"https://access.line.me/oauth2/v2.1/authorize\";\n\tconst tokenEndpoint = \"https://api.line.me/oauth2/v2.1/token\";\n\tconst userInfoEndpoint = \"https://api.line.me/oauth2/v2.1/userinfo\";\n\tconst verifyIdTokenEndpoint = \"https://api.line.me/oauth2/v2.1/verify\";\n\n\treturn {\n\t\tid: \"line\",\n\t\tname: \"LINE\",\n\t\tasync createAuthorizationURL({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tcodeVerifier,\n\t\t\tredirectURI,\n\t\t\tloginHint,\n\t\t}) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: \"line\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tloginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\t\t\tconst body = new URLSearchParams();\n\t\t\tbody.set(\"id_token\", token);\n\t\t\tbody.set(\"client_id\", options.clientId);\n\t\t\tif (nonce) body.set(\"nonce\", nonce);\n\t\t\tconst { data, error } = await betterFetch<LineIdTokenPayload>(\n\t\t\t\tverifyIdTokenEndpoint,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t\"content-type\": \"application/x-www-form-urlencoded\",\n\t\t\t\t\t},\n\t\t\t\t\tbody,\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !data) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\t// aud must match clientId; nonce (if provided) must also match nonce\n\t\t\tif (data.aud !== options.clientId) return false;\n\t\t\tif (data.nonce && data.nonce !== nonce) return false;\n\t\t\treturn true;\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tlet profile: LineUserInfo | LineIdTokenPayload | null = null;\n\t\t\t// Prefer ID token if available\n\t\t\tif (token.idToken) {\n\t\t\t\ttry {\n\t\t\t\t\tprofile = decodeJwt(token.idToken) as LineIdTokenPayload;\n\t\t\t\t} catch {}\n\t\t\t}\n\t\t\t// Fallback to UserInfo endpoint\n\t\t\tif (!profile) {\n\t\t\t\tconst { data } = await betterFetch<LineUserInfo>(userInfoEndpoint, {\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tprofile = data || null;\n\t\t\t}\n\t\t\tif (!profile) return null;\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile as any);\n\t\t\t// ID preference order\n\t\t\tconst id = (profile as any).sub || (profile as any).userId;\n\t\t\tconst name = (profile as any).name || (profile as any).displayName || \"\";\n\t\t\tconst image =\n\t\t\t\t(profile as any).picture || (profile as any).pictureUrl || undefined;\n\t\t\tconst email = (profile as any).email;\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid,\n\t\t\t\t\tname,\n\t\t\t\t\temail,\n\t\t\t\t\timage,\n\t\t\t\t\t// LINE does not expose email verification status in ID token/userinfo\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile as any,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<LineUserInfo | LineIdTokenPayload, LineOptions>;\n};\n"],"mappings":";;;;;;;;;;;;;;;;AA2CA,MAAa,QAAQ,YAAyB;CAC7C,MAAM,wBAAwB;CAC9B,MAAM,gBAAgB;CACtB,MAAM,mBAAmB;CACzB,MAAM,wBAAwB;AAE9B,QAAO;EACN,IAAI;EACJ,MAAM;EACN,MAAM,uBAAuB,EAC5B,OACA,QACA,cACA,aACA,aACE;GACF,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAU;IAAW;IAAQ;AACjC,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,MAAM,uBAAuB;IACnC,IAAI;IACJ;IACA;IACA,QAAQ;IACR;IACA;IACA;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,cAAc,kBAAkB;AACzE,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,cAAc,QAAQ;KACtB;IACD;IACA,CAAC;;EAEL,MAAM,cAAc,OAAO,OAAO;AACjC,OAAI,QAAQ,qBACX,QAAO;AAER,OAAI,QAAQ,cACX,QAAO,QAAQ,cAAc,OAAO,MAAM;GAE3C,MAAM,OAAO,IAAI,iBAAiB;AAClC,QAAK,IAAI,YAAY,MAAM;AAC3B,QAAK,IAAI,aAAa,QAAQ,SAAS;AACvC,OAAI,MAAO,MAAK,IAAI,SAAS,MAAM;GACnC,MAAM,EAAE,MAAM,UAAU,MAAM,YAC7B,uBACA;IACC,QAAQ;IACR,SAAS,EACR,gBAAgB,qCAChB;IACD;IACA,CACD;AACD,OAAI,SAAS,CAAC,KACb,QAAO;AAGR,OAAI,KAAK,QAAQ,QAAQ,SAAU,QAAO;AAC1C,OAAI,KAAK,SAAS,KAAK,UAAU,MAAO,QAAO;AAC/C,UAAO;;EAER,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,IAAI,UAAoD;AAExD,OAAI,MAAM,QACT,KAAI;AACH,cAAU,UAAU,MAAM,QAAQ;WAC3B;AAGT,OAAI,CAAC,SAAS;IACb,MAAM,EAAE,SAAS,MAAM,YAA0B,kBAAkB,EAClE,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B,EACD,CAAC;AACF,cAAU,QAAQ;;AAEnB,OAAI,CAAC,QAAS,QAAO;GACrB,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAe;GAEhE,MAAM,KAAM,QAAgB,OAAQ,QAAgB;GACpD,MAAM,OAAQ,QAAgB,QAAS,QAAgB,eAAe;GACtE,MAAM,QACJ,QAAgB,WAAY,QAAgB,cAAc,KAAA;AAE5D,UAAO;IACN,MAAM;KACL;KACA;KACA,OALa,QAAgB;KAM7B;KAEA,eAAe;KACf,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}

package/dist/social-providers/linear.d.mts

@@ -1,6 +1,4 @@
 import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-import "../oauth2/index.mjs";
-
 //#region src/social-providers/linear.d.ts
 interface LinearUser {
   id: string;

package/dist/social-providers/linear.mjs

@@ -3,7 +3,6 @@ import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import "../oauth2/index.mjs";
 import { betterFetch } from "@better-fetch/fetch";
-
 //#region src/social-providers/linear.ts
 const linear = (options) => {
 	const tokenEndpoint = "https://api.linear.app/oauth/token";
@@ -83,7 +82,7 @@ const linear = (options) => {
 		options
 	};
 };
-
 //#endregion
 export { linear };
+
 //# sourceMappingURL=linear.mjs.map

package/dist/social-providers/linear.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"linear.mjs","names":[],"sources":["../../src/social-providers/linear.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface LinearUser {\n\tid: string;\n\tname: string;\n\temail: string;\n\tavatarUrl?: string | undefined;\n\tactive: boolean;\n\tcreatedAt: string;\n\tupdatedAt: string;\n}\n\nexport interface LinearProfile {\n\tdata: {\n\t\tviewer: LinearUser;\n\t};\n}\n\nexport interface LinearOptions extends ProviderOptions<LinearUser> {\n\tclientId: string;\n}\n\nexport const linear = (options: LinearOptions) => {\n\tconst tokenEndpoint = \"https://api.linear.app/oauth/token\";\n\treturn {\n\t\tid: \"linear\",\n\t\tname: \"Linear\",\n\t\tcreateAuthorizationURL({ state, scopes, loginHint, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"read\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"linear\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://linear.app/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tloginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst { data: profile, error } = await betterFetch<LinearProfile>(\n\t\t\t\t\"https://api.linear.app/graphql\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t\"Content-Type\": \"application/json\",\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t\tbody: JSON.stringify({\n\t\t\t\t\t\tquery: `\n\t\t\t\t\t\t\tquery {\n\t\t\t\t\t\t\t\tviewer {\n\t\t\t\t\t\t\t\t\tid\n\t\t\t\t\t\t\t\t\tname\n\t\t\t\t\t\t\t\t\temail\n\t\t\t\t\t\t\t\t\tavatarUrl\n\t\t\t\t\t\t\t\t\tactive\n\t\t\t\t\t\t\t\t\tcreatedAt\n\t\t\t\t\t\t\t\t\tupdatedAt\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t`,\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !profile?.data?.viewer) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userData = profile.data.viewer;\n\t\t\tconst userMap = await options.mapProfileToUser?.(userData);\n\t\t\t// Linear does not provide email_verified claim.\n\t\t\t// We default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.data.viewer.id,\n\t\t\t\t\tname: profile.data.viewer.name,\n\t\t\t\t\temail: profile.data.viewer.email,\n\t\t\t\t\timage: profile.data.viewer.avatarUrl,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: userData,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<LinearUser>;\n};\n"],"mappings":";;;;;;;AA4BA,MAAa,UAAU,YAA2B;CACjD,MAAM,gBAAgB;AACtB,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,WAAW,eAAe;GACjE,MAAM,UAAU,QAAQ,sBAAsB,EAAE,GAAG,CAAC,OAAO;AAC3D,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD;IACA,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAGlC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,kCACA;IACC,QAAQ;IACR,SAAS;KACR,gBAAgB;KAChB,eAAe,UAAU,MAAM;KAC/B;IACD,MAAM,KAAK,UAAU,EACpB,OAAO;;;;;;;;;;;;SAaP,CAAC;IACF,CACD;AACD,OAAI,SAAS,CAAC,SAAS,MAAM,OAC5B,QAAO;GAGR,MAAM,WAAW,QAAQ,KAAK;GAC9B,MAAM,UAAU,MAAM,QAAQ,mBAAmB,SAAS;AAG1D,UAAO;IACN,MAAM;KACL,IAAI,QAAQ,KAAK,OAAO;KACxB,MAAM,QAAQ,KAAK,OAAO;KAC1B,OAAO,QAAQ,KAAK,OAAO;KAC3B,OAAO,QAAQ,KAAK,OAAO;KAC3B,eAAe;KACf,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}
+{"version":3,"file":"linear.mjs","names":[],"sources":["../../src/social-providers/linear.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface LinearUser {\n\tid: string;\n\tname: string;\n\temail: string;\n\tavatarUrl?: string | undefined;\n\tactive: boolean;\n\tcreatedAt: string;\n\tupdatedAt: string;\n}\n\nexport interface LinearProfile {\n\tdata: {\n\t\tviewer: LinearUser;\n\t};\n}\n\nexport interface LinearOptions extends ProviderOptions<LinearUser> {\n\tclientId: string;\n}\n\nexport const linear = (options: LinearOptions) => {\n\tconst tokenEndpoint = \"https://api.linear.app/oauth/token\";\n\treturn {\n\t\tid: \"linear\",\n\t\tname: \"Linear\",\n\t\tcreateAuthorizationURL({ state, scopes, loginHint, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"read\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"linear\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://linear.app/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tloginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst { data: profile, error } = await betterFetch<LinearProfile>(\n\t\t\t\t\"https://api.linear.app/graphql\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t\"Content-Type\": \"application/json\",\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t\tbody: JSON.stringify({\n\t\t\t\t\t\tquery: `\n\t\t\t\t\t\t\tquery {\n\t\t\t\t\t\t\t\tviewer {\n\t\t\t\t\t\t\t\t\tid\n\t\t\t\t\t\t\t\t\tname\n\t\t\t\t\t\t\t\t\temail\n\t\t\t\t\t\t\t\t\tavatarUrl\n\t\t\t\t\t\t\t\t\tactive\n\t\t\t\t\t\t\t\t\tcreatedAt\n\t\t\t\t\t\t\t\t\tupdatedAt\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t`,\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !profile?.data?.viewer) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userData = profile.data.viewer;\n\t\t\tconst userMap = await options.mapProfileToUser?.(userData);\n\t\t\t// Linear does not provide email_verified claim.\n\t\t\t// We default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.data.viewer.id,\n\t\t\t\t\tname: profile.data.viewer.name,\n\t\t\t\t\temail: profile.data.viewer.email,\n\t\t\t\t\timage: profile.data.viewer.avatarUrl,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: userData,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<LinearUser>;\n};\n"],"mappings":";;;;;;AA4BA,MAAa,UAAU,YAA2B;CACjD,MAAM,gBAAgB;AACtB,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,WAAW,eAAe;GACjE,MAAM,UAAU,QAAQ,sBAAsB,EAAE,GAAG,CAAC,OAAO;AAC3D,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD;IACA,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAGlC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,kCACA;IACC,QAAQ;IACR,SAAS;KACR,gBAAgB;KAChB,eAAe,UAAU,MAAM;KAC/B;IACD,MAAM,KAAK,UAAU,EACpB,OAAO;;;;;;;;;;;;SAaP,CAAC;IACF,CACD;AACD,OAAI,SAAS,CAAC,SAAS,MAAM,OAC5B,QAAO;GAGR,MAAM,WAAW,QAAQ,KAAK;GAC9B,MAAM,UAAU,MAAM,QAAQ,mBAAmB,SAAS;AAG1D,UAAO;IACN,MAAM;KACL,IAAI,QAAQ,KAAK,OAAO;KACxB,MAAM,QAAQ,KAAK,OAAO;KAC1B,OAAO,QAAQ,KAAK,OAAO;KAC3B,OAAO,QAAQ,KAAK,OAAO;KAC3B,eAAe;KACf,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}

package/dist/social-providers/linkedin.d.mts

@@ -1,6 +1,4 @@
 import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-import "../oauth2/index.mjs";
-
 //#region src/social-providers/linkedin.d.ts
 interface LinkedInProfile {
   sub: string;

package/dist/social-providers/linkedin.mjs

@@ -3,7 +3,6 @@ import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import "../oauth2/index.mjs";
 import { betterFetch } from "@better-fetch/fetch";
-
 //#region src/social-providers/linkedin.ts
 const linkedin = (options) => {
 	const authorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
@@ -71,7 +70,7 @@ const linkedin = (options) => {
 		options
 	};
 };
-
 //#endregion
 export { linkedin };
+
 //# sourceMappingURL=linkedin.mjs.map

package/dist/social-providers/linkedin.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"linkedin.mjs","names":[],"sources":["../../src/social-providers/linkedin.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface LinkedInProfile {\n\tsub: string;\n\tname: string;\n\tgiven_name: string;\n\tfamily_name: string;\n\tpicture: string;\n\tlocale: {\n\t\tcountry: string;\n\t\tlanguage: string;\n\t};\n\temail: string;\n\temail_verified: boolean;\n}\n\nexport interface LinkedInOptions extends ProviderOptions<LinkedInProfile> {\n\tclientId: string;\n}\n\nexport const linkedin = (options: LinkedInOptions) => {\n\tconst authorizationEndpoint =\n\t\t\"https://www.linkedin.com/oauth/v2/authorization\";\n\tconst tokenEndpoint = \"https://www.linkedin.com/oauth/v2/accessToken\";\n\n\treturn {\n\t\tid: \"linkedin\",\n\t\tname: \"Linkedin\",\n\t\tcreateAuthorizationURL: async ({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tredirectURI,\n\t\t\tloginHint,\n\t\t}) => {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"profile\", \"email\", \"openid\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: \"linkedin\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tloginHint,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn await validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<LinkedInProfile>(\n\t\t\t\t\"https://api.linkedin.com/v2/userinfo\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.email_verified || false,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<LinkedInProfile>;\n};\n"],"mappings":";;;;;;;AA0BA,MAAa,YAAY,YAA6B;CACrD,MAAM,wBACL;CACD,MAAM,gBAAgB;AAEtB,QAAO;EACN,IAAI;EACJ,MAAM;EACN,wBAAwB,OAAO,EAC9B,OACA,QACA,aACA,gBACK;GACL,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAW;IAAS;IAAS;AACjC,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,MAAM,uBAAuB;IACnC,IAAI;IACJ;IACA;IACA,QAAQ;IACR;IACA;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,MAAM,0BAA0B;IACtC;IACA;IACA;IACA;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD;IACA,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,wCACA;IACC,QAAQ;IACR,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B;IACD,CACD;AAED,OAAI,MACH,QAAO;GAGR,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;AACzD,UAAO;IACN,MAAM;KACL,IAAI,QAAQ;KACZ,MAAM,QAAQ;KACd,OAAO,QAAQ;KACf,eAAe,QAAQ,kBAAkB;KACzC,OAAO,QAAQ;KACf,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}
+{"version":3,"file":"linkedin.mjs","names":[],"sources":["../../src/social-providers/linkedin.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface LinkedInProfile {\n\tsub: string;\n\tname: string;\n\tgiven_name: string;\n\tfamily_name: string;\n\tpicture: string;\n\tlocale: {\n\t\tcountry: string;\n\t\tlanguage: string;\n\t};\n\temail: string;\n\temail_verified: boolean;\n}\n\nexport interface LinkedInOptions extends ProviderOptions<LinkedInProfile> {\n\tclientId: string;\n}\n\nexport const linkedin = (options: LinkedInOptions) => {\n\tconst authorizationEndpoint =\n\t\t\"https://www.linkedin.com/oauth/v2/authorization\";\n\tconst tokenEndpoint = \"https://www.linkedin.com/oauth/v2/accessToken\";\n\n\treturn {\n\t\tid: \"linkedin\",\n\t\tname: \"Linkedin\",\n\t\tcreateAuthorizationURL: async ({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tredirectURI,\n\t\t\tloginHint,\n\t\t}) => {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"profile\", \"email\", \"openid\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: \"linkedin\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tloginHint,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn await validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<LinkedInProfile>(\n\t\t\t\t\"https://api.linkedin.com/v2/userinfo\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.email_verified || false,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<LinkedInProfile>;\n};\n"],"mappings":";;;;;;AA0BA,MAAa,YAAY,YAA6B;CACrD,MAAM,wBACL;CACD,MAAM,gBAAgB;AAEtB,QAAO;EACN,IAAI;EACJ,MAAM;EACN,wBAAwB,OAAO,EAC9B,OACA,QACA,aACA,gBACK;GACL,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAW;IAAS;IAAS;AACjC,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,MAAM,uBAAuB;IACnC,IAAI;IACJ;IACA;IACA,QAAQ;IACR;IACA;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,MAAM,0BAA0B;IACtC;IACA;IACA;IACA;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD;IACA,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,wCACA;IACC,QAAQ;IACR,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B;IACD,CACD;AAED,OAAI,MACH,QAAO;GAGR,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;AACzD,UAAO;IACN,MAAM;KACL,IAAI,QAAQ;KACZ,MAAM,QAAQ;KACd,OAAO,QAAQ;KACf,eAAe,QAAQ,kBAAkB;KACzC,OAAO,QAAQ;KACf,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}

package/dist/social-providers/microsoft-entra-id.d.mts

@@ -1,6 +1,4 @@
 import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-import "../oauth2/index.mjs";
-
 //#region src/social-providers/microsoft-entra-id.d.ts
 /**
  * @see [Microsoft Identity Platform - Optional claims reference](https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims-reference)

package/dist/social-providers/microsoft-entra-id.mjs

@@ -8,7 +8,6 @@ import "../oauth2/index.mjs";
 import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
 import { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
-
 //#region src/social-providers/microsoft-entra-id.ts
 const microsoft = (options) => {
 	const tenant = options.tenantId || "common";
@@ -134,7 +133,7 @@ const getMicrosoftPublicKey = async (kid, tenant, authority) => {
 	if (!jwk) throw new Error(`JWK with kid ${kid} not found`);
 	return await importJWK(jwk, jwk.alg);
 };
-
 //#endregion
 export { getMicrosoftPublicKey, microsoft };
+
 //# sourceMappingURL=microsoft-entra-id.mjs.map

package/dist/social-providers/microsoft-entra-id.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"microsoft-entra-id.mjs","names":[],"sources":["../../src/social-providers/microsoft-entra-id.ts"],"sourcesContent":["import { base64 } from \"@better-auth/utils/base64\";\nimport { betterFetch } from \"@better-fetch/fetch\";\nimport { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from \"jose\";\nimport { logger } from \"../env\";\nimport { APIError } from \"../error\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\n/**\n * @see [Microsoft Identity Platform - Optional claims reference](https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims-reference)\n */\nexport interface MicrosoftEntraIDProfile extends Record<string, any> {\n\t/** Identifies the intended recipient of the token */\n\taud: string;\n\t/** Identifies the issuer, or \"authorization server\" that constructs and returns the token */\n\tiss: string;\n\t/** Indicates when the authentication for the token occurred */\n\tiat: Date;\n\t/** Records the identity provider that authenticated the subject of the token */\n\tidp: string;\n\t/** Identifies the time before which the JWT can't be accepted for processing */\n\tnbf: Date;\n\t/** Identifies the expiration time on or after which the JWT can't be accepted for processing */\n\texp: Date;\n\t/** Code hash included in ID tokens when issued with an OAuth 2.0 authorization code */\n\tc_hash: string;\n\t/** Access token hash included in ID tokens when issued with an OAuth 2.0 access token */\n\tat_hash: string;\n\t/** Internal claim used to record data for token reuse */\n\taio: string;\n\t/** The primary username that represents the user */\n\tpreferred_username: string;\n\t/** User's email address */\n\temail: string;\n\t/** Human-readable value that identifies the subject of the token */\n\tname: string;\n\t/** Matches the parameter included in the original authorize request */\n\tnonce: string;\n\t/** User's profile picture */\n\tpicture: string;\n\t/** Immutable identifier for the user account */\n\toid: string;\n\t/** Set of roles assigned to the user */\n\troles: string[];\n\t/** Internal claim used to revalidate tokens */\n\trh: string;\n\t/** Subject identifier - unique to application ID */\n\tsub: string;\n\t/** Tenant ID the user is signing in to */\n\ttid: string;\n\t/** Unique identifier for a session */\n\tsid: string;\n\t/** Token identifier claim */\n\tuti: string;\n\t/** Indicates if user is in at least one group */\n\thasgroups: boolean;\n\t/** User account status in tenant (0 = member, 1 = guest) */\n\tacct: 0 | 1;\n\t/** Auth Context IDs */\n\tacrs: string;\n\t/** Time when the user last authenticated */\n\tauth_time: Date;\n\t/** User's country/region */\n\tctry: string;\n\t/** IP address of requesting client when inside VNET */\n\tfwd: string;\n\t/** Group claims */\n\tgroups: string;\n\t/** Login hint for SSO */\n\tlogin_hint: string;\n\t/** Resource tenant's country/region */\n\ttenant_ctry: string;\n\t/** Region of the resource tenant */\n\ttenant_region_scope: string;\n\t/** UserPrincipalName */\n\tupn: string;\n\t/** User's verified primary email addresses */\n\tverified_primary_email: string[];\n\t/** User's verified secondary email addresses */\n\tverified_secondary_email: string[];\n\t/** Whether the user's email is verified (optional claim, must be configured in app registration) */\n\temail_verified?: boolean | undefined;\n\t/** VNET specifier information */\n\tvnet: string;\n\t/** Client Capabilities */\n\txms_cc: string;\n\t/** Whether user's email domain is verified */\n\txms_edov: boolean;\n\t/** Preferred data location for Multi-Geo tenants */\n\txms_pdl: string;\n\t/** User preferred language */\n\txms_pl: string;\n\t/** Tenant preferred language */\n\txms_tpl: string;\n\t/** Zero-touch Deployment ID */\n\tztdid: string;\n\t/** IP Address */\n\tipaddr: string;\n\t/** On-premises Security Identifier */\n\tonprem_sid: string;\n\t/** Password Expiration Time */\n\tpwd_exp: number;\n\t/** Change Password URL */\n\tpwd_url: string;\n\t/** Inside Corporate Network flag */\n\tin_corp: string;\n\t/** User's family name/surname */\n\tfamily_name: string;\n\t/** User's given/first name */\n\tgiven_name: string;\n}\n\nexport interface MicrosoftOptions\n\textends ProviderOptions<MicrosoftEntraIDProfile> {\n\tclientId: string;\n\t/**\n\t * The tenant ID of the Microsoft account\n\t * @default \"common\"\n\t */\n\ttenantId?: string | undefined;\n\t/**\n\t * The authentication authority URL. Use the default \"https://login.microsoftonline.com\" for standard Entra ID or \"https://<tenant-id>.ciamlogin.com\" for CIAM scenarios.\n\t * @default \"https://login.microsoftonline.com\"\n\t */\n\tauthority?: string | undefined;\n\t/**\n\t * The size of the profile photo\n\t * @default 48\n\t */\n\tprofilePhotoSize?:\n\t\t| (48 | 64 | 96 | 120 | 240 | 360 | 432 | 504 | 648)\n\t\t| undefined;\n\t/**\n\t * Disable profile photo\n\t */\n\tdisableProfilePhoto?: boolean | undefined;\n}\n\nexport const microsoft = (options: MicrosoftOptions) => {\n\tconst tenant = options.tenantId || \"common\";\n\tconst authority = options.authority || \"https://login.microsoftonline.com\";\n\tconst authorizationEndpoint = `${authority}/${tenant}/oauth2/v2.0/authorize`;\n\tconst tokenEndpoint = `${authority}/${tenant}/oauth2/v2.0/token`;\n\treturn {\n\t\tid: \"microsoft\",\n\t\tname: \"Microsoft EntraID\",\n\t\tcreateAuthorizationURL(data) {\n\t\t\tconst scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\", \"User.Read\", \"offline_access\"];\n\t\t\tif (options.scope) scopes.push(...options.scope);\n\t\t\tif (data.scopes) scopes.push(...data.scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"microsoft\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tstate: data.state,\n\t\t\t\tcodeVerifier: data.codeVerifier,\n\t\t\t\tscopes,\n\t\t\t\tredirectURI: data.redirectURI,\n\t\t\t\tprompt: options.prompt,\n\t\t\t\tloginHint: data.loginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode({ code, codeVerifier, redirectURI }) {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst { kid, alg: jwtAlg } = decodeProtectedHeader(token);\n\t\t\t\tif (!kid || !jwtAlg) return false;\n\n\t\t\t\tconst publicKey = await getMicrosoftPublicKey(kid, tenant, authority);\n\t\t\t\tconst verifyOptions: {\n\t\t\t\t\talgorithms: [string];\n\t\t\t\t\taudience: string;\n\t\t\t\t\tmaxTokenAge: string;\n\t\t\t\t\tissuer?: string;\n\t\t\t\t} = {\n\t\t\t\t\talgorithms: [jwtAlg],\n\t\t\t\t\taudience: options.clientId,\n\t\t\t\t\tmaxTokenAge: \"1h\",\n\t\t\t\t};\n\t\t\t\t/**\n\t\t\t\t * Issuer varies per user's tenant for multi-tenant endpoints, so only validate for specific tenants.\n\t\t\t\t * @see https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols#endpoints\n\t\t\t\t */\n\t\t\t\tif (\n\t\t\t\t\ttenant !== \"common\" &&\n\t\t\t\t\ttenant !== \"organizations\" &&\n\t\t\t\t\ttenant !== \"consumers\"\n\t\t\t\t) {\n\t\t\t\t\tverifyOptions.issuer = `${authority}/${tenant}/v2.0`;\n\t\t\t\t}\n\t\t\t\tconst { payload: jwtClaims } = await jwtVerify(\n\t\t\t\t\ttoken,\n\t\t\t\t\tpublicKey,\n\t\t\t\t\tverifyOptions,\n\t\t\t\t);\n\n\t\t\t\tif (nonce && jwtClaims.nonce !== nonce) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\n\t\t\t\treturn true;\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to verify ID token:\", error);\n\t\t\t\treturn false;\n\t\t\t}\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tif (!token.idToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst user = decodeJwt(token.idToken) as MicrosoftEntraIDProfile;\n\t\t\tconst profilePhotoSize = options.profilePhotoSize || 48;\n\t\t\tawait betterFetch<ArrayBuffer>(\n\t\t\t\t`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`,\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t\tasync onResponse(context) {\n\t\t\t\t\t\tif (options.disableProfilePhoto || !context.response.ok) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst response = context.response.clone();\n\t\t\t\t\t\t\tconst pictureBuffer = await response.arrayBuffer();\n\t\t\t\t\t\t\tconst pictureBase64 = base64.encode(pictureBuffer);\n\t\t\t\t\t\t\tuser.picture = `data:image/jpeg;base64, ${pictureBase64}`;\n\t\t\t\t\t\t} catch (e) {\n\t\t\t\t\t\t\tlogger.error(\n\t\t\t\t\t\t\t\te && typeof e === \"object\" && \"name\" in e\n\t\t\t\t\t\t\t\t\t? (e.name as string)\n\t\t\t\t\t\t\t\t\t: \"\",\n\t\t\t\t\t\t\t\te,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tconst userMap = await options.mapProfileToUser?.(user);\n\t\t\t// Microsoft Entra ID does NOT include email_verified claim by default.\n\t\t\t// It must be configured as an optional claim in the app registration.\n\t\t\t// We default to false when not provided for security consistency.\n\t\t\t// We can also check verified_primary_email/verified_secondary_email arrays as fallback.\n\t\t\tconst emailVerified =\n\t\t\t\tuser.email_verified !== undefined\n\t\t\t\t\t? user.email_verified\n\t\t\t\t\t: user.email &&\n\t\t\t\t\t\t\t(user.verified_primary_email?.includes(user.email) ||\n\t\t\t\t\t\t\t\tuser.verified_secondary_email?.includes(user.email))\n\t\t\t\t\t\t? true\n\t\t\t\t\t\t: false;\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: user.sub,\n\t\t\t\t\tname: user.name,\n\t\t\t\t\temail: user.email,\n\t\t\t\t\timage: user.picture,\n\t\t\t\t\temailVerified,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: user,\n\t\t\t};\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\tconst scopes = options.disableDefaultScope\n\t\t\t\t\t\t? []\n\t\t\t\t\t\t: [\"openid\", \"profile\", \"email\", \"User.Read\", \"offline_access\"];\n\t\t\t\t\tif (options.scope) scopes.push(...options.scope);\n\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\textraParams: {\n\t\t\t\t\t\t\tscope: scopes.join(\" \"), // Include the scopes in request to microsoft\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider;\n};\n\nexport const getMicrosoftPublicKey = async (\n\tkid: string,\n\ttenant: string,\n\tauthority: string,\n) => {\n\tconst { data } = await betterFetch<{\n\t\tkeys: Array<{\n\t\t\tkid: string;\n\t\t\talg: string;\n\t\t\tkty: string;\n\t\t\tuse: string;\n\t\t\tn: string;\n\t\t\te: string;\n\t\t\tx5c?: string[];\n\t\t\tx5t?: string;\n\t\t}>;\n\t}>(`${authority}/${tenant}/discovery/v2.0/keys`);\n\n\tif (!data?.keys) {\n\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\tmessage: \"Keys not found\",\n\t\t});\n\t}\n\n\tconst jwk = data.keys.find((key) => key.kid === kid);\n\tif (!jwk) {\n\t\tthrow new Error(`JWK with kid ${kid} not found`);\n\t}\n\n\treturn await importJWK(jwk, jwk.alg);\n};\n"],"mappings":";;;;;;;;;;;;AA8IA,MAAa,aAAa,YAA8B;CACvD,MAAM,SAAS,QAAQ,YAAY;CACnC,MAAM,YAAY,QAAQ,aAAa;CACvC,MAAM,wBAAwB,GAAG,UAAU,GAAG,OAAO;CACrD,MAAM,gBAAgB,GAAG,UAAU,GAAG,OAAO;AAC7C,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,MAAM;GAC5B,MAAM,SAAS,QAAQ,sBACpB,EAAE,GACF;IAAC;IAAU;IAAW;IAAS;IAAa;IAAiB;AAChE,OAAI,QAAQ,MAAO,QAAO,KAAK,GAAG,QAAQ,MAAM;AAChD,OAAI,KAAK,OAAQ,QAAO,KAAK,GAAG,KAAK,OAAO;AAC5C,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA;IACA,OAAO,KAAK;IACZ,cAAc,KAAK;IACnB;IACA,aAAa,KAAK;IAClB,QAAQ,QAAQ;IAChB,WAAW,KAAK;IAChB,CAAC;;EAEH,0BAA0B,EAAE,MAAM,cAAc,eAAe;AAC9D,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA;IACA,CAAC;;EAEH,MAAM,cAAc,OAAO,OAAO;AACjC,OAAI,QAAQ,qBACX,QAAO;AAER,OAAI,QAAQ,cACX,QAAO,QAAQ,cAAc,OAAO,MAAM;AAG3C,OAAI;IACH,MAAM,EAAE,KAAK,KAAK,WAAW,sBAAsB,MAAM;AACzD,QAAI,CAAC,OAAO,CAAC,OAAQ,QAAO;IAE5B,MAAM,YAAY,MAAM,sBAAsB,KAAK,QAAQ,UAAU;IACrE,MAAM,gBAKF;KACH,YAAY,CAAC,OAAO;KACpB,UAAU,QAAQ;KAClB,aAAa;KACb;;;;;AAKD,QACC,WAAW,YACX,WAAW,mBACX,WAAW,YAEX,eAAc,SAAS,GAAG,UAAU,GAAG,OAAO;IAE/C,MAAM,EAAE,SAAS,cAAc,MAAM,UACpC,OACA,WACA,cACA;AAED,QAAI,SAAS,UAAU,UAAU,MAChC,QAAO;AAGR,WAAO;YACC,OAAO;AACf,WAAO,MAAM,8BAA8B,MAAM;AACjD,WAAO;;;EAGT,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;AAElC,OAAI,CAAC,MAAM,QACV,QAAO;GAER,MAAM,OAAO,UAAU,MAAM,QAAQ;GACrC,MAAM,mBAAmB,QAAQ,oBAAoB;AACrD,SAAM,YACL,8CAA8C,iBAAiB,GAAG,iBAAiB,UACnF;IACC,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B;IACD,MAAM,WAAW,SAAS;AACzB,SAAI,QAAQ,uBAAuB,CAAC,QAAQ,SAAS,GACpD;AAED,SAAI;MAEH,MAAM,gBAAgB,MADL,QAAQ,SAAS,OAAO,CACJ,aAAa;AAElD,WAAK,UAAU,2BADO,OAAO,OAAO,cAAc;cAE1C,GAAG;AACX,aAAO,MACN,KAAK,OAAO,MAAM,YAAY,UAAU,IACpC,EAAE,OACH,IACH,EACA;;;IAGH,CACD;GACD,MAAM,UAAU,MAAM,QAAQ,mBAAmB,KAAK;GAKtD,MAAM,gBACL,KAAK,mBAAmB,SACrB,KAAK,iBACL,KAAK,UACJ,KAAK,wBAAwB,SAAS,KAAK,MAAM,IACjD,KAAK,0BAA0B,SAAS,KAAK,MAAM,IACnD,OACA;AACL,UAAO;IACN,MAAM;KACL,IAAI,KAAK;KACT,MAAM,KAAK;KACX,OAAO,KAAK;KACZ,OAAO,KAAK;KACZ;KACA,GAAG;KACH;IACD,MAAM;IACN;;EAEF,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;GACxB,MAAM,SAAS,QAAQ,sBACpB,EAAE,GACF;IAAC;IAAU;IAAW;IAAS;IAAa;IAAiB;AAChE,OAAI,QAAQ,MAAO,QAAO,KAAK,GAAG,QAAQ,MAAM;AAEhD,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,cAAc,QAAQ;KACtB;IACD,aAAa,EACZ,OAAO,OAAO,KAAK,IAAI,EACvB;IACD;IACA,CAAC;;EAEL;EACA;;AAGF,MAAa,wBAAwB,OACpC,KACA,QACA,cACI;CACJ,MAAM,EAAE,SAAS,MAAM,YAWpB,GAAG,UAAU,GAAG,OAAO,sBAAsB;AAEhD,KAAI,CAAC,MAAM,KACV,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;CAGH,MAAM,MAAM,KAAK,KAAK,MAAM,QAAQ,IAAI,QAAQ,IAAI;AACpD,KAAI,CAAC,IACJ,OAAM,IAAI,MAAM,gBAAgB,IAAI,YAAY;AAGjD,QAAO,MAAM,UAAU,KAAK,IAAI,IAAI"}
+{"version":3,"file":"microsoft-entra-id.mjs","names":[],"sources":["../../src/social-providers/microsoft-entra-id.ts"],"sourcesContent":["import { base64 } from \"@better-auth/utils/base64\";\nimport { betterFetch } from \"@better-fetch/fetch\";\nimport { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from \"jose\";\nimport { logger } from \"../env\";\nimport { APIError } from \"../error\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\n/**\n * @see [Microsoft Identity Platform - Optional claims reference](https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims-reference)\n */\nexport interface MicrosoftEntraIDProfile extends Record<string, any> {\n\t/** Identifies the intended recipient of the token */\n\taud: string;\n\t/** Identifies the issuer, or \"authorization server\" that constructs and returns the token */\n\tiss: string;\n\t/** Indicates when the authentication for the token occurred */\n\tiat: Date;\n\t/** Records the identity provider that authenticated the subject of the token */\n\tidp: string;\n\t/** Identifies the time before which the JWT can't be accepted for processing */\n\tnbf: Date;\n\t/** Identifies the expiration time on or after which the JWT can't be accepted for processing */\n\texp: Date;\n\t/** Code hash included in ID tokens when issued with an OAuth 2.0 authorization code */\n\tc_hash: string;\n\t/** Access token hash included in ID tokens when issued with an OAuth 2.0 access token */\n\tat_hash: string;\n\t/** Internal claim used to record data for token reuse */\n\taio: string;\n\t/** The primary username that represents the user */\n\tpreferred_username: string;\n\t/** User's email address */\n\temail: string;\n\t/** Human-readable value that identifies the subject of the token */\n\tname: string;\n\t/** Matches the parameter included in the original authorize request */\n\tnonce: string;\n\t/** User's profile picture */\n\tpicture: string;\n\t/** Immutable identifier for the user account */\n\toid: string;\n\t/** Set of roles assigned to the user */\n\troles: string[];\n\t/** Internal claim used to revalidate tokens */\n\trh: string;\n\t/** Subject identifier - unique to application ID */\n\tsub: string;\n\t/** Tenant ID the user is signing in to */\n\ttid: string;\n\t/** Unique identifier for a session */\n\tsid: string;\n\t/** Token identifier claim */\n\tuti: string;\n\t/** Indicates if user is in at least one group */\n\thasgroups: boolean;\n\t/** User account status in tenant (0 = member, 1 = guest) */\n\tacct: 0 | 1;\n\t/** Auth Context IDs */\n\tacrs: string;\n\t/** Time when the user last authenticated */\n\tauth_time: Date;\n\t/** User's country/region */\n\tctry: string;\n\t/** IP address of requesting client when inside VNET */\n\tfwd: string;\n\t/** Group claims */\n\tgroups: string;\n\t/** Login hint for SSO */\n\tlogin_hint: string;\n\t/** Resource tenant's country/region */\n\ttenant_ctry: string;\n\t/** Region of the resource tenant */\n\ttenant_region_scope: string;\n\t/** UserPrincipalName */\n\tupn: string;\n\t/** User's verified primary email addresses */\n\tverified_primary_email: string[];\n\t/** User's verified secondary email addresses */\n\tverified_secondary_email: string[];\n\t/** Whether the user's email is verified (optional claim, must be configured in app registration) */\n\temail_verified?: boolean | undefined;\n\t/** VNET specifier information */\n\tvnet: string;\n\t/** Client Capabilities */\n\txms_cc: string;\n\t/** Whether user's email domain is verified */\n\txms_edov: boolean;\n\t/** Preferred data location for Multi-Geo tenants */\n\txms_pdl: string;\n\t/** User preferred language */\n\txms_pl: string;\n\t/** Tenant preferred language */\n\txms_tpl: string;\n\t/** Zero-touch Deployment ID */\n\tztdid: string;\n\t/** IP Address */\n\tipaddr: string;\n\t/** On-premises Security Identifier */\n\tonprem_sid: string;\n\t/** Password Expiration Time */\n\tpwd_exp: number;\n\t/** Change Password URL */\n\tpwd_url: string;\n\t/** Inside Corporate Network flag */\n\tin_corp: string;\n\t/** User's family name/surname */\n\tfamily_name: string;\n\t/** User's given/first name */\n\tgiven_name: string;\n}\n\nexport interface MicrosoftOptions\n\textends ProviderOptions<MicrosoftEntraIDProfile> {\n\tclientId: string;\n\t/**\n\t * The tenant ID of the Microsoft account\n\t * @default \"common\"\n\t */\n\ttenantId?: string | undefined;\n\t/**\n\t * The authentication authority URL. Use the default \"https://login.microsoftonline.com\" for standard Entra ID or \"https://<tenant-id>.ciamlogin.com\" for CIAM scenarios.\n\t * @default \"https://login.microsoftonline.com\"\n\t */\n\tauthority?: string | undefined;\n\t/**\n\t * The size of the profile photo\n\t * @default 48\n\t */\n\tprofilePhotoSize?:\n\t\t| (48 | 64 | 96 | 120 | 240 | 360 | 432 | 504 | 648)\n\t\t| undefined;\n\t/**\n\t * Disable profile photo\n\t */\n\tdisableProfilePhoto?: boolean | undefined;\n}\n\nexport const microsoft = (options: MicrosoftOptions) => {\n\tconst tenant = options.tenantId || \"common\";\n\tconst authority = options.authority || \"https://login.microsoftonline.com\";\n\tconst authorizationEndpoint = `${authority}/${tenant}/oauth2/v2.0/authorize`;\n\tconst tokenEndpoint = `${authority}/${tenant}/oauth2/v2.0/token`;\n\treturn {\n\t\tid: \"microsoft\",\n\t\tname: \"Microsoft EntraID\",\n\t\tcreateAuthorizationURL(data) {\n\t\t\tconst scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\", \"User.Read\", \"offline_access\"];\n\t\t\tif (options.scope) scopes.push(...options.scope);\n\t\t\tif (data.scopes) scopes.push(...data.scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"microsoft\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tstate: data.state,\n\t\t\t\tcodeVerifier: data.codeVerifier,\n\t\t\t\tscopes,\n\t\t\t\tredirectURI: data.redirectURI,\n\t\t\t\tprompt: options.prompt,\n\t\t\t\tloginHint: data.loginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode({ code, codeVerifier, redirectURI }) {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst { kid, alg: jwtAlg } = decodeProtectedHeader(token);\n\t\t\t\tif (!kid || !jwtAlg) return false;\n\n\t\t\t\tconst publicKey = await getMicrosoftPublicKey(kid, tenant, authority);\n\t\t\t\tconst verifyOptions: {\n\t\t\t\t\talgorithms: [string];\n\t\t\t\t\taudience: string;\n\t\t\t\t\tmaxTokenAge: string;\n\t\t\t\t\tissuer?: string;\n\t\t\t\t} = {\n\t\t\t\t\talgorithms: [jwtAlg],\n\t\t\t\t\taudience: options.clientId,\n\t\t\t\t\tmaxTokenAge: \"1h\",\n\t\t\t\t};\n\t\t\t\t/**\n\t\t\t\t * Issuer varies per user's tenant for multi-tenant endpoints, so only validate for specific tenants.\n\t\t\t\t * @see https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols#endpoints\n\t\t\t\t */\n\t\t\t\tif (\n\t\t\t\t\ttenant !== \"common\" &&\n\t\t\t\t\ttenant !== \"organizations\" &&\n\t\t\t\t\ttenant !== \"consumers\"\n\t\t\t\t) {\n\t\t\t\t\tverifyOptions.issuer = `${authority}/${tenant}/v2.0`;\n\t\t\t\t}\n\t\t\t\tconst { payload: jwtClaims } = await jwtVerify(\n\t\t\t\t\ttoken,\n\t\t\t\t\tpublicKey,\n\t\t\t\t\tverifyOptions,\n\t\t\t\t);\n\n\t\t\t\tif (nonce && jwtClaims.nonce !== nonce) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\n\t\t\t\treturn true;\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to verify ID token:\", error);\n\t\t\t\treturn false;\n\t\t\t}\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tif (!token.idToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst user = decodeJwt(token.idToken) as MicrosoftEntraIDProfile;\n\t\t\tconst profilePhotoSize = options.profilePhotoSize || 48;\n\t\t\tawait betterFetch<ArrayBuffer>(\n\t\t\t\t`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`,\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t\tasync onResponse(context) {\n\t\t\t\t\t\tif (options.disableProfilePhoto || !context.response.ok) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst response = context.response.clone();\n\t\t\t\t\t\t\tconst pictureBuffer = await response.arrayBuffer();\n\t\t\t\t\t\t\tconst pictureBase64 = base64.encode(pictureBuffer);\n\t\t\t\t\t\t\tuser.picture = `data:image/jpeg;base64, ${pictureBase64}`;\n\t\t\t\t\t\t} catch (e) {\n\t\t\t\t\t\t\tlogger.error(\n\t\t\t\t\t\t\t\te && typeof e === \"object\" && \"name\" in e\n\t\t\t\t\t\t\t\t\t? (e.name as string)\n\t\t\t\t\t\t\t\t\t: \"\",\n\t\t\t\t\t\t\t\te,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tconst userMap = await options.mapProfileToUser?.(user);\n\t\t\t// Microsoft Entra ID does NOT include email_verified claim by default.\n\t\t\t// It must be configured as an optional claim in the app registration.\n\t\t\t// We default to false when not provided for security consistency.\n\t\t\t// We can also check verified_primary_email/verified_secondary_email arrays as fallback.\n\t\t\tconst emailVerified =\n\t\t\t\tuser.email_verified !== undefined\n\t\t\t\t\t? user.email_verified\n\t\t\t\t\t: user.email &&\n\t\t\t\t\t\t\t(user.verified_primary_email?.includes(user.email) ||\n\t\t\t\t\t\t\t\tuser.verified_secondary_email?.includes(user.email))\n\t\t\t\t\t\t? true\n\t\t\t\t\t\t: false;\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: user.sub,\n\t\t\t\t\tname: user.name,\n\t\t\t\t\temail: user.email,\n\t\t\t\t\timage: user.picture,\n\t\t\t\t\temailVerified,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: user,\n\t\t\t};\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\tconst scopes = options.disableDefaultScope\n\t\t\t\t\t\t? []\n\t\t\t\t\t\t: [\"openid\", \"profile\", \"email\", \"User.Read\", \"offline_access\"];\n\t\t\t\t\tif (options.scope) scopes.push(...options.scope);\n\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\textraParams: {\n\t\t\t\t\t\t\tscope: scopes.join(\" \"), // Include the scopes in request to microsoft\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider;\n};\n\nexport const getMicrosoftPublicKey = async (\n\tkid: string,\n\ttenant: string,\n\tauthority: string,\n) => {\n\tconst { data } = await betterFetch<{\n\t\tkeys: Array<{\n\t\t\tkid: string;\n\t\t\talg: string;\n\t\t\tkty: string;\n\t\t\tuse: string;\n\t\t\tn: string;\n\t\t\te: string;\n\t\t\tx5c?: string[];\n\t\t\tx5t?: string;\n\t\t}>;\n\t}>(`${authority}/${tenant}/discovery/v2.0/keys`);\n\n\tif (!data?.keys) {\n\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\tmessage: \"Keys not found\",\n\t\t});\n\t}\n\n\tconst jwk = data.keys.find((key) => key.kid === kid);\n\tif (!jwk) {\n\t\tthrow new Error(`JWK with kid ${kid} not found`);\n\t}\n\n\treturn await importJWK(jwk, jwk.alg);\n};\n"],"mappings":";;;;;;;;;;;AA8IA,MAAa,aAAa,YAA8B;CACvD,MAAM,SAAS,QAAQ,YAAY;CACnC,MAAM,YAAY,QAAQ,aAAa;CACvC,MAAM,wBAAwB,GAAG,UAAU,GAAG,OAAO;CACrD,MAAM,gBAAgB,GAAG,UAAU,GAAG,OAAO;AAC7C,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,MAAM;GAC5B,MAAM,SAAS,QAAQ,sBACpB,EAAE,GACF;IAAC;IAAU;IAAW;IAAS;IAAa;IAAiB;AAChE,OAAI,QAAQ,MAAO,QAAO,KAAK,GAAG,QAAQ,MAAM;AAChD,OAAI,KAAK,OAAQ,QAAO,KAAK,GAAG,KAAK,OAAO;AAC5C,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA;IACA,OAAO,KAAK;IACZ,cAAc,KAAK;IACnB;IACA,aAAa,KAAK;IAClB,QAAQ,QAAQ;IAChB,WAAW,KAAK;IAChB,CAAC;;EAEH,0BAA0B,EAAE,MAAM,cAAc,eAAe;AAC9D,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA;IACA,CAAC;;EAEH,MAAM,cAAc,OAAO,OAAO;AACjC,OAAI,QAAQ,qBACX,QAAO;AAER,OAAI,QAAQ,cACX,QAAO,QAAQ,cAAc,OAAO,MAAM;AAG3C,OAAI;IACH,MAAM,EAAE,KAAK,KAAK,WAAW,sBAAsB,MAAM;AACzD,QAAI,CAAC,OAAO,CAAC,OAAQ,QAAO;IAE5B,MAAM,YAAY,MAAM,sBAAsB,KAAK,QAAQ,UAAU;IACrE,MAAM,gBAKF;KACH,YAAY,CAAC,OAAO;KACpB,UAAU,QAAQ;KAClB,aAAa;KACb;;;;;AAKD,QACC,WAAW,YACX,WAAW,mBACX,WAAW,YAEX,eAAc,SAAS,GAAG,UAAU,GAAG,OAAO;IAE/C,MAAM,EAAE,SAAS,cAAc,MAAM,UACpC,OACA,WACA,cACA;AAED,QAAI,SAAS,UAAU,UAAU,MAChC,QAAO;AAGR,WAAO;YACC,OAAO;AACf,WAAO,MAAM,8BAA8B,MAAM;AACjD,WAAO;;;EAGT,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;AAElC,OAAI,CAAC,MAAM,QACV,QAAO;GAER,MAAM,OAAO,UAAU,MAAM,QAAQ;GACrC,MAAM,mBAAmB,QAAQ,oBAAoB;AACrD,SAAM,YACL,8CAA8C,iBAAiB,GAAG,iBAAiB,UACnF;IACC,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B;IACD,MAAM,WAAW,SAAS;AACzB,SAAI,QAAQ,uBAAuB,CAAC,QAAQ,SAAS,GACpD;AAED,SAAI;MAEH,MAAM,gBAAgB,MADL,QAAQ,SAAS,OAAO,CACJ,aAAa;AAElD,WAAK,UAAU,2BADO,OAAO,OAAO,cAAc;cAE1C,GAAG;AACX,aAAO,MACN,KAAK,OAAO,MAAM,YAAY,UAAU,IACpC,EAAE,OACH,IACH,EACA;;;IAGH,CACD;GACD,MAAM,UAAU,MAAM,QAAQ,mBAAmB,KAAK;GAKtD,MAAM,gBACL,KAAK,mBAAmB,KAAA,IACrB,KAAK,iBACL,KAAK,UACJ,KAAK,wBAAwB,SAAS,KAAK,MAAM,IACjD,KAAK,0BAA0B,SAAS,KAAK,MAAM,IACnD,OACA;AACL,UAAO;IACN,MAAM;KACL,IAAI,KAAK;KACT,MAAM,KAAK;KACX,OAAO,KAAK;KACZ,OAAO,KAAK;KACZ;KACA,GAAG;KACH;IACD,MAAM;IACN;;EAEF,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;GACxB,MAAM,SAAS,QAAQ,sBACpB,EAAE,GACF;IAAC;IAAU;IAAW;IAAS;IAAa;IAAiB;AAChE,OAAI,QAAQ,MAAO,QAAO,KAAK,GAAG,QAAQ,MAAM;AAEhD,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,cAAc,QAAQ;KACtB;IACD,aAAa,EACZ,OAAO,OAAO,KAAK,IAAI,EACvB;IACD;IACA,CAAC;;EAEL;EACA;;AAGF,MAAa,wBAAwB,OACpC,KACA,QACA,cACI;CACJ,MAAM,EAAE,SAAS,MAAM,YAWpB,GAAG,UAAU,GAAG,OAAO,sBAAsB;AAEhD,KAAI,CAAC,MAAM,KACV,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;CAGH,MAAM,MAAM,KAAK,KAAK,MAAM,QAAQ,IAAI,QAAQ,IAAI;AACpD,KAAI,CAAC,IACJ,OAAM,IAAI,MAAM,gBAAgB,IAAI,YAAY;AAGjD,QAAO,MAAM,UAAU,KAAK,IAAI,IAAI"}

package/dist/social-providers/naver.d.mts

@@ -1,6 +1,4 @@
 import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-import "../oauth2/index.mjs";
-
 //#region src/social-providers/naver.d.ts
 interface NaverProfile {
   /** API response result code */

package/dist/social-providers/naver.mjs

@@ -3,9 +3,9 @@ import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import "../oauth2/index.mjs";
 import { betterFetch } from "@better-fetch/fetch";
-
 //#region src/social-providers/naver.ts
 const naver = (options) => {
+	const tokenEndpoint = "https://nid.naver.com/oauth2.0/token";
 	return {
 		id: "naver",
 		name: "Naver",
@@ -27,7 +27,7 @@ const naver = (options) => {
 				code,
 				redirectURI,
 				options,
-				tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
+				tokenEndpoint
 			});
 		},
 		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
@@ -38,7 +38,7 @@ const naver = (options) => {
 					clientKey: options.clientKey,
 					clientSecret: options.clientSecret
 				},
-				tokenEndpoint: "https://nid.naver.com/oauth2.0/token"
+				tokenEndpoint
 			});
 		},
 		async getUserInfo(token) {
@@ -62,7 +62,7 @@ const naver = (options) => {
 		options
 	};
 };
-
 //#endregion
 export { naver };
+
 //# sourceMappingURL=naver.mjs.map

package/dist/social-providers/naver.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"naver.mjs","names":[],"sources":["../../src/social-providers/naver.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface NaverProfile {\n\t/** API response result code */\n\tresultcode: string;\n\t/** API response message */\n\tmessage: string;\n\tresponse: {\n\t\t/** Unique Naver user identifier */\n\t\tid: string;\n\t\t/** User nickname */\n\t\tnickname: string;\n\t\t/** User real name */\n\t\tname: string;\n\t\t/** User email address */\n\t\temail: string;\n\t\t/** Gender (F: female, M: male, U: unknown) */\n\t\tgender: string;\n\t\t/** Age range */\n\t\tage: string;\n\t\t/** Birthday (MM-DD format) */\n\t\tbirthday: string;\n\t\t/** Birth year */\n\t\tbirthyear: string;\n\t\t/** Profile image URL */\n\t\tprofile_image: string;\n\t\t/** Mobile phone number */\n\t\tmobile: string;\n\t};\n}\n\nexport interface NaverOptions extends ProviderOptions<NaverProfile> {\n\tclientId: string;\n}\n\nexport const naver = (options: NaverOptions) => {\n\treturn {\n\t\tid: \"naver\",\n\t\tname: \"Naver\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"naver\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://nid.naver.com/oauth2.0/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://nid.naver.com/oauth2.0/token\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://nid.naver.com/oauth2.0/token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<NaverProfile>(\n\t\t\t\t\"https://openapi.naver.com/v1/nid/me\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !profile || profile.resultcode !== \"00\") {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\tconst res = profile.response || {};\n\t\t\tconst user = {\n\t\t\t\tid: res.id,\n\t\t\t\tname: res.name || res.nickname || \"\",\n\t\t\t\temail: res.email,\n\t\t\t\timage: res.profile_image,\n\t\t\t\temailVerified: false,\n\t\t\t\t...userMap,\n\t\t\t};\n\t\t\treturn {\n\t\t\t\tuser,\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<NaverProfile>;\n};\n"],"mappings":";;;;;;;AAyCA,MAAa,SAAS,YAA0B;AAC/C,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,eAAe;GACtD,MAAM,UAAU,QAAQ,sBAAsB,EAAE,GAAG,CAAC,WAAW,QAAQ;AACvE,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,0BAA0B;IAChC;IACA;IACA;IACA,eAAe;IACf,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD,eAAe;IACf,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,uCACA,EACC,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B,EACD,CACD;AACD,OAAI,SAAS,CAAC,WAAW,QAAQ,eAAe,KAC/C,QAAO;GAER,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;GACzD,MAAM,MAAM,QAAQ,YAAY,EAAE;AASlC,UAAO;IACN,MATY;KACZ,IAAI,IAAI;KACR,MAAM,IAAI,QAAQ,IAAI,YAAY;KAClC,OAAO,IAAI;KACX,OAAO,IAAI;KACX,eAAe;KACf,GAAG;KACH;IAGA,MAAM;IACN;;EAEF;EACA"}
+{"version":3,"file":"naver.mjs","names":[],"sources":["../../src/social-providers/naver.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface NaverProfile {\n\t/** API response result code */\n\tresultcode: string;\n\t/** API response message */\n\tmessage: string;\n\tresponse: {\n\t\t/** Unique Naver user identifier */\n\t\tid: string;\n\t\t/** User nickname */\n\t\tnickname: string;\n\t\t/** User real name */\n\t\tname: string;\n\t\t/** User email address */\n\t\temail: string;\n\t\t/** Gender (F: female, M: male, U: unknown) */\n\t\tgender: string;\n\t\t/** Age range */\n\t\tage: string;\n\t\t/** Birthday (MM-DD format) */\n\t\tbirthday: string;\n\t\t/** Birth year */\n\t\tbirthyear: string;\n\t\t/** Profile image URL */\n\t\tprofile_image: string;\n\t\t/** Mobile phone number */\n\t\tmobile: string;\n\t};\n}\n\nexport interface NaverOptions extends ProviderOptions<NaverProfile> {\n\tclientId: string;\n}\n\nexport const naver = (options: NaverOptions) => {\n\tconst tokenEndpoint = \"https://nid.naver.com/oauth2.0/token\";\n\treturn {\n\t\tid: \"naver\",\n\t\tname: \"Naver\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"naver\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://nid.naver.com/oauth2.0/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<NaverProfile>(\n\t\t\t\t\"https://openapi.naver.com/v1/nid/me\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !profile || profile.resultcode !== \"00\") {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\tconst res = profile.response || {};\n\t\t\tconst user = {\n\t\t\t\tid: res.id,\n\t\t\t\tname: res.name || res.nickname || \"\",\n\t\t\t\temail: res.email,\n\t\t\t\timage: res.profile_image,\n\t\t\t\temailVerified: false,\n\t\t\t\t...userMap,\n\t\t\t};\n\t\t\treturn {\n\t\t\t\tuser,\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<NaverProfile>;\n};\n"],"mappings":";;;;;;AAyCA,MAAa,SAAS,YAA0B;CAC/C,MAAM,gBAAgB;AACtB,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,eAAe;GACtD,MAAM,UAAU,QAAQ,sBAAsB,EAAE,GAAG,CAAC,WAAW,QAAQ;AACvE,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA;IACA,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,0BAA0B;IAChC;IACA;IACA;IACA;IACA,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD;IACA,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,uCACA,EACC,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B,EACD,CACD;AACD,OAAI,SAAS,CAAC,WAAW,QAAQ,eAAe,KAC/C,QAAO;GAER,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;GACzD,MAAM,MAAM,QAAQ,YAAY,EAAE;AASlC,UAAO;IACN,MATY;KACZ,IAAI,IAAI;KACR,MAAM,IAAI,QAAQ,IAAI,YAAY;KAClC,OAAO,IAAI;KACX,OAAO,IAAI;KACX,eAAe;KACf,GAAG;KACH;IAGA,MAAM;IACN;;EAEF;EACA"}