@better-auth/core 1.7.0-beta.0 → 1.7.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (218) hide show
  1. package/dist/api/index.d.mts +44 -1
  2. package/dist/api/index.mjs +69 -4
  3. package/dist/context/global.mjs +1 -1
  4. package/dist/context/transaction.d.mts +7 -4
  5. package/dist/context/transaction.mjs +6 -3
  6. package/dist/db/adapter/factory.mjs +91 -3
  7. package/dist/db/adapter/get-id-field.mjs +1 -1
  8. package/dist/db/adapter/index.d.mts +87 -3
  9. package/dist/db/adapter/types.d.mts +1 -1
  10. package/dist/db/get-tables.mjs +2 -1
  11. package/dist/db/type.d.mts +17 -0
  12. package/dist/env/env-impl.mjs +1 -1
  13. package/dist/error/codes.d.mts +1 -0
  14. package/dist/error/codes.mjs +1 -0
  15. package/dist/error/index.d.mts +7 -0
  16. package/dist/index.d.mts +2 -2
  17. package/dist/instrumentation/api.mjs +12 -0
  18. package/dist/instrumentation/noop.mjs +42 -0
  19. package/dist/instrumentation/pure.index.d.mts +7 -0
  20. package/dist/instrumentation/pure.index.mjs +7 -0
  21. package/dist/instrumentation/tracer.mjs +6 -3
  22. package/dist/oauth2/authorization-params.d.mts +12 -0
  23. package/dist/oauth2/authorization-params.mjs +12 -0
  24. package/dist/oauth2/basic-credentials.d.mts +30 -0
  25. package/dist/oauth2/basic-credentials.mjs +64 -0
  26. package/dist/oauth2/client-assertion.d.mts +38 -22
  27. package/dist/oauth2/client-assertion.mjs +63 -28
  28. package/dist/oauth2/client-credentials-token.d.mts +19 -40
  29. package/dist/oauth2/client-credentials-token.mjs +20 -31
  30. package/dist/oauth2/create-authorization-url.d.mts +11 -1
  31. package/dist/oauth2/create-authorization-url.mjs +27 -7
  32. package/dist/oauth2/dpop.d.mts +142 -0
  33. package/dist/oauth2/dpop.mjs +246 -0
  34. package/dist/oauth2/index.d.mts +14 -9
  35. package/dist/oauth2/index.mjs +12 -8
  36. package/dist/oauth2/oauth-provider.d.mts +150 -10
  37. package/dist/oauth2/refresh-access-token.d.mts +20 -40
  38. package/dist/oauth2/refresh-access-token.mjs +38 -36
  39. package/dist/oauth2/reject-redirects.mjs +65 -0
  40. package/dist/oauth2/token-endpoint-auth.d.mts +17 -0
  41. package/dist/oauth2/token-endpoint-auth.mjs +89 -0
  42. package/dist/oauth2/utils.d.mts +23 -1
  43. package/dist/oauth2/utils.mjs +48 -2
  44. package/dist/oauth2/validate-authorization-code.d.mts +17 -52
  45. package/dist/oauth2/validate-authorization-code.mjs +28 -34
  46. package/dist/oauth2/verify-id-token.d.mts +27 -0
  47. package/dist/oauth2/verify-id-token.mjs +62 -0
  48. package/dist/oauth2/verify.d.mts +88 -15
  49. package/dist/oauth2/verify.mjs +203 -25
  50. package/dist/social-providers/apple.d.mts +16 -4
  51. package/dist/social-providers/apple.mjs +17 -24
  52. package/dist/social-providers/atlassian.d.mts +5 -1
  53. package/dist/social-providers/atlassian.mjs +6 -3
  54. package/dist/social-providers/cognito.d.mts +27 -3
  55. package/dist/social-providers/cognito.mjs +15 -25
  56. package/dist/social-providers/discord.d.mts +7 -3
  57. package/dist/social-providers/discord.mjs +16 -3
  58. package/dist/social-providers/dropbox.d.mts +5 -1
  59. package/dist/social-providers/dropbox.mjs +5 -4
  60. package/dist/social-providers/facebook.d.mts +24 -5
  61. package/dist/social-providers/facebook.mjs +54 -20
  62. package/dist/social-providers/figma.d.mts +5 -1
  63. package/dist/social-providers/figma.mjs +4 -3
  64. package/dist/social-providers/github.d.mts +6 -2
  65. package/dist/social-providers/github.mjs +5 -4
  66. package/dist/social-providers/gitlab.d.mts +5 -1
  67. package/dist/social-providers/gitlab.mjs +3 -2
  68. package/dist/social-providers/google.d.mts +53 -5
  69. package/dist/social-providers/google.mjs +69 -25
  70. package/dist/social-providers/huggingface.d.mts +5 -1
  71. package/dist/social-providers/huggingface.mjs +3 -2
  72. package/dist/social-providers/index.d.mts +221 -45
  73. package/dist/social-providers/index.mjs +2 -2
  74. package/dist/social-providers/kakao.d.mts +5 -1
  75. package/dist/social-providers/kakao.mjs +3 -2
  76. package/dist/social-providers/kick.d.mts +5 -1
  77. package/dist/social-providers/kick.mjs +3 -2
  78. package/dist/social-providers/line.d.mts +8 -2
  79. package/dist/social-providers/line.mjs +5 -6
  80. package/dist/social-providers/linear.d.mts +5 -1
  81. package/dist/social-providers/linear.mjs +3 -2
  82. package/dist/social-providers/linkedin.d.mts +7 -3
  83. package/dist/social-providers/linkedin.mjs +4 -3
  84. package/dist/social-providers/microsoft-entra-id.d.mts +41 -7
  85. package/dist/social-providers/microsoft-entra-id.mjs +37 -28
  86. package/dist/social-providers/naver.d.mts +5 -1
  87. package/dist/social-providers/naver.mjs +3 -2
  88. package/dist/social-providers/notion.d.mts +5 -1
  89. package/dist/social-providers/notion.mjs +5 -2
  90. package/dist/social-providers/paybin.d.mts +5 -1
  91. package/dist/social-providers/paybin.mjs +4 -3
  92. package/dist/social-providers/paypal.d.mts +6 -2
  93. package/dist/social-providers/paypal.mjs +19 -14
  94. package/dist/social-providers/polar.d.mts +5 -1
  95. package/dist/social-providers/polar.mjs +3 -2
  96. package/dist/social-providers/railway.d.mts +5 -1
  97. package/dist/social-providers/railway.mjs +3 -2
  98. package/dist/social-providers/reddit.d.mts +5 -1
  99. package/dist/social-providers/reddit.mjs +7 -5
  100. package/dist/social-providers/roblox.d.mts +6 -2
  101. package/dist/social-providers/roblox.mjs +12 -2
  102. package/dist/social-providers/salesforce.d.mts +5 -1
  103. package/dist/social-providers/salesforce.mjs +4 -3
  104. package/dist/social-providers/slack.d.mts +6 -2
  105. package/dist/social-providers/slack.mjs +11 -8
  106. package/dist/social-providers/spotify.d.mts +5 -1
  107. package/dist/social-providers/spotify.mjs +3 -2
  108. package/dist/social-providers/tiktok.d.mts +5 -1
  109. package/dist/social-providers/tiktok.mjs +14 -2
  110. package/dist/social-providers/twitch.d.mts +5 -1
  111. package/dist/social-providers/twitch.mjs +3 -2
  112. package/dist/social-providers/twitter.d.mts +4 -1
  113. package/dist/social-providers/twitter.mjs +2 -1
  114. package/dist/social-providers/vercel.d.mts +5 -1
  115. package/dist/social-providers/vercel.mjs +3 -2
  116. package/dist/social-providers/vk.d.mts +5 -1
  117. package/dist/social-providers/vk.mjs +3 -2
  118. package/dist/social-providers/wechat.d.mts +5 -1
  119. package/dist/social-providers/wechat.mjs +8 -2
  120. package/dist/social-providers/zoom.d.mts +5 -1
  121. package/dist/social-providers/zoom.mjs +10 -17
  122. package/dist/types/context.d.mts +55 -6
  123. package/dist/types/index.d.mts +1 -1
  124. package/dist/types/init-options.d.mts +182 -12
  125. package/dist/types/plugin-client.d.mts +12 -2
  126. package/dist/utils/async.d.mts +22 -0
  127. package/dist/utils/async.mjs +32 -0
  128. package/dist/utils/host.d.mts +147 -0
  129. package/dist/utils/host.mjs +298 -0
  130. package/dist/utils/ip.d.mts +28 -5
  131. package/dist/utils/ip.mjs +118 -4
  132. package/dist/utils/is-api-error.d.mts +6 -0
  133. package/dist/utils/is-api-error.mjs +8 -0
  134. package/dist/utils/redirect-uri.d.mts +20 -0
  135. package/dist/utils/redirect-uri.mjs +48 -0
  136. package/dist/utils/string.d.mts +5 -1
  137. package/dist/utils/string.mjs +20 -1
  138. package/dist/utils/url.d.mts +18 -1
  139. package/dist/utils/url.mjs +34 -4
  140. package/package.json +26 -16
  141. package/src/api/index.ts +121 -5
  142. package/src/context/transaction.ts +45 -12
  143. package/src/db/adapter/factory.ts +193 -7
  144. package/src/db/adapter/get-id-field.ts +2 -2
  145. package/src/db/adapter/index.ts +85 -2
  146. package/src/db/adapter/types.ts +2 -0
  147. package/src/db/get-tables.ts +9 -1
  148. package/src/db/schema/account.ts +4 -1
  149. package/src/db/schema/user.ts +3 -0
  150. package/src/db/type.ts +17 -0
  151. package/src/env/env-impl.ts +1 -2
  152. package/src/error/codes.ts +1 -0
  153. package/src/error/index.ts +9 -0
  154. package/src/instrumentation/api.ts +17 -0
  155. package/src/instrumentation/noop.ts +74 -0
  156. package/src/instrumentation/pure.index.ts +31 -0
  157. package/src/instrumentation/tracer.ts +8 -3
  158. package/src/oauth2/authorization-params.ts +28 -0
  159. package/src/oauth2/basic-credentials.ts +87 -0
  160. package/src/oauth2/client-assertion.ts +131 -58
  161. package/src/oauth2/client-credentials-token.ts +50 -74
  162. package/src/oauth2/create-authorization-url.ts +33 -7
  163. package/src/oauth2/dpop.ts +568 -0
  164. package/src/oauth2/index.ts +81 -11
  165. package/src/oauth2/oauth-provider.ts +159 -11
  166. package/src/oauth2/refresh-access-token.ts +82 -83
  167. package/src/oauth2/reject-redirects.ts +75 -0
  168. package/src/oauth2/token-endpoint-auth.ts +221 -0
  169. package/src/oauth2/utils.ts +72 -5
  170. package/src/oauth2/validate-authorization-code.ts +69 -89
  171. package/src/oauth2/verify-id-token.ts +115 -0
  172. package/src/oauth2/verify.ts +409 -78
  173. package/src/social-providers/apple.ts +30 -40
  174. package/src/social-providers/atlassian.ts +8 -1
  175. package/src/social-providers/cognito.ts +36 -39
  176. package/src/social-providers/discord.ts +22 -18
  177. package/src/social-providers/dropbox.ts +7 -5
  178. package/src/social-providers/facebook.ts +108 -52
  179. package/src/social-providers/figma.ts +8 -1
  180. package/src/social-providers/github.ts +5 -3
  181. package/src/social-providers/gitlab.ts +2 -0
  182. package/src/social-providers/google.ts +141 -39
  183. package/src/social-providers/huggingface.ts +8 -1
  184. package/src/social-providers/kakao.ts +2 -1
  185. package/src/social-providers/kick.ts +8 -1
  186. package/src/social-providers/line.ts +25 -27
  187. package/src/social-providers/linear.ts +8 -1
  188. package/src/social-providers/linkedin.ts +5 -3
  189. package/src/social-providers/microsoft-entra-id.ts +100 -55
  190. package/src/social-providers/naver.ts +2 -1
  191. package/src/social-providers/notion.ts +8 -1
  192. package/src/social-providers/paybin.ts +2 -0
  193. package/src/social-providers/paypal.ts +28 -17
  194. package/src/social-providers/polar.ts +8 -1
  195. package/src/social-providers/railway.ts +8 -1
  196. package/src/social-providers/reddit.ts +9 -4
  197. package/src/social-providers/roblox.ts +16 -11
  198. package/src/social-providers/salesforce.ts +8 -1
  199. package/src/social-providers/slack.ts +15 -9
  200. package/src/social-providers/spotify.ts +8 -1
  201. package/src/social-providers/tiktok.ts +22 -9
  202. package/src/social-providers/twitch.ts +2 -1
  203. package/src/social-providers/twitter.ts +1 -0
  204. package/src/social-providers/vercel.ts +8 -1
  205. package/src/social-providers/vk.ts +8 -1
  206. package/src/social-providers/wechat.ts +17 -2
  207. package/src/social-providers/zoom.ts +15 -19
  208. package/src/types/context.ts +57 -5
  209. package/src/types/index.ts +7 -0
  210. package/src/types/init-options.ts +204 -14
  211. package/src/types/plugin-client.ts +16 -2
  212. package/src/utils/async.ts +53 -0
  213. package/src/utils/host.ts +425 -0
  214. package/src/utils/ip.ts +197 -13
  215. package/src/utils/is-api-error.ts +10 -0
  216. package/src/utils/redirect-uri.ts +54 -0
  217. package/src/utils/string.ts +37 -0
  218. package/src/utils/url.ts +38 -4
@@ -6,7 +6,7 @@ import { FacebookOptions, FacebookProfile, facebook } from "./facebook.mjs";
6
6
  import { FigmaOptions, FigmaProfile, figma } from "./figma.mjs";
7
7
  import { GithubOptions, GithubProfile, github } from "./github.mjs";
8
8
  import { MicrosoftEntraIDProfile, MicrosoftOptions, getMicrosoftPublicKey, microsoft } from "./microsoft-entra-id.mjs";
9
- import { GoogleOptions, GoogleProfile, getGooglePublicKey, google } from "./google.mjs";
9
+ import { GoogleOptions, GoogleProfile, VerifyGoogleIdTokenOptions, getGooglePublicKey, google, isGoogleHostedDomainAllowed, verifyGoogleIdToken } from "./google.mjs";
10
10
  import { HuggingFaceOptions, HuggingFaceProfile, huggingface } from "./huggingface.mjs";
11
11
  import { SlackOptions, SlackProfile, slack } from "./slack.mjs";
12
12
  import { SpotifyOptions, SpotifyProfile, spotify } from "./spotify.mjs";
@@ -36,6 +36,7 @@ import { WeChatOptions, WeChatProfile, wechat } from "./wechat.mjs";
36
36
  import { AwaitableFunction } from "../types/helper.mjs";
37
37
  import { OAuth2Tokens } from "../oauth2/oauth-provider.mjs";
38
38
  import * as z from "zod";
39
+ import * as jose from "jose";
39
40
 
40
41
  //#region src/social-providers/index.d.ts
41
42
  declare const socialProviders: {
@@ -45,7 +46,8 @@ declare const socialProviders: {
45
46
  createAuthorizationURL({
46
47
  state,
47
48
  scopes,
48
- redirectURI
49
+ redirectURI,
50
+ additionalParams
49
51
  }: {
50
52
  state: string;
51
53
  codeVerifier: string;
@@ -53,6 +55,8 @@ declare const socialProviders: {
53
55
  redirectURI: string;
54
56
  display?: string | undefined;
55
57
  loginHint?: string | undefined;
58
+ idTokenNonce?: string | undefined;
59
+ additionalParams?: Record<string, string> | undefined;
56
60
  }): Promise<URL>;
57
61
  validateAuthorizationCode: ({
58
62
  code,
@@ -64,9 +68,16 @@ declare const socialProviders: {
64
68
  codeVerifier?: string | undefined;
65
69
  deviceId?: string | undefined;
66
70
  }) => Promise<OAuth2Tokens>;
67
- verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
71
+ idToken: {
72
+ jwks: (header: jose.JWTHeaderParameters) => Promise<Uint8Array<ArrayBufferLike> | CryptoKey>;
73
+ issuer: string;
74
+ audience: string | string[];
75
+ maxTokenAge: string;
76
+ nonceComparison: "exact-or-sha256";
77
+ };
68
78
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
69
79
  getUserInfo(token: OAuth2Tokens & {
80
+ expectedIdTokenNonce?: string | undefined;
70
81
  user?: {
71
82
  name?: {
72
83
  firstName?: string;
@@ -94,7 +105,8 @@ declare const socialProviders: {
94
105
  state,
95
106
  scopes,
96
107
  codeVerifier,
97
- redirectURI
108
+ redirectURI,
109
+ additionalParams
98
110
  }: {
99
111
  state: string;
100
112
  codeVerifier: string;
@@ -102,6 +114,8 @@ declare const socialProviders: {
102
114
  redirectURI: string;
103
115
  display?: string | undefined;
104
116
  loginHint?: string | undefined;
117
+ idTokenNonce?: string | undefined;
118
+ additionalParams?: Record<string, string> | undefined;
105
119
  }): Promise<URL>;
106
120
  validateAuthorizationCode: ({
107
121
  code,
@@ -115,6 +129,7 @@ declare const socialProviders: {
115
129
  }) => Promise<OAuth2Tokens>;
116
130
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
117
131
  getUserInfo(token: OAuth2Tokens & {
132
+ expectedIdTokenNonce?: string | undefined;
118
133
  user?: {
119
134
  name?: {
120
135
  firstName?: string;
@@ -142,7 +157,8 @@ declare const socialProviders: {
142
157
  state,
143
158
  scopes,
144
159
  codeVerifier,
145
- redirectURI
160
+ redirectURI,
161
+ additionalParams
146
162
  }: {
147
163
  state: string;
148
164
  codeVerifier: string;
@@ -150,6 +166,8 @@ declare const socialProviders: {
150
166
  redirectURI: string;
151
167
  display?: string | undefined;
152
168
  loginHint?: string | undefined;
169
+ idTokenNonce?: string | undefined;
170
+ additionalParams?: Record<string, string> | undefined;
153
171
  }): Promise<URL>;
154
172
  validateAuthorizationCode: ({
155
173
  code,
@@ -162,8 +180,14 @@ declare const socialProviders: {
162
180
  deviceId?: string | undefined;
163
181
  }) => Promise<OAuth2Tokens>;
164
182
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
165
- verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
183
+ idToken: {
184
+ jwks: (header: jose.JWTHeaderParameters) => Promise<Uint8Array<ArrayBufferLike> | CryptoKey>;
185
+ issuer: string;
186
+ audience: string | string[];
187
+ maxTokenAge: string;
188
+ };
166
189
  getUserInfo(token: OAuth2Tokens & {
190
+ expectedIdTokenNonce?: string | undefined;
167
191
  user?: {
168
192
  name?: {
169
193
  firstName?: string;
@@ -190,7 +214,8 @@ declare const socialProviders: {
190
214
  createAuthorizationURL({
191
215
  state,
192
216
  scopes,
193
- redirectURI
217
+ redirectURI,
218
+ additionalParams
194
219
  }: {
195
220
  state: string;
196
221
  codeVerifier: string;
@@ -198,7 +223,9 @@ declare const socialProviders: {
198
223
  redirectURI: string;
199
224
  display?: string | undefined;
200
225
  loginHint?: string | undefined;
201
- }): URL;
226
+ idTokenNonce?: string | undefined;
227
+ additionalParams?: Record<string, string> | undefined;
228
+ }): Promise<URL>;
202
229
  validateAuthorizationCode: ({
203
230
  code,
204
231
  redirectURI
@@ -210,6 +237,7 @@ declare const socialProviders: {
210
237
  }) => Promise<OAuth2Tokens>;
211
238
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
212
239
  getUserInfo(token: OAuth2Tokens & {
240
+ expectedIdTokenNonce?: string | undefined;
213
241
  user?: {
214
242
  name?: {
215
243
  firstName?: string;
@@ -237,7 +265,8 @@ declare const socialProviders: {
237
265
  state,
238
266
  scopes,
239
267
  redirectURI,
240
- loginHint
268
+ loginHint,
269
+ additionalParams
241
270
  }: {
242
271
  state: string;
243
272
  codeVerifier: string;
@@ -245,6 +274,8 @@ declare const socialProviders: {
245
274
  redirectURI: string;
246
275
  display?: string | undefined;
247
276
  loginHint?: string | undefined;
277
+ idTokenNonce?: string | undefined;
278
+ additionalParams?: Record<string, string> | undefined;
248
279
  }): Promise<URL>;
249
280
  validateAuthorizationCode: ({
250
281
  code,
@@ -255,9 +286,23 @@ declare const socialProviders: {
255
286
  codeVerifier?: string | undefined;
256
287
  deviceId?: string | undefined;
257
288
  }) => Promise<OAuth2Tokens>;
258
- verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
289
+ idToken: {
290
+ jwks: {
291
+ (protectedHeader?: jose.JWSHeaderParameters, token?: jose.FlattenedJWSInput): Promise<jose.CryptoKey>;
292
+ coolingDown: boolean;
293
+ fresh: boolean;
294
+ reloading: boolean;
295
+ reload: () => Promise<void>;
296
+ jwks: () => jose.JSONWebKeySet | undefined;
297
+ };
298
+ issuer: string;
299
+ audience: string | string[];
300
+ algorithms: string[];
301
+ allowOpaqueToken: true;
302
+ };
259
303
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
260
304
  getUserInfo(token: OAuth2Tokens & {
305
+ expectedIdTokenNonce?: string | undefined;
261
306
  user?: {
262
307
  name?: {
263
308
  firstName?: string;
@@ -285,7 +330,8 @@ declare const socialProviders: {
285
330
  state,
286
331
  scopes,
287
332
  codeVerifier,
288
- redirectURI
333
+ redirectURI,
334
+ additionalParams
289
335
  }: {
290
336
  state: string;
291
337
  codeVerifier: string;
@@ -293,6 +339,8 @@ declare const socialProviders: {
293
339
  redirectURI: string;
294
340
  display?: string | undefined;
295
341
  loginHint?: string | undefined;
342
+ idTokenNonce?: string | undefined;
343
+ additionalParams?: Record<string, string> | undefined;
296
344
  }): Promise<URL>;
297
345
  validateAuthorizationCode: ({
298
346
  code,
@@ -306,6 +354,7 @@ declare const socialProviders: {
306
354
  }) => Promise<OAuth2Tokens>;
307
355
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
308
356
  getUserInfo(token: OAuth2Tokens & {
357
+ expectedIdTokenNonce?: string | undefined;
309
358
  user?: {
310
359
  name?: {
311
360
  firstName?: string;
@@ -334,7 +383,8 @@ declare const socialProviders: {
334
383
  scopes,
335
384
  loginHint,
336
385
  codeVerifier,
337
- redirectURI
386
+ redirectURI,
387
+ additionalParams
338
388
  }: {
339
389
  state: string;
340
390
  codeVerifier: string;
@@ -342,6 +392,8 @@ declare const socialProviders: {
342
392
  redirectURI: string;
343
393
  display?: string | undefined;
344
394
  loginHint?: string | undefined;
395
+ idTokenNonce?: string | undefined;
396
+ additionalParams?: Record<string, string> | undefined;
345
397
  }): Promise<URL>;
346
398
  validateAuthorizationCode: ({
347
399
  code,
@@ -355,6 +407,7 @@ declare const socialProviders: {
355
407
  }) => Promise<OAuth2Tokens | null>;
356
408
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
357
409
  getUserInfo(token: OAuth2Tokens & {
410
+ expectedIdTokenNonce?: string | undefined;
358
411
  user?: {
359
412
  name?: {
360
413
  firstName?: string;
@@ -385,6 +438,8 @@ declare const socialProviders: {
385
438
  redirectURI: string;
386
439
  display?: string | undefined;
387
440
  loginHint?: string | undefined;
441
+ idTokenNonce?: string | undefined;
442
+ additionalParams?: Record<string, string> | undefined;
388
443
  }): Promise<URL>;
389
444
  validateAuthorizationCode({
390
445
  code,
@@ -396,8 +451,15 @@ declare const socialProviders: {
396
451
  codeVerifier?: string | undefined;
397
452
  deviceId?: string | undefined;
398
453
  }): Promise<OAuth2Tokens>;
399
- verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
454
+ idToken: {
455
+ jwks: (header: jose.JWTHeaderParameters) => Promise<Uint8Array<ArrayBufferLike> | CryptoKey>;
456
+ audience: string | string[];
457
+ maxTokenAge: string;
458
+ issuer: string | undefined;
459
+ verifyClaims: (claims: Record<string, unknown>) => boolean;
460
+ };
400
461
  getUserInfo(token: OAuth2Tokens & {
462
+ expectedIdTokenNonce?: string | undefined;
401
463
  user?: {
402
464
  name?: {
403
465
  firstName?: string;
@@ -428,7 +490,8 @@ declare const socialProviders: {
428
490
  codeVerifier,
429
491
  redirectURI,
430
492
  loginHint,
431
- display
493
+ display,
494
+ additionalParams
432
495
  }: {
433
496
  state: string;
434
497
  codeVerifier: string;
@@ -436,6 +499,8 @@ declare const socialProviders: {
436
499
  redirectURI: string;
437
500
  display?: string | undefined;
438
501
  loginHint?: string | undefined;
502
+ idTokenNonce?: string | undefined;
503
+ additionalParams?: Record<string, string> | undefined;
439
504
  }): Promise<URL>;
440
505
  validateAuthorizationCode: ({
441
506
  code,
@@ -448,8 +513,15 @@ declare const socialProviders: {
448
513
  deviceId?: string | undefined;
449
514
  }) => Promise<OAuth2Tokens>;
450
515
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
451
- verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
516
+ idToken: {
517
+ jwks: (header: jose.JWTHeaderParameters) => Promise<Uint8Array<ArrayBufferLike> | CryptoKey>;
518
+ issuer: string[];
519
+ audience: string | string[];
520
+ maxTokenAge: string;
521
+ verifyClaims: ((claims: Record<string, unknown>) => boolean) | undefined;
522
+ };
452
523
  getUserInfo(token: OAuth2Tokens & {
524
+ expectedIdTokenNonce?: string | undefined;
453
525
  user?: {
454
526
  name?: {
455
527
  firstName?: string;
@@ -477,7 +549,8 @@ declare const socialProviders: {
477
549
  state,
478
550
  scopes,
479
551
  codeVerifier,
480
- redirectURI
552
+ redirectURI,
553
+ additionalParams
481
554
  }: {
482
555
  state: string;
483
556
  codeVerifier: string;
@@ -485,6 +558,8 @@ declare const socialProviders: {
485
558
  redirectURI: string;
486
559
  display?: string | undefined;
487
560
  loginHint?: string | undefined;
561
+ idTokenNonce?: string | undefined;
562
+ additionalParams?: Record<string, string> | undefined;
488
563
  }): Promise<URL>;
489
564
  validateAuthorizationCode: ({
490
565
  code,
@@ -498,6 +573,7 @@ declare const socialProviders: {
498
573
  }) => Promise<OAuth2Tokens>;
499
574
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
500
575
  getUserInfo(token: OAuth2Tokens & {
576
+ expectedIdTokenNonce?: string | undefined;
501
577
  user?: {
502
578
  name?: {
503
579
  firstName?: string;
@@ -524,7 +600,8 @@ declare const socialProviders: {
524
600
  createAuthorizationURL({
525
601
  state,
526
602
  scopes,
527
- redirectURI
603
+ redirectURI,
604
+ additionalParams
528
605
  }: {
529
606
  state: string;
530
607
  codeVerifier: string;
@@ -532,7 +609,9 @@ declare const socialProviders: {
532
609
  redirectURI: string;
533
610
  display?: string | undefined;
534
611
  loginHint?: string | undefined;
535
- }): URL;
612
+ idTokenNonce?: string | undefined;
613
+ additionalParams?: Record<string, string> | undefined;
614
+ }): Promise<URL>;
536
615
  validateAuthorizationCode: ({
537
616
  code,
538
617
  redirectURI
@@ -544,6 +623,7 @@ declare const socialProviders: {
544
623
  }) => Promise<OAuth2Tokens>;
545
624
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
546
625
  getUserInfo(token: OAuth2Tokens & {
626
+ expectedIdTokenNonce?: string | undefined;
547
627
  user?: {
548
628
  name?: {
549
629
  firstName?: string;
@@ -571,7 +651,8 @@ declare const socialProviders: {
571
651
  state,
572
652
  scopes,
573
653
  codeVerifier,
574
- redirectURI
654
+ redirectURI,
655
+ additionalParams
575
656
  }: {
576
657
  state: string;
577
658
  codeVerifier: string;
@@ -579,6 +660,8 @@ declare const socialProviders: {
579
660
  redirectURI: string;
580
661
  display?: string | undefined;
581
662
  loginHint?: string | undefined;
663
+ idTokenNonce?: string | undefined;
664
+ additionalParams?: Record<string, string> | undefined;
582
665
  }): Promise<URL>;
583
666
  validateAuthorizationCode: ({
584
667
  code,
@@ -592,6 +675,7 @@ declare const socialProviders: {
592
675
  }) => Promise<OAuth2Tokens>;
593
676
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
594
677
  getUserInfo(token: OAuth2Tokens & {
678
+ expectedIdTokenNonce?: string | undefined;
595
679
  user?: {
596
680
  name?: {
597
681
  firstName?: string;
@@ -618,7 +702,8 @@ declare const socialProviders: {
618
702
  createAuthorizationURL({
619
703
  state,
620
704
  scopes,
621
- redirectURI
705
+ redirectURI,
706
+ additionalParams
622
707
  }: {
623
708
  state: string;
624
709
  codeVerifier: string;
@@ -626,6 +711,8 @@ declare const socialProviders: {
626
711
  redirectURI: string;
627
712
  display?: string | undefined;
628
713
  loginHint?: string | undefined;
714
+ idTokenNonce?: string | undefined;
715
+ additionalParams?: Record<string, string> | undefined;
629
716
  }): Promise<URL>;
630
717
  validateAuthorizationCode: ({
631
718
  code,
@@ -638,6 +725,7 @@ declare const socialProviders: {
638
725
  }) => Promise<OAuth2Tokens>;
639
726
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
640
727
  getUserInfo(token: OAuth2Tokens & {
728
+ expectedIdTokenNonce?: string | undefined;
641
729
  user?: {
642
730
  name?: {
643
731
  firstName?: string;
@@ -668,6 +756,8 @@ declare const socialProviders: {
668
756
  redirectURI: string;
669
757
  display?: string | undefined;
670
758
  loginHint?: string | undefined;
759
+ idTokenNonce?: string | undefined;
760
+ additionalParams?: Record<string, string> | undefined;
671
761
  }): Promise<URL>;
672
762
  validateAuthorizationCode: ({
673
763
  code,
@@ -681,6 +771,7 @@ declare const socialProviders: {
681
771
  }) => Promise<OAuth2Tokens>;
682
772
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
683
773
  getUserInfo(token: OAuth2Tokens & {
774
+ expectedIdTokenNonce?: string | undefined;
684
775
  user?: {
685
776
  name?: {
686
777
  firstName?: string;
@@ -708,7 +799,8 @@ declare const socialProviders: {
708
799
  state,
709
800
  scopes,
710
801
  codeVerifier,
711
- redirectURI
802
+ redirectURI,
803
+ additionalParams
712
804
  }: {
713
805
  state: string;
714
806
  codeVerifier: string;
@@ -716,6 +808,8 @@ declare const socialProviders: {
716
808
  redirectURI: string;
717
809
  display?: string | undefined;
718
810
  loginHint?: string | undefined;
811
+ idTokenNonce?: string | undefined;
812
+ additionalParams?: Record<string, string> | undefined;
719
813
  }) => Promise<URL>;
720
814
  validateAuthorizationCode: ({
721
815
  code,
@@ -729,6 +823,7 @@ declare const socialProviders: {
729
823
  }) => Promise<OAuth2Tokens>;
730
824
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
731
825
  getUserInfo(token: OAuth2Tokens & {
826
+ expectedIdTokenNonce?: string | undefined;
732
827
  user?: {
733
828
  name?: {
734
829
  firstName?: string;
@@ -756,7 +851,8 @@ declare const socialProviders: {
756
851
  state,
757
852
  scopes,
758
853
  redirectURI,
759
- codeVerifier
854
+ codeVerifier,
855
+ additionalParams
760
856
  }: {
761
857
  state: string;
762
858
  codeVerifier: string;
@@ -764,6 +860,8 @@ declare const socialProviders: {
764
860
  redirectURI: string;
765
861
  display?: string | undefined;
766
862
  loginHint?: string | undefined;
863
+ idTokenNonce?: string | undefined;
864
+ additionalParams?: Record<string, string> | undefined;
767
865
  }): Promise<URL>;
768
866
  validateAuthorizationCode({
769
867
  code,
@@ -777,6 +875,7 @@ declare const socialProviders: {
777
875
  }): Promise<OAuth2Tokens>;
778
876
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
779
877
  getUserInfo(token: OAuth2Tokens & {
878
+ expectedIdTokenNonce?: string | undefined;
780
879
  user?: {
781
880
  name?: {
782
881
  firstName?: string;
@@ -804,7 +903,8 @@ declare const socialProviders: {
804
903
  state,
805
904
  scopes,
806
905
  loginHint,
807
- redirectURI
906
+ redirectURI,
907
+ additionalParams
808
908
  }: {
809
909
  state: string;
810
910
  codeVerifier: string;
@@ -812,6 +912,8 @@ declare const socialProviders: {
812
912
  redirectURI: string;
813
913
  display?: string | undefined;
814
914
  loginHint?: string | undefined;
915
+ idTokenNonce?: string | undefined;
916
+ additionalParams?: Record<string, string> | undefined;
815
917
  }): Promise<URL>;
816
918
  validateAuthorizationCode: ({
817
919
  code,
@@ -824,6 +926,7 @@ declare const socialProviders: {
824
926
  }) => Promise<OAuth2Tokens>;
825
927
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
826
928
  getUserInfo(token: OAuth2Tokens & {
929
+ expectedIdTokenNonce?: string | undefined;
827
930
  user?: {
828
931
  name?: {
829
932
  firstName?: string;
@@ -851,7 +954,8 @@ declare const socialProviders: {
851
954
  state,
852
955
  scopes,
853
956
  redirectURI,
854
- loginHint
957
+ loginHint,
958
+ additionalParams
855
959
  }: {
856
960
  state: string;
857
961
  codeVerifier: string;
@@ -859,6 +963,8 @@ declare const socialProviders: {
859
963
  redirectURI: string;
860
964
  display?: string | undefined;
861
965
  loginHint?: string | undefined;
966
+ idTokenNonce?: string | undefined;
967
+ additionalParams?: Record<string, string> | undefined;
862
968
  }) => Promise<URL>;
863
969
  validateAuthorizationCode: ({
864
970
  code,
@@ -871,6 +977,7 @@ declare const socialProviders: {
871
977
  }) => Promise<OAuth2Tokens>;
872
978
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
873
979
  getUserInfo(token: OAuth2Tokens & {
980
+ expectedIdTokenNonce?: string | undefined;
874
981
  user?: {
875
982
  name?: {
876
983
  firstName?: string;
@@ -899,7 +1006,8 @@ declare const socialProviders: {
899
1006
  scopes,
900
1007
  codeVerifier,
901
1008
  loginHint,
902
- redirectURI
1009
+ redirectURI,
1010
+ additionalParams
903
1011
  }: {
904
1012
  state: string;
905
1013
  codeVerifier: string;
@@ -907,6 +1015,8 @@ declare const socialProviders: {
907
1015
  redirectURI: string;
908
1016
  display?: string | undefined;
909
1017
  loginHint?: string | undefined;
1018
+ idTokenNonce?: string | undefined;
1019
+ additionalParams?: Record<string, string> | undefined;
910
1020
  }) => Promise<URL>;
911
1021
  validateAuthorizationCode: ({
912
1022
  code,
@@ -920,6 +1030,7 @@ declare const socialProviders: {
920
1030
  }) => Promise<OAuth2Tokens>;
921
1031
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
922
1032
  getUserInfo(token: OAuth2Tokens & {
1033
+ expectedIdTokenNonce?: string | undefined;
923
1034
  user?: {
924
1035
  name?: {
925
1036
  firstName?: string;
@@ -967,7 +1078,8 @@ declare const socialProviders: {
967
1078
  createAuthorizationURL({
968
1079
  state,
969
1080
  scopes,
970
- redirectURI
1081
+ redirectURI,
1082
+ additionalParams
971
1083
  }: {
972
1084
  state: string;
973
1085
  codeVerifier: string;
@@ -975,6 +1087,8 @@ declare const socialProviders: {
975
1087
  redirectURI: string;
976
1088
  display?: string | undefined;
977
1089
  loginHint?: string | undefined;
1090
+ idTokenNonce?: string | undefined;
1091
+ additionalParams?: Record<string, string> | undefined;
978
1092
  }): URL;
979
1093
  validateAuthorizationCode: ({
980
1094
  code,
@@ -987,6 +1101,7 @@ declare const socialProviders: {
987
1101
  }) => Promise<OAuth2Tokens>;
988
1102
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
989
1103
  getUserInfo(token: OAuth2Tokens & {
1104
+ expectedIdTokenNonce?: string | undefined;
990
1105
  user?: {
991
1106
  name?: {
992
1107
  firstName?: string;
@@ -1013,7 +1128,8 @@ declare const socialProviders: {
1013
1128
  createAuthorizationURL({
1014
1129
  state,
1015
1130
  scopes,
1016
- redirectURI
1131
+ redirectURI,
1132
+ additionalParams
1017
1133
  }: {
1018
1134
  state: string;
1019
1135
  codeVerifier: string;
@@ -1021,6 +1137,8 @@ declare const socialProviders: {
1021
1137
  redirectURI: string;
1022
1138
  display?: string | undefined;
1023
1139
  loginHint?: string | undefined;
1140
+ idTokenNonce?: string | undefined;
1141
+ additionalParams?: Record<string, string> | undefined;
1024
1142
  }): Promise<URL>;
1025
1143
  validateAuthorizationCode: ({
1026
1144
  code,
@@ -1033,6 +1151,7 @@ declare const socialProviders: {
1033
1151
  }) => Promise<OAuth2Tokens>;
1034
1152
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1035
1153
  getUserInfo(token: OAuth2Tokens & {
1154
+ expectedIdTokenNonce?: string | undefined;
1036
1155
  user?: {
1037
1156
  name?: {
1038
1157
  firstName?: string;
@@ -1059,7 +1178,8 @@ declare const socialProviders: {
1059
1178
  createAuthorizationURL({
1060
1179
  state,
1061
1180
  scopes,
1062
- redirectURI
1181
+ redirectURI,
1182
+ additionalParams
1063
1183
  }: {
1064
1184
  state: string;
1065
1185
  codeVerifier: string;
@@ -1067,7 +1187,9 @@ declare const socialProviders: {
1067
1187
  redirectURI: string;
1068
1188
  display?: string | undefined;
1069
1189
  loginHint?: string | undefined;
1070
- }): URL;
1190
+ idTokenNonce?: string | undefined;
1191
+ additionalParams?: Record<string, string> | undefined;
1192
+ }): Promise<URL>;
1071
1193
  validateAuthorizationCode: ({
1072
1194
  code,
1073
1195
  redirectURI
@@ -1079,6 +1201,7 @@ declare const socialProviders: {
1079
1201
  }) => Promise<OAuth2Tokens>;
1080
1202
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1081
1203
  getUserInfo(token: OAuth2Tokens & {
1204
+ expectedIdTokenNonce?: string | undefined;
1082
1205
  user?: {
1083
1206
  name?: {
1084
1207
  firstName?: string;
@@ -1106,7 +1229,8 @@ declare const socialProviders: {
1106
1229
  state,
1107
1230
  scopes,
1108
1231
  codeVerifier,
1109
- redirectURI
1232
+ redirectURI,
1233
+ additionalParams
1110
1234
  }: {
1111
1235
  state: string;
1112
1236
  codeVerifier: string;
@@ -1114,6 +1238,8 @@ declare const socialProviders: {
1114
1238
  redirectURI: string;
1115
1239
  display?: string | undefined;
1116
1240
  loginHint?: string | undefined;
1241
+ idTokenNonce?: string | undefined;
1242
+ additionalParams?: Record<string, string> | undefined;
1117
1243
  }): Promise<URL>;
1118
1244
  validateAuthorizationCode: ({
1119
1245
  code,
@@ -1127,6 +1253,7 @@ declare const socialProviders: {
1127
1253
  }) => Promise<OAuth2Tokens>;
1128
1254
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1129
1255
  getUserInfo(token: OAuth2Tokens & {
1256
+ expectedIdTokenNonce?: string | undefined;
1130
1257
  user?: {
1131
1258
  name?: {
1132
1259
  firstName?: string;
@@ -1154,7 +1281,8 @@ declare const socialProviders: {
1154
1281
  state,
1155
1282
  scopes,
1156
1283
  codeVerifier,
1157
- redirectURI
1284
+ redirectURI,
1285
+ additionalParams
1158
1286
  }: {
1159
1287
  state: string;
1160
1288
  codeVerifier: string;
@@ -1162,6 +1290,8 @@ declare const socialProviders: {
1162
1290
  redirectURI: string;
1163
1291
  display?: string | undefined;
1164
1292
  loginHint?: string | undefined;
1293
+ idTokenNonce?: string | undefined;
1294
+ additionalParams?: Record<string, string> | undefined;
1165
1295
  }): Promise<URL>;
1166
1296
  validateAuthorizationCode: ({
1167
1297
  code,
@@ -1176,6 +1306,7 @@ declare const socialProviders: {
1176
1306
  }) => Promise<OAuth2Tokens>;
1177
1307
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1178
1308
  getUserInfo(data: OAuth2Tokens & {
1309
+ expectedIdTokenNonce?: string | undefined;
1179
1310
  user?: {
1180
1311
  name?: {
1181
1312
  firstName?: string;
@@ -1202,7 +1333,8 @@ declare const socialProviders: {
1202
1333
  createAuthorizationURL: ({
1203
1334
  state,
1204
1335
  redirectURI,
1205
- codeVerifier
1336
+ codeVerifier,
1337
+ additionalParams
1206
1338
  }: {
1207
1339
  state: string;
1208
1340
  codeVerifier: string;
@@ -1210,6 +1342,8 @@ declare const socialProviders: {
1210
1342
  redirectURI: string;
1211
1343
  display?: string | undefined;
1212
1344
  loginHint?: string | undefined;
1345
+ idTokenNonce?: string | undefined;
1346
+ additionalParams?: Record<string, string> | undefined;
1213
1347
  }) => Promise<URL>;
1214
1348
  validateAuthorizationCode: ({
1215
1349
  code,
@@ -1223,6 +1357,7 @@ declare const socialProviders: {
1223
1357
  }) => Promise<OAuth2Tokens>;
1224
1358
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1225
1359
  getUserInfo(token: OAuth2Tokens & {
1360
+ expectedIdTokenNonce?: string | undefined;
1226
1361
  user?: {
1227
1362
  name?: {
1228
1363
  firstName?: string;
@@ -1249,7 +1384,8 @@ declare const socialProviders: {
1249
1384
  state,
1250
1385
  scopes,
1251
1386
  loginHint,
1252
- redirectURI
1387
+ redirectURI,
1388
+ additionalParams
1253
1389
  }: {
1254
1390
  state: string;
1255
1391
  codeVerifier: string;
@@ -1257,6 +1393,8 @@ declare const socialProviders: {
1257
1393
  redirectURI: string;
1258
1394
  display?: string | undefined;
1259
1395
  loginHint?: string | undefined;
1396
+ idTokenNonce?: string | undefined;
1397
+ additionalParams?: Record<string, string> | undefined;
1260
1398
  }): Promise<URL>;
1261
1399
  validateAuthorizationCode: ({
1262
1400
  code,
@@ -1269,6 +1407,7 @@ declare const socialProviders: {
1269
1407
  }) => Promise<OAuth2Tokens>;
1270
1408
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1271
1409
  getUserInfo(token: OAuth2Tokens & {
1410
+ expectedIdTokenNonce?: string | undefined;
1272
1411
  user?: {
1273
1412
  name?: {
1274
1413
  firstName?: string;
@@ -1295,7 +1434,8 @@ declare const socialProviders: {
1295
1434
  createAuthorizationURL({
1296
1435
  state,
1297
1436
  scopes,
1298
- redirectURI
1437
+ redirectURI,
1438
+ additionalParams
1299
1439
  }: {
1300
1440
  state: string;
1301
1441
  codeVerifier: string;
@@ -1303,6 +1443,8 @@ declare const socialProviders: {
1303
1443
  redirectURI: string;
1304
1444
  display?: string | undefined;
1305
1445
  loginHint?: string | undefined;
1446
+ idTokenNonce?: string | undefined;
1447
+ additionalParams?: Record<string, string> | undefined;
1306
1448
  }): Promise<URL>;
1307
1449
  validateAuthorizationCode: ({
1308
1450
  code,
@@ -1315,6 +1457,7 @@ declare const socialProviders: {
1315
1457
  }) => Promise<OAuth2Tokens>;
1316
1458
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1317
1459
  getUserInfo(token: OAuth2Tokens & {
1460
+ expectedIdTokenNonce?: string | undefined;
1318
1461
  user?: {
1319
1462
  name?: {
1320
1463
  firstName?: string;
@@ -1362,7 +1505,8 @@ declare const socialProviders: {
1362
1505
  createAuthorizationURL({
1363
1506
  state,
1364
1507
  scopes,
1365
- redirectURI
1508
+ redirectURI,
1509
+ additionalParams
1366
1510
  }: {
1367
1511
  state: string;
1368
1512
  codeVerifier: string;
@@ -1370,6 +1514,8 @@ declare const socialProviders: {
1370
1514
  redirectURI: string;
1371
1515
  display?: string | undefined;
1372
1516
  loginHint?: string | undefined;
1517
+ idTokenNonce?: string | undefined;
1518
+ additionalParams?: Record<string, string> | undefined;
1373
1519
  }): Promise<URL>;
1374
1520
  validateAuthorizationCode: ({
1375
1521
  code,
@@ -1382,6 +1528,7 @@ declare const socialProviders: {
1382
1528
  }) => Promise<OAuth2Tokens>;
1383
1529
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1384
1530
  getUserInfo(token: OAuth2Tokens & {
1531
+ expectedIdTokenNonce?: string | undefined;
1385
1532
  user?: {
1386
1533
  name?: {
1387
1534
  firstName?: string;
@@ -1431,7 +1578,8 @@ declare const socialProviders: {
1431
1578
  scopes,
1432
1579
  codeVerifier,
1433
1580
  redirectURI,
1434
- loginHint
1581
+ loginHint,
1582
+ additionalParams
1435
1583
  }: {
1436
1584
  state: string;
1437
1585
  codeVerifier: string;
@@ -1439,6 +1587,8 @@ declare const socialProviders: {
1439
1587
  redirectURI: string;
1440
1588
  display?: string | undefined;
1441
1589
  loginHint?: string | undefined;
1590
+ idTokenNonce?: string | undefined;
1591
+ additionalParams?: Record<string, string> | undefined;
1442
1592
  }): Promise<URL>;
1443
1593
  validateAuthorizationCode: ({
1444
1594
  code,
@@ -1451,8 +1601,11 @@ declare const socialProviders: {
1451
1601
  deviceId?: string | undefined;
1452
1602
  }) => Promise<OAuth2Tokens>;
1453
1603
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1454
- verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
1604
+ idToken: {
1605
+ verify: (token: string, nonce: string | undefined) => Promise<boolean>;
1606
+ };
1455
1607
  getUserInfo(token: OAuth2Tokens & {
1608
+ expectedIdTokenNonce?: string | undefined;
1456
1609
  user?: {
1457
1610
  name?: {
1458
1611
  firstName?: string;
@@ -1502,7 +1655,8 @@ declare const socialProviders: {
1502
1655
  scopes,
1503
1656
  codeVerifier,
1504
1657
  redirectURI,
1505
- loginHint
1658
+ loginHint,
1659
+ additionalParams
1506
1660
  }: {
1507
1661
  state: string;
1508
1662
  codeVerifier: string;
@@ -1510,6 +1664,8 @@ declare const socialProviders: {
1510
1664
  redirectURI: string;
1511
1665
  display?: string | undefined;
1512
1666
  loginHint?: string | undefined;
1667
+ idTokenNonce?: string | undefined;
1668
+ additionalParams?: Record<string, string> | undefined;
1513
1669
  }): Promise<URL>;
1514
1670
  validateAuthorizationCode: ({
1515
1671
  code,
@@ -1523,6 +1679,7 @@ declare const socialProviders: {
1523
1679
  }) => Promise<OAuth2Tokens>;
1524
1680
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1525
1681
  getUserInfo(token: OAuth2Tokens & {
1682
+ expectedIdTokenNonce?: string | undefined;
1526
1683
  user?: {
1527
1684
  name?: {
1528
1685
  firstName?: string;
@@ -1549,7 +1706,8 @@ declare const socialProviders: {
1549
1706
  createAuthorizationURL({
1550
1707
  state,
1551
1708
  codeVerifier,
1552
- redirectURI
1709
+ redirectURI,
1710
+ additionalParams
1553
1711
  }: {
1554
1712
  state: string;
1555
1713
  codeVerifier: string;
@@ -1557,6 +1715,8 @@ declare const socialProviders: {
1557
1715
  redirectURI: string;
1558
1716
  display?: string | undefined;
1559
1717
  loginHint?: string | undefined;
1718
+ idTokenNonce?: string | undefined;
1719
+ additionalParams?: Record<string, string> | undefined;
1560
1720
  }): Promise<URL>;
1561
1721
  validateAuthorizationCode: ({
1562
1722
  code,
@@ -1577,8 +1737,8 @@ declare const socialProviders: {
1577
1737
  refreshToken: any;
1578
1738
  accessTokenExpiresAt: Date | undefined;
1579
1739
  }>);
1580
- verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
1581
1740
  getUserInfo(token: OAuth2Tokens & {
1741
+ expectedIdTokenNonce?: string | undefined;
1582
1742
  user?: {
1583
1743
  name?: {
1584
1744
  firstName?: string;
@@ -1627,7 +1787,8 @@ declare const socialProviders: {
1627
1787
  state,
1628
1788
  scopes,
1629
1789
  codeVerifier,
1630
- redirectURI
1790
+ redirectURI,
1791
+ additionalParams
1631
1792
  }: {
1632
1793
  state: string;
1633
1794
  codeVerifier: string;
@@ -1635,6 +1796,8 @@ declare const socialProviders: {
1635
1796
  redirectURI: string;
1636
1797
  display?: string | undefined;
1637
1798
  loginHint?: string | undefined;
1799
+ idTokenNonce?: string | undefined;
1800
+ additionalParams?: Record<string, string> | undefined;
1638
1801
  }): Promise<URL>;
1639
1802
  validateAuthorizationCode: ({
1640
1803
  code,
@@ -1648,6 +1811,7 @@ declare const socialProviders: {
1648
1811
  }) => Promise<OAuth2Tokens>;
1649
1812
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1650
1813
  getUserInfo(token: OAuth2Tokens & {
1814
+ expectedIdTokenNonce?: string | undefined;
1651
1815
  user?: {
1652
1816
  name?: {
1653
1817
  firstName?: string;
@@ -1675,7 +1839,8 @@ declare const socialProviders: {
1675
1839
  state,
1676
1840
  scopes,
1677
1841
  codeVerifier,
1678
- redirectURI
1842
+ redirectURI,
1843
+ additionalParams
1679
1844
  }: {
1680
1845
  state: string;
1681
1846
  codeVerifier: string;
@@ -1683,6 +1848,8 @@ declare const socialProviders: {
1683
1848
  redirectURI: string;
1684
1849
  display?: string | undefined;
1685
1850
  loginHint?: string | undefined;
1851
+ idTokenNonce?: string | undefined;
1852
+ additionalParams?: Record<string, string> | undefined;
1686
1853
  }): Promise<URL>;
1687
1854
  validateAuthorizationCode: ({
1688
1855
  code,
@@ -1696,6 +1863,7 @@ declare const socialProviders: {
1696
1863
  }) => Promise<OAuth2Tokens>;
1697
1864
  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1698
1865
  getUserInfo(token: OAuth2Tokens & {
1866
+ expectedIdTokenNonce?: string | undefined;
1699
1867
  user?: {
1700
1868
  name?: {
1701
1869
  firstName?: string;
@@ -1723,7 +1891,8 @@ declare const socialProviders: {
1723
1891
  state,
1724
1892
  scopes,
1725
1893
  codeVerifier,
1726
- redirectURI
1894
+ redirectURI,
1895
+ additionalParams
1727
1896
  }: {
1728
1897
  state: string;
1729
1898
  codeVerifier: string;
@@ -1731,6 +1900,8 @@ declare const socialProviders: {
1731
1900
  redirectURI: string;
1732
1901
  display?: string | undefined;
1733
1902
  loginHint?: string | undefined;
1903
+ idTokenNonce?: string | undefined;
1904
+ additionalParams?: Record<string, string> | undefined;
1734
1905
  }): Promise<URL>;
1735
1906
  validateAuthorizationCode: ({
1736
1907
  code,
@@ -1743,6 +1914,7 @@ declare const socialProviders: {
1743
1914
  deviceId?: string | undefined;
1744
1915
  }) => Promise<OAuth2Tokens>;
1745
1916
  getUserInfo(token: OAuth2Tokens & {
1917
+ expectedIdTokenNonce?: string | undefined;
1746
1918
  user?: {
1747
1919
  name?: {
1748
1920
  firstName?: string;
@@ -1769,7 +1941,8 @@ declare const socialProviders: {
1769
1941
  createAuthorizationURL({
1770
1942
  state,
1771
1943
  scopes,
1772
- redirectURI
1944
+ redirectURI,
1945
+ additionalParams
1773
1946
  }: {
1774
1947
  state: string;
1775
1948
  codeVerifier: string;
@@ -1777,6 +1950,8 @@ declare const socialProviders: {
1777
1950
  redirectURI: string;
1778
1951
  display?: string | undefined;
1779
1952
  loginHint?: string | undefined;
1953
+ idTokenNonce?: string | undefined;
1954
+ additionalParams?: Record<string, string> | undefined;
1780
1955
  }): URL;
1781
1956
  validateAuthorizationCode: ({
1782
1957
  code
@@ -1802,6 +1977,7 @@ declare const socialProviders: {
1802
1977
  scopes: string[];
1803
1978
  }>);
1804
1979
  getUserInfo(token: OAuth2Tokens & {
1980
+ expectedIdTokenNonce?: string | undefined;
1805
1981
  user?: {
1806
1982
  name?: {
1807
1983
  firstName?: string;
@@ -1831,4 +2007,4 @@ type SocialProviders = { [K in SocialProviderList[number]]?: AwaitableFunction<P
1831
2007
  }> };
1832
2008
  type SocialProviderList = typeof socialProviderList;
1833
2009
  //#endregion
1834
- export { AccountStatus, AppleNonConformUser, AppleOptions, AppleProfile, AtlassianOptions, AtlassianProfile, CognitoOptions, CognitoProfile, DiscordOptions, DiscordProfile, DropboxOptions, DropboxProfile, FacebookOptions, FacebookProfile, FigmaOptions, FigmaProfile, GithubOptions, GithubProfile, GitlabOptions, GitlabProfile, GoogleOptions, GoogleProfile, HuggingFaceOptions, HuggingFaceProfile, KakaoOptions, KakaoProfile, KickOptions, KickProfile, LineIdTokenPayload, LineOptions, LineUserInfo, LinearOptions, LinearProfile, LinearUser, LinkedInOptions, LinkedInProfile, LoginType, MicrosoftEntraIDProfile, MicrosoftOptions, NaverOptions, NaverProfile, NotionOptions, NotionProfile, PayPalOptions, PayPalProfile, PayPalTokenResponse, PaybinOptions, PaybinProfile, PhoneNumber, PolarOptions, PolarProfile, PronounOption, RailwayOptions, RailwayProfile, RedditOptions, RedditProfile, RobloxOptions, RobloxProfile, SalesforceOptions, SalesforceProfile, SlackOptions, SlackProfile, SocialProvider, SocialProviderList, SocialProviderListEnum, SocialProviders, SpotifyOptions, SpotifyProfile, TiktokOptions, TiktokProfile, TwitchOptions, TwitchProfile, TwitterOption, TwitterProfile, VercelOptions, VercelProfile, VkOption, VkProfile, WeChatOptions, WeChatProfile, ZoomOptions, ZoomProfile, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, getGooglePublicKey, getMicrosoftPublicKey, github, gitlab, google, huggingface, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paybin, paypal, polar, railway, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vercel, vk, wechat, zoom };
2010
+ export { AccountStatus, AppleNonConformUser, AppleOptions, AppleProfile, AtlassianOptions, AtlassianProfile, CognitoOptions, CognitoProfile, DiscordOptions, DiscordProfile, DropboxOptions, DropboxProfile, FacebookOptions, FacebookProfile, FigmaOptions, FigmaProfile, GithubOptions, GithubProfile, GitlabOptions, GitlabProfile, GoogleOptions, GoogleProfile, HuggingFaceOptions, HuggingFaceProfile, KakaoOptions, KakaoProfile, KickOptions, KickProfile, LineIdTokenPayload, LineOptions, LineUserInfo, LinearOptions, LinearProfile, LinearUser, LinkedInOptions, LinkedInProfile, LoginType, MicrosoftEntraIDProfile, MicrosoftOptions, NaverOptions, NaverProfile, NotionOptions, NotionProfile, PayPalOptions, PayPalProfile, PayPalTokenResponse, PaybinOptions, PaybinProfile, PhoneNumber, PolarOptions, PolarProfile, PronounOption, RailwayOptions, RailwayProfile, RedditOptions, RedditProfile, RobloxOptions, RobloxProfile, SalesforceOptions, SalesforceProfile, SlackOptions, SlackProfile, SocialProvider, SocialProviderList, SocialProviderListEnum, SocialProviders, SpotifyOptions, SpotifyProfile, TiktokOptions, TiktokProfile, TwitchOptions, TwitchProfile, TwitterOption, TwitterProfile, VercelOptions, VercelProfile, VerifyGoogleIdTokenOptions, VkOption, VkProfile, WeChatOptions, WeChatProfile, ZoomOptions, ZoomProfile, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, getGooglePublicKey, getMicrosoftPublicKey, github, gitlab, google, huggingface, isGoogleHostedDomainAllowed, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paybin, paypal, polar, railway, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vercel, verifyGoogleIdToken, vk, wechat, zoom };