@better-auth/core 1.7.0-beta.2 → 1.7.0-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/context/global.mjs +1 -1
- package/dist/db/adapter/factory.mjs +64 -3
- package/dist/db/adapter/index.d.mts +35 -1
- package/dist/db/adapter/types.d.mts +1 -1
- package/dist/db/type.d.mts +12 -0
- package/dist/error/codes.d.mts +1 -0
- package/dist/error/codes.mjs +1 -0
- package/dist/instrumentation/tracer.mjs +1 -1
- package/dist/oauth2/authorization-params.d.mts +12 -0
- package/dist/oauth2/authorization-params.mjs +12 -0
- package/dist/oauth2/basic-credentials.d.mts +30 -0
- package/dist/oauth2/basic-credentials.mjs +64 -0
- package/dist/oauth2/client-assertion.d.mts +38 -22
- package/dist/oauth2/client-assertion.mjs +63 -28
- package/dist/oauth2/client-credentials-token.d.mts +19 -40
- package/dist/oauth2/client-credentials-token.mjs +18 -29
- package/dist/oauth2/create-authorization-url.d.mts +9 -1
- package/dist/oauth2/create-authorization-url.mjs +23 -5
- package/dist/oauth2/index.d.mts +10 -7
- package/dist/oauth2/index.mjs +9 -7
- package/dist/oauth2/oauth-provider.d.mts +21 -2
- package/dist/oauth2/refresh-access-token.d.mts +20 -40
- package/dist/oauth2/refresh-access-token.mjs +19 -32
- package/dist/oauth2/token-endpoint-auth.d.mts +17 -0
- package/dist/oauth2/token-endpoint-auth.mjs +89 -0
- package/dist/oauth2/utils.d.mts +9 -1
- package/dist/oauth2/utils.mjs +12 -1
- package/dist/oauth2/validate-authorization-code.d.mts +17 -52
- package/dist/oauth2/validate-authorization-code.mjs +17 -30
- package/dist/oauth2/verify.mjs +15 -5
- package/dist/social-providers/apple.d.mts +5 -12
- package/dist/social-providers/apple.mjs +14 -3
- package/dist/social-providers/atlassian.d.mts +3 -1
- package/dist/social-providers/atlassian.mjs +5 -2
- package/dist/social-providers/cognito.d.mts +16 -1
- package/dist/social-providers/cognito.mjs +6 -2
- package/dist/social-providers/discord.d.mts +5 -3
- package/dist/social-providers/discord.mjs +16 -3
- package/dist/social-providers/dropbox.d.mts +3 -1
- package/dist/social-providers/dropbox.mjs +5 -4
- package/dist/social-providers/facebook.d.mts +5 -3
- package/dist/social-providers/facebook.mjs +6 -3
- package/dist/social-providers/figma.d.mts +3 -1
- package/dist/social-providers/figma.mjs +3 -2
- package/dist/social-providers/github.d.mts +4 -2
- package/dist/social-providers/github.mjs +5 -4
- package/dist/social-providers/gitlab.d.mts +3 -1
- package/dist/social-providers/gitlab.mjs +3 -2
- package/dist/social-providers/google.d.mts +3 -1
- package/dist/social-providers/google.mjs +5 -2
- package/dist/social-providers/huggingface.d.mts +3 -1
- package/dist/social-providers/huggingface.mjs +3 -2
- package/dist/social-providers/index.d.mts +104 -36
- package/dist/social-providers/kakao.d.mts +3 -1
- package/dist/social-providers/kakao.mjs +3 -2
- package/dist/social-providers/kick.d.mts +3 -1
- package/dist/social-providers/kick.mjs +3 -2
- package/dist/social-providers/line.d.mts +3 -1
- package/dist/social-providers/line.mjs +3 -2
- package/dist/social-providers/linear.d.mts +3 -1
- package/dist/social-providers/linear.mjs +3 -2
- package/dist/social-providers/linkedin.d.mts +5 -3
- package/dist/social-providers/linkedin.mjs +4 -3
- package/dist/social-providers/microsoft-entra-id.d.mts +3 -2
- package/dist/social-providers/microsoft-entra-id.mjs +3 -2
- package/dist/social-providers/naver.d.mts +3 -1
- package/dist/social-providers/naver.mjs +3 -2
- package/dist/social-providers/notion.d.mts +3 -1
- package/dist/social-providers/notion.mjs +5 -2
- package/dist/social-providers/paybin.d.mts +3 -1
- package/dist/social-providers/paybin.mjs +3 -2
- package/dist/social-providers/paypal.d.mts +3 -1
- package/dist/social-providers/paypal.mjs +4 -3
- package/dist/social-providers/polar.d.mts +3 -1
- package/dist/social-providers/polar.mjs +3 -2
- package/dist/social-providers/railway.d.mts +3 -1
- package/dist/social-providers/railway.mjs +3 -2
- package/dist/social-providers/reddit.d.mts +3 -1
- package/dist/social-providers/reddit.mjs +3 -2
- package/dist/social-providers/roblox.d.mts +4 -2
- package/dist/social-providers/roblox.mjs +12 -2
- package/dist/social-providers/salesforce.d.mts +3 -1
- package/dist/social-providers/salesforce.mjs +3 -2
- package/dist/social-providers/slack.d.mts +4 -2
- package/dist/social-providers/slack.mjs +11 -8
- package/dist/social-providers/spotify.d.mts +3 -1
- package/dist/social-providers/spotify.mjs +3 -2
- package/dist/social-providers/tiktok.d.mts +3 -1
- package/dist/social-providers/tiktok.mjs +14 -2
- package/dist/social-providers/twitch.d.mts +3 -1
- package/dist/social-providers/twitch.mjs +3 -2
- package/dist/social-providers/twitter.d.mts +5 -2
- package/dist/social-providers/twitter.mjs +2 -1
- package/dist/social-providers/vercel.d.mts +3 -1
- package/dist/social-providers/vercel.mjs +3 -2
- package/dist/social-providers/vk.d.mts +3 -1
- package/dist/social-providers/vk.mjs +3 -2
- package/dist/social-providers/wechat.d.mts +3 -1
- package/dist/social-providers/wechat.mjs +7 -1
- package/dist/social-providers/zoom.d.mts +4 -2
- package/dist/social-providers/zoom.mjs +10 -17
- package/dist/types/context.d.mts +30 -4
- package/dist/types/init-options.d.mts +29 -5
- package/dist/utils/ip.d.mts +5 -4
- package/dist/utils/ip.mjs +3 -3
- package/dist/utils/redirect-uri.d.mts +20 -0
- package/dist/utils/redirect-uri.mjs +48 -0
- package/dist/utils/string.d.mts +5 -1
- package/dist/utils/string.mjs +20 -1
- package/dist/utils/url.d.mts +18 -1
- package/dist/utils/url.mjs +30 -1
- package/package.json +9 -8
- package/src/db/adapter/factory.ts +121 -3
- package/src/db/adapter/index.ts +32 -0
- package/src/db/adapter/types.ts +1 -0
- package/src/db/get-tables.ts +2 -0
- package/src/db/schema/user.ts +3 -0
- package/src/db/type.ts +12 -0
- package/src/error/codes.ts +1 -0
- package/src/oauth2/authorization-params.ts +28 -0
- package/src/oauth2/basic-credentials.ts +87 -0
- package/src/oauth2/client-assertion.ts +131 -58
- package/src/oauth2/client-credentials-token.ts +48 -72
- package/src/oauth2/create-authorization-url.ts +28 -6
- package/src/oauth2/index.ts +25 -9
- package/src/oauth2/oauth-provider.ts +21 -2
- package/src/oauth2/refresh-access-token.ts +50 -76
- package/src/oauth2/token-endpoint-auth.ts +221 -0
- package/src/oauth2/utils.ts +19 -0
- package/src/oauth2/validate-authorization-code.ts +55 -85
- package/src/oauth2/verify.ts +20 -4
- package/src/social-providers/apple.ts +27 -3
- package/src/social-providers/atlassian.ts +8 -1
- package/src/social-providers/cognito.ts +26 -1
- package/src/social-providers/discord.ts +22 -18
- package/src/social-providers/dropbox.ts +7 -5
- package/src/social-providers/facebook.ts +14 -9
- package/src/social-providers/figma.ts +8 -1
- package/src/social-providers/github.ts +5 -3
- package/src/social-providers/gitlab.ts +2 -0
- package/src/social-providers/google.ts +2 -0
- package/src/social-providers/huggingface.ts +8 -1
- package/src/social-providers/kakao.ts +2 -1
- package/src/social-providers/kick.ts +8 -1
- package/src/social-providers/line.ts +2 -0
- package/src/social-providers/linear.ts +8 -1
- package/src/social-providers/linkedin.ts +5 -3
- package/src/social-providers/microsoft-entra-id.ts +2 -1
- package/src/social-providers/naver.ts +2 -1
- package/src/social-providers/notion.ts +8 -1
- package/src/social-providers/paybin.ts +2 -0
- package/src/social-providers/paypal.ts +7 -1
- package/src/social-providers/polar.ts +8 -1
- package/src/social-providers/railway.ts +8 -1
- package/src/social-providers/reddit.ts +2 -1
- package/src/social-providers/roblox.ts +16 -11
- package/src/social-providers/salesforce.ts +8 -1
- package/src/social-providers/slack.ts +15 -9
- package/src/social-providers/spotify.ts +8 -1
- package/src/social-providers/tiktok.ts +22 -9
- package/src/social-providers/twitch.ts +2 -1
- package/src/social-providers/twitter.ts +1 -0
- package/src/social-providers/vercel.ts +8 -1
- package/src/social-providers/vk.ts +8 -1
- package/src/social-providers/wechat.ts +9 -1
- package/src/social-providers/zoom.ts +15 -19
- package/src/types/context.ts +33 -5
- package/src/types/init-options.ts +29 -5
- package/src/utils/ip.ts +12 -13
- package/src/utils/redirect-uri.ts +54 -0
- package/src/utils/string.ts +37 -0
- package/src/utils/url.ts +28 -0
|
@@ -24,7 +24,8 @@ declare const linear: (options: LinearOptions) => {
|
|
|
24
24
|
state,
|
|
25
25
|
scopes,
|
|
26
26
|
loginHint,
|
|
27
|
-
redirectURI
|
|
27
|
+
redirectURI,
|
|
28
|
+
additionalParams
|
|
28
29
|
}: {
|
|
29
30
|
state: string;
|
|
30
31
|
codeVerifier: string;
|
|
@@ -32,6 +33,7 @@ declare const linear: (options: LinearOptions) => {
|
|
|
32
33
|
redirectURI: string;
|
|
33
34
|
display?: string | undefined;
|
|
34
35
|
loginHint?: string | undefined;
|
|
36
|
+
additionalParams?: Record<string, string> | undefined;
|
|
35
37
|
}): Promise<URL>;
|
|
36
38
|
validateAuthorizationCode: ({
|
|
37
39
|
code,
|
|
@@ -8,7 +8,7 @@ const linear = (options) => {
|
|
|
8
8
|
return {
|
|
9
9
|
id: "linear",
|
|
10
10
|
name: "Linear",
|
|
11
|
-
createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
|
|
11
|
+
createAuthorizationURL({ state, scopes, loginHint, redirectURI, additionalParams }) {
|
|
12
12
|
const _scopes = options.disableDefaultScope ? [] : ["read"];
|
|
13
13
|
if (options.scope) _scopes.push(...options.scope);
|
|
14
14
|
if (scopes) _scopes.push(...scopes);
|
|
@@ -19,7 +19,8 @@ const linear = (options) => {
|
|
|
19
19
|
scopes: _scopes,
|
|
20
20
|
state,
|
|
21
21
|
redirectURI,
|
|
22
|
-
loginHint
|
|
22
|
+
loginHint,
|
|
23
|
+
additionalParams
|
|
23
24
|
});
|
|
24
25
|
},
|
|
25
26
|
validateAuthorizationCode: async ({ code, redirectURI }) => {
|
|
@@ -10,8 +10,8 @@ interface LinkedInProfile {
|
|
|
10
10
|
country: string;
|
|
11
11
|
language: string;
|
|
12
12
|
};
|
|
13
|
-
email
|
|
14
|
-
email_verified
|
|
13
|
+
email?: string;
|
|
14
|
+
email_verified?: boolean;
|
|
15
15
|
}
|
|
16
16
|
interface LinkedInOptions extends ProviderOptions<LinkedInProfile> {
|
|
17
17
|
clientId: string;
|
|
@@ -23,7 +23,8 @@ declare const linkedin: (options: LinkedInOptions) => {
|
|
|
23
23
|
state,
|
|
24
24
|
scopes,
|
|
25
25
|
redirectURI,
|
|
26
|
-
loginHint
|
|
26
|
+
loginHint,
|
|
27
|
+
additionalParams
|
|
27
28
|
}: {
|
|
28
29
|
state: string;
|
|
29
30
|
codeVerifier: string;
|
|
@@ -31,6 +32,7 @@ declare const linkedin: (options: LinkedInOptions) => {
|
|
|
31
32
|
redirectURI: string;
|
|
32
33
|
display?: string | undefined;
|
|
33
34
|
loginHint?: string | undefined;
|
|
35
|
+
additionalParams?: Record<string, string> | undefined;
|
|
34
36
|
}) => Promise<URL>;
|
|
35
37
|
validateAuthorizationCode: ({
|
|
36
38
|
code,
|
|
@@ -9,7 +9,7 @@ const linkedin = (options) => {
|
|
|
9
9
|
return {
|
|
10
10
|
id: "linkedin",
|
|
11
11
|
name: "Linkedin",
|
|
12
|
-
createAuthorizationURL: async ({ state, scopes, redirectURI, loginHint }) => {
|
|
12
|
+
createAuthorizationURL: async ({ state, scopes, redirectURI, loginHint, additionalParams }) => {
|
|
13
13
|
const _scopes = options.disableDefaultScope ? [] : [
|
|
14
14
|
"profile",
|
|
15
15
|
"email",
|
|
@@ -24,7 +24,8 @@ const linkedin = (options) => {
|
|
|
24
24
|
scopes: _scopes,
|
|
25
25
|
state,
|
|
26
26
|
loginHint,
|
|
27
|
-
redirectURI
|
|
27
|
+
redirectURI,
|
|
28
|
+
additionalParams
|
|
28
29
|
});
|
|
29
30
|
},
|
|
30
31
|
validateAuthorizationCode: async ({ code, redirectURI }) => {
|
|
@@ -59,7 +60,7 @@ const linkedin = (options) => {
|
|
|
59
60
|
id: profile.sub,
|
|
60
61
|
name: profile.name,
|
|
61
62
|
email: profile.email,
|
|
62
|
-
emailVerified: profile.email_verified
|
|
63
|
+
emailVerified: profile.email_verified ?? false,
|
|
63
64
|
image: profile.picture,
|
|
64
65
|
...userMap
|
|
65
66
|
},
|
|
@@ -25,7 +25,7 @@ interface MicrosoftEntraIDProfile extends Record<string, any> {
|
|
|
25
25
|
/** The primary username that represents the user */
|
|
26
26
|
preferred_username: string;
|
|
27
27
|
/** User's email address */
|
|
28
|
-
email
|
|
28
|
+
email?: string;
|
|
29
29
|
/** Human-readable value that identifies the subject of the token */
|
|
30
30
|
name: string;
|
|
31
31
|
/** Matches the parameter included in the original authorize request */
|
|
@@ -135,6 +135,7 @@ declare const microsoft: (options: MicrosoftOptions) => {
|
|
|
135
135
|
redirectURI: string;
|
|
136
136
|
display?: string | undefined;
|
|
137
137
|
loginHint?: string | undefined;
|
|
138
|
+
additionalParams?: Record<string, string> | undefined;
|
|
138
139
|
}): Promise<URL>;
|
|
139
140
|
validateAuthorizationCode({
|
|
140
141
|
code,
|
|
@@ -151,7 +152,7 @@ declare const microsoft: (options: MicrosoftOptions) => {
|
|
|
151
152
|
user?: {
|
|
152
153
|
name?: {
|
|
153
154
|
firstName?: string;
|
|
154
|
-
lastName
|
|
155
|
+
lastName?: string;
|
|
155
156
|
};
|
|
156
157
|
email?: string;
|
|
157
158
|
} | undefined;
|
|
@@ -4,8 +4,8 @@ import { getPrimaryClientId } from "../oauth2/utils.mjs";
|
|
|
4
4
|
import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
|
|
5
5
|
import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
|
|
6
6
|
import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
|
|
7
|
-
import { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
|
|
8
7
|
import { base64 } from "@better-auth/utils/base64";
|
|
8
|
+
import { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
|
|
9
9
|
import { betterFetch } from "@better-fetch/fetch";
|
|
10
10
|
//#region src/social-providers/microsoft-entra-id.ts
|
|
11
11
|
const microsoft = (options) => {
|
|
@@ -39,7 +39,8 @@ const microsoft = (options) => {
|
|
|
39
39
|
scopes,
|
|
40
40
|
redirectURI: data.redirectURI,
|
|
41
41
|
prompt: options.prompt,
|
|
42
|
-
loginHint: data.loginHint
|
|
42
|
+
loginHint: data.loginHint,
|
|
43
|
+
additionalParams: data.additionalParams
|
|
43
44
|
});
|
|
44
45
|
},
|
|
45
46
|
validateAuthorizationCode({ code, codeVerifier, redirectURI }) {
|
|
@@ -27,7 +27,8 @@ declare const naver: (options: NaverOptions) => {
|
|
|
27
27
|
createAuthorizationURL({
|
|
28
28
|
state,
|
|
29
29
|
scopes,
|
|
30
|
-
redirectURI
|
|
30
|
+
redirectURI,
|
|
31
|
+
additionalParams
|
|
31
32
|
}: {
|
|
32
33
|
state: string;
|
|
33
34
|
codeVerifier: string;
|
|
@@ -35,6 +36,7 @@ declare const naver: (options: NaverOptions) => {
|
|
|
35
36
|
redirectURI: string;
|
|
36
37
|
display?: string | undefined;
|
|
37
38
|
loginHint?: string | undefined;
|
|
39
|
+
additionalParams?: Record<string, string> | undefined;
|
|
38
40
|
}): Promise<URL>;
|
|
39
41
|
validateAuthorizationCode: ({
|
|
40
42
|
code,
|
|
@@ -8,7 +8,7 @@ const naver = (options) => {
|
|
|
8
8
|
return {
|
|
9
9
|
id: "naver",
|
|
10
10
|
name: "Naver",
|
|
11
|
-
createAuthorizationURL({ state, scopes, redirectURI }) {
|
|
11
|
+
createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
|
|
12
12
|
const _scopes = options.disableDefaultScope ? [] : ["profile", "email"];
|
|
13
13
|
if (options.scope) _scopes.push(...options.scope);
|
|
14
14
|
if (scopes) _scopes.push(...scopes);
|
|
@@ -18,7 +18,8 @@ const naver = (options) => {
|
|
|
18
18
|
authorizationEndpoint: "https://nid.naver.com/oauth2.0/authorize",
|
|
19
19
|
scopes: _scopes,
|
|
20
20
|
state,
|
|
21
|
-
redirectURI
|
|
21
|
+
redirectURI,
|
|
22
|
+
additionalParams
|
|
22
23
|
});
|
|
23
24
|
},
|
|
24
25
|
validateAuthorizationCode: async ({ code, redirectURI }) => {
|
|
@@ -20,7 +20,8 @@ declare const notion: (options: NotionOptions) => {
|
|
|
20
20
|
state,
|
|
21
21
|
scopes,
|
|
22
22
|
loginHint,
|
|
23
|
-
redirectURI
|
|
23
|
+
redirectURI,
|
|
24
|
+
additionalParams
|
|
24
25
|
}: {
|
|
25
26
|
state: string;
|
|
26
27
|
codeVerifier: string;
|
|
@@ -28,6 +29,7 @@ declare const notion: (options: NotionOptions) => {
|
|
|
28
29
|
redirectURI: string;
|
|
29
30
|
display?: string | undefined;
|
|
30
31
|
loginHint?: string | undefined;
|
|
32
|
+
additionalParams?: Record<string, string> | undefined;
|
|
31
33
|
}): Promise<URL>;
|
|
32
34
|
validateAuthorizationCode: ({
|
|
33
35
|
code,
|
|
@@ -8,7 +8,7 @@ const notion = (options) => {
|
|
|
8
8
|
return {
|
|
9
9
|
id: "notion",
|
|
10
10
|
name: "Notion",
|
|
11
|
-
createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
|
|
11
|
+
createAuthorizationURL({ state, scopes, loginHint, redirectURI, additionalParams }) {
|
|
12
12
|
const _scopes = options.disableDefaultScope ? [] : [];
|
|
13
13
|
if (options.scope) _scopes.push(...options.scope);
|
|
14
14
|
if (scopes) _scopes.push(...scopes);
|
|
@@ -20,7 +20,10 @@ const notion = (options) => {
|
|
|
20
20
|
state,
|
|
21
21
|
redirectURI,
|
|
22
22
|
loginHint,
|
|
23
|
-
additionalParams: {
|
|
23
|
+
additionalParams: {
|
|
24
|
+
...additionalParams ?? {},
|
|
25
|
+
owner: "user"
|
|
26
|
+
}
|
|
24
27
|
});
|
|
25
28
|
},
|
|
26
29
|
validateAuthorizationCode: async ({ code, redirectURI }) => {
|
|
@@ -26,7 +26,8 @@ declare const paybin: (options: PaybinOptions) => {
|
|
|
26
26
|
scopes,
|
|
27
27
|
codeVerifier,
|
|
28
28
|
redirectURI,
|
|
29
|
-
loginHint
|
|
29
|
+
loginHint,
|
|
30
|
+
additionalParams
|
|
30
31
|
}: {
|
|
31
32
|
state: string;
|
|
32
33
|
codeVerifier: string;
|
|
@@ -34,6 +35,7 @@ declare const paybin: (options: PaybinOptions) => {
|
|
|
34
35
|
redirectURI: string;
|
|
35
36
|
display?: string | undefined;
|
|
36
37
|
loginHint?: string | undefined;
|
|
38
|
+
additionalParams?: Record<string, string> | undefined;
|
|
37
39
|
}): Promise<URL>;
|
|
38
40
|
validateAuthorizationCode: ({
|
|
39
41
|
code,
|
|
@@ -12,7 +12,7 @@ const paybin = (options) => {
|
|
|
12
12
|
return {
|
|
13
13
|
id: "paybin",
|
|
14
14
|
name: "Paybin",
|
|
15
|
-
async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint }) {
|
|
15
|
+
async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, additionalParams }) {
|
|
16
16
|
if (!options.clientId || !options.clientSecret) {
|
|
17
17
|
logger.error("Client Id and Client Secret is required for Paybin. Make sure to provide them in the options.");
|
|
18
18
|
throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
|
|
@@ -34,7 +34,8 @@ const paybin = (options) => {
|
|
|
34
34
|
codeVerifier,
|
|
35
35
|
redirectURI,
|
|
36
36
|
prompt: options.prompt,
|
|
37
|
-
loginHint
|
|
37
|
+
loginHint,
|
|
38
|
+
additionalParams
|
|
38
39
|
});
|
|
39
40
|
},
|
|
40
41
|
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
|
|
@@ -54,7 +54,8 @@ declare const paypal: (options: PayPalOptions) => {
|
|
|
54
54
|
createAuthorizationURL({
|
|
55
55
|
state,
|
|
56
56
|
codeVerifier,
|
|
57
|
-
redirectURI
|
|
57
|
+
redirectURI,
|
|
58
|
+
additionalParams
|
|
58
59
|
}: {
|
|
59
60
|
state: string;
|
|
60
61
|
codeVerifier: string;
|
|
@@ -62,6 +63,7 @@ declare const paypal: (options: PayPalOptions) => {
|
|
|
62
63
|
redirectURI: string;
|
|
63
64
|
display?: string | undefined;
|
|
64
65
|
loginHint?: string | undefined;
|
|
66
|
+
additionalParams?: Record<string, string> | undefined;
|
|
65
67
|
}): Promise<URL>;
|
|
66
68
|
validateAuthorizationCode: ({
|
|
67
69
|
code,
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { BetterAuthError } from "../error/index.mjs";
|
|
2
2
|
import { logger } from "../env/logger.mjs";
|
|
3
3
|
import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
|
|
4
|
-
import { decodeJwt } from "jose";
|
|
5
4
|
import { base64 } from "@better-auth/utils/base64";
|
|
5
|
+
import { decodeJwt } from "jose";
|
|
6
6
|
import { betterFetch } from "@better-fetch/fetch";
|
|
7
7
|
//#region src/social-providers/paypal.ts
|
|
8
8
|
const paypal = (options) => {
|
|
@@ -13,7 +13,7 @@ const paypal = (options) => {
|
|
|
13
13
|
return {
|
|
14
14
|
id: "paypal",
|
|
15
15
|
name: "PayPal",
|
|
16
|
-
async createAuthorizationURL({ state, codeVerifier, redirectURI }) {
|
|
16
|
+
async createAuthorizationURL({ state, codeVerifier, redirectURI, additionalParams }) {
|
|
17
17
|
if (!options.clientId || !options.clientSecret) {
|
|
18
18
|
logger.error("Client Id and Client Secret is required for PayPal. Make sure to provide them in the options.");
|
|
19
19
|
throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
|
|
@@ -26,7 +26,8 @@ const paypal = (options) => {
|
|
|
26
26
|
state,
|
|
27
27
|
codeVerifier,
|
|
28
28
|
redirectURI,
|
|
29
|
-
prompt: options.prompt
|
|
29
|
+
prompt: options.prompt,
|
|
30
|
+
additionalParams
|
|
30
31
|
});
|
|
31
32
|
},
|
|
32
33
|
validateAuthorizationCode: async ({ code, redirectURI }) => {
|
|
@@ -29,7 +29,8 @@ declare const polar: (options: PolarOptions) => {
|
|
|
29
29
|
state,
|
|
30
30
|
scopes,
|
|
31
31
|
codeVerifier,
|
|
32
|
-
redirectURI
|
|
32
|
+
redirectURI,
|
|
33
|
+
additionalParams
|
|
33
34
|
}: {
|
|
34
35
|
state: string;
|
|
35
36
|
codeVerifier: string;
|
|
@@ -37,6 +38,7 @@ declare const polar: (options: PolarOptions) => {
|
|
|
37
38
|
redirectURI: string;
|
|
38
39
|
display?: string | undefined;
|
|
39
40
|
loginHint?: string | undefined;
|
|
41
|
+
additionalParams?: Record<string, string> | undefined;
|
|
40
42
|
}): Promise<URL>;
|
|
41
43
|
validateAuthorizationCode: ({
|
|
42
44
|
code,
|
|
@@ -8,7 +8,7 @@ const polar = (options) => {
|
|
|
8
8
|
return {
|
|
9
9
|
id: "polar",
|
|
10
10
|
name: "Polar",
|
|
11
|
-
createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
|
|
11
|
+
createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
|
|
12
12
|
const _scopes = options.disableDefaultScope ? [] : [
|
|
13
13
|
"openid",
|
|
14
14
|
"profile",
|
|
@@ -24,7 +24,8 @@ const polar = (options) => {
|
|
|
24
24
|
state,
|
|
25
25
|
codeVerifier,
|
|
26
26
|
redirectURI,
|
|
27
|
-
prompt: options.prompt
|
|
27
|
+
prompt: options.prompt,
|
|
28
|
+
additionalParams
|
|
28
29
|
});
|
|
29
30
|
},
|
|
30
31
|
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
|
|
@@ -20,7 +20,8 @@ declare const railway: (options: RailwayOptions) => {
|
|
|
20
20
|
state,
|
|
21
21
|
scopes,
|
|
22
22
|
codeVerifier,
|
|
23
|
-
redirectURI
|
|
23
|
+
redirectURI,
|
|
24
|
+
additionalParams
|
|
24
25
|
}: {
|
|
25
26
|
state: string;
|
|
26
27
|
codeVerifier: string;
|
|
@@ -28,6 +29,7 @@ declare const railway: (options: RailwayOptions) => {
|
|
|
28
29
|
redirectURI: string;
|
|
29
30
|
display?: string | undefined;
|
|
30
31
|
loginHint?: string | undefined;
|
|
32
|
+
additionalParams?: Record<string, string> | undefined;
|
|
31
33
|
}): Promise<URL>;
|
|
32
34
|
validateAuthorizationCode: ({
|
|
33
35
|
code,
|
|
@@ -10,7 +10,7 @@ const railway = (options) => {
|
|
|
10
10
|
return {
|
|
11
11
|
id: "railway",
|
|
12
12
|
name: "Railway",
|
|
13
|
-
createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
|
|
13
|
+
createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
|
|
14
14
|
const _scopes = options.disableDefaultScope ? [] : [
|
|
15
15
|
"openid",
|
|
16
16
|
"email",
|
|
@@ -25,7 +25,8 @@ const railway = (options) => {
|
|
|
25
25
|
scopes: _scopes,
|
|
26
26
|
state,
|
|
27
27
|
codeVerifier,
|
|
28
|
-
redirectURI
|
|
28
|
+
redirectURI,
|
|
29
|
+
additionalParams
|
|
29
30
|
});
|
|
30
31
|
},
|
|
31
32
|
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
|
|
@@ -18,7 +18,8 @@ declare const reddit: (options: RedditOptions) => {
|
|
|
18
18
|
createAuthorizationURL({
|
|
19
19
|
state,
|
|
20
20
|
scopes,
|
|
21
|
-
redirectURI
|
|
21
|
+
redirectURI,
|
|
22
|
+
additionalParams
|
|
22
23
|
}: {
|
|
23
24
|
state: string;
|
|
24
25
|
codeVerifier: string;
|
|
@@ -26,6 +27,7 @@ declare const reddit: (options: RedditOptions) => {
|
|
|
26
27
|
redirectURI: string;
|
|
27
28
|
display?: string | undefined;
|
|
28
29
|
loginHint?: string | undefined;
|
|
30
|
+
additionalParams?: Record<string, string> | undefined;
|
|
29
31
|
}): Promise<URL>;
|
|
30
32
|
validateAuthorizationCode: ({
|
|
31
33
|
code,
|
|
@@ -8,7 +8,7 @@ const reddit = (options) => {
|
|
|
8
8
|
return {
|
|
9
9
|
id: "reddit",
|
|
10
10
|
name: "Reddit",
|
|
11
|
-
createAuthorizationURL({ state, scopes, redirectURI }) {
|
|
11
|
+
createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
|
|
12
12
|
const _scopes = options.disableDefaultScope ? [] : ["identity"];
|
|
13
13
|
if (options.scope) _scopes.push(...options.scope);
|
|
14
14
|
if (scopes) _scopes.push(...scopes);
|
|
@@ -19,7 +19,8 @@ const reddit = (options) => {
|
|
|
19
19
|
scopes: _scopes,
|
|
20
20
|
state,
|
|
21
21
|
redirectURI,
|
|
22
|
-
duration: options.duration
|
|
22
|
+
duration: options.duration,
|
|
23
|
+
additionalParams
|
|
23
24
|
});
|
|
24
25
|
},
|
|
25
26
|
validateAuthorizationCode: async ({ code, redirectURI }) => {
|
|
@@ -26,7 +26,8 @@ declare const roblox: (options: RobloxOptions) => {
|
|
|
26
26
|
createAuthorizationURL({
|
|
27
27
|
state,
|
|
28
28
|
scopes,
|
|
29
|
-
redirectURI
|
|
29
|
+
redirectURI,
|
|
30
|
+
additionalParams
|
|
30
31
|
}: {
|
|
31
32
|
state: string;
|
|
32
33
|
codeVerifier: string;
|
|
@@ -34,7 +35,8 @@ declare const roblox: (options: RobloxOptions) => {
|
|
|
34
35
|
redirectURI: string;
|
|
35
36
|
display?: string | undefined;
|
|
36
37
|
loginHint?: string | undefined;
|
|
37
|
-
|
|
38
|
+
additionalParams?: Record<string, string> | undefined;
|
|
39
|
+
}): Promise<URL>;
|
|
38
40
|
validateAuthorizationCode: ({
|
|
39
41
|
code,
|
|
40
42
|
redirectURI
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
|
|
1
2
|
import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
|
|
2
3
|
import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
|
|
3
4
|
import { betterFetch } from "@better-fetch/fetch";
|
|
@@ -7,11 +8,20 @@ const roblox = (options) => {
|
|
|
7
8
|
return {
|
|
8
9
|
id: "roblox",
|
|
9
10
|
name: "Roblox",
|
|
10
|
-
createAuthorizationURL({ state, scopes, redirectURI }) {
|
|
11
|
+
createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
|
|
11
12
|
const _scopes = options.disableDefaultScope ? [] : ["openid", "profile"];
|
|
12
13
|
if (options.scope) _scopes.push(...options.scope);
|
|
13
14
|
if (scopes) _scopes.push(...scopes);
|
|
14
|
-
return
|
|
15
|
+
return createAuthorizationURL({
|
|
16
|
+
id: "roblox",
|
|
17
|
+
options,
|
|
18
|
+
authorizationEndpoint: "https://apis.roblox.com/oauth/v1/authorize",
|
|
19
|
+
scopes: _scopes,
|
|
20
|
+
state,
|
|
21
|
+
redirectURI,
|
|
22
|
+
prompt: options.prompt || "select_account consent",
|
|
23
|
+
additionalParams
|
|
24
|
+
});
|
|
15
25
|
},
|
|
16
26
|
validateAuthorizationCode: async ({ code, redirectURI }) => {
|
|
17
27
|
return validateAuthorizationCode({
|
|
@@ -34,7 +34,8 @@ declare const salesforce: (options: SalesforceOptions) => {
|
|
|
34
34
|
state,
|
|
35
35
|
scopes,
|
|
36
36
|
codeVerifier,
|
|
37
|
-
redirectURI
|
|
37
|
+
redirectURI,
|
|
38
|
+
additionalParams
|
|
38
39
|
}: {
|
|
39
40
|
state: string;
|
|
40
41
|
codeVerifier: string;
|
|
@@ -42,6 +43,7 @@ declare const salesforce: (options: SalesforceOptions) => {
|
|
|
42
43
|
redirectURI: string;
|
|
43
44
|
display?: string | undefined;
|
|
44
45
|
loginHint?: string | undefined;
|
|
46
|
+
additionalParams?: Record<string, string> | undefined;
|
|
45
47
|
}): Promise<URL>;
|
|
46
48
|
validateAuthorizationCode: ({
|
|
47
49
|
code,
|
|
@@ -13,7 +13,7 @@ const salesforce = (options) => {
|
|
|
13
13
|
return {
|
|
14
14
|
id: "salesforce",
|
|
15
15
|
name: "Salesforce",
|
|
16
|
-
async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
|
|
16
|
+
async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
|
|
17
17
|
if (!options.clientId || !options.clientSecret) {
|
|
18
18
|
logger.error("Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options.");
|
|
19
19
|
throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
|
|
@@ -33,7 +33,8 @@ const salesforce = (options) => {
|
|
|
33
33
|
scopes: _scopes,
|
|
34
34
|
state,
|
|
35
35
|
codeVerifier,
|
|
36
|
-
redirectURI: options.redirectURI || redirectURI
|
|
36
|
+
redirectURI: options.redirectURI || redirectURI,
|
|
37
|
+
additionalParams
|
|
37
38
|
});
|
|
38
39
|
},
|
|
39
40
|
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
|
|
@@ -39,7 +39,8 @@ declare const slack: (options: SlackOptions) => {
|
|
|
39
39
|
createAuthorizationURL({
|
|
40
40
|
state,
|
|
41
41
|
scopes,
|
|
42
|
-
redirectURI
|
|
42
|
+
redirectURI,
|
|
43
|
+
additionalParams
|
|
43
44
|
}: {
|
|
44
45
|
state: string;
|
|
45
46
|
codeVerifier: string;
|
|
@@ -47,7 +48,8 @@ declare const slack: (options: SlackOptions) => {
|
|
|
47
48
|
redirectURI: string;
|
|
48
49
|
display?: string | undefined;
|
|
49
50
|
loginHint?: string | undefined;
|
|
50
|
-
|
|
51
|
+
additionalParams?: Record<string, string> | undefined;
|
|
52
|
+
}): Promise<URL>;
|
|
51
53
|
validateAuthorizationCode: ({
|
|
52
54
|
code,
|
|
53
55
|
redirectURI
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
|
|
1
2
|
import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
|
|
2
3
|
import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
|
|
3
4
|
import { betterFetch } from "@better-fetch/fetch";
|
|
@@ -7,7 +8,7 @@ const slack = (options) => {
|
|
|
7
8
|
return {
|
|
8
9
|
id: "slack",
|
|
9
10
|
name: "Slack",
|
|
10
|
-
createAuthorizationURL({ state, scopes, redirectURI }) {
|
|
11
|
+
createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
|
|
11
12
|
const _scopes = options.disableDefaultScope ? [] : [
|
|
12
13
|
"openid",
|
|
13
14
|
"profile",
|
|
@@ -15,13 +16,15 @@ const slack = (options) => {
|
|
|
15
16
|
];
|
|
16
17
|
if (scopes) _scopes.push(...scopes);
|
|
17
18
|
if (options.scope) _scopes.push(...options.scope);
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
19
|
+
return createAuthorizationURL({
|
|
20
|
+
id: "slack",
|
|
21
|
+
options,
|
|
22
|
+
authorizationEndpoint: "https://slack.com/openid/connect/authorize",
|
|
23
|
+
scopes: _scopes,
|
|
24
|
+
state,
|
|
25
|
+
redirectURI,
|
|
26
|
+
additionalParams
|
|
27
|
+
});
|
|
25
28
|
},
|
|
26
29
|
validateAuthorizationCode: async ({ code, redirectURI }) => {
|
|
27
30
|
return validateAuthorizationCode({
|
|
@@ -18,7 +18,8 @@ declare const spotify: (options: SpotifyOptions) => {
|
|
|
18
18
|
state,
|
|
19
19
|
scopes,
|
|
20
20
|
codeVerifier,
|
|
21
|
-
redirectURI
|
|
21
|
+
redirectURI,
|
|
22
|
+
additionalParams
|
|
22
23
|
}: {
|
|
23
24
|
state: string;
|
|
24
25
|
codeVerifier: string;
|
|
@@ -26,6 +27,7 @@ declare const spotify: (options: SpotifyOptions) => {
|
|
|
26
27
|
redirectURI: string;
|
|
27
28
|
display?: string | undefined;
|
|
28
29
|
loginHint?: string | undefined;
|
|
30
|
+
additionalParams?: Record<string, string> | undefined;
|
|
29
31
|
}): Promise<URL>;
|
|
30
32
|
validateAuthorizationCode: ({
|
|
31
33
|
code,
|
|
@@ -8,7 +8,7 @@ const spotify = (options) => {
|
|
|
8
8
|
return {
|
|
9
9
|
id: "spotify",
|
|
10
10
|
name: "Spotify",
|
|
11
|
-
createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
|
|
11
|
+
createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
|
|
12
12
|
const _scopes = options.disableDefaultScope ? [] : ["user-read-email"];
|
|
13
13
|
if (options.scope) _scopes.push(...options.scope);
|
|
14
14
|
if (scopes) _scopes.push(...scopes);
|
|
@@ -19,7 +19,8 @@ const spotify = (options) => {
|
|
|
19
19
|
scopes: _scopes,
|
|
20
20
|
state,
|
|
21
21
|
codeVerifier,
|
|
22
|
-
redirectURI
|
|
22
|
+
redirectURI,
|
|
23
|
+
additionalParams
|
|
23
24
|
});
|
|
24
25
|
},
|
|
25
26
|
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
|
|
@@ -124,7 +124,8 @@ declare const tiktok: (options: TiktokOptions) => {
|
|
|
124
124
|
createAuthorizationURL({
|
|
125
125
|
state,
|
|
126
126
|
scopes,
|
|
127
|
-
redirectURI
|
|
127
|
+
redirectURI,
|
|
128
|
+
additionalParams
|
|
128
129
|
}: {
|
|
129
130
|
state: string;
|
|
130
131
|
codeVerifier: string;
|
|
@@ -132,6 +133,7 @@ declare const tiktok: (options: TiktokOptions) => {
|
|
|
132
133
|
redirectURI: string;
|
|
133
134
|
display?: string | undefined;
|
|
134
135
|
loginHint?: string | undefined;
|
|
136
|
+
additionalParams?: Record<string, string> | undefined;
|
|
135
137
|
}): URL;
|
|
136
138
|
validateAuthorizationCode: ({
|
|
137
139
|
code,
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { RESERVED_AUTHORIZATION_PARAMS_SET } from "../oauth2/create-authorization-url.mjs";
|
|
1
2
|
import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
|
|
2
3
|
import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
|
|
3
4
|
import { betterFetch } from "@better-fetch/fetch";
|
|
@@ -7,11 +8,22 @@ const tiktok = (options) => {
|
|
|
7
8
|
return {
|
|
8
9
|
id: "tiktok",
|
|
9
10
|
name: "TikTok",
|
|
10
|
-
createAuthorizationURL({ state, scopes, redirectURI }) {
|
|
11
|
+
createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
|
|
11
12
|
const _scopes = options.disableDefaultScope ? [] : ["user.info.profile"];
|
|
12
13
|
if (options.scope) _scopes.push(...options.scope);
|
|
13
14
|
if (scopes) _scopes.push(...scopes);
|
|
14
|
-
|
|
15
|
+
const url = new URL("https://www.tiktok.com/v2/auth/authorize");
|
|
16
|
+
url.searchParams.set("scope", _scopes.join(","));
|
|
17
|
+
url.searchParams.set("response_type", "code");
|
|
18
|
+
url.searchParams.set("client_key", options.clientKey);
|
|
19
|
+
url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
|
|
20
|
+
url.searchParams.set("state", state);
|
|
21
|
+
if (additionalParams) for (const [key, value] of Object.entries(additionalParams)) {
|
|
22
|
+
if (RESERVED_AUTHORIZATION_PARAMS_SET.has(key)) continue;
|
|
23
|
+
if (key === "client_key") continue;
|
|
24
|
+
url.searchParams.set(key, value);
|
|
25
|
+
}
|
|
26
|
+
return url;
|
|
15
27
|
},
|
|
16
28
|
validateAuthorizationCode: async ({ code, redirectURI }) => {
|
|
17
29
|
return validateAuthorizationCode({
|