@better-auth/core 1.7.0-beta.3 → 1.7.0-beta.5

package/dist/social-providers/notion.mjs

@@ -1,26 +1,29 @@
+import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/notion.ts
+const NOTION_DEFAULT_SCOPES = [];
 const notion = (options) => {
 	const tokenEndpoint = "https://api.notion.com/v1/oauth/token";
 	return {
 		id: "notion",
 		name: "Notion",
-		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
+		callbackPath: "/callback/notion",
+		createAuthorizationURL({ state, scopes, loginHint, redirectURI, additionalParams }) {
 			return createAuthorizationURL({
 				id: "notion",
 				options,
 				authorizationEndpoint: "https://api.notion.com/v1/oauth/authorize",
-				scopes: _scopes,
+				scopes: resolveRequestedScopes(options, NOTION_DEFAULT_SCOPES, scopes),
 				state,
 				redirectURI,
 				loginHint,
-				additionalParams: { owner: "user" }
+				additionalParams: {
+					...additionalParams ?? {},
+					owner: "user"
+				}
 			});
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {

package/dist/social-providers/paybin.d.mts

@@ -21,12 +21,14 @@ interface PaybinOptions extends ProviderOptions<PaybinProfile> {
 declare const paybin: (options: PaybinOptions) => {
   id: "paybin";
   name: string;
+  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
     codeVerifier,
     redirectURI,
-    loginHint
+    loginHint,
+    additionalParams
   }: {
     state: string;
     codeVerifier: string;
@@ -34,7 +36,11 @@ declare const paybin: (options: PaybinOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
-  }): Promise<URL>;
+    additionalParams?: Record<string, string> | undefined;
+  }): Promise<{
+    url: URL;
+    requestedScopes: string[];
+  }>;
   validateAuthorizationCode: ({
     code,
     codeVerifier,

package/dist/social-providers/paybin.mjs

@@ -1,10 +1,16 @@
 import { BetterAuthError } from "../error/index.mjs";
 import { logger } from "../env/logger.mjs";
+import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { decodeJwt } from "jose";
 //#region src/social-providers/paybin.ts
+const PAYBIN_DEFAULT_SCOPES = [
+	"openid",
+	"email",
+	"profile"
+];
 const paybin = (options) => {
 	const issuer = options.issuer || "https://idp.paybin.io";
 	const authorizationEndpoint = `${issuer}/oauth2/authorize`;
@@ -12,29 +18,24 @@ const paybin = (options) => {
 	return {
 		id: "paybin",
 		name: "Paybin",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint }) {
+		callbackPath: "/callback/paybin",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, additionalParams }) {
 			if (!options.clientId || !options.clientSecret) {
 				logger.error("Client Id and Client Secret is required for Paybin. Make sure to provide them in the options.");
 				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
 			}
 			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Paybin");
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"email",
-				"profile"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return await createAuthorizationURL({
+			return createAuthorizationURL({
 				id: "paybin",
 				options,
 				authorizationEndpoint,
-				scopes: _scopes,
+				scopes: resolveRequestedScopes(options, PAYBIN_DEFAULT_SCOPES, scopes),
 				state,
 				codeVerifier,
 				redirectURI,
 				prompt: options.prompt,
-				loginHint
+				loginHint,
+				additionalParams
 			});
 		},
 		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {

package/dist/social-providers/paypal.d.mts

@@ -51,10 +51,12 @@ interface PayPalOptions extends ProviderOptions<PayPalProfile> {
 declare const paypal: (options: PayPalOptions) => {
   id: "paypal";
   name: string;
+  callbackPath: string;
   createAuthorizationURL({
     state,
     codeVerifier,
-    redirectURI
+    redirectURI,
+    additionalParams
   }: {
     state: string;
     codeVerifier: string;
@@ -62,7 +64,11 @@ declare const paypal: (options: PayPalOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
-  }): Promise<URL>;
+    additionalParams?: Record<string, string> | undefined;
+  }): Promise<{
+    url: URL;
+    requestedScopes: string[];
+  }>;
   validateAuthorizationCode: ({
     code,
     redirectURI
@@ -82,7 +88,6 @@ declare const paypal: (options: PayPalOptions) => {
     refreshToken: any;
     accessTokenExpiresAt: Date | undefined;
   }>);
-  verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
   getUserInfo(token: OAuth2Tokens & {
     user?: {
       name?: {

package/dist/social-providers/paypal.mjs

@@ -1,7 +1,6 @@
 import { BetterAuthError } from "../error/index.mjs";
 import { logger } from "../env/logger.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
-import { decodeJwt } from "jose";
 import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/paypal.ts
@@ -13,12 +12,18 @@ const paypal = (options) => {
 	return {
 		id: "paypal",
 		name: "PayPal",
-		async createAuthorizationURL({ state, codeVerifier, redirectURI }) {
+		callbackPath: "/callback/paypal",
+		createAuthorizationURL({ state, codeVerifier, redirectURI, additionalParams }) {
 			if (!options.clientId || !options.clientSecret) {
 				logger.error("Client Id and Client Secret is required for PayPal. Make sure to provide them in the options.");
 				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
 			}
-			return await createAuthorizationURL({
+			/**
+			* Log in with PayPal doesn't use traditional OAuth2 scopes
+			* Instead, permissions are configured in the PayPal Developer Dashboard
+			* We don't pass any scopes to avoid "invalid scope" errors
+			**/
+			return createAuthorizationURL({
 				id: "paypal",
 				options,
 				authorizationEndpoint,
@@ -26,7 +31,8 @@ const paypal = (options) => {
 				state,
 				codeVerifier,
 				redirectURI,
-				prompt: options.prompt
+				prompt: options.prompt,
+				additionalParams
 			});
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
@@ -90,16 +96,6 @@ const paypal = (options) => {
 				throw new BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
 			}
 		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			try {
-				return !!decodeJwt(token).sub;
-			} catch (error) {
-				logger.error("Failed to verify PayPal ID token:", error);
-				return false;
-			}
-		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
 			if (!token.accessToken) {

package/dist/social-providers/polar.d.mts

@@ -25,11 +25,13 @@ interface PolarOptions extends ProviderOptions<PolarProfile> {}
 declare const polar: (options: PolarOptions) => {
   id: "polar";
   name: string;
+  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
     codeVerifier,
-    redirectURI
+    redirectURI,
+    additionalParams
   }: {
     state: string;
     codeVerifier: string;
@@ -37,7 +39,11 @@ declare const polar: (options: PolarOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
-  }): Promise<URL>;
+    additionalParams?: Record<string, string> | undefined;
+  }): Promise<{
+    url: URL;
+    requestedScopes: string[];
+  }>;
   validateAuthorizationCode: ({
     code,
     codeVerifier,

package/dist/social-providers/polar.mjs

@@ -1,30 +1,31 @@
+import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/polar.ts
+const POLAR_DEFAULT_SCOPES = [
+	"openid",
+	"profile",
+	"email"
+];
 const polar = (options) => {
 	const tokenEndpoint = "https://api.polar.sh/v1/oauth2/token";
 	return {
 		id: "polar",
 		name: "Polar",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
+		callbackPath: "/callback/polar",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
 			return createAuthorizationURL({
 				id: "polar",
 				options,
 				authorizationEndpoint: "https://polar.sh/oauth2/authorize",
-				scopes: _scopes,
+				scopes: resolveRequestedScopes(options, POLAR_DEFAULT_SCOPES, scopes),
 				state,
 				codeVerifier,
 				redirectURI,
-				prompt: options.prompt
+				prompt: options.prompt,
+				additionalParams
 			});
 		},
 		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {

package/dist/social-providers/railway.d.mts

@@ -16,11 +16,13 @@ interface RailwayOptions extends ProviderOptions<RailwayProfile> {
 declare const railway: (options: RailwayOptions) => {
   id: "railway";
   name: string;
+  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
     codeVerifier,
-    redirectURI
+    redirectURI,
+    additionalParams
   }: {
     state: string;
     codeVerifier: string;
@@ -28,7 +30,11 @@ declare const railway: (options: RailwayOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
-  }): Promise<URL>;
+    additionalParams?: Record<string, string> | undefined;
+  }): Promise<{
+    url: URL;
+    requestedScopes: string[];
+  }>;
   validateAuthorizationCode: ({
     code,
     codeVerifier,

package/dist/social-providers/railway.mjs

@@ -1,3 +1,4 @@
+import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
@@ -6,26 +7,26 @@ import { betterFetch } from "@better-fetch/fetch";
 const authorizationEndpoint = "https://backboard.railway.com/oauth/auth";
 const tokenEndpoint = "https://backboard.railway.com/oauth/token";
 const userinfoEndpoint = "https://backboard.railway.com/oauth/me";
+const RAILWAY_DEFAULT_SCOPES = [
+	"openid",
+	"email",
+	"profile"
+];
 const railway = (options) => {
 	return {
 		id: "railway",
 		name: "Railway",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"email",
-				"profile"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
+		callbackPath: "/callback/railway",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
 			return createAuthorizationURL({
 				id: "railway",
 				options,
 				authorizationEndpoint,
-				scopes: _scopes,
+				scopes: resolveRequestedScopes(options, RAILWAY_DEFAULT_SCOPES, scopes),
 				state,
 				codeVerifier,
-				redirectURI
+				redirectURI,
+				additionalParams
 			});
 		},
 		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {

package/dist/social-providers/reddit.d.mts

@@ -15,10 +15,12 @@ interface RedditOptions extends ProviderOptions<RedditProfile> {
 declare const reddit: (options: RedditOptions) => {
   id: "reddit";
   name: string;
+  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
-    redirectURI
+    redirectURI,
+    additionalParams
   }: {
     state: string;
     codeVerifier: string;
@@ -26,7 +28,11 @@ declare const reddit: (options: RedditOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
-  }): Promise<URL>;
+    additionalParams?: Record<string, string> | undefined;
+  }): Promise<{
+    url: URL;
+    requestedScopes: string[];
+  }>;
   validateAuthorizationCode: ({
     code,
     redirectURI

package/dist/social-providers/reddit.mjs

@@ -1,25 +1,26 @@
+import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { getOAuth2Tokens } from "../oauth2/utils.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/reddit.ts
+const REDDIT_DEFAULT_SCOPES = ["identity"];
 const reddit = (options) => {
 	return {
 		id: "reddit",
 		name: "Reddit",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["identity"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
+		callbackPath: "/callback/reddit",
+		async createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
 			return createAuthorizationURL({
 				id: "reddit",
 				options,
 				authorizationEndpoint: "https://www.reddit.com/api/v1/authorize",
-				scopes: _scopes,
+				scopes: resolveRequestedScopes(options, REDDIT_DEFAULT_SCOPES, scopes),
 				state,
 				redirectURI,
-				duration: options.duration
+				duration: options.duration,
+				additionalParams
 			});
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
@@ -61,14 +62,15 @@ const reddit = (options) => {
 			} });
 			if (error) return null;
 			const userMap = await options.mapProfileToUser?.(profile);
+			const email = userMap?.email || `${profile.id}@reddit.com`;
 			return {
 				user: {
 					id: profile.id,
 					name: profile.name,
-					email: profile.oauth_client_id,
-					emailVerified: profile.has_verified_email,
 					image: profile.icon_img?.split("?")[0],
-					...userMap
+					...userMap,
+					email,
+					emailVerified: userMap?.emailVerified ?? false
 				},
 				data: profile
 			};

package/dist/social-providers/roblox.d.mts

@@ -23,10 +23,12 @@ interface RobloxOptions extends ProviderOptions<RobloxProfile> {
 declare const roblox: (options: RobloxOptions) => {
   id: "roblox";
   name: string;
+  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
-    redirectURI
+    redirectURI,
+    additionalParams
   }: {
     state: string;
     codeVerifier: string;
@@ -34,7 +36,11 @@ declare const roblox: (options: RobloxOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
-  }): URL;
+    additionalParams?: Record<string, string> | undefined;
+  }): Promise<{
+    url: URL;
+    requestedScopes: string[];
+  }>;
   validateAuthorizationCode: ({
     code,
     redirectURI

package/dist/social-providers/roblox.mjs

@@ -1,17 +1,27 @@
+import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/roblox.ts
+const ROBLOX_DEFAULT_SCOPES = ["openid", "profile"];
 const roblox = (options) => {
 	const tokenEndpoint = "https://apis.roblox.com/oauth/v1/token";
 	return {
 		id: "roblox",
 		name: "Roblox",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["openid", "profile"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return new URL(`https://apis.roblox.com/oauth/v1/authorize?scope=${_scopes.join("+")}&response_type=code&client_id=${options.clientId}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}&prompt=${options.prompt || "select_account consent"}`);
+		callbackPath: "/callback/roblox",
+		async createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+			return createAuthorizationURL({
+				id: "roblox",
+				options,
+				authorizationEndpoint: "https://apis.roblox.com/oauth/v1/authorize",
+				scopes: resolveRequestedScopes(options, ROBLOX_DEFAULT_SCOPES, scopes),
+				state,
+				redirectURI,
+				prompt: options.prompt || "select_account consent",
+				additionalParams
+			});
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
 			return validateAuthorizationCode({

package/dist/social-providers/salesforce.d.mts

@@ -30,11 +30,13 @@ interface SalesforceOptions extends ProviderOptions<SalesforceProfile> {
 declare const salesforce: (options: SalesforceOptions) => {
   id: "salesforce";
   name: string;
+  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
     codeVerifier,
-    redirectURI
+    redirectURI,
+    additionalParams
   }: {
     state: string;
     codeVerifier: string;
@@ -42,7 +44,11 @@ declare const salesforce: (options: SalesforceOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
-  }): Promise<URL>;
+    additionalParams?: Record<string, string> | undefined;
+  }): Promise<{
+    url: URL;
+    requestedScopes: string[];
+  }>;
   validateAuthorizationCode: ({
     code,
     codeVerifier,

package/dist/social-providers/salesforce.mjs

@@ -1,10 +1,16 @@
 import { BetterAuthError } from "../error/index.mjs";
 import { logger } from "../env/logger.mjs";
+import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/salesforce.ts
+const SALESFORCE_DEFAULT_SCOPES = [
+	"openid",
+	"email",
+	"profile"
+];
 const salesforce = (options) => {
 	const isSandbox = (options.environment ?? "production") === "sandbox";
 	const authorizationEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/authorize` : isSandbox ? "https://test.salesforce.com/services/oauth2/authorize" : "https://login.salesforce.com/services/oauth2/authorize";
@@ -13,27 +19,22 @@ const salesforce = (options) => {
 	return {
 		id: "salesforce",
 		name: "Salesforce",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+		callbackPath: "/callback/salesforce",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
 			if (!options.clientId || !options.clientSecret) {
 				logger.error("Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options.");
 				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
 			}
 			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Salesforce");
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"email",
-				"profile"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "salesforce",
 				options,
 				authorizationEndpoint,
-				scopes: _scopes,
+				scopes: resolveRequestedScopes(options, SALESFORCE_DEFAULT_SCOPES, scopes),
 				state,
 				codeVerifier,
-				redirectURI: options.redirectURI || redirectURI
+				redirectURI: options.redirectURI || redirectURI,
+				additionalParams
 			});
 		},
 		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {

package/dist/social-providers/slack.d.mts

@@ -36,10 +36,12 @@ interface SlackOptions extends ProviderOptions<SlackProfile> {
 declare const slack: (options: SlackOptions) => {
   id: "slack";
   name: string;
+  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
-    redirectURI
+    redirectURI,
+    additionalParams
   }: {
     state: string;
     codeVerifier: string;
@@ -47,7 +49,11 @@ declare const slack: (options: SlackOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
-  }): URL;
+    additionalParams?: Record<string, string> | undefined;
+  }): Promise<{
+    url: URL;
+    requestedScopes: string[];
+  }>;
   validateAuthorizationCode: ({
     code,
     redirectURI

package/dist/social-providers/slack.mjs

@@ -1,27 +1,30 @@
+import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/slack.ts
+const SLACK_DEFAULT_SCOPES = [
+	"openid",
+	"profile",
+	"email"
+];
 const slack = (options) => {
 	const tokenEndpoint = "https://slack.com/api/openid.connect.token";
 	return {
 		id: "slack",
 		name: "Slack",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email"
-			];
-			if (scopes) _scopes.push(...scopes);
-			if (options.scope) _scopes.push(...options.scope);
-			const url = new URL("https://slack.com/openid/connect/authorize");
-			url.searchParams.set("scope", _scopes.join(" "));
-			url.searchParams.set("response_type", "code");
-			url.searchParams.set("client_id", options.clientId);
-			url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
-			url.searchParams.set("state", state);
-			return url;
+		callbackPath: "/callback/slack",
+		async createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+			return createAuthorizationURL({
+				id: "slack",
+				options,
+				authorizationEndpoint: "https://slack.com/openid/connect/authorize",
+				scopes: resolveRequestedScopes(options, SLACK_DEFAULT_SCOPES, scopes),
+				state,
+				redirectURI,
+				additionalParams
+			});
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
 			return validateAuthorizationCode({