@better-auth/core 1.7.0-beta.6 → 1.7.0-beta.8

package/src/social-providers/paybin.ts

@@ -1,11 +1,10 @@
 import { decodeJwt } from "jose";
 import { logger } from "../env";
 import { BetterAuthError } from "../error";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -29,8 +28,6 @@ export interface PaybinOptions extends ProviderOptions<PaybinProfile> {
 	issuer?: string | undefined;
 }
 
-const PAYBIN_DEFAULT_SCOPES = ["openid", "email", "profile"];
-
 export const paybin = (options: PaybinOptions) => {
 	const issuer = options.issuer || "https://idp.paybin.io";
 	const authorizationEndpoint = `${issuer}/oauth2/authorize`;
@@ -39,8 +36,7 @@ export const paybin = (options: PaybinOptions) => {
 	return {
 		id: "paybin",
 		name: "Paybin",
-		callbackPath: "/callback/paybin",
-		createAuthorizationURL({
+		async createAuthorizationURL({
 			state,
 			scopes,
 			codeVerifier,
@@ -57,16 +53,16 @@ export const paybin = (options: PaybinOptions) => {
 			if (!codeVerifier) {
 				throw new BetterAuthError("codeVerifier is required for Paybin");
 			}
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				PAYBIN_DEFAULT_SCOPES,
-				scopes,
-			);
-			return createAuthorizationURL({
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["openid", "email", "profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			const url = await createAuthorizationURL({
 				id: "paybin",
 				options,
 				authorizationEndpoint,
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI,
@@ -74,6 +70,7 @@ export const paybin = (options: PaybinOptions) => {
 				loginHint,
 				additionalParams,
 			});
+			return url;
 		},
 		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
 			return validateAuthorizationCode({
@@ -119,5 +116,5 @@ export const paybin = (options: PaybinOptions) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<PaybinProfile>;
+	} satisfies OAuthProvider<PaybinProfile>;
 };

package/src/social-providers/paypal.ts

@@ -2,7 +2,7 @@ import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
 import { logger } from "../env";
 import { BetterAuthError } from "../error";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import { createAuthorizationURL } from "../oauth2";
 
 export interface PayPalProfile {
@@ -77,8 +77,7 @@ export const paypal = (options: PayPalOptions) => {
 	return {
 		id: "paypal",
 		name: "PayPal",
-		callbackPath: "/callback/paypal",
-		createAuthorizationURL({
+		async createAuthorizationURL({
 			state,
 			codeVerifier,
 			redirectURI,
@@ -97,17 +96,20 @@ export const paypal = (options: PayPalOptions) => {
 			 * We don't pass any scopes to avoid "invalid scope" errors
 			 **/
 
-			return createAuthorizationURL({
+			const _scopes: string[] = [];
+
+			const url = await createAuthorizationURL({
 				id: "paypal",
 				options,
 				authorizationEndpoint,
-				scopes: [],
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI,
 				prompt: options.prompt,
 				additionalParams,
 			});
+			return url;
 		},
 
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
@@ -246,5 +248,5 @@ export const paypal = (options: PayPalOptions) => {
 		},
 
 		options,
-	} satisfies UpstreamProvider<PayPalProfile>;
+	} satisfies OAuthProvider<PayPalProfile>;
 };

package/src/social-providers/polar.ts

@@ -1,9 +1,8 @@
 import { betterFetch } from "@better-fetch/fetch";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -33,14 +32,11 @@ export interface PolarProfile {
 
 export interface PolarOptions extends ProviderOptions<PolarProfile> {}
 
-const POLAR_DEFAULT_SCOPES = ["openid", "profile", "email"];
-
 export const polar = (options: PolarOptions) => {
 	const tokenEndpoint = "https://api.polar.sh/v1/oauth2/token";
 	return {
 		id: "polar",
 		name: "Polar",
-		callbackPath: "/callback/polar",
 		createAuthorizationURL({
 			state,
 			scopes,
@@ -48,16 +44,16 @@ export const polar = (options: PolarOptions) => {
 			redirectURI,
 			additionalParams,
 		}) {
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				POLAR_DEFAULT_SCOPES,
-				scopes,
-			);
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["openid", "profile", "email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "polar",
 				options,
 				authorizationEndpoint: "https://polar.sh/oauth2/authorize",
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI,
@@ -118,5 +114,5 @@ export const polar = (options: PolarOptions) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<PolarProfile>;
+	} satisfies OAuthProvider<PolarProfile>;
 };

package/src/social-providers/railway.ts

@@ -1,9 +1,8 @@
 import { betterFetch } from "@better-fetch/fetch";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -26,30 +25,27 @@ export interface RailwayOptions extends ProviderOptions<RailwayProfile> {
 	clientId: string;
 }
 
-const RAILWAY_DEFAULT_SCOPES = ["openid", "email", "profile"];
-
 export const railway = (options: RailwayOptions) => {
 	return {
 		id: "railway",
 		name: "Railway",
-		callbackPath: "/callback/railway",
-		async createAuthorizationURL({
+		createAuthorizationURL({
 			state,
 			scopes,
 			codeVerifier,
 			redirectURI,
 			additionalParams,
 		}) {
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				RAILWAY_DEFAULT_SCOPES,
-				scopes,
-			);
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["openid", "email", "profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "railway",
 				options,
 				authorizationEndpoint,
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI,
@@ -107,5 +103,5 @@ export const railway = (options: RailwayOptions) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<RailwayProfile>;
+	} satisfies OAuthProvider<RailwayProfile>;
 };

package/src/social-providers/reddit.ts

@@ -1,11 +1,10 @@
 import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	getOAuth2Tokens,
 	refreshAccessToken,
-	resolveRequestedScopes,
 } from "../oauth2";
 
 export interface RedditProfile {
@@ -22,29 +21,19 @@ export interface RedditOptions extends ProviderOptions<RedditProfile> {
 	duration?: string | undefined;
 }
 
-const REDDIT_DEFAULT_SCOPES = ["identity"];
-
 export const reddit = (options: RedditOptions) => {
 	return {
 		id: "reddit",
 		name: "Reddit",
-		callbackPath: "/callback/reddit",
-		async createAuthorizationURL({
-			state,
-			scopes,
-			redirectURI,
-			additionalParams,
-		}) {
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				REDDIT_DEFAULT_SCOPES,
-				scopes,
-			);
+		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope ? [] : ["identity"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "reddit",
 				options,
 				authorizationEndpoint: "https://www.reddit.com/api/v1/authorize",
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state,
 				redirectURI,
 				duration: options.duration,
@@ -134,5 +123,5 @@ export const reddit = (options: RedditOptions) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<RedditProfile>;
+	} satisfies OAuthProvider<RedditProfile>;
 };

package/src/social-providers/roblox.ts

@@ -1,9 +1,8 @@
 import { betterFetch } from "@better-fetch/fetch";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -37,30 +36,20 @@ export interface RobloxOptions extends ProviderOptions<RobloxProfile> {
 		| undefined;
 }
 
-const ROBLOX_DEFAULT_SCOPES = ["openid", "profile"];
-
 export const roblox = (options: RobloxOptions) => {
 	const tokenEndpoint = "https://apis.roblox.com/oauth/v1/token";
 	return {
 		id: "roblox",
 		name: "Roblox",
-		callbackPath: "/callback/roblox",
-		async createAuthorizationURL({
-			state,
-			scopes,
-			redirectURI,
-			additionalParams,
-		}) {
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				ROBLOX_DEFAULT_SCOPES,
-				scopes,
-			);
+		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope ? [] : ["openid", "profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "roblox",
 				options,
 				authorizationEndpoint: "https://apis.roblox.com/oauth/v1/authorize",
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state,
 				redirectURI,
 				prompt: options.prompt || "select_account consent",
@@ -124,5 +113,5 @@ export const roblox = (options: RobloxOptions) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<RobloxProfile>;
+	} satisfies OAuthProvider<RobloxProfile>;
 };

package/src/social-providers/salesforce.ts

@@ -1,11 +1,10 @@
 import { betterFetch } from "@better-fetch/fetch";
 import { logger } from "../env";
 import { BetterAuthError } from "../error";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -40,8 +39,6 @@ export interface SalesforceOptions extends ProviderOptions<SalesforceProfile> {
 	redirectURI?: string | undefined;
 }
 
-const SALESFORCE_DEFAULT_SCOPES = ["openid", "email", "profile"];
-
 export const salesforce = (options: SalesforceOptions) => {
 	const environment = options.environment ?? "production";
 	const isSandbox = environment === "sandbox";
@@ -66,7 +63,6 @@ export const salesforce = (options: SalesforceOptions) => {
 	return {
 		id: "salesforce",
 		name: "Salesforce",
-		callbackPath: "/callback/salesforce",
 
 		async createAuthorizationURL({
 			state,
@@ -85,17 +81,17 @@ export const salesforce = (options: SalesforceOptions) => {
 				throw new BetterAuthError("codeVerifier is required for Salesforce");
 			}
 
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				SALESFORCE_DEFAULT_SCOPES,
-				scopes,
-			);
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["openid", "email", "profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 
 			return createAuthorizationURL({
 				id: "salesforce",
 				options,
 				authorizationEndpoint,
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI: options.redirectURI || redirectURI,
@@ -166,5 +162,5 @@ export const salesforce = (options: SalesforceOptions) => {
 		},
 
 		options,
-	} satisfies UpstreamProvider<SalesforceProfile>;
+	} satisfies OAuthProvider<SalesforceProfile>;
 };

package/src/social-providers/slack.ts

@@ -1,9 +1,8 @@
 import { betterFetch } from "@better-fetch/fetch";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -42,30 +41,22 @@ export interface SlackOptions extends ProviderOptions<SlackProfile> {
 	clientId: string;
 }
 
-const SLACK_DEFAULT_SCOPES = ["openid", "profile", "email"];
-
 export const slack = (options: SlackOptions) => {
 	const tokenEndpoint = "https://slack.com/api/openid.connect.token";
 	return {
 		id: "slack",
 		name: "Slack",
-		callbackPath: "/callback/slack",
-		async createAuthorizationURL({
-			state,
-			scopes,
-			redirectURI,
-			additionalParams,
-		}) {
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				SLACK_DEFAULT_SCOPES,
-				scopes,
-			);
+		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["openid", "profile", "email"];
+			if (scopes) _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
 			return createAuthorizationURL({
 				id: "slack",
 				options,
 				authorizationEndpoint: "https://slack.com/openid/connect/authorize",
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state,
 				redirectURI,
 				additionalParams,
@@ -123,5 +114,5 @@ export const slack = (options: SlackOptions) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<SlackProfile>;
+	} satisfies OAuthProvider<SlackProfile>;
 };

package/src/social-providers/spotify.ts

@@ -1,9 +1,8 @@
 import { betterFetch } from "@better-fetch/fetch";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -20,31 +19,26 @@ export interface SpotifyOptions extends ProviderOptions<SpotifyProfile> {
 	clientId: string;
 }
 
-const SPOTIFY_DEFAULT_SCOPES = ["user-read-email"];
-
 export const spotify = (options: SpotifyOptions) => {
 	const tokenEndpoint = "https://accounts.spotify.com/api/token";
 	return {
 		id: "spotify",
 		name: "Spotify",
-		callbackPath: "/callback/spotify",
-		async createAuthorizationURL({
+		createAuthorizationURL({
 			state,
 			scopes,
 			codeVerifier,
 			redirectURI,
 			additionalParams,
 		}) {
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				SPOTIFY_DEFAULT_SCOPES,
-				scopes,
-			);
+			const _scopes = options.disableDefaultScope ? [] : ["user-read-email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "spotify",
 				options,
 				authorizationEndpoint: "https://accounts.spotify.com/authorize",
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI,
@@ -103,5 +97,5 @@ export const spotify = (options: SpotifyOptions) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<SpotifyProfile>;
+	} satisfies OAuthProvider<SpotifyProfile>;
 };

package/src/social-providers/tiktok.ts

@@ -1,9 +1,8 @@
 import { betterFetch } from "@better-fetch/fetch";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	RESERVED_AUTHORIZATION_PARAMS_SET,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -131,24 +130,19 @@ export interface TiktokOptions extends ProviderOptions {
 	clientKey: string;
 }
 
-const TIKTOK_DEFAULT_SCOPES = ["user.info.profile"];
-
 export const tiktok = (options: TiktokOptions) => {
 	const tokenEndpoint = "https://open.tiktokapis.com/v2/oauth/token/";
 	return {
 		id: "tiktok",
 		name: "TikTok",
-		callbackPath: "/callback/tiktok",
 		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				TIKTOK_DEFAULT_SCOPES,
-				scopes,
-			);
+			const _scopes = options.disableDefaultScope ? [] : ["user.info.profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			// TikTok uses `client_key` instead of the standard `client_id`, so the
 			// shared createAuthorizationURL helper cannot be used directly.
 			const url = new URL("https://www.tiktok.com/v2/auth/authorize");
-			url.searchParams.set("scope", requestedScopes.join(","));
+			url.searchParams.set("scope", _scopes.join(","));
 			url.searchParams.set("response_type", "code");
 			url.searchParams.set("client_key", options.clientKey);
 			url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
@@ -160,7 +154,7 @@ export const tiktok = (options: TiktokOptions) => {
 					url.searchParams.set(key, value);
 				}
 			}
-			return { url, requestedScopes };
+			return url;
 		},
 
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
@@ -226,5 +220,5 @@ export const tiktok = (options: TiktokOptions) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<TiktokProfile, TiktokOptions>;
+	} satisfies OAuthProvider<TiktokProfile, TiktokOptions>;
 };

package/src/social-providers/twitch.ts

@@ -1,10 +1,9 @@
 import { decodeJwt } from "jose";
 import { logger } from "../env";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -38,26 +37,23 @@ export interface TwitchOptions extends ProviderOptions<TwitchProfile> {
 	clientId: string;
 	claims?: string[] | undefined;
 }
-const TWITCH_DEFAULT_SCOPES = ["user:read:email", "openid"];
-
 export const twitch = (options: TwitchOptions) => {
 	const tokenEndpoint = "https://id.twitch.tv/oauth2/token";
 	return {
 		id: "twitch",
 		name: "Twitch",
-		callbackPath: "/callback/twitch",
 		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				TWITCH_DEFAULT_SCOPES,
-				scopes,
-			);
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["user:read:email", "openid"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "twitch",
 				redirectURI,
 				options,
 				authorizationEndpoint: "https://id.twitch.tv/oauth2/authorize",
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state,
 				claims: options.claims || [
 					"email",
@@ -113,5 +109,5 @@ export const twitch = (options: TwitchOptions) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<TwitchProfile>;
+	} satisfies OAuthProvider<TwitchProfile>;
 };

package/src/social-providers/twitter.ts

@@ -1,9 +1,8 @@
 import { betterFetch } from "@better-fetch/fetch";
-import type { ProviderOptions, UpstreamProvider } from "../oauth2";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
 	refreshAccessToken,
-	resolveRequestedScopes,
 	validateAuthorizationCode,
 } from "../oauth2";
 
@@ -104,30 +103,22 @@ export interface TwitterOption extends ProviderOptions<TwitterProfile> {
 	clientId: string;
 }
 
-const TWITTER_DEFAULT_SCOPES = [
-	"users.read",
-	"tweet.read",
-	"offline.access",
-	"users.email",
-];
-
 export const twitter = (options: TwitterOption) => {
 	const tokenEndpoint = "https://api.x.com/2/oauth2/token";
 	return {
 		id: "twitter",
 		name: "Twitter",
-		callbackPath: "/callback/twitter",
 		createAuthorizationURL(data) {
-			const requestedScopes = resolveRequestedScopes(
-				options,
-				TWITTER_DEFAULT_SCOPES,
-				data.scopes,
-			);
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["users.read", "tweet.read", "offline.access", "users.email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (data.scopes) _scopes.push(...data.scopes);
 			return createAuthorizationURL({
 				id: "twitter",
 				options,
 				authorizationEndpoint: "https://x.com/i/oauth2/authorize",
-				scopes: requestedScopes,
+				scopes: _scopes,
 				state: data.state,
 				codeVerifier: data.codeVerifier,
 				redirectURI: data.redirectURI,
@@ -205,5 +196,5 @@ export const twitter = (options: TwitterOption) => {
 			};
 		},
 		options,
-	} satisfies UpstreamProvider<TwitterProfile>;
+	} satisfies OAuthProvider<TwitterProfile>;
 };