npm - @better-auth/core - Versions diffs - 1.7.0-beta.6 → 1.7.0-beta.8 - Mend

@better-auth/core 1.7.0-beta.6 → 1.7.0-beta.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

package/dist/api/index.d.mts +3 -3
package/dist/context/global.mjs +1 -1
package/dist/db/get-tables.mjs +3 -3
package/dist/db/schema/account.d.mts +1 -1
package/dist/db/schema/account.mjs +1 -1
package/dist/error/codes.d.mts +0 -5
package/dist/error/codes.mjs +0 -5
package/dist/instrumentation/tracer.mjs +1 -1
package/dist/oauth2/create-authorization-url.d.mts +4 -5
package/dist/oauth2/create-authorization-url.mjs +4 -5
package/dist/oauth2/index.d.mts +3 -4
package/dist/oauth2/index.mjs +2 -3
package/dist/oauth2/oauth-provider.d.mts +44 -48
package/dist/oauth2/refresh-access-token.mjs +17 -2
package/dist/oauth2/utils.d.mts +6 -1
package/dist/oauth2/utils.mjs +24 -2
package/dist/oauth2/verify-id-token.d.mts +6 -5
package/dist/oauth2/verify-id-token.mjs +2 -2
package/dist/social-providers/apple.d.mts +3 -5
package/dist/social-providers/apple.mjs +5 -5
package/dist/social-providers/atlassian.d.mts +3 -5
package/dist/social-providers/atlassian.mjs +4 -4
package/dist/social-providers/cognito.d.mts +3 -5
package/dist/social-providers/cognito.mjs +11 -18
package/dist/social-providers/discord.d.mts +3 -5
package/dist/social-providers/discord.mjs +6 -7
package/dist/social-providers/dropbox.d.mts +3 -5
package/dist/social-providers/dropbox.mjs +5 -5
package/dist/social-providers/facebook.d.mts +3 -5
package/dist/social-providers/facebook.mjs +5 -5
package/dist/social-providers/figma.d.mts +3 -5
package/dist/social-providers/figma.mjs +5 -5
package/dist/social-providers/github.d.mts +3 -5
package/dist/social-providers/github.mjs +4 -4
package/dist/social-providers/gitlab.d.mts +3 -5
package/dist/social-providers/gitlab.mjs +6 -6
package/dist/social-providers/google.d.mts +10 -10
package/dist/social-providers/google.mjs +12 -13
package/dist/social-providers/huggingface.d.mts +3 -5
package/dist/social-providers/huggingface.mjs +8 -8
package/dist/social-providers/index.d.mts +105 -177
package/dist/social-providers/kakao.d.mts +3 -5
package/dist/social-providers/kakao.mjs +8 -8
package/dist/social-providers/kick.d.mts +3 -5
package/dist/social-providers/kick.mjs +4 -4
package/dist/social-providers/line.d.mts +3 -5
package/dist/social-providers/line.mjs +10 -10
package/dist/social-providers/linear.d.mts +3 -5
package/dist/social-providers/linear.mjs +4 -4
package/dist/social-providers/linkedin.d.mts +3 -5
package/dist/social-providers/linkedin.mjs +10 -10
package/dist/social-providers/microsoft-entra-id.d.mts +3 -5
package/dist/social-providers/microsoft-entra-id.mjs +10 -11
package/dist/social-providers/naver.d.mts +3 -5
package/dist/social-providers/naver.mjs +4 -4
package/dist/social-providers/notion.d.mts +3 -5
package/dist/social-providers/notion.mjs +4 -4
package/dist/social-providers/paybin.d.mts +3 -5
package/dist/social-providers/paybin.mjs +10 -10
package/dist/social-providers/paypal.d.mts +3 -5
package/dist/social-providers/paypal.mjs +2 -8
package/dist/social-providers/polar.d.mts +3 -5
package/dist/social-providers/polar.mjs +8 -8
package/dist/social-providers/railway.d.mts +3 -5
package/dist/social-providers/railway.mjs +9 -9
package/dist/social-providers/reddit.d.mts +3 -5
package/dist/social-providers/reddit.mjs +5 -5
package/dist/social-providers/roblox.d.mts +3 -5
package/dist/social-providers/roblox.mjs +5 -5
package/dist/social-providers/salesforce.d.mts +3 -5
package/dist/social-providers/salesforce.mjs +8 -8
package/dist/social-providers/slack.d.mts +3 -5
package/dist/social-providers/slack.mjs +9 -9
package/dist/social-providers/spotify.d.mts +3 -5
package/dist/social-providers/spotify.mjs +5 -5
package/dist/social-providers/tiktok.d.mts +3 -5
package/dist/social-providers/tiktok.mjs +5 -9
package/dist/social-providers/twitch.d.mts +3 -5
package/dist/social-providers/twitch.mjs +4 -4
package/dist/social-providers/twitter.d.mts +3 -5
package/dist/social-providers/twitter.mjs +9 -9
package/dist/social-providers/vercel.d.mts +3 -5
package/dist/social-providers/vercel.mjs +7 -4
package/dist/social-providers/vk.d.mts +3 -5
package/dist/social-providers/vk.mjs +5 -5
package/dist/social-providers/wechat.d.mts +3 -5
package/dist/social-providers/wechat.mjs +5 -9
package/dist/social-providers/zoom.d.mts +3 -6
package/dist/social-providers/zoom.mjs +9 -15
package/dist/types/context.d.mts +6 -2
package/dist/utils/host.d.mts +1 -1
package/dist/utils/host.mjs +3 -0
package/package.json +1 -1
package/src/db/get-tables.ts +3 -8
package/src/db/schema/account.ts +5 -14
package/src/error/codes.ts +0 -5
package/src/oauth2/create-authorization-url.ts +5 -1
package/src/oauth2/index.ts +3 -12
package/src/oauth2/oauth-provider.ts +46 -53
package/src/oauth2/refresh-access-token.ts +30 -5
package/src/oauth2/utils.ts +39 -1
package/src/oauth2/verify-id-token.ts +9 -5
package/src/social-providers/apple.ts +8 -13
package/src/social-providers/atlassian.ts +8 -12
package/src/social-providers/cognito.ts +11 -18
package/src/social-providers/discord.ts +8 -19
package/src/social-providers/dropbox.ts +7 -13
package/src/social-providers/facebook.ts +9 -13
package/src/social-providers/figma.ts +9 -13
package/src/social-providers/github.ts +8 -12
package/src/social-providers/gitlab.ts +8 -14
package/src/social-providers/google.ts +23 -29
package/src/social-providers/huggingface.ts +8 -12
package/src/social-providers/kakao.ts +8 -16
package/src/social-providers/kick.ts +7 -12
package/src/social-providers/line.ts +10 -14
package/src/social-providers/linear.ts +6 -12
package/src/social-providers/linkedin.ts +10 -14
package/src/social-providers/microsoft-entra-id.ts +8 -18
package/src/social-providers/naver.ts +6 -12
package/src/social-providers/notion.ts +6 -12
package/src/social-providers/paybin.ts +11 -14
package/src/social-providers/paypal.ts +8 -6
package/src/social-providers/polar.ts +8 -12
package/src/social-providers/railway.ts +9 -13
package/src/social-providers/reddit.ts +7 -18
package/src/social-providers/roblox.ts +7 -18
package/src/social-providers/salesforce.ts +8 -12
package/src/social-providers/slack.ts +9 -18
package/src/social-providers/spotify.ts +7 -13
package/src/social-providers/tiktok.ts +7 -13
package/src/social-providers/twitch.ts +8 -12
package/src/social-providers/twitter.ts +8 -17
package/src/social-providers/vercel.ts +10 -16
package/src/social-providers/vk.ts +7 -13
package/src/social-providers/wechat.ts +8 -20
package/src/social-providers/zoom.ts +6 -19
package/src/types/context.ts +8 -2
package/src/utils/host.ts +10 -1
package/dist/oauth2/scopes.d.mts +0 -76
package/dist/oauth2/scopes.mjs +0 -96
package/src/oauth2/scopes.ts +0 -118

package/dist/social-providers/polar.d.mts CHANGED Viewed

@@ -25,7 +25,6 @@ interface PolarOptions extends ProviderOptions<PolarProfile> {}
 declare const polar: (options: PolarOptions) => {
   id: "polar";
   name: string;
-  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
@@ -39,11 +38,9 @@ declare const polar: (options: PolarOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): Promise<{
-    url: URL;
-    requestedScopes: string[];
-  }>;
+  }): Promise<URL>;
   validateAuthorizationCode: ({
     code,
     codeVerifier,
@@ -56,6 +53,7 @@ declare const polar: (options: PolarOptions) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/polar.mjs CHANGED Viewed

@@ -1,26 +1,26 @@
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/polar.ts
-const POLAR_DEFAULT_SCOPES = [
-	"openid",
-	"profile",
-	"email"
-];
 const polar = (options) => {
 	const tokenEndpoint = "https://api.polar.sh/v1/oauth2/token";
 	return {
 		id: "polar",
 		name: "Polar",
-		callbackPath: "/callback/polar",
 		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "polar",
 				options,
 				authorizationEndpoint: "https://polar.sh/oauth2/authorize",
-				scopes: resolveRequestedScopes(options, POLAR_DEFAULT_SCOPES, scopes),
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI,

package/dist/social-providers/railway.d.mts CHANGED Viewed

@@ -16,7 +16,6 @@ interface RailwayOptions extends ProviderOptions<RailwayProfile> {
 declare const railway: (options: RailwayOptions) => {
   id: "railway";
   name: string;
-  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
@@ -30,11 +29,9 @@ declare const railway: (options: RailwayOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): Promise<{
-    url: URL;
-    requestedScopes: string[];
-  }>;
+  }): Promise<URL>;
   validateAuthorizationCode: ({
     code,
     codeVerifier,
@@ -47,6 +44,7 @@ declare const railway: (options: RailwayOptions) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/railway.mjs CHANGED Viewed

@@ -1,4 +1,3 @@
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
@@ -7,22 +6,23 @@ import { betterFetch } from "@better-fetch/fetch";
 const authorizationEndpoint = "https://backboard.railway.com/oauth/auth";
 const tokenEndpoint = "https://backboard.railway.com/oauth/token";
 const userinfoEndpoint = "https://backboard.railway.com/oauth/me";
-const RAILWAY_DEFAULT_SCOPES = [
-	"openid",
-	"email",
-	"profile"
-];
 const railway = (options) => {
 	return {
 		id: "railway",
 		name: "Railway",
-		callbackPath: "/callback/railway",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"email",
+				"profile"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "railway",
 				options,
 				authorizationEndpoint,
-				scopes: resolveRequestedScopes(options, RAILWAY_DEFAULT_SCOPES, scopes),
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI,

package/dist/social-providers/reddit.d.mts CHANGED Viewed

@@ -15,7 +15,6 @@ interface RedditOptions extends ProviderOptions<RedditProfile> {
 declare const reddit: (options: RedditOptions) => {
   id: "reddit";
   name: string;
-  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
@@ -28,11 +27,9 @@ declare const reddit: (options: RedditOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): Promise<{
-    url: URL;
-    requestedScopes: string[];
-  }>;
+  }): Promise<URL>;
   validateAuthorizationCode: ({
     code,
     redirectURI
@@ -44,6 +41,7 @@ declare const reddit: (options: RedditOptions) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/reddit.mjs CHANGED Viewed

@@ -1,22 +1,22 @@
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { getOAuth2Tokens } from "../oauth2/utils.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/reddit.ts
-const REDDIT_DEFAULT_SCOPES = ["identity"];
 const reddit = (options) => {
 	return {
 		id: "reddit",
 		name: "Reddit",
-		callbackPath: "/callback/reddit",
-		async createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope ? [] : ["identity"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "reddit",
 				options,
 				authorizationEndpoint: "https://www.reddit.com/api/v1/authorize",
-				scopes: resolveRequestedScopes(options, REDDIT_DEFAULT_SCOPES, scopes),
+				scopes: _scopes,
 				state,
 				redirectURI,
 				duration: options.duration,

package/dist/social-providers/roblox.d.mts CHANGED Viewed

@@ -23,7 +23,6 @@ interface RobloxOptions extends ProviderOptions<RobloxProfile> {
 declare const roblox: (options: RobloxOptions) => {
   id: "roblox";
   name: string;
-  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
@@ -36,11 +35,9 @@ declare const roblox: (options: RobloxOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): Promise<{
-    url: URL;
-    requestedScopes: string[];
-  }>;
+  }): Promise<URL>;
   validateAuthorizationCode: ({
     code,
     redirectURI
@@ -52,6 +49,7 @@ declare const roblox: (options: RobloxOptions) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/roblox.mjs CHANGED Viewed

@@ -1,22 +1,22 @@
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/roblox.ts
-const ROBLOX_DEFAULT_SCOPES = ["openid", "profile"];
 const roblox = (options) => {
 	const tokenEndpoint = "https://apis.roblox.com/oauth/v1/token";
 	return {
 		id: "roblox",
 		name: "Roblox",
-		callbackPath: "/callback/roblox",
-		async createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope ? [] : ["openid", "profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "roblox",
 				options,
 				authorizationEndpoint: "https://apis.roblox.com/oauth/v1/authorize",
-				scopes: resolveRequestedScopes(options, ROBLOX_DEFAULT_SCOPES, scopes),
+				scopes: _scopes,
 				state,
 				redirectURI,
 				prompt: options.prompt || "select_account consent",

package/dist/social-providers/salesforce.d.mts CHANGED Viewed

@@ -30,7 +30,6 @@ interface SalesforceOptions extends ProviderOptions<SalesforceProfile> {
 declare const salesforce: (options: SalesforceOptions) => {
   id: "salesforce";
   name: string;
-  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
@@ -44,11 +43,9 @@ declare const salesforce: (options: SalesforceOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): Promise<{
-    url: URL;
-    requestedScopes: string[];
-  }>;
+  }): Promise<URL>;
   validateAuthorizationCode: ({
     code,
     codeVerifier,
@@ -61,6 +58,7 @@ declare const salesforce: (options: SalesforceOptions) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/salesforce.mjs CHANGED Viewed

@@ -1,16 +1,10 @@
 import { BetterAuthError } from "../error/index.mjs";
 import { logger } from "../env/logger.mjs";
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/salesforce.ts
-const SALESFORCE_DEFAULT_SCOPES = [
-	"openid",
-	"email",
-	"profile"
-];
 const salesforce = (options) => {
 	const isSandbox = (options.environment ?? "production") === "sandbox";
 	const authorizationEndpoint = options.loginUrl ? `https://${options.loginUrl}/services/oauth2/authorize` : isSandbox ? "https://test.salesforce.com/services/oauth2/authorize" : "https://login.salesforce.com/services/oauth2/authorize";
@@ -19,18 +13,24 @@ const salesforce = (options) => {
 	return {
 		id: "salesforce",
 		name: "Salesforce",
-		callbackPath: "/callback/salesforce",
 		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
 			if (!options.clientId || !options.clientSecret) {
 				logger.error("Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options.");
 				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
 			}
 			if (!codeVerifier) throw new BetterAuthError("codeVerifier is required for Salesforce");
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"email",
+				"profile"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "salesforce",
 				options,
 				authorizationEndpoint,
-				scopes: resolveRequestedScopes(options, SALESFORCE_DEFAULT_SCOPES, scopes),
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI: options.redirectURI || redirectURI,

package/dist/social-providers/slack.d.mts CHANGED Viewed

@@ -36,7 +36,6 @@ interface SlackOptions extends ProviderOptions<SlackProfile> {
 declare const slack: (options: SlackOptions) => {
   id: "slack";
   name: string;
-  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
@@ -49,11 +48,9 @@ declare const slack: (options: SlackOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): Promise<{
-    url: URL;
-    requestedScopes: string[];
-  }>;
+  }): Promise<URL>;
   validateAuthorizationCode: ({
     code,
     redirectURI
@@ -65,6 +62,7 @@ declare const slack: (options: SlackOptions) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/slack.mjs CHANGED Viewed

@@ -1,26 +1,26 @@
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/slack.ts
-const SLACK_DEFAULT_SCOPES = [
-	"openid",
-	"profile",
-	"email"
-];
 const slack = (options) => {
 	const tokenEndpoint = "https://slack.com/api/openid.connect.token";
 	return {
 		id: "slack",
 		name: "Slack",
-		callbackPath: "/callback/slack",
-		async createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"openid",
+				"profile",
+				"email"
+			];
+			if (scopes) _scopes.push(...scopes);
+			if (options.scope) _scopes.push(...options.scope);
 			return createAuthorizationURL({
 				id: "slack",
 				options,
 				authorizationEndpoint: "https://slack.com/openid/connect/authorize",
-				scopes: resolveRequestedScopes(options, SLACK_DEFAULT_SCOPES, scopes),
+				scopes: _scopes,
 				state,
 				redirectURI,
 				additionalParams

package/dist/social-providers/spotify.d.mts CHANGED Viewed

@@ -14,7 +14,6 @@ interface SpotifyOptions extends ProviderOptions<SpotifyProfile> {
 declare const spotify: (options: SpotifyOptions) => {
   id: "spotify";
   name: string;
-  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
@@ -28,11 +27,9 @@ declare const spotify: (options: SpotifyOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): Promise<{
-    url: URL;
-    requestedScopes: string[];
-  }>;
+  }): Promise<URL>;
   validateAuthorizationCode: ({
     code,
     codeVerifier,
@@ -45,6 +42,7 @@ declare const spotify: (options: SpotifyOptions) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/spotify.mjs CHANGED Viewed

@@ -1,22 +1,22 @@
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/spotify.ts
-const SPOTIFY_DEFAULT_SCOPES = ["user-read-email"];
 const spotify = (options) => {
 	const tokenEndpoint = "https://accounts.spotify.com/api/token";
 	return {
 		id: "spotify",
 		name: "Spotify",
-		callbackPath: "/callback/spotify",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user-read-email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "spotify",
 				options,
 				authorizationEndpoint: "https://accounts.spotify.com/authorize",
-				scopes: resolveRequestedScopes(options, SPOTIFY_DEFAULT_SCOPES, scopes),
+				scopes: _scopes,
 				state,
 				codeVerifier,
 				redirectURI,

package/dist/social-providers/tiktok.d.mts CHANGED Viewed

@@ -121,7 +121,6 @@ interface TiktokOptions extends ProviderOptions {
 declare const tiktok: (options: TiktokOptions) => {
   id: "tiktok";
   name: string;
-  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
@@ -134,11 +133,9 @@ declare const tiktok: (options: TiktokOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): {
-    url: URL;
-    requestedScopes: string[];
-  };
+  }): URL;
   validateAuthorizationCode: ({
     code,
     redirectURI
@@ -150,6 +147,7 @@ declare const tiktok: (options: TiktokOptions) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/tiktok.mjs CHANGED Viewed

@@ -1,20 +1,19 @@
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { RESERVED_AUTHORIZATION_PARAMS_SET } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/tiktok.ts
-const TIKTOK_DEFAULT_SCOPES = ["user.info.profile"];
 const tiktok = (options) => {
 	const tokenEndpoint = "https://open.tiktokapis.com/v2/oauth/token/";
 	return {
 		id: "tiktok",
 		name: "TikTok",
-		callbackPath: "/callback/tiktok",
 		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
-			const requestedScopes = resolveRequestedScopes(options, TIKTOK_DEFAULT_SCOPES, scopes);
+			const _scopes = options.disableDefaultScope ? [] : ["user.info.profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			const url = new URL("https://www.tiktok.com/v2/auth/authorize");
-			url.searchParams.set("scope", requestedScopes.join(","));
+			url.searchParams.set("scope", _scopes.join(","));
 			url.searchParams.set("response_type", "code");
 			url.searchParams.set("client_key", options.clientKey);
 			url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
@@ -24,10 +23,7 @@ const tiktok = (options) => {
 				if (key === "client_key") continue;
 				url.searchParams.set(key, value);
 			}
-			return {
-				url,
-				requestedScopes
-			};
+			return url;
 		},
 		validateAuthorizationCode: async ({ code, redirectURI }) => {
 			return validateAuthorizationCode({

package/dist/social-providers/twitch.d.mts CHANGED Viewed

@@ -32,7 +32,6 @@ interface TwitchOptions extends ProviderOptions<TwitchProfile> {
 declare const twitch: (options: TwitchOptions) => {
   id: "twitch";
   name: string;
-  callbackPath: string;
   createAuthorizationURL({
     state,
     scopes,
@@ -45,11 +44,9 @@ declare const twitch: (options: TwitchOptions) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): Promise<{
-    url: URL;
-    requestedScopes: string[];
-  }>;
+  }): Promise<URL>;
   validateAuthorizationCode: ({
     code,
     redirectURI
@@ -61,6 +58,7 @@ declare const twitch: (options: TwitchOptions) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/twitch.mjs CHANGED Viewed

@@ -1,24 +1,24 @@
 import { logger } from "../env/logger.mjs";
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { decodeJwt } from "jose";
 //#region src/social-providers/twitch.ts
-const TWITCH_DEFAULT_SCOPES = ["user:read:email", "openid"];
 const twitch = (options) => {
 	const tokenEndpoint = "https://id.twitch.tv/oauth2/token";
 	return {
 		id: "twitch",
 		name: "Twitch",
-		callbackPath: "/callback/twitch",
 		createAuthorizationURL({ state, scopes, redirectURI, additionalParams }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user:read:email", "openid"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
 			return createAuthorizationURL({
 				id: "twitch",
 				redirectURI,
 				options,
 				authorizationEndpoint: "https://id.twitch.tv/oauth2/authorize",
-				scopes: resolveRequestedScopes(options, TWITCH_DEFAULT_SCOPES, scopes),
+				scopes: _scopes,
 				state,
 				claims: options.claims || [
 					"email",

package/dist/social-providers/twitter.d.mts CHANGED Viewed

@@ -82,7 +82,6 @@ interface TwitterOption extends ProviderOptions<TwitterProfile> {
 declare const twitter: (options: TwitterOption) => {
   id: "twitter";
   name: string;
-  callbackPath: string;
   createAuthorizationURL(data: {
     state: string;
     codeVerifier: string;
@@ -90,11 +89,9 @@ declare const twitter: (options: TwitterOption) => {
     redirectURI: string;
     display?: string | undefined;
     loginHint?: string | undefined;
+    idTokenNonce?: string | undefined;
     additionalParams?: Record<string, string> | undefined;
-  }): Promise<{
-    url: URL;
-    requestedScopes: string[];
-  }>;
+  }): Promise<URL>;
   validateAuthorizationCode: ({
     code,
     codeVerifier,
@@ -107,6 +104,7 @@ declare const twitter: (options: TwitterOption) => {
   }) => Promise<OAuth2Tokens>;
   refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
   getUserInfo(token: OAuth2Tokens & {
+    expectedIdTokenNonce?: string | undefined;
     user?: {
       name?: {
         firstName?: string;

package/dist/social-providers/twitter.mjs CHANGED Viewed

@@ -1,27 +1,27 @@
-import { resolveRequestedScopes } from "../oauth2/scopes.mjs";
 import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
 import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
 import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
 import { betterFetch } from "@better-fetch/fetch";
 //#region src/social-providers/twitter.ts
-const TWITTER_DEFAULT_SCOPES = [
-	"users.read",
-	"tweet.read",
-	"offline.access",
-	"users.email"
-];
 const twitter = (options) => {
 	const tokenEndpoint = "https://api.x.com/2/oauth2/token";
 	return {
 		id: "twitter",
 		name: "Twitter",
-		callbackPath: "/callback/twitter",
 		createAuthorizationURL(data) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"users.read",
+				"tweet.read",
+				"offline.access",
+				"users.email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (data.scopes) _scopes.push(...data.scopes);
 			return createAuthorizationURL({
 				id: "twitter",
 				options,
 				authorizationEndpoint: "https://x.com/i/oauth2/authorize",
-				scopes: resolveRequestedScopes(options, TWITTER_DEFAULT_SCOPES, data.scopes),
+				scopes: _scopes,
 				state: data.state,
 				codeVerifier: data.codeVerifier,
 				redirectURI: data.redirectURI,