@better-auth/oauth-provider 1.7.0-beta.1 → 1.7.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{client-assertion-CderPEmR.mjs → client-assertion-BYtMWGCE.mjs} +1 -1
- package/dist/client-resource.d.mts +1 -1
- package/dist/client-resource.mjs +2 -2
- package/dist/client.d.mts +1 -1
- package/dist/client.mjs +1 -1
- package/dist/index.d.mts +3 -3
- package/dist/index.mjs +312 -121
- package/dist/{oauth-B_qonG53.d.mts → oauth-BxP4Iupj.d.mts} +72 -20
- package/dist/{oauth-CU79t-eG.d.mts → oauth-Ds-ejTJY.d.mts} +15 -3
- package/dist/{utils-Cx_XnD9i.mjs → utils-_Jr_enAe.mjs} +16 -12
- package/dist/{version-DIwdpXrQ.mjs → version-CG1YnCiF.mjs} +1 -1
- package/package.json +5 -5
|
@@ -1,10 +1,40 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { a as OAuthClient, c as TokenEndpointAuthMethod, f as OAuthConsent, g as Prompt, i as GrantType, m as OAuthOptions, t as AuthMethod, v as Scope } from "./oauth-Ds-ejTJY.mjs";
|
|
2
2
|
import * as better_call0 from "better-call";
|
|
3
3
|
import * as z from "zod";
|
|
4
4
|
import * as better_auth_plugins0 from "better-auth/plugins";
|
|
5
5
|
import * as jose from "jose";
|
|
6
6
|
import * as better_auth0 from "better-auth";
|
|
7
7
|
|
|
8
|
+
//#region src/oauth-endpoint.d.ts
|
|
9
|
+
/**
|
|
10
|
+
* Canonical OAuth 2.0 / OpenID Connect error codes. The union is the single
|
|
11
|
+
* vocabulary for every error-emitting surface in this plugin: token, authorize,
|
|
12
|
+
* revoke, introspect, register, userinfo, logout, consent, and the redirect
|
|
13
|
+
* error channel. Entries are grouped by source RFC so the declaration doubles
|
|
14
|
+
* as a specification map.
|
|
15
|
+
*
|
|
16
|
+
* The trailing `(string & {})` keeps the type open for product-specific codes
|
|
17
|
+
* (e.g. `"invalid_verification"`, `"invalid_user"`) while preserving editor
|
|
18
|
+
* autocomplete for the listed standard codes. Prefer a standard code whenever
|
|
19
|
+
* one applies; fall back to a custom string only for states no RFC covers.
|
|
20
|
+
*/
|
|
21
|
+
type OAuthErrorCode = "invalid_request" | "invalid_client" | "invalid_grant" | "unauthorized_client" | "unsupported_grant_type" | "unsupported_response_type" | "invalid_scope" | "access_denied" | "server_error" | "temporarily_unavailable" | "invalid_token" | "unsupported_token_type" | "invalid_redirect_uri" | "invalid_client_metadata" | "invalid_software_statement" | "unapproved_software_statement" | "invalid_target" | "invalid_request_object" | "login_required" | "consent_required" | "interaction_required" | "account_selection_required" | "invalid_request_uri" | "request_not_supported" | "request_uri_not_supported" | "registration_not_supported" | (string & {});
|
|
22
|
+
type OAuthFieldErrorCodeMap = {
|
|
23
|
+
missing?: OAuthErrorCode;
|
|
24
|
+
invalid?: OAuthErrorCode;
|
|
25
|
+
};
|
|
26
|
+
type OAuthFieldErrorCode = OAuthErrorCode | OAuthFieldErrorCodeMap;
|
|
27
|
+
interface OAuthEndpointErrorResult {
|
|
28
|
+
error: OAuthErrorCode;
|
|
29
|
+
error_description: string;
|
|
30
|
+
}
|
|
31
|
+
interface OAuthEndpointRedirectContext<Ctx = unknown> {
|
|
32
|
+
error: OAuthErrorCode;
|
|
33
|
+
error_description: string;
|
|
34
|
+
ctx: Ctx;
|
|
35
|
+
}
|
|
36
|
+
type OAuthRedirectOnError<Ctx = any> = (result: OAuthEndpointRedirectContext<Ctx>) => unknown;
|
|
37
|
+
//#endregion
|
|
8
38
|
//#region src/oauth.d.ts
|
|
9
39
|
declare module "@better-auth/core" {
|
|
10
40
|
interface BetterAuthPluginRegistry<AuthOptions, Options> {
|
|
@@ -15,6 +45,8 @@ declare module "@better-auth/core" {
|
|
|
15
45
|
}
|
|
16
46
|
declare const getOAuthProviderState: () => Promise<{
|
|
17
47
|
query?: string;
|
|
48
|
+
signedQueryIssuedAt?: Date;
|
|
49
|
+
postLoginClearedForSession?: string;
|
|
18
50
|
} | null>;
|
|
19
51
|
/**
|
|
20
52
|
* oAuth 2.1 provider plugin for Better Auth.
|
|
@@ -160,20 +192,20 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
160
192
|
oauth2Authorize: better_call0.StrictEndpoint<"/oauth2/authorize", {
|
|
161
193
|
method: "GET";
|
|
162
194
|
query: z.ZodObject<{
|
|
163
|
-
response_type: z.ZodOptional<z.ZodEnum<{
|
|
195
|
+
response_type: z.ZodOptional<z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
164
196
|
code: "code";
|
|
165
|
-
}
|
|
197
|
+
}>>>;
|
|
166
198
|
client_id: z.ZodString;
|
|
167
199
|
redirect_uri: z.ZodOptional<z.ZodURL>;
|
|
168
200
|
scope: z.ZodOptional<z.ZodString>;
|
|
169
201
|
state: z.ZodOptional<z.ZodString>;
|
|
170
202
|
request_uri: z.ZodOptional<z.ZodString>;
|
|
171
203
|
code_challenge: z.ZodOptional<z.ZodString>;
|
|
172
|
-
code_challenge_method: z.ZodOptional<z.ZodEnum<{
|
|
204
|
+
code_challenge_method: z.ZodOptional<z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
173
205
|
S256: "S256";
|
|
174
|
-
}
|
|
206
|
+
}>>>;
|
|
175
207
|
nonce: z.ZodOptional<z.ZodString>;
|
|
176
|
-
prompt: z.ZodOptional<z.ZodEnum<{
|
|
208
|
+
prompt: z.ZodOptional<z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
177
209
|
none: "none";
|
|
178
210
|
consent: "consent";
|
|
179
211
|
login: "login";
|
|
@@ -181,8 +213,14 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
181
213
|
select_account: "select_account";
|
|
182
214
|
"login consent": "login consent";
|
|
183
215
|
"select_account consent": "select_account consent";
|
|
184
|
-
}
|
|
216
|
+
}>>>;
|
|
185
217
|
}, z.core.$strip>;
|
|
218
|
+
redirectOnError: OAuthRedirectOnError<better_auth0.GenericEndpointContext>;
|
|
219
|
+
errorCodesByField: {
|
|
220
|
+
response_type: {
|
|
221
|
+
invalid: "unsupported_response_type";
|
|
222
|
+
};
|
|
223
|
+
};
|
|
186
224
|
metadata: {
|
|
187
225
|
openapi: {
|
|
188
226
|
description: string;
|
|
@@ -378,11 +416,11 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
378
416
|
oauth2Token: better_call0.StrictEndpoint<"/oauth2/token", {
|
|
379
417
|
method: "POST";
|
|
380
418
|
body: z.ZodObject<{
|
|
381
|
-
grant_type: z.ZodEnum<{
|
|
419
|
+
grant_type: z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
382
420
|
authorization_code: "authorization_code";
|
|
383
421
|
client_credentials: "client_credentials";
|
|
384
422
|
refresh_token: "refresh_token";
|
|
385
|
-
}
|
|
423
|
+
}>>;
|
|
386
424
|
client_id: z.ZodOptional<z.ZodString>;
|
|
387
425
|
client_secret: z.ZodOptional<z.ZodString>;
|
|
388
426
|
client_assertion: z.ZodOptional<z.ZodString>;
|
|
@@ -394,6 +432,12 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
394
432
|
resource: z.ZodOptional<z.ZodString>;
|
|
395
433
|
scope: z.ZodOptional<z.ZodString>;
|
|
396
434
|
}, z.core.$strip>;
|
|
435
|
+
errorCodesByField: {
|
|
436
|
+
grant_type: {
|
|
437
|
+
missing: "invalid_request";
|
|
438
|
+
invalid: "unsupported_grant_type";
|
|
439
|
+
};
|
|
440
|
+
};
|
|
397
441
|
metadata: {
|
|
398
442
|
allowedMediaTypes: string[];
|
|
399
443
|
openapi: {
|
|
@@ -530,10 +574,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
530
574
|
client_assertion: z.ZodOptional<z.ZodString>;
|
|
531
575
|
client_assertion_type: z.ZodOptional<z.ZodString>;
|
|
532
576
|
token: z.ZodString;
|
|
533
|
-
token_type_hint: z.ZodOptional<z.
|
|
534
|
-
refresh_token: "refresh_token";
|
|
535
|
-
access_token: "access_token";
|
|
536
|
-
}>>;
|
|
577
|
+
token_type_hint: z.ZodOptional<z.ZodString>;
|
|
537
578
|
}, z.core.$strip>;
|
|
538
579
|
metadata: {
|
|
539
580
|
allowedMediaTypes: string[];
|
|
@@ -560,7 +601,6 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
560
601
|
};
|
|
561
602
|
token_type_hint: {
|
|
562
603
|
type: string;
|
|
563
|
-
enum: string[];
|
|
564
604
|
description: string;
|
|
565
605
|
};
|
|
566
606
|
resource: {
|
|
@@ -669,10 +709,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
669
709
|
client_assertion: z.ZodOptional<z.ZodString>;
|
|
670
710
|
client_assertion_type: z.ZodOptional<z.ZodString>;
|
|
671
711
|
token: z.ZodString;
|
|
672
|
-
token_type_hint: z.ZodOptional<z.
|
|
673
|
-
refresh_token: "refresh_token";
|
|
674
|
-
access_token: "access_token";
|
|
675
|
-
}>>;
|
|
712
|
+
token_type_hint: z.ZodOptional<z.ZodString>;
|
|
676
713
|
}, z.core.$strip>;
|
|
677
714
|
metadata: {
|
|
678
715
|
allowedMediaTypes: string[];
|
|
@@ -699,7 +736,6 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
699
736
|
};
|
|
700
737
|
token_type_hint: {
|
|
701
738
|
type: string;
|
|
702
|
-
enum: string[];
|
|
703
739
|
description: string;
|
|
704
740
|
};
|
|
705
741
|
};
|
|
@@ -951,6 +987,12 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
951
987
|
}>>;
|
|
952
988
|
skip_consent: z.ZodOptional<z.ZodNever>;
|
|
953
989
|
}, z.core.$strip>;
|
|
990
|
+
errorCodesByField: {
|
|
991
|
+
redirect_uris: "invalid_redirect_uri";
|
|
992
|
+
post_logout_redirect_uris: "invalid_redirect_uri";
|
|
993
|
+
software_statement: "invalid_software_statement";
|
|
994
|
+
};
|
|
995
|
+
defaultError: "invalid_client_metadata";
|
|
954
996
|
metadata: {
|
|
955
997
|
openapi: {
|
|
956
998
|
description: string;
|
|
@@ -1927,6 +1969,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1927
1969
|
model: string;
|
|
1928
1970
|
field: string;
|
|
1929
1971
|
};
|
|
1972
|
+
index: true;
|
|
1930
1973
|
};
|
|
1931
1974
|
createdAt: {
|
|
1932
1975
|
type: "date";
|
|
@@ -2035,6 +2078,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2035
2078
|
model: string;
|
|
2036
2079
|
field: string;
|
|
2037
2080
|
};
|
|
2081
|
+
index: true;
|
|
2038
2082
|
};
|
|
2039
2083
|
sessionId: {
|
|
2040
2084
|
type: "string";
|
|
@@ -2044,6 +2088,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2044
2088
|
field: string;
|
|
2045
2089
|
onDelete: "set null";
|
|
2046
2090
|
};
|
|
2091
|
+
index: true;
|
|
2047
2092
|
};
|
|
2048
2093
|
userId: {
|
|
2049
2094
|
type: "string";
|
|
@@ -2052,6 +2097,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2052
2097
|
model: string;
|
|
2053
2098
|
field: string;
|
|
2054
2099
|
};
|
|
2100
|
+
index: true;
|
|
2055
2101
|
};
|
|
2056
2102
|
referenceId: {
|
|
2057
2103
|
type: "string";
|
|
@@ -2091,6 +2137,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2091
2137
|
model: string;
|
|
2092
2138
|
field: string;
|
|
2093
2139
|
};
|
|
2140
|
+
index: true;
|
|
2094
2141
|
};
|
|
2095
2142
|
sessionId: {
|
|
2096
2143
|
type: "string";
|
|
@@ -2100,6 +2147,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2100
2147
|
field: string;
|
|
2101
2148
|
onDelete: "set null";
|
|
2102
2149
|
};
|
|
2150
|
+
index: true;
|
|
2103
2151
|
};
|
|
2104
2152
|
userId: {
|
|
2105
2153
|
type: "string";
|
|
@@ -2108,6 +2156,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2108
2156
|
model: string;
|
|
2109
2157
|
field: string;
|
|
2110
2158
|
};
|
|
2159
|
+
index: true;
|
|
2111
2160
|
};
|
|
2112
2161
|
referenceId: {
|
|
2113
2162
|
type: "string";
|
|
@@ -2120,6 +2169,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2120
2169
|
model: string;
|
|
2121
2170
|
field: string;
|
|
2122
2171
|
};
|
|
2172
|
+
index: true;
|
|
2123
2173
|
};
|
|
2124
2174
|
expiresAt: {
|
|
2125
2175
|
type: "date";
|
|
@@ -2143,6 +2193,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2143
2193
|
model: string;
|
|
2144
2194
|
field: string;
|
|
2145
2195
|
};
|
|
2196
|
+
index: true;
|
|
2146
2197
|
};
|
|
2147
2198
|
userId: {
|
|
2148
2199
|
type: "string";
|
|
@@ -2151,6 +2202,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2151
2202
|
model: string;
|
|
2152
2203
|
field: string;
|
|
2153
2204
|
};
|
|
2205
|
+
index: true;
|
|
2154
2206
|
};
|
|
2155
2207
|
referenceId: {
|
|
2156
2208
|
type: "string";
|
|
@@ -2196,4 +2248,4 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2196
2248
|
})[];
|
|
2197
2249
|
};
|
|
2198
2250
|
//#endregion
|
|
2199
|
-
export { oauthProvider as n, getOAuthProviderState as t };
|
|
2251
|
+
export { OAuthErrorCode as a, OAuthRedirectOnError as c, OAuthEndpointRedirectContext as i, oauthProvider as n, OAuthFieldErrorCode as o, OAuthEndpointErrorResult as r, OAuthFieldErrorCodeMap as s, getOAuthProviderState as t };
|
|
@@ -46,6 +46,7 @@ declare const schema: {
|
|
|
46
46
|
model: string;
|
|
47
47
|
field: string;
|
|
48
48
|
};
|
|
49
|
+
index: true;
|
|
49
50
|
};
|
|
50
51
|
createdAt: {
|
|
51
52
|
type: "date";
|
|
@@ -159,6 +160,7 @@ declare const schema: {
|
|
|
159
160
|
model: string;
|
|
160
161
|
field: string;
|
|
161
162
|
};
|
|
163
|
+
index: true;
|
|
162
164
|
};
|
|
163
165
|
sessionId: {
|
|
164
166
|
type: "string";
|
|
@@ -168,6 +170,7 @@ declare const schema: {
|
|
|
168
170
|
field: string;
|
|
169
171
|
onDelete: "set null";
|
|
170
172
|
};
|
|
173
|
+
index: true;
|
|
171
174
|
};
|
|
172
175
|
userId: {
|
|
173
176
|
type: "string";
|
|
@@ -176,6 +179,7 @@ declare const schema: {
|
|
|
176
179
|
model: string;
|
|
177
180
|
field: string;
|
|
178
181
|
};
|
|
182
|
+
index: true;
|
|
179
183
|
};
|
|
180
184
|
referenceId: {
|
|
181
185
|
type: "string";
|
|
@@ -227,6 +231,7 @@ declare const schema: {
|
|
|
227
231
|
model: string;
|
|
228
232
|
field: string;
|
|
229
233
|
};
|
|
234
|
+
index: true;
|
|
230
235
|
};
|
|
231
236
|
sessionId: {
|
|
232
237
|
type: "string";
|
|
@@ -236,6 +241,7 @@ declare const schema: {
|
|
|
236
241
|
field: string;
|
|
237
242
|
onDelete: "set null";
|
|
238
243
|
};
|
|
244
|
+
index: true;
|
|
239
245
|
};
|
|
240
246
|
userId: {
|
|
241
247
|
type: "string";
|
|
@@ -244,6 +250,7 @@ declare const schema: {
|
|
|
244
250
|
model: string;
|
|
245
251
|
field: string;
|
|
246
252
|
};
|
|
253
|
+
index: true;
|
|
247
254
|
};
|
|
248
255
|
referenceId: {
|
|
249
256
|
type: "string";
|
|
@@ -256,6 +263,7 @@ declare const schema: {
|
|
|
256
263
|
model: string;
|
|
257
264
|
field: string;
|
|
258
265
|
};
|
|
266
|
+
index: true;
|
|
259
267
|
};
|
|
260
268
|
expiresAt: {
|
|
261
269
|
type: "date";
|
|
@@ -279,6 +287,7 @@ declare const schema: {
|
|
|
279
287
|
model: string;
|
|
280
288
|
field: string;
|
|
281
289
|
};
|
|
290
|
+
index: true;
|
|
282
291
|
};
|
|
283
292
|
userId: {
|
|
284
293
|
type: "string";
|
|
@@ -287,6 +296,7 @@ declare const schema: {
|
|
|
287
296
|
model: string;
|
|
288
297
|
field: string;
|
|
289
298
|
};
|
|
299
|
+
index: true;
|
|
290
300
|
};
|
|
291
301
|
referenceId: {
|
|
292
302
|
type: "string";
|
|
@@ -1096,10 +1106,12 @@ interface OAuthAuthorizationQuery {
|
|
|
1096
1106
|
* Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the
|
|
1097
1107
|
* value of this parameter with a browser cookie.
|
|
1098
1108
|
*
|
|
1109
|
+
* Recommended for clients, but optional for the authorization server.
|
|
1110
|
+
*
|
|
1099
1111
|
* Note: Better Auth stores the state in a database instead of a cookie. - This is to minimize
|
|
1100
1112
|
* the complication with native apps and other clients that may not have access to cookies.
|
|
1101
1113
|
*/
|
|
1102
|
-
state
|
|
1114
|
+
state?: string;
|
|
1103
1115
|
/**
|
|
1104
1116
|
* The client ID. Must be the ID of a registered client.
|
|
1105
1117
|
*/
|
|
@@ -1363,7 +1375,7 @@ interface OAuthOpaqueAccessToken<Scopes extends readonly Scope[] = InternallySup
|
|
|
1363
1375
|
*/
|
|
1364
1376
|
interface OAuthRefreshToken<Scopes extends readonly Scope[] = InternallySupportedScopes[]> {
|
|
1365
1377
|
token: string;
|
|
1366
|
-
sessionId
|
|
1378
|
+
sessionId?: string;
|
|
1367
1379
|
userId: string;
|
|
1368
1380
|
referenceId?: string;
|
|
1369
1381
|
clientId?: string;
|
|
@@ -1739,4 +1751,4 @@ interface ResourceServerMetadata {
|
|
|
1739
1751
|
dpop_bound_access_tokens_required?: boolean;
|
|
1740
1752
|
}
|
|
1741
1753
|
//#endregion
|
|
1742
|
-
export {
|
|
1754
|
+
export { SchemaClient as _, OAuthClient as a, VerificationValue as b, TokenEndpointAuthMethod as c, OAuthAuthorizationQuery as d, OAuthConsent as f, Prompt as g, OAuthRefreshToken as h, GrantType as i, AuthorizePrompt as l, OAuthOptions as m, AuthServerMetadata as n, OIDCMetadata as o, OAuthOpaqueAccessToken as p, BearerMethodsSupported as r, ResourceServerMetadata as s, AuthMethod as t, ClientDiscovery as u, Scope as v, Awaitable as x, StoreTokenType as y };
|
|
@@ -324,7 +324,7 @@ async function extractClientCredentials(ctx, opts, expectedAudience) {
|
|
|
324
324
|
error_description: "client_assertion cannot be combined with client_secret or Basic auth",
|
|
325
325
|
error: "invalid_client"
|
|
326
326
|
});
|
|
327
|
-
const { verifyClientAssertion: verify } = await import("./client-assertion-
|
|
327
|
+
const { verifyClientAssertion: verify } = await import("./client-assertion-BYtMWGCE.mjs").then((n) => n.t);
|
|
328
328
|
const result = await verify(ctx, opts, body.client_assertion, body.client_assertion_type, body.client_id, expectedAudience);
|
|
329
329
|
return {
|
|
330
330
|
method: "private_key_jwt",
|
|
@@ -404,20 +404,24 @@ function searchParamsToQuery(params) {
|
|
|
404
404
|
}
|
|
405
405
|
return result;
|
|
406
406
|
}
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
407
|
+
const signedQueryIssuedAtParam = "ba_iat";
|
|
408
|
+
const postLoginClearedParam = "ba_pl";
|
|
409
|
+
function getSignedQueryIssuedAt(oauthQuery) {
|
|
410
|
+
const raw = new URLSearchParams(oauthQuery).get(signedQueryIssuedAtParam);
|
|
411
|
+
if (!raw) return null;
|
|
412
|
+
const issuedAt = Number(raw);
|
|
413
|
+
if (!Number.isFinite(issuedAt) || issuedAt <= 0) return null;
|
|
414
|
+
return new Date(issuedAt);
|
|
415
|
+
}
|
|
416
|
+
function removePromptFromQuery(query, prompt) {
|
|
417
|
+
const nextQuery = new URLSearchParams(query);
|
|
418
|
+
const prompts = nextQuery.get("prompt")?.split(" ");
|
|
415
419
|
const foundPrompt = prompts?.findIndex((v) => v === prompt) ?? -1;
|
|
416
420
|
if (foundPrompt >= 0) {
|
|
417
421
|
prompts?.splice(foundPrompt, 1);
|
|
418
|
-
prompts?.length ?
|
|
422
|
+
prompts?.length ? nextQuery.set("prompt", prompts.join(" ")) : nextQuery.delete("prompt");
|
|
419
423
|
}
|
|
420
|
-
return
|
|
424
|
+
return nextQuery;
|
|
421
425
|
}
|
|
422
426
|
var PKCERequirementErrors = /* @__PURE__ */ function(PKCERequirementErrors) {
|
|
423
427
|
PKCERequirementErrors["PUBLIC_CLIENT"] = "pkce is required for public clients";
|
|
@@ -446,4 +450,4 @@ function isPKCERequired(client, requestedScopes) {
|
|
|
446
450
|
return false;
|
|
447
451
|
}
|
|
448
452
|
//#endregion
|
|
449
|
-
export {
|
|
453
|
+
export { validateClientCredentials as C, toClientDiscoveryArray as S, resolveSubjectIdentifier as _, getJwtPlugin as a, storeClientSecret as b, getStoredToken as c, normalizeTimestampValue as d, parseClientMetadata as f, resolveSessionAuthTime as g, removePromptFromQuery as h, getClient as i, isPKCERequired as l, postLoginClearedParam as m, destructureCredentials as n, getOAuthProviderPlugin as o, parsePrompt as p, extractClientCredentials as r, getSignedQueryIssuedAt as s, decryptStoredClientSecret as t, mergeDiscoveryMetadata as u, searchParamsToQuery as v, verifyOAuthQueryParams as w, storeToken as x, signedQueryIssuedAtParam as y };
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@better-auth/oauth-provider",
|
|
3
|
-
"version": "1.7.0-beta.
|
|
3
|
+
"version": "1.7.0-beta.3",
|
|
4
4
|
"description": "An oauth provider plugin for Better Auth",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
@@ -64,15 +64,15 @@
|
|
|
64
64
|
"@modelcontextprotocol/sdk": "^1.27.1",
|
|
65
65
|
"listhen": "^1.9.0",
|
|
66
66
|
"tsdown": "0.21.1",
|
|
67
|
-
"@better-auth/core": "1.7.0-beta.
|
|
68
|
-
"better-auth": "1.7.0-beta.
|
|
67
|
+
"@better-auth/core": "1.7.0-beta.3",
|
|
68
|
+
"better-auth": "1.7.0-beta.3"
|
|
69
69
|
},
|
|
70
70
|
"peerDependencies": {
|
|
71
71
|
"@better-auth/utils": "0.4.0",
|
|
72
72
|
"@better-fetch/fetch": "1.1.21",
|
|
73
73
|
"better-call": "1.3.5",
|
|
74
|
-
"@better-auth/core": "^1.7.0-beta.
|
|
75
|
-
"better-auth": "^1.7.0-beta.
|
|
74
|
+
"@better-auth/core": "^1.7.0-beta.3",
|
|
75
|
+
"better-auth": "^1.7.0-beta.3"
|
|
76
76
|
},
|
|
77
77
|
"scripts": {
|
|
78
78
|
"build": "tsdown",
|