@constructive-io/oauth 0.2.0

package/LICENSE

@@ -0,0 +1,23 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Dan Lynch <pyramation@gmail.com>
+Copyright (c) 2025 Constructive <developers@constructive.io>
+Copyright (c) 2020-present, Interweb, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,187 @@
+# @constructive-io/oauth
+
+<p align="center" width="100%">
+  <img height="250" src="https://raw.githubusercontent.com/constructive-io/constructive/refs/heads/main/assets/outline-logo.svg" />
+</p>
+
+<p align="center" width="100%">
+  <a href="https://github.com/constructive-io/constructive/actions/workflows/run-tests.yaml">
+    <img height="20" src="https://github.com/constructive-io/constructive/actions/workflows/run-tests.yaml/badge.svg" />
+  </a>
+  <a href="https://github.com/constructive-io/constructive/blob/main/LICENSE">
+    <img height="20" src="https://img.shields.io/badge/license-MIT-blue.svg"/>
+  </a>
+  <a href="https://www.npmjs.com/package/@constructive-io/oauth">
+    <img height="20" src="https://img.shields.io/github/package-json/v/constructive-io/constructive?filename=packages%2Foauth%2Fpackage.json"/>
+  </a>
+</p>
+
+> Minimal OAuth 2.0 client for social authentication
+
+A lightweight OAuth 2.0 client for social authentication with Google, GitHub, Facebook, and LinkedIn. Uses [`@constructive-io/csrf`](../csrf) for secure state management. No external auth library dependencies - uses native fetch for HTTP requests.
+
+## Installation
+
+```bash
+pnpm add @constructive-io/oauth
+```
+
+## Usage
+
+### Basic Setup
+
+```typescript
+import { createOAuthClient } from '@constructive-io/oauth';
+
+const client = createOAuthClient({
+  providers: {
+    google: {
+      clientId: process.env.GOOGLE_CLIENT_ID,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+    },
+    github: {
+      clientId: process.env.GITHUB_CLIENT_ID,
+      clientSecret: process.env.GITHUB_CLIENT_SECRET,
+    },
+  },
+  baseUrl: 'https://api.example.com',
+});
+
+// Generate authorization URL
+const { url, state } = client.getAuthorizationUrl({ provider: 'google' });
+
+// After user authorizes, exchange code for profile
+const profile = await client.handleCallback({ provider: 'google', code });
+```
+
+### Express Middleware
+
+```typescript
+import express from 'express';
+import cookieParser from 'cookie-parser';
+import { createOAuthMiddleware } from '@constructive-io/oauth';
+
+const app = express();
+app.use(cookieParser());
+
+const oauth = createOAuthMiddleware({
+  providers: {
+    google: { clientId: '...', clientSecret: '...' },
+    github: { clientId: '...', clientSecret: '...' },
+    facebook: { clientId: '...', clientSecret: '...' },
+    linkedin: { clientId: '...', clientSecret: '...' },
+  },
+  baseUrl: 'https://api.example.com',
+  onSuccess: async (profile, context) => {
+    // Handle successful authentication
+    // Create/update user in database, generate session token, etc.
+    return { user: profile };
+  },
+  onError: (error, context) => {
+    console.error('OAuth error:', error);
+  },
+  successRedirect: 'https://app.example.com/dashboard',
+  errorRedirect: 'https://app.example.com/login?error=auth_failed',
+});
+
+// Mount routes
+app.get('/auth/:provider', oauth.initiateAuth);
+app.get('/auth/:provider/callback', oauth.handleCallback);
+app.get('/auth/providers', oauth.getProviders);
+```
+
+## Supported Providers
+
+| Provider | Scopes |
+|----------|--------|
+| Google | `openid`, `email`, `profile` |
+| GitHub | `user:email`, `read:user` |
+| Facebook | `email`, `public_profile` |
+| LinkedIn | `openid`, `profile`, `email` |
+
+## API
+
+### `createOAuthClient(config)`
+
+Creates an OAuth client instance.
+
+### `createOAuthMiddleware(config)`
+
+Creates Express route handlers for OAuth flows.
+
+### `OAuthProfile`
+
+The normalized user profile returned after authentication:
+
+```typescript
+interface OAuthProfile {
+  provider: string;      // 'google', 'github', etc.
+  providerId: string;    // Provider's unique user ID
+  email: string | null;
+  name: string | null;
+  picture: string | null;
+  raw: unknown;          // Original provider response
+}
+```
+
+## License
+
+MIT
+
+---
+
+## Education and Tutorials
+
+ 1. 🚀 [Quickstart: Getting Up and Running](https://constructive.io/learn/quickstart)
+Get started with modular databases in minutes. Install prerequisites and deploy your first module.
+
+ 2. 📦 [Modular PostgreSQL Development with Database Packages](https://constructive.io/learn/modular-postgres)
+Learn to organize PostgreSQL projects with pgpm workspaces and reusable database modules.
+
+ 3. ✏️ [Authoring Database Changes](https://constructive.io/learn/authoring-database-changes)
+Master the workflow for adding, organizing, and managing database changes with pgpm.
+
+ 4. 🧪 [End-to-End PostgreSQL Testing with TypeScript](https://constructive.io/learn/e2e-postgres-testing)
+Master end-to-end PostgreSQL testing with ephemeral databases, RLS testing, and CI/CD automation.
+
+ 5. ⚡ [Supabase Testing](https://constructive.io/learn/supabase)
+Use TypeScript-first tools to test Supabase projects with realistic RLS, policies, and auth contexts.
+
+ 6. 💧 [Drizzle ORM Testing](https://constructive.io/learn/drizzle-testing)
+Run full-stack tests with Drizzle ORM, including database setup, teardown, and RLS enforcement.
+
+ 7. 🔧 [Troubleshooting](https://constructive.io/learn/troubleshooting)
+Common issues and solutions for pgpm, PostgreSQL, and testing.
+
+## Related Constructive Tooling
+
+### 📦 Package Management
+
+* [pgpm](https://github.com/constructive-io/constructive/tree/main/pgpm/pgpm): **🖥️ PostgreSQL Package Manager** for modular Postgres development. Works with database workspaces, scaffolding, migrations, seeding, and installing database packages.
+
+### 🧪 Testing
+
+* [pgsql-test](https://github.com/constructive-io/constructive/tree/main/postgres/pgsql-test): **📊 Isolated testing environments** with per-test transaction rollbacks—ideal for integration tests, complex migrations, and RLS simulation.
+* [pgsql-seed](https://github.com/constructive-io/constructive/tree/main/postgres/pgsql-seed): **🌱 PostgreSQL seeding utilities** for CSV, JSON, SQL data loading, and pgpm deployment.
+* [supabase-test](https://github.com/constructive-io/constructive/tree/main/postgres/supabase-test): **🧪 Supabase-native test harness** preconfigured for the local Supabase stack—per-test rollbacks, JWT/role context helpers, and CI/GitHub Actions ready.
+* [graphile-test](https://github.com/constructive-io/constructive/tree/main/graphile/graphile-test): **🔐 Authentication mocking** for Graphile-focused test helpers and emulating row-level security contexts.
+* [pg-query-context](https://github.com/constructive-io/constructive/tree/main/postgres/pg-query-context): **🔒 Session context injection** to add session-local context (e.g., `SET LOCAL`) into queries—ideal for setting `role`, `jwt.claims`, and other session settings.
+
+### 🧠 Parsing & AST
+
+* [pgsql-parser](https://www.npmjs.com/package/pgsql-parser): **🔄 SQL conversion engine** that interprets and converts PostgreSQL syntax.
+* [libpg-query-node](https://www.npmjs.com/package/libpg-query): **🌉 Node.js bindings** for `libpg_query`, converting SQL into parse trees.
+* [pg-proto-parser](https://www.npmjs.com/package/pg-proto-parser): **📦 Protobuf parser** for parsing PostgreSQL Protocol Buffers definitions to generate TypeScript interfaces, utility functions, and JSON mappings for enums.
+* [@pgsql/enums](https://www.npmjs.com/package/@pgsql/enums): **🏷️ TypeScript enums** for PostgreSQL AST for safe and ergonomic parsing logic.
+* [@pgsql/types](https://www.npmjs.com/package/@pgsql/types): **📝 Type definitions** for PostgreSQL AST nodes in TypeScript.
+* [@pgsql/utils](https://www.npmjs.com/package/@pgsql/utils): **🛠️ AST utilities** for constructing and transforming PostgreSQL syntax trees.
+
+## Credits
+
+**🛠 Built by the [Constructive](https://constructive.io) team — creators of modular Postgres tooling for secure, composable backends. If you like our work, contribute on [GitHub](https://github.com/constructive-io).**
+
+## Disclaimer
+
+AS DESCRIBED IN THE LICENSES, THE SOFTWARE IS PROVIDED "AS IS", AT YOUR OWN RISK, AND WITHOUT WARRANTIES OF ANY KIND.
+
+No developer or entity involved in creating this software will be liable for any claims or damages whatsoever associated with your use, inability to use, or your interaction with other users of the code, including any direct, indirect, incidental, special, exemplary, punitive or consequential damages, or loss of profits, cryptocurrencies, tokens, or anything else of value.

package/esm/index.d.ts

@@ -0,0 +1,4 @@
+export { OAuthProviderConfig, OAuthProfile, OAuthCredentials, OAuthClientConfig, TokenResponse, AuthorizationUrlParams, CallbackParams, OAuthError, createOAuthError, } from './types';
+export { OAuthClient, createOAuthClient } from './oauth-client';
+export { providers, getProvider, getProviderIds, googleProvider, githubProvider, facebookProvider, linkedinProvider, } from './providers';
+export { createOAuthMiddleware, OAuthMiddlewareConfig, OAuthCallbackContext, OAuthErrorContext, OAuthRouteHandlers, generateState, verifyState, } from './middleware/express';

package/esm/index.js

@@ -0,0 +1,4 @@
+export { createOAuthError, } from './types';
+export { OAuthClient, createOAuthClient } from './oauth-client';
+export { providers, getProvider, getProviderIds, googleProvider, githubProvider, facebookProvider, linkedinProvider, } from './providers';
+export { createOAuthMiddleware, generateState, verifyState, } from './middleware/express';

package/esm/middleware/express.d.ts

@@ -0,0 +1,51 @@
+import { OAuthClientConfig, OAuthProfile } from '../types';
+import { generateState, verifyState } from '../utils/state';
+export interface OAuthMiddlewareConfig extends OAuthClientConfig {
+    onSuccess: (profile: OAuthProfile, context: OAuthCallbackContext) => Promise<unknown>;
+    onError?: (error: Error, context: OAuthErrorContext) => void;
+    successRedirect?: string;
+    errorRedirect?: string;
+}
+export interface OAuthCallbackContext {
+    provider: string;
+    profile: OAuthProfile;
+    query: Record<string, string>;
+}
+export interface OAuthErrorContext {
+    provider?: string;
+    error: Error;
+    query: Record<string, string>;
+}
+export interface OAuthRouteHandlers {
+    initiateAuth: (req: {
+        params: {
+            provider: string;
+        };
+        query: Record<string, unknown>;
+    }, res: {
+        redirect: (url: string) => void;
+        cookie: (name: string, value: string, options: Record<string, unknown>) => void;
+        status: (code: number) => {
+            json: (data: unknown) => void;
+        };
+    }) => void;
+    handleCallback: (req: {
+        params: {
+            provider: string;
+        };
+        query: Record<string, unknown>;
+        cookies: Record<string, string>;
+    }, res: {
+        redirect: (url: string) => void;
+        clearCookie: (name: string) => void;
+        status: (code: number) => {
+            json: (data: unknown) => void;
+        };
+        json: (data: unknown) => void;
+    }) => Promise<void>;
+    getProviders: (req: unknown, res: {
+        json: (data: unknown) => void;
+    }) => void;
+}
+export declare function createOAuthMiddleware(config: OAuthMiddlewareConfig): OAuthRouteHandlers;
+export { generateState, verifyState };

package/esm/middleware/express.js

@@ -0,0 +1,172 @@
+import { OAuthClient } from '../oauth-client';
+import { createOAuthError } from '../types';
+import { generateState, verifyState } from '../utils/state';
+import { getProviderIds } from '../providers';
+export function createOAuthMiddleware(config) {
+    const client = new OAuthClient(config);
+    const clientConfig = client.getConfig();
+    const initiateAuth = (req, res) => {
+        const { provider } = req.params;
+        try {
+            const { url, state } = client.getAuthorizationUrl({ provider });
+            res.cookie(clientConfig.stateCookieName, state, {
+                httpOnly: true,
+                secure: process.env.NODE_ENV === 'production',
+                maxAge: (clientConfig.stateCookieMaxAge || 600) * 1000,
+                sameSite: 'lax',
+            });
+            res.redirect(url);
+        }
+        catch (error) {
+            if (config.onError) {
+                config.onError(error, {
+                    provider,
+                    error: error,
+                    query: req.query,
+                });
+            }
+            if (config.errorRedirect) {
+                const errorUrl = new URL(config.errorRedirect);
+                errorUrl.searchParams.set('error', error.message);
+                errorUrl.searchParams.set('provider', provider);
+                res.redirect(errorUrl.toString());
+            }
+            else {
+                res.status(400).json({
+                    error: 'oauth_error',
+                    message: error.message,
+                    provider,
+                });
+            }
+        }
+    };
+    const handleCallback = async (req, res) => {
+        const { provider } = req.params;
+        const { code, state, error: oauthError, error_description } = req.query;
+        const storedState = req.cookies[clientConfig.stateCookieName];
+        res.clearCookie(clientConfig.stateCookieName);
+        if (oauthError) {
+            const error = createOAuthError(error_description || oauthError, 'OAUTH_PROVIDER_ERROR', provider);
+            if (config.onError) {
+                config.onError(error, {
+                    provider,
+                    error,
+                    query: req.query,
+                });
+            }
+            if (config.errorRedirect) {
+                const errorUrl = new URL(config.errorRedirect);
+                errorUrl.searchParams.set('error', oauthError);
+                if (error_description) {
+                    errorUrl.searchParams.set('error_description', error_description);
+                }
+                errorUrl.searchParams.set('provider', provider);
+                res.redirect(errorUrl.toString());
+            }
+            else {
+                res.status(400).json({
+                    error: 'oauth_error',
+                    message: error_description || oauthError,
+                    provider,
+                });
+            }
+            return;
+        }
+        if (!verifyState(storedState, state)) {
+            const error = createOAuthError('Invalid state parameter', 'INVALID_STATE', provider);
+            if (config.onError) {
+                config.onError(error, {
+                    provider,
+                    error,
+                    query: req.query,
+                });
+            }
+            if (config.errorRedirect) {
+                const errorUrl = new URL(config.errorRedirect);
+                errorUrl.searchParams.set('error', 'invalid_state');
+                errorUrl.searchParams.set('provider', provider);
+                res.redirect(errorUrl.toString());
+            }
+            else {
+                res.status(400).json({
+                    error: 'invalid_state',
+                    message: 'Invalid state parameter',
+                    provider,
+                });
+            }
+            return;
+        }
+        if (!code) {
+            const error = createOAuthError('Missing authorization code', 'MISSING_CODE', provider);
+            if (config.onError) {
+                config.onError(error, {
+                    provider,
+                    error,
+                    query: req.query,
+                });
+            }
+            if (config.errorRedirect) {
+                const errorUrl = new URL(config.errorRedirect);
+                errorUrl.searchParams.set('error', 'missing_code');
+                errorUrl.searchParams.set('provider', provider);
+                res.redirect(errorUrl.toString());
+            }
+            else {
+                res.status(400).json({
+                    error: 'missing_code',
+                    message: 'Missing authorization code',
+                    provider,
+                });
+            }
+            return;
+        }
+        try {
+            const profile = await client.handleCallback({ provider, code });
+            const result = await config.onSuccess(profile, {
+                provider,
+                profile,
+                query: req.query,
+            });
+            if (config.successRedirect) {
+                res.redirect(config.successRedirect);
+            }
+            else {
+                res.json({ success: true, data: result });
+            }
+        }
+        catch (error) {
+            if (config.onError) {
+                config.onError(error, {
+                    provider,
+                    error: error,
+                    query: req.query,
+                });
+            }
+            if (config.errorRedirect) {
+                const errorUrl = new URL(config.errorRedirect);
+                errorUrl.searchParams.set('error', 'callback_failed');
+                errorUrl.searchParams.set('message', error.message);
+                errorUrl.searchParams.set('provider', provider);
+                res.redirect(errorUrl.toString());
+            }
+            else {
+                res.status(500).json({
+                    error: 'callback_failed',
+                    message: error.message,
+                    provider,
+                });
+            }
+        }
+    };
+    const getProviders = (_req, res) => {
+        const configuredProviders = Object.keys(config.providers);
+        const availableProviders = getProviderIds().filter((id) => configuredProviders.includes(id));
+        res.json({ providers: availableProviders });
+    };
+    return {
+        initiateAuth,
+        handleCallback,
+        getProviders,
+    };
+}
+export { generateState, verifyState };

package/esm/oauth-client.d.ts

@@ -0,0 +1,16 @@
+import { OAuthClientConfig, OAuthProfile, TokenResponse, AuthorizationUrlParams, CallbackParams } from './types';
+export declare class OAuthClient {
+    private config;
+    constructor(config: OAuthClientConfig);
+    getAuthorizationUrl(params: AuthorizationUrlParams): {
+        url: string;
+        state: string;
+    };
+    exchangeCode(params: CallbackParams): Promise<TokenResponse>;
+    getUserProfile(providerId: string, accessToken: string): Promise<OAuthProfile>;
+    handleCallback(params: CallbackParams): Promise<OAuthProfile>;
+    private fetchGitHubEmail;
+    private getCallbackUrl;
+    getConfig(): OAuthClientConfig;
+}
+export declare function createOAuthClient(config: OAuthClientConfig): OAuthClient;

package/esm/oauth-client.js

@@ -0,0 +1,146 @@
+import { createOAuthError, } from './types';
+import { getProvider, GITHUB_EMAILS_URL, extractPrimaryEmail } from './providers';
+import { generateState } from './utils/state';
+export class OAuthClient {
+    config;
+    constructor(config) {
+        this.config = {
+            callbackPath: '/auth/{provider}/callback',
+            stateCookieName: 'oauth_state',
+            stateCookieMaxAge: 600,
+            ...config,
+        };
+    }
+    getAuthorizationUrl(params) {
+        const { provider: providerId, state: customState, redirectUri, scopes } = params;
+        const provider = getProvider(providerId);
+        if (!provider) {
+            throw createOAuthError(`Unknown provider: ${providerId}`, 'UNKNOWN_PROVIDER', providerId);
+        }
+        const credentials = this.config.providers[providerId];
+        if (!credentials) {
+            throw createOAuthError(`No credentials configured for provider: ${providerId}`, 'MISSING_CREDENTIALS', providerId);
+        }
+        const state = customState || generateState();
+        const callbackUrl = this.getCallbackUrl(providerId, redirectUri || credentials.redirectUri);
+        const effectiveScopes = scopes || provider.scopes;
+        const url = new URL(provider.authorizationUrl);
+        url.searchParams.set('client_id', credentials.clientId);
+        url.searchParams.set('redirect_uri', callbackUrl);
+        url.searchParams.set('response_type', 'code');
+        url.searchParams.set('scope', effectiveScopes.join(' '));
+        url.searchParams.set('state', state);
+        return { url: url.toString(), state };
+    }
+    async exchangeCode(params) {
+        const { provider: providerId, code, redirectUri } = params;
+        const provider = getProvider(providerId);
+        if (!provider) {
+            throw createOAuthError(`Unknown provider: ${providerId}`, 'UNKNOWN_PROVIDER', providerId);
+        }
+        const credentials = this.config.providers[providerId];
+        if (!credentials) {
+            throw createOAuthError(`No credentials configured for provider: ${providerId}`, 'MISSING_CREDENTIALS', providerId);
+        }
+        const callbackUrl = this.getCallbackUrl(providerId, redirectUri || credentials.redirectUri);
+        const body = {
+            client_id: credentials.clientId,
+            client_secret: credentials.clientSecret,
+            code,
+            redirect_uri: callbackUrl,
+            grant_type: 'authorization_code',
+        };
+        const headers = {
+            Accept: 'application/json',
+        };
+        let requestBody;
+        if (provider.tokenRequestContentType === 'json') {
+            headers['Content-Type'] = 'application/json';
+            requestBody = JSON.stringify(body);
+        }
+        else {
+            headers['Content-Type'] = 'application/x-www-form-urlencoded';
+            requestBody = new URLSearchParams(body).toString();
+        }
+        const response = await fetch(provider.tokenUrl, {
+            method: 'POST',
+            headers,
+            body: requestBody,
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw createOAuthError(`Token exchange failed: ${errorText}`, 'TOKEN_EXCHANGE_FAILED', providerId, response.status);
+        }
+        const data = await response.json();
+        if (data.error) {
+            throw createOAuthError(`Token exchange error: ${data.error_description || data.error}`, 'TOKEN_EXCHANGE_ERROR', providerId);
+        }
+        return data;
+    }
+    async getUserProfile(providerId, accessToken) {
+        const provider = getProvider(providerId);
+        if (!provider) {
+            throw createOAuthError(`Unknown provider: ${providerId}`, 'UNKNOWN_PROVIDER', providerId);
+        }
+        const headers = {
+            Authorization: `Bearer ${accessToken}`,
+            Accept: 'application/json',
+        };
+        if (providerId === 'github') {
+            headers['User-Agent'] = 'Constructive-OAuth';
+        }
+        const response = await fetch(provider.userInfoUrl, {
+            method: provider.userInfoMethod || 'GET',
+            headers,
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw createOAuthError(`Failed to fetch user profile: ${errorText}`, 'USER_PROFILE_FAILED', providerId, response.status);
+        }
+        const data = await response.json();
+        let profile = provider.mapProfile(data);
+        if (providerId === 'github' && !profile.email) {
+            profile = await this.fetchGitHubEmail(accessToken, profile);
+        }
+        return profile;
+    }
+    async handleCallback(params) {
+        const tokens = await this.exchangeCode(params);
+        return this.getUserProfile(params.provider, tokens.access_token);
+    }
+    async fetchGitHubEmail(accessToken, profile) {
+        try {
+            const response = await fetch(GITHUB_EMAILS_URL, {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                    Accept: 'application/json',
+                    'User-Agent': 'Constructive-OAuth',
+                },
+            });
+            if (response.ok) {
+                const emails = await response.json();
+                const email = extractPrimaryEmail(emails);
+                if (email) {
+                    return { ...profile, email };
+                }
+            }
+        }
+        catch {
+            // Ignore email fetch errors, return profile without email
+        }
+        return profile;
+    }
+    getCallbackUrl(providerId, customRedirectUri) {
+        if (customRedirectUri) {
+            return customRedirectUri;
+        }
+        const path = this.config.callbackPath.replace('{provider}', providerId);
+        return `${this.config.baseUrl}${path}`;
+    }
+    getConfig() {
+        return this.config;
+    }
+}
+export function createOAuthClient(config) {
+    return new OAuthClient(config);
+}

package/esm/providers/facebook.d.ts

@@ -0,0 +1,2 @@
+import { OAuthProviderConfig } from '../types';
+export declare const facebookProvider: OAuthProviderConfig;

package/esm/providers/facebook.js

@@ -0,0 +1,21 @@
+const FACEBOOK_API_VERSION = 'v18.0';
+export const facebookProvider = {
+    id: 'facebook',
+    name: 'Facebook',
+    authorizationUrl: `https://www.facebook.com/${FACEBOOK_API_VERSION}/dialog/oauth`,
+    tokenUrl: `https://graph.facebook.com/${FACEBOOK_API_VERSION}/oauth/access_token`,
+    userInfoUrl: `https://graph.facebook.com/me?fields=id,name,email,picture`,
+    scopes: ['email', 'public_profile'],
+    tokenRequestContentType: 'form',
+    mapProfile: (data) => {
+        const profile = data;
+        return {
+            provider: 'facebook',
+            providerId: profile.id,
+            email: profile.email || null,
+            name: profile.name || null,
+            picture: profile.picture?.data?.url || null,
+            raw: data,
+        };
+    },
+};

package/esm/providers/github.d.ts

@@ -0,0 +1,10 @@
+import { OAuthProviderConfig } from '../types';
+interface GitHubEmail {
+    email: string;
+    primary: boolean;
+    verified: boolean;
+}
+export declare const githubProvider: OAuthProviderConfig;
+export declare const GITHUB_EMAILS_URL = "https://api.github.com/user/emails";
+export declare function extractPrimaryEmail(emails: GitHubEmail[]): string | null;
+export {};

package/esm/providers/github.js

@@ -0,0 +1,30 @@
+export const githubProvider = {
+    id: 'github',
+    name: 'GitHub',
+    authorizationUrl: 'https://github.com/login/oauth/authorize',
+    tokenUrl: 'https://github.com/login/oauth/access_token',
+    userInfoUrl: 'https://api.github.com/user',
+    scopes: ['user:email', 'read:user'],
+    tokenRequestContentType: 'json',
+    mapProfile: (data) => {
+        const profile = data;
+        return {
+            provider: 'github',
+            providerId: String(profile.id),
+            email: profile.email || null,
+            name: profile.name || profile.login || null,
+            picture: profile.avatar_url || null,
+            raw: data,
+        };
+    },
+};
+export const GITHUB_EMAILS_URL = 'https://api.github.com/user/emails';
+export function extractPrimaryEmail(emails) {
+    const primary = emails.find((e) => e.primary && e.verified);
+    if (primary)
+        return primary.email;
+    const verified = emails.find((e) => e.verified);
+    if (verified)
+        return verified.email;
+    return emails[0]?.email || null;
+}