@draftlab/auth 0.0.1

package/dist/provider/github.d.ts

@@ -0,0 +1,141 @@
+import "../storage-CxKerLlc.js";
+import { Provider } from "../provider-CwWMG-1l.js";
+import { Oauth2UserData, Oauth2WrappedConfig } from "../oauth2-DtKwtl8p.js";
+
+//#region src/provider/github.d.ts
+
+/**
+ * Configuration options for GitHub OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with GitHub-specific documentation.
+ */
+interface GithubConfig extends Oauth2WrappedConfig {
+  /**
+   * GitHub OAuth App client ID or GitHub App client ID.
+   * Found in your GitHub App settings or OAuth App settings.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientID: "Iv1.a629723000043722" // OAuth App
+   *   // or
+   *   clientID: "Iv23liAG5t7VwMkUsKTi" // GitHub App
+   * }
+   * ```
+   */
+  readonly clientID: string;
+  /**
+   * GitHub OAuth App client secret or GitHub App client secret.
+   * Keep this secure and never expose it to client-side code.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientSecret: process.env.GITHUB_CLIENT_SECRET
+   * }
+   * ```
+   */
+  readonly clientSecret: string;
+  /**
+   * GitHub OAuth scopes to request access for.
+   * Determines what data and actions your app can access.
+   *
+   * @example
+   * ```ts
+   * {
+   *   scopes: [
+   *     "user:email",    // Access user email addresses
+   *     "read:user",     // Read user profile info
+   *     "public_repo",   // Access public repositories
+   *     "read:org"       // Read organization membership
+   *   ]
+   * }
+   * ```
+   */
+  readonly scopes: string[];
+  /**
+   * Additional query parameters for GitHub OAuth authorization.
+   * Useful for GitHub-specific options like restricting to organizations.
+   *
+   * @example
+   * ```ts
+   * {
+   *   query: {
+   *     allow_signup: "false",      // Disable new account creation
+   *     login: "suggested-username" // Pre-fill username field
+   *   }
+   * }
+   * ```
+   */
+  readonly query?: Record<string, string>;
+}
+/**
+ * Creates a GitHub OAuth 2.0 authentication provider.
+ * Supports both GitHub OAuth Apps and GitHub Apps for user authentication.
+ *
+ * @param config - GitHub OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for GitHub
+ *
+ * @example
+ * ```ts
+ * // Basic GitHub authentication
+ * const basicGithub = GithubProvider({
+ *   clientID: process.env.GITHUB_CLIENT_ID,
+ *   clientSecret: process.env.GITHUB_CLIENT_SECRET
+ * })
+ *
+ * // GitHub with specific scopes
+ * const githubWithScopes = GithubProvider({
+ *   clientID: process.env.GITHUB_CLIENT_ID,
+ *   clientSecret: process.env.GITHUB_CLIENT_SECRET,
+ *   scopes: [
+ *     "user:email",
+ *     "read:user",
+ *     "public_repo",
+ *     "read:org"
+ *   ]
+ * })
+ *
+ * // GitHub with custom authorization options
+ * const restrictedGithub = GithubProvider({
+ *   clientID: process.env.GITHUB_CLIENT_ID,
+ *   clientSecret: process.env.GITHUB_CLIENT_SECRET,
+ *   scopes: ["user:email", "read:user"],
+ *   query: {
+ *     allow_signup: "false" // Don't allow new GitHub account creation
+ *   }
+ * })
+ *
+ * // Using the access token to fetch data
+ * export default issuer({
+ *   providers: { github: githubWithScopes },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "github") {
+ *       const token = value.tokenset.access
+ *
+ *       // Get user profile
+ *       const userRes = await fetch('https://api.github.com/user', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const user = await userRes.json()
+ *
+ *       // Get user repositories (if repo scope granted)
+ *       const reposRes = await fetch('https://api.github.com/user/repos', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const repos = await reposRes.json()
+ *
+ *       return ctx.subject("user", {
+ *         githubId: user.id,
+ *         username: user.login,
+ *         email: user.email,
+ *         name: user.name,
+ *         repoCount: repos.length
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ */
+declare const GithubProvider: (config: GithubConfig) => Provider<Oauth2UserData>;
+//#endregion
+export { GithubConfig, GithubProvider };

package/dist/provider/github.js

@@ -0,0 +1,88 @@
+import "../util-CSdHUFOo.js";
+import "../error-DgAKK7b2.js";
+import "../pkce-276Za_rZ.js";
+import "../random-SXMYlaVr.js";
+import { Oauth2Provider } from "../oauth2-B7-6Z7Lc.js";
+
+//#region src/provider/github.ts
+/**
+* Creates a GitHub OAuth 2.0 authentication provider.
+* Supports both GitHub OAuth Apps and GitHub Apps for user authentication.
+*
+* @param config - GitHub OAuth 2.0 configuration
+* @returns OAuth 2.0 provider configured for GitHub
+*
+* @example
+* ```ts
+* // Basic GitHub authentication
+* const basicGithub = GithubProvider({
+*   clientID: process.env.GITHUB_CLIENT_ID,
+*   clientSecret: process.env.GITHUB_CLIENT_SECRET
+* })
+*
+* // GitHub with specific scopes
+* const githubWithScopes = GithubProvider({
+*   clientID: process.env.GITHUB_CLIENT_ID,
+*   clientSecret: process.env.GITHUB_CLIENT_SECRET,
+*   scopes: [
+*     "user:email",
+*     "read:user",
+*     "public_repo",
+*     "read:org"
+*   ]
+* })
+*
+* // GitHub with custom authorization options
+* const restrictedGithub = GithubProvider({
+*   clientID: process.env.GITHUB_CLIENT_ID,
+*   clientSecret: process.env.GITHUB_CLIENT_SECRET,
+*   scopes: ["user:email", "read:user"],
+*   query: {
+*     allow_signup: "false" // Don't allow new GitHub account creation
+*   }
+* })
+*
+* // Using the access token to fetch data
+* export default issuer({
+*   providers: { github: githubWithScopes },
+*   success: async (ctx, value) => {
+*     if (value.provider === "github") {
+*       const token = value.tokenset.access
+*
+*       // Get user profile
+*       const userRes = await fetch('https://api.github.com/user', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const user = await userRes.json()
+*
+*       // Get user repositories (if repo scope granted)
+*       const reposRes = await fetch('https://api.github.com/user/repos', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const repos = await reposRes.json()
+*
+*       return ctx.subject("user", {
+*         githubId: user.id,
+*         username: user.login,
+*         email: user.email,
+*         name: user.name,
+*         repoCount: repos.length
+*       })
+*     }
+*   }
+* })
+* ```
+*/
+const GithubProvider = (config) => {
+	return Oauth2Provider({
+		...config,
+		type: "github",
+		endpoint: {
+			authorization: "https://github.com/login/oauth/authorize",
+			token: "https://github.com/login/oauth/access_token"
+		}
+	});
+};
+
+//#endregion
+export { GithubProvider };

package/dist/provider/google.d.ts

@@ -0,0 +1,113 @@
+import "../storage-CxKerLlc.js";
+import { Provider } from "../provider-CwWMG-1l.js";
+import { Oauth2UserData, Oauth2WrappedConfig } from "../oauth2-DtKwtl8p.js";
+
+//#region src/provider/google.d.ts
+
+/**
+ * Configuration options for Google OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with Google-specific defaults.
+ */
+interface GoogleConfig extends Oauth2WrappedConfig {
+  /**
+   * Google OAuth 2.0 client ID from Google Cloud Console.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientID: "123456789-abc123.apps.googleusercontent.com"
+   * }
+   * ```
+   */
+  readonly clientID: string;
+  /**
+   * Google OAuth 2.0 client secret from Google Cloud Console.
+   * Required for server-side OAuth 2.0 flows.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientSecret: process.env.GOOGLE_CLIENT_SECRET
+   * }
+   * ```
+   */
+  readonly clientSecret: string;
+  /**
+   * Google OAuth 2.0 scopes to request.
+   * Common scopes include 'profile', 'email', and specific Google API scopes.
+   *
+   * @example
+   * ```ts
+   * {
+   *   scopes: [
+   *     "profile",
+   *     "email",
+   *     "https://www.googleapis.com/auth/calendar.readonly",
+   *     "https://www.googleapis.com/auth/drive.file"
+   *   ]
+   * }
+   * ```
+   */
+  readonly scopes: string[];
+  /**
+   * Additional query parameters for Google OAuth 2.0.
+   * Useful for Google-specific options like hosted domain restrictions.
+   *
+   * @example
+   * ```ts
+   * {
+   *   query: {
+   *     hd: "mycompany.com",        // Restrict to Google Workspace domain
+   *     access_type: "offline",     // Request refresh token
+   *     prompt: "consent",          // Force consent screen
+   *     include_granted_scopes: "true" // Incremental authorization
+   *   }
+   * }
+   * ```
+   */
+  readonly query?: Record<string, string>;
+}
+/**
+ * Creates a Google OAuth 2.0 authentication provider.
+ * Use this when you need access tokens to call Google APIs on behalf of the user.
+ *
+ * @param config - Google OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for Google
+ *
+ * @example
+ * ```ts
+ * // Basic setup for user authentication
+ * const basicGoogle = GoogleProvider({
+ *   clientID: process.env.GOOGLE_CLIENT_ID,
+ *   clientSecret: process.env.GOOGLE_CLIENT_SECRET
+ * })
+ *
+ * // Advanced setup with API access
+ * const advancedGoogle = GoogleProvider({
+ *   clientID: process.env.GOOGLE_CLIENT_ID,
+ *   clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+ *   scopes: [
+ *     "profile",
+ *     "email",
+ *     "https://www.googleapis.com/auth/calendar.readonly",
+ *     "https://www.googleapis.com/auth/drive.file"
+ *   ],
+ *   query: {
+ *     access_type: "offline",    // Get refresh token
+ *     prompt: "consent",         // Force consent for refresh token
+ *     hd: "mycompany.com"       // Restrict to company domain
+ *   }
+ * })
+ *
+ * // Use the access token for API calls
+ * success: async (ctx, value) => {
+ *   const accessToken = value.tokenset.access
+ *   const response = await fetch('https://www.googleapis.com/calendar/v3/calendars/primary/events', {
+ *     headers: { Authorization: `Bearer ${accessToken}` }
+ *   })
+ * }
+ * ```
+ */
+declare const GoogleProvider: (config: GoogleConfig) => Provider<Oauth2UserData>;
+//#endregion
+export { GoogleConfig, GoogleProvider };

package/dist/provider/google.js

@@ -0,0 +1,62 @@
+import "../util-CSdHUFOo.js";
+import "../error-DgAKK7b2.js";
+import "../pkce-276Za_rZ.js";
+import "../random-SXMYlaVr.js";
+import { Oauth2Provider } from "../oauth2-B7-6Z7Lc.js";
+
+//#region src/provider/google.ts
+/**
+* Creates a Google OAuth 2.0 authentication provider.
+* Use this when you need access tokens to call Google APIs on behalf of the user.
+*
+* @param config - Google OAuth 2.0 configuration
+* @returns OAuth 2.0 provider configured for Google
+*
+* @example
+* ```ts
+* // Basic setup for user authentication
+* const basicGoogle = GoogleProvider({
+*   clientID: process.env.GOOGLE_CLIENT_ID,
+*   clientSecret: process.env.GOOGLE_CLIENT_SECRET
+* })
+*
+* // Advanced setup with API access
+* const advancedGoogle = GoogleProvider({
+*   clientID: process.env.GOOGLE_CLIENT_ID,
+*   clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+*   scopes: [
+*     "profile",
+*     "email",
+*     "https://www.googleapis.com/auth/calendar.readonly",
+*     "https://www.googleapis.com/auth/drive.file"
+*   ],
+*   query: {
+*     access_type: "offline",    // Get refresh token
+*     prompt: "consent",         // Force consent for refresh token
+*     hd: "mycompany.com"       // Restrict to company domain
+*   }
+* })
+*
+* // Use the access token for API calls
+* success: async (ctx, value) => {
+*   const accessToken = value.tokenset.access
+*   const response = await fetch('https://www.googleapis.com/calendar/v3/calendars/primary/events', {
+*     headers: { Authorization: `Bearer ${accessToken}` }
+*   })
+* }
+* ```
+*/
+const GoogleProvider = (config) => {
+	return Oauth2Provider({
+		...config,
+		type: "google",
+		endpoint: {
+			authorization: "https://accounts.google.com/o/oauth2/v2/auth",
+			token: "https://oauth2.googleapis.com/token",
+			jwks: "https://www.googleapis.com/oauth2/v3/certs"
+		}
+	});
+};
+
+//#endregion
+export { GoogleProvider };

package/dist/provider/oauth2.d.ts

@@ -0,0 +1,4 @@
+import "../storage-CxKerLlc.js";
+import "../provider-CwWMG-1l.js";
+import { Oauth2Config, Oauth2Provider, Oauth2Token, Oauth2UserData, Oauth2WrappedConfig } from "../oauth2-DtKwtl8p.js";
+export { Oauth2Config, Oauth2Provider, Oauth2Token, Oauth2UserData, Oauth2WrappedConfig };

package/dist/provider/oauth2.js

@@ -0,0 +1,7 @@
+import "../util-CSdHUFOo.js";
+import "../error-DgAKK7b2.js";
+import "../pkce-276Za_rZ.js";
+import "../random-SXMYlaVr.js";
+import { Oauth2Provider } from "../oauth2-B7-6Z7Lc.js";
+
+export { Oauth2Provider };

package/dist/provider/password.d.ts

@@ -0,0 +1,4 @@
+import "../storage-CxKerLlc.js";
+import "../provider-CwWMG-1l.js";
+import { PBKDF2Hasher, PasswordChangeError, PasswordChangeState, PasswordConfig, PasswordHasher, PasswordLoginError, PasswordProvider, PasswordRegisterError, PasswordRegisterState, PasswordUserData, ScryptHasher } from "../password-Cm0dRMwa.js";
+export { PBKDF2Hasher, PasswordChangeError, PasswordChangeState, PasswordConfig, PasswordHasher, PasswordLoginError, PasswordProvider, PasswordRegisterError, PasswordRegisterState, PasswordUserData, ScryptHasher };