@draftlab/auth 0.15.0 → 0.16.0

package/dist/types/provider/linkedin.d.ts

@@ -0,0 +1,190 @@
+/**
+ * LinkedIn OAuth 2.0 authentication provider for Draft Auth.
+ * Provides access tokens for calling LinkedIn APIs on behalf of users.
+ *
+ * ## Quick Setup
+ *
+ * ```ts
+ * import { LinkedInProvider } from "@draftlab/auth/provider/linkedin"
+ *
+ * export default issuer({
+ *   basePath: "/auth", // Important for callback URL
+ *   providers: {
+ *     linkedin: LinkedInProvider({
+ *       clientID: process.env.LINKEDIN_CLIENT_ID,
+ *       clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
+ *       scopes: ["r_liteprofile", "r_emailaddress", "w_member_social"]
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
+ * - Development: `http://localhost:3000/auth/linkedin/callback`
+ * - Production: `https://yourapp.com/auth/linkedin/callback`
+ *
+ * Register this URL in your LinkedIn Developer Portal.
+ *
+ * ## Common Scopes
+ *
+ * - `r_liteprofile` - Access to basic profile information
+ * - `r_emailaddress` - Access to user's email address
+ * - `r_basicprofile` - Access to full profile information (deprecated)
+ * - `w_member_social` - Share content on behalf of user
+ * - `r_organization_social` - Access to organization social content
+ * - `rw_organization_admin` - Manage organization pages
+ *
+ * ## User Data Access
+ *
+ * ```ts
+ * success: async (ctx, value) => {
+ *   if (value.provider === "linkedin") {
+ *     const accessToken = value.tokenset.access
+ *
+ *     // Fetch user profile
+ *     const profileResponse = await fetch('https://api.linkedin.com/v2/people/~', {
+ *       headers: { Authorization: `Bearer ${accessToken}` }
+ *     })
+ *     const profile = await profileResponse.json()
+ *
+ *     // Fetch user email (requires r_emailaddress scope)
+ *     const emailResponse = await fetch('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
+ *       headers: { Authorization: `Bearer ${accessToken}` }
+ *     })
+ *     const emailData = await emailResponse.json()
+ *
+ *     // User info: profile.localizedFirstName + profile.localizedLastName
+ *     // Email: emailData.elements[0]['handle~'].emailAddress
+ *   }
+ * }
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { type Oauth2WrappedConfig } from "./oauth2";
+/**
+ * Configuration options for LinkedIn OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with LinkedIn-specific documentation.
+ */
+export interface LinkedInConfig extends Oauth2WrappedConfig {
+    /**
+     * LinkedIn OAuth 2.0 client ID from LinkedIn Developer Console.
+     * Found in your LinkedIn app settings.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientID: "78abc123456789"
+     * }
+     * ```
+     */
+    readonly clientID: string;
+    /**
+     * LinkedIn OAuth 2.0 client secret from LinkedIn Developer Console.
+     * Keep this secure and never expose it to client-side code.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
+     * }
+     * ```
+     */
+    readonly clientSecret: string;
+    /**
+     * LinkedIn OAuth scopes to request access for.
+     * Determines what data and actions your app can access.
+     *
+     * @example
+     * ```ts
+     * {
+     *   scopes: [
+     *     "r_liteprofile",    // Basic profile information
+     *     "r_emailaddress",   // Email address
+     *     "w_member_social",  // Share content on behalf of user
+     *     "r_organization_social" // Organization content access
+     *   ]
+     * }
+     * ```
+     */
+    readonly scopes: string[];
+    /**
+     * Additional query parameters for LinkedIn OAuth authorization.
+     * Useful for LinkedIn-specific options.
+     *
+     * @example
+     * ```ts
+     * {
+     *   query: {
+     *     state: "custom-state-value" // Custom state parameter
+     *   }
+     * }
+     * ```
+     */
+    readonly query?: Record<string, string>;
+}
+/**
+ * Creates a LinkedIn OAuth 2.0 authentication provider.
+ * Use this when you need access tokens to call LinkedIn APIs on behalf of the user.
+ *
+ * @param config - LinkedIn OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for LinkedIn
+ *
+ * @example
+ * ```ts
+ * // Basic LinkedIn authentication
+ * const basicLinkedIn = LinkedInProvider({
+ *   clientID: process.env.LINKEDIN_CLIENT_ID,
+ *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
+ * })
+ *
+ * // LinkedIn with specific scopes
+ * const linkedInWithScopes = LinkedInProvider({
+ *   clientID: process.env.LINKEDIN_CLIENT_ID,
+ *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
+ *   scopes: [
+ *     "r_liteprofile",
+ *     "r_emailaddress",
+ *     "w_member_social"
+ *   ]
+ * })
+ *
+ * // Using the access token to fetch data
+ * export default issuer({
+ *   providers: { linkedin: linkedInWithScopes },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "linkedin") {
+ *       const token = value.tokenset.access
+ *
+ *       // Get user profile
+ *       const profileRes = await fetch('https://api.linkedin.com/v2/people/~', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const profile = await profileRes.json()
+ *
+ *       // Get user email
+ *       const emailRes = await fetch('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const emailData = await emailRes.json()
+ *
+ *       return ctx.subject("user", {
+ *         linkedinId: profile.id,
+ *         firstName: profile.localizedFirstName,
+ *         lastName: profile.localizedLastName,
+ *         email: emailData.elements[0]['handle~'].emailAddress,
+ *         profileUrl: `https://www.linkedin.com/in/${profile.vanityName || profile.id}`
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ *
+ * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
+ * - Development: `http://localhost:3000/auth/linkedin/callback`
+ * - Production: `https://yourapp.com/auth/linkedin/callback`
+ *
+ * Register this URL in your LinkedIn Developer Portal.
+ */
+export declare const LinkedInProvider: (config: LinkedInConfig) => import("./provider").Provider<import("./oauth2").Oauth2UserData>;
+//# sourceMappingURL=linkedin.d.ts.map

package/dist/types/provider/linkedin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"linkedin.d.ts","sourceRoot":"","sources":["../../../src/provider/linkedin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8DG;AAEH,OAAO,EAAkB,KAAK,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAEnE;;;GAGG;AACH,MAAM,WAAW,cAAe,SAAQ,mBAAmB;IAC1D;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IAEzB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAE7B;;;;;;;;;;;;;;;OAeG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,CAAA;IAEzB;;;;;;;;;;;;OAYG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8DG;AACH,eAAO,MAAM,gBAAgB,GAAI,QAAQ,cAAc,qEAStD,CAAA"}

package/dist/types/provider/magiclink.d.ts

@@ -0,0 +1,141 @@
+/**
+ * Magic Link authentication provider for Draft Auth.
+ * Sends clickable links that authenticate users in one click.
+ *
+ * ## Quick Setup
+ *
+ * ```ts
+ * import { MagicLinkUI } from "@draftlab/auth/ui/magiclink"
+ * import { MagicLinkProvider } from "@draftlab/auth/provider/magiclink"
+ *
+ * export default issuer({
+ *   providers: {
+ *     magiclink: MagicLinkProvider(
+ *       MagicLinkUI({
+ *         sendLink: async (claims, magicUrl) => {
+ *           await emailService.send({
+ *             to: claims.email,
+ *             subject: "Sign in to your account",
+ *             html: `<a href="${magicUrl}">Sign In</a>`
+ *           })
+ *         }
+ *       })
+ *     )
+ *   }
+ * })
+ * ```
+ *
+ * ## Custom Configuration
+ *
+ * ```ts
+ * const customMagicLink = MagicLinkProvider({
+ *   expiry: 600, // 10 minutes instead of default 15
+ *
+ *   request: async (req, state, form, error) => {
+ *     return new Response(renderMagicLinkForm(state, form, error))
+ *   },
+ *
+ *   sendLink: async (claims, magicUrl) => {
+ *     try {
+ *       if (claims.email) {
+ *         await emailService.send(claims.email, {
+ *           subject: "Your secure sign-in link",
+ *           template: "magic-link",
+ *           data: { magicUrl, userEmail: claims.email }
+ *         })
+ *       } else {
+ *         return { type: "invalid_claim", key: "email", value: "Email is required" }
+ *       }
+ *     } catch {
+ *       return { type: "invalid_claim", key: "delivery", value: "Failed to send magic link" }
+ *     }
+ *   }
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+import type { Provider } from "./provider";
+/**
+ * Configuration options for the Magic Link authentication provider.
+ *
+ * @template Claims - Type of claims collected during authentication (email, phone, etc.)
+ */
+export interface MagicLinkConfig<Claims extends Record<string, string> = Record<string, string>> {
+    /**
+     * Token expiration time in seconds.
+     * After this time, the magic link becomes invalid.
+     *
+     * @default 900 (15 minutes)
+     */
+    readonly expiry?: number;
+    /**
+     * Request handler for rendering the magic link UI.
+     * Handles both the initial claim collection and "check your email" screens.
+     *
+     * @param req - The HTTP request object
+     * @param state - Current authentication state
+     * @param form - Form data from POST requests (if any)
+     * @param error - Authentication error to display (if any)
+     * @returns Promise resolving to the authentication page response
+     */
+    request: (req: Request, state: MagicLinkState, form?: FormData, error?: MagicLinkError) => Promise<Response>;
+    /**
+     * Callback for sending magic links to users.
+     * Should handle delivery via email, SMS, or other communication channels.
+     *
+     * @param claims - User claims containing contact information
+     * @param magicUrl - The magic link URL to send
+     */
+    sendLink: (claims: Claims, magicUrl: string) => Promise<void>;
+}
+/**
+ * Authentication flow states for the magic link provider.
+ * The provider transitions between these states during authentication.
+ */
+export type MagicLinkState = {
+    /** Initial state: user enters their claims (email, phone, etc.) */
+    readonly type: "start";
+} | {
+    /** Link sent state: user checks their email/phone */
+    readonly type: "sent";
+    /** Whether this is a resend request */
+    readonly resend?: boolean;
+    /** The secure token for verification */
+    readonly token: string;
+    /** User claims collected during the start phase */
+    readonly claims: Record<string, string>;
+};
+/**
+ * Possible errors during magic link authentication.
+ */
+export type MagicLinkError = {
+    /** The magic link is invalid or expired */
+    readonly type: "invalid_link";
+} | {
+    /** A user claim is invalid or missing */
+    readonly type: "invalid_claim";
+    /** The claim field that failed validation */
+    readonly key: string;
+    /** The invalid value or error description */
+    readonly value: string;
+};
+/**
+ * User data returned by successful magic link authentication.
+ *
+ * @template Claims - Type of claims collected during authentication
+ */
+export interface MagicLinkUserData<Claims extends Record<string, string> = Record<string, string>> {
+    /** The verified claims collected during authentication */
+    readonly claims: Claims;
+}
+/**
+ * Creates a Magic Link authentication provider.
+ * Implements a flexible claim-based authentication flow with magic link verification.
+ *
+ * @template Claims - Type of claims to collect (email, phone, username, etc.)
+ * @param config - Magic Link provider configuration
+ * @returns Provider instance implementing magic link authentication
+ */
+export declare const MagicLinkProvider: <Claims extends Record<string, string> = Record<string, string>>(config: MagicLinkConfig<Claims>) => Provider<MagicLinkUserData<Claims>>;
+//# sourceMappingURL=magiclink.d.ts.map

package/dist/types/provider/magiclink.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"magiclink.d.ts","sourceRoot":"","sources":["../../../src/provider/magiclink.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AAIH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAE1C;;;;GAIG;AACH,MAAM,WAAW,eAAe,CAC/B,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAE9D;;;;;OAKG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IAExB;;;;;;;;;OASG;IACH,OAAO,EAAE,CACR,GAAG,EAAE,OAAO,EACZ,KAAK,EAAE,cAAc,EACrB,IAAI,CAAC,EAAE,QAAQ,EACf,KAAK,CAAC,EAAE,cAAc,KAClB,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEtB;;;;;;OAMG;IACH,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC7D;AAED;;;GAGG;AACH,MAAM,MAAM,cAAc,GACvB;IACA,mEAAmE;IACnE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAA;CACrB,GACD;IACA,qDAAqD;IACrD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,uCAAuC;IACvC,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;IACzB,wCAAwC;IACxC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,mDAAmD;IACnD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACtC,CAAA;AAEJ;;GAEG;AACH,MAAM,MAAM,cAAc,GACvB;IACA,2CAA2C;IAC3C,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAA;CAC5B,GACD;IACA,yCAAyC;IACzC,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAA;IAC9B,6CAA6C;IAC7C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,6CAA6C;IAC7C,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;CACrB,CAAA;AAEJ;;;;GAIG;AACH,MAAM,WAAW,iBAAiB,CACjC,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAE9D,0DAA0D;IAC1D,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CACvB;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAE9D,QAAQ,eAAe,CAAC,MAAM,CAAC,KAC7B,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CA8HpC,CAAA"}

package/dist/types/provider/microsoft.d.ts

@@ -0,0 +1,247 @@
+/**
+ * Microsoft OAuth 2.0 authentication provider for Draft Auth.
+ * Supports Microsoft personal accounts, work accounts, and Azure AD.
+ * Provides access tokens for calling Microsoft Graph APIs on behalf of users.
+ *
+ * ## Quick Setup
+ *
+ * ```ts
+ * import { MicrosoftProvider } from "@draftlab/auth/provider/microsoft"
+ *
+ * export default issuer({
+ *   basePath: "/auth", // Important for callback URL
+ *   providers: {
+ *     microsoft: MicrosoftProvider({
+ *       tenant: "common", // or specific tenant ID
+ *       clientID: process.env.MICROSOFT_CLIENT_ID,
+ *       clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+ *       scopes: ["openid", "profile", "email", "User.Read"]
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
+ * - Development: `http://localhost:3000/auth/microsoft/callback`
+ * - Production: `https://yourapp.com/auth/microsoft/callback`
+ *
+ * Register this URL in your Azure Portal App Registration.
+ *
+ * ## Tenant Configuration
+ *
+ * - `common` - Both personal and work/school accounts
+ * - `organizations` - Work/school accounts only
+ * - `consumers` - Personal Microsoft accounts only
+ * - `{tenant-id}` - Specific Azure AD tenant only
+ *
+ * ## Common Scopes
+ *
+ * - `openid` - Basic OpenID Connect sign-in
+ * - `profile` - User's basic profile information
+ * - `email` - User's email address
+ * - `User.Read` - Read user's profile via Microsoft Graph
+ * - `Mail.Read` - Read user's mail
+ * - `Calendars.Read` - Read user's calendars
+ * - `Files.Read` - Read user's files in OneDrive
+ * - `Sites.Read.All` - Read SharePoint sites
+ * - `Directory.Read.All` - Read directory data (requires admin consent)
+ *
+ * ## User Data Access
+ *
+ * ```ts
+ * success: async (ctx, value) => {
+ *   if (value.provider === "microsoft") {
+ *     const accessToken = value.tokenset.access
+ *
+ *     // Fetch user profile via Microsoft Graph
+ *     const userResponse = await fetch('https://graph.microsoft.com/v1.0/me', {
+ *       headers: { Authorization: `Bearer ${accessToken}` }
+ *     })
+ *     const user = await userResponse.json()
+ *
+ *     // Fetch user photo (requires User.Read scope)
+ *     const photoResponse = await fetch('https://graph.microsoft.com/v1.0/me/photo/$value', {
+ *       headers: { Authorization: `Bearer ${accessToken}` }
+ *     })
+ *     const photoBlob = await photoResponse.blob()
+ *
+ *     // User info: user.displayName, user.mail, user.userPrincipalName
+ *   }
+ * }
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { type Oauth2WrappedConfig } from "./oauth2";
+/**
+ * Configuration options for Microsoft OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with Microsoft-specific documentation.
+ */
+export interface MicrosoftConfig extends Oauth2WrappedConfig {
+    /**
+     * Microsoft Azure AD tenant ID or tenant type.
+     * Determines which types of accounts can sign in.
+     *
+     * @example
+     * ```ts
+     * {
+     *   tenant: "common"        // Personal + work/school accounts
+     *   // or
+     *   tenant: "organizations" // Work/school accounts only
+     *   // or
+     *   tenant: "consumers"     // Personal accounts only
+     *   // or
+     *   tenant: "12345678-1234-1234-1234-123456789012" // Specific tenant
+     * }
+     * ```
+     */
+    readonly tenant: string;
+    /**
+     * Microsoft OAuth 2.0 client ID from Azure App Registration.
+     * Found in your Azure portal app registration.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientID: "12345678-1234-1234-1234-123456789012"
+     * }
+     * ```
+     */
+    readonly clientID: string;
+    /**
+     * Microsoft OAuth 2.0 client secret from Azure App Registration.
+     * Keep this secure and never expose it to client-side code.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
+     * }
+     * ```
+     */
+    readonly clientSecret: string;
+    /**
+     * Microsoft OAuth scopes to request access for.
+     * Determines what data and actions your app can access via Microsoft Graph.
+     *
+     * @example
+     * ```ts
+     * {
+     *   scopes: [
+     *     "openid",           // OpenID Connect sign-in
+     *     "profile",          // Basic profile
+     *     "email",            // Email address
+     *     "User.Read",        // Read user profile
+     *     "Mail.Read",        // Read user mail
+     *     "Calendars.Read"    // Read user calendars
+     *   ]
+     * }
+     * ```
+     */
+    readonly scopes: string[];
+    /**
+     * Additional query parameters for Microsoft OAuth authorization.
+     * Useful for Microsoft-specific options like domain hints.
+     *
+     * @example
+     * ```ts
+     * {
+     *   query: {
+     *     domain_hint: "contoso.com",    // Pre-fill domain
+     *     login_hint: "user@contoso.com", // Pre-fill username
+     *     prompt: "consent"              // Force consent screen
+     *   }
+     * }
+     * ```
+     */
+    readonly query?: Record<string, string>;
+}
+/**
+ * Creates a Microsoft OAuth 2.0 authentication provider.
+ * Use this when you need access tokens to call Microsoft Graph APIs on behalf of the user.
+ *
+ * @param config - Microsoft OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for Microsoft
+ *
+ * @example
+ * ```ts
+ * // Basic Microsoft authentication (all account types)
+ * const basicMicrosoft = MicrosoftProvider({
+ *   tenant: "common",
+ *   clientID: process.env.MICROSOFT_CLIENT_ID,
+ *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
+ * })
+ *
+ * // Work/school accounts only
+ * const workMicrosoft = MicrosoftProvider({
+ *   tenant: "organizations",
+ *   clientID: process.env.MICROSOFT_CLIENT_ID,
+ *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+ *   scopes: [
+ *     "openid",
+ *     "profile",
+ *     "email",
+ *     "User.Read",
+ *     "Mail.Read"
+ *   ]
+ * })
+ *
+ * // Specific tenant with advanced scopes
+ * const enterpriseMicrosoft = MicrosoftProvider({
+ *   tenant: "12345678-1234-1234-1234-123456789012",
+ *   clientID: process.env.MICROSOFT_CLIENT_ID,
+ *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+ *   scopes: [
+ *     "openid",
+ *     "profile",
+ *     "email",
+ *     "User.Read",
+ *     "Directory.Read.All",
+ *     "Sites.Read.All"
+ *   ],
+ *   query: {
+ *     domain_hint: "contoso.com"
+ *   }
+ * })
+ *
+ * // Using the access token to fetch data
+ * export default issuer({
+ *   providers: { microsoft: workMicrosoft },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "microsoft") {
+ *       const token = value.tokenset.access
+ *
+ *       // Get user profile from Microsoft Graph
+ *       const userRes = await fetch('https://graph.microsoft.com/v1.0/me', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const user = await userRes.json()
+ *
+ *       // Get user's manager (if available)
+ *       const managerRes = await fetch('https://graph.microsoft.com/v1.0/me/manager', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const manager = await managerRes.json()
+ *
+ *       return ctx.subject("user", {
+ *         microsoftId: user.id,
+ *         displayName: user.displayName,
+ *         email: user.mail || user.userPrincipalName,
+ *         jobTitle: user.jobTitle,
+ *         department: user.department,
+ *         officeLocation: user.officeLocation,
+ *         managerName: manager?.displayName
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ *
+ * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
+ * - Development: `http://localhost:3000/auth/microsoft/callback`
+ * - Production: `https://yourapp.com/auth/microsoft/callback`
+ *
+ * Register this URL in your Azure Portal App Registration.
+ */
+export declare const MicrosoftProvider: (config: MicrosoftConfig) => import("./provider").Provider<import("./oauth2").Oauth2UserData>;
+//# sourceMappingURL=microsoft.d.ts.map

package/dist/types/provider/microsoft.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../src/provider/microsoft.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AAEH,OAAO,EAAkB,KAAK,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAEnE;;;GAGG;AACH,MAAM,WAAW,eAAgB,SAAQ,mBAAmB;IAC3D;;;;;;;;;;;;;;;;OAgBG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IAEvB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IAEzB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAE7B;;;;;;;;;;;;;;;;;OAiBG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,CAAA;IAEzB;;;;;;;;;;;;;;OAcG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsFG;AACH,eAAO,MAAM,iBAAiB,GAAI,QAAQ,eAAe,qEASxD,CAAA"}