@draftlab/auth 0.15.0 → 0.16.0

package/dist/provider/google.d.mts

@@ -1,112 +0,0 @@
-import { Provider } from "./provider.mjs";
-import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
-
-//#region src/provider/google.d.ts
-
-/**
- * Configuration options for Google OAuth 2.0 provider.
- * Extends the base OAuth 2.0 configuration with Google-specific defaults.
- */
-interface GoogleConfig extends Oauth2WrappedConfig {
-  /**
-   * Google OAuth 2.0 client ID from Google Cloud Console.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "123456789-abc123.apps.googleusercontent.com"
-   * }
-   * ```
-   */
-  readonly clientID: string;
-  /**
-   * Google OAuth 2.0 client secret from Google Cloud Console.
-   * Required for server-side OAuth 2.0 flows.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.GOOGLE_CLIENT_SECRET
-   * }
-   * ```
-   */
-  readonly clientSecret: string;
-  /**
-   * Google OAuth 2.0 scopes to request.
-   * Common scopes include 'profile', 'email', and specific Google API scopes.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "profile",
-   *     "email",
-   *     "https://www.googleapis.com/auth/calendar.readonly",
-   *     "https://www.googleapis.com/auth/drive.file"
-   *   ]
-   * }
-   * ```
-   */
-  readonly scopes: string[];
-  /**
-   * Additional query parameters for Google OAuth 2.0.
-   * Useful for Google-specific options like hosted domain restrictions.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     hd: "mycompany.com",        // Restrict to Google Workspace domain
-   *     access_type: "offline",     // Request refresh token
-   *     prompt: "consent",          // Force consent screen
-   *     include_granted_scopes: "true" // Incremental authorization
-   *   }
-   * }
-   * ```
-   */
-  readonly query?: Record<string, string>;
-}
-/**
- * Creates a Google OAuth 2.0 authentication provider.
- * Use this when you need access tokens to call Google APIs on behalf of the user.
- *
- * @param config - Google OAuth 2.0 configuration
- * @returns OAuth 2.0 provider configured for Google
- *
- * @example
- * ```ts
- * // Basic setup for user authentication
- * const basicGoogle = GoogleProvider({
- *   clientID: process.env.GOOGLE_CLIENT_ID,
- *   clientSecret: process.env.GOOGLE_CLIENT_SECRET
- * })
- *
- * // Advanced setup with API access
- * const advancedGoogle = GoogleProvider({
- *   clientID: process.env.GOOGLE_CLIENT_ID,
- *   clientSecret: process.env.GOOGLE_CLIENT_SECRET,
- *   scopes: [
- *     "profile",
- *     "email",
- *     "https://www.googleapis.com/auth/calendar.readonly",
- *     "https://www.googleapis.com/auth/drive.file"
- *   ],
- *   query: {
- *     access_type: "offline",    // Get refresh token
- *     prompt: "consent",         // Force consent for refresh token
- *     hd: "mycompany.com"       // Restrict to company domain
- *   }
- * })
- *
- * // Use the access token for API calls
- * success: async (ctx, value) => {
- *   const accessToken = value.tokenset.access
- *   const response = await fetch('https://www.googleapis.com/calendar/v3/calendars/primary/events', {
- *     headers: { Authorization: `Bearer ${accessToken}` }
- *   })
- * }
- * ```
- */
-declare const GoogleProvider: (config: GoogleConfig) => Provider<Oauth2UserData>;
-//#endregion
-export { GoogleConfig, GoogleProvider };

package/dist/provider/google.mjs

@@ -1,109 +0,0 @@
-import { Oauth2Provider } from "./oauth2.mjs";
-
-//#region src/provider/google.ts
-/**
-* Google OAuth 2.0 authentication provider for Draft Auth.
-* Provides access tokens for calling Google APIs on behalf of users.
-*
-* ## Quick Setup
-*
-* ```ts
-* import { GoogleProvider } from "@draftlab/auth/provider/google"
-*
-* export default issuer({
-*   basePath: "/auth", // Important for callback URL
-*   providers: {
-*     google: GoogleProvider({
-*       clientID: process.env.GOOGLE_CLIENT_ID,
-*       clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-*       scopes: ["profile", "email", "https://www.googleapis.com/auth/calendar.readonly"]
-*     })
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/google/callback`
-* - Production: `https://yourapp.com/auth/google/callback`
-*
-* Register this URL in your Google Cloud Console OAuth 2.0 credentials.
-*
-* ## Configuration Options
-*
-* - Access tokens for Google API calls
-* - Refresh tokens for long-lived access
-* - Support for offline access
-* - Custom scopes for specific Google services
-*
-* ## User Data Access
-*
-* ```ts
-* success: async (ctx, value) => {
-*   if (value.provider === "google") {
-*     // Access token for API calls: value.tokenset.access
-*     // Refresh token (if requested): value.tokenset.refresh
-*     // Use the access token to call Google APIs
-*     const response = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
-*       headers: { Authorization: `Bearer ${value.tokenset.access}` }
-*     })
-*   }
-* }
-* ```
-*
-* @packageDocumentation
-*/
-/**
-* Creates a Google OAuth 2.0 authentication provider.
-* Use this when you need access tokens to call Google APIs on behalf of the user.
-*
-* @param config - Google OAuth 2.0 configuration
-* @returns OAuth 2.0 provider configured for Google
-*
-* @example
-* ```ts
-* // Basic setup for user authentication
-* const basicGoogle = GoogleProvider({
-*   clientID: process.env.GOOGLE_CLIENT_ID,
-*   clientSecret: process.env.GOOGLE_CLIENT_SECRET
-* })
-*
-* // Advanced setup with API access
-* const advancedGoogle = GoogleProvider({
-*   clientID: process.env.GOOGLE_CLIENT_ID,
-*   clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-*   scopes: [
-*     "profile",
-*     "email",
-*     "https://www.googleapis.com/auth/calendar.readonly",
-*     "https://www.googleapis.com/auth/drive.file"
-*   ],
-*   query: {
-*     access_type: "offline",    // Get refresh token
-*     prompt: "consent",         // Force consent for refresh token
-*     hd: "mycompany.com"       // Restrict to company domain
-*   }
-* })
-*
-* // Use the access token for API calls
-* success: async (ctx, value) => {
-*   const accessToken = value.tokenset.access
-*   const response = await fetch('https://www.googleapis.com/calendar/v3/calendars/primary/events', {
-*     headers: { Authorization: `Bearer ${accessToken}` }
-*   })
-* }
-* ```
-*/
-const GoogleProvider = (config) => {
-	return Oauth2Provider({
-		...config,
-		type: "google",
-		endpoint: {
-			authorization: "https://accounts.google.com/o/oauth2/v2/auth",
-			token: "https://oauth2.googleapis.com/token",
-			jwks: "https://www.googleapis.com/oauth2/v3/certs"
-		}
-	});
-};
-
-//#endregion
-export { GoogleProvider };

package/dist/provider/linkedin.d.mts

@@ -1,132 +0,0 @@
-import { Provider } from "./provider.mjs";
-import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
-
-//#region src/provider/linkedin.d.ts
-
-/**
- * Configuration options for LinkedIn OAuth 2.0 provider.
- * Extends the base OAuth 2.0 configuration with LinkedIn-specific documentation.
- */
-interface LinkedInConfig extends Oauth2WrappedConfig {
-  /**
-   * LinkedIn OAuth 2.0 client ID from LinkedIn Developer Console.
-   * Found in your LinkedIn app settings.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "78abc123456789"
-   * }
-   * ```
-   */
-  readonly clientID: string;
-  /**
-   * LinkedIn OAuth 2.0 client secret from LinkedIn Developer Console.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
-   * }
-   * ```
-   */
-  readonly clientSecret: string;
-  /**
-   * LinkedIn OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "r_liteprofile",    // Basic profile information
-   *     "r_emailaddress",   // Email address
-   *     "w_member_social",  // Share content on behalf of user
-   *     "r_organization_social" // Organization content access
-   *   ]
-   * }
-   * ```
-   */
-  readonly scopes: string[];
-  /**
-   * Additional query parameters for LinkedIn OAuth authorization.
-   * Useful for LinkedIn-specific options.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     state: "custom-state-value" // Custom state parameter
-   *   }
-   * }
-   * ```
-   */
-  readonly query?: Record<string, string>;
-}
-/**
- * Creates a LinkedIn OAuth 2.0 authentication provider.
- * Use this when you need access tokens to call LinkedIn APIs on behalf of the user.
- *
- * @param config - LinkedIn OAuth 2.0 configuration
- * @returns OAuth 2.0 provider configured for LinkedIn
- *
- * @example
- * ```ts
- * // Basic LinkedIn authentication
- * const basicLinkedIn = LinkedInProvider({
- *   clientID: process.env.LINKEDIN_CLIENT_ID,
- *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
- * })
- *
- * // LinkedIn with specific scopes
- * const linkedInWithScopes = LinkedInProvider({
- *   clientID: process.env.LINKEDIN_CLIENT_ID,
- *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
- *   scopes: [
- *     "r_liteprofile",
- *     "r_emailaddress",
- *     "w_member_social"
- *   ]
- * })
- *
- * // Using the access token to fetch data
- * export default issuer({
- *   providers: { linkedin: linkedInWithScopes },
- *   success: async (ctx, value) => {
- *     if (value.provider === "linkedin") {
- *       const token = value.tokenset.access
- *
- *       // Get user profile
- *       const profileRes = await fetch('https://api.linkedin.com/v2/people/~', {
- *         headers: { Authorization: `Bearer ${token}` }
- *       })
- *       const profile = await profileRes.json()
- *
- *       // Get user email
- *       const emailRes = await fetch('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
- *         headers: { Authorization: `Bearer ${token}` }
- *       })
- *       const emailData = await emailRes.json()
- *
- *       return ctx.subject("user", {
- *         linkedinId: profile.id,
- *         firstName: profile.localizedFirstName,
- *         lastName: profile.localizedLastName,
- *         email: emailData.elements[0]['handle~'].emailAddress,
- *         profileUrl: `https://www.linkedin.com/in/${profile.vanityName || profile.id}`
- *       })
- *     }
- *   }
- * })
- * ```
- *
- * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
- * - Development: `http://localhost:3000/auth/linkedin/callback`
- * - Production: `https://yourapp.com/auth/linkedin/callback`
- *
- * Register this URL in your LinkedIn Developer Portal.
- */
-declare const LinkedInProvider: (config: LinkedInConfig) => Provider<Oauth2UserData>;
-//#endregion
-export { LinkedInConfig, LinkedInProvider };

package/dist/provider/linkedin.mjs

@@ -1,142 +0,0 @@
-import { Oauth2Provider } from "./oauth2.mjs";
-
-//#region src/provider/linkedin.ts
-/**
-* LinkedIn OAuth 2.0 authentication provider for Draft Auth.
-* Provides access tokens for calling LinkedIn APIs on behalf of users.
-*
-* ## Quick Setup
-*
-* ```ts
-* import { LinkedInProvider } from "@draftlab/auth/provider/linkedin"
-*
-* export default issuer({
-*   basePath: "/auth", // Important for callback URL
-*   providers: {
-*     linkedin: LinkedInProvider({
-*       clientID: process.env.LINKEDIN_CLIENT_ID,
-*       clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
-*       scopes: ["r_liteprofile", "r_emailaddress", "w_member_social"]
-*     })
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/linkedin/callback`
-* - Production: `https://yourapp.com/auth/linkedin/callback`
-*
-* Register this URL in your LinkedIn Developer Portal.
-*
-* ## Common Scopes
-*
-* - `r_liteprofile` - Access to basic profile information
-* - `r_emailaddress` - Access to user's email address
-* - `r_basicprofile` - Access to full profile information (deprecated)
-* - `w_member_social` - Share content on behalf of user
-* - `r_organization_social` - Access to organization social content
-* - `rw_organization_admin` - Manage organization pages
-*
-* ## User Data Access
-*
-* ```ts
-* success: async (ctx, value) => {
-*   if (value.provider === "linkedin") {
-*     const accessToken = value.tokenset.access
-*
-*     // Fetch user profile
-*     const profileResponse = await fetch('https://api.linkedin.com/v2/people/~', {
-*       headers: { Authorization: `Bearer ${accessToken}` }
-*     })
-*     const profile = await profileResponse.json()
-*
-*     // Fetch user email (requires r_emailaddress scope)
-*     const emailResponse = await fetch('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
-*       headers: { Authorization: `Bearer ${accessToken}` }
-*     })
-*     const emailData = await emailResponse.json()
-*
-*     // User info: profile.localizedFirstName + profile.localizedLastName
-*     // Email: emailData.elements[0]['handle~'].emailAddress
-*   }
-* }
-* ```
-*
-* @packageDocumentation
-*/
-/**
-* Creates a LinkedIn OAuth 2.0 authentication provider.
-* Use this when you need access tokens to call LinkedIn APIs on behalf of the user.
-*
-* @param config - LinkedIn OAuth 2.0 configuration
-* @returns OAuth 2.0 provider configured for LinkedIn
-*
-* @example
-* ```ts
-* // Basic LinkedIn authentication
-* const basicLinkedIn = LinkedInProvider({
-*   clientID: process.env.LINKEDIN_CLIENT_ID,
-*   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
-* })
-*
-* // LinkedIn with specific scopes
-* const linkedInWithScopes = LinkedInProvider({
-*   clientID: process.env.LINKEDIN_CLIENT_ID,
-*   clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
-*   scopes: [
-*     "r_liteprofile",
-*     "r_emailaddress",
-*     "w_member_social"
-*   ]
-* })
-*
-* // Using the access token to fetch data
-* export default issuer({
-*   providers: { linkedin: linkedInWithScopes },
-*   success: async (ctx, value) => {
-*     if (value.provider === "linkedin") {
-*       const token = value.tokenset.access
-*
-*       // Get user profile
-*       const profileRes = await fetch('https://api.linkedin.com/v2/people/~', {
-*         headers: { Authorization: `Bearer ${token}` }
-*       })
-*       const profile = await profileRes.json()
-*
-*       // Get user email
-*       const emailRes = await fetch('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
-*         headers: { Authorization: `Bearer ${token}` }
-*       })
-*       const emailData = await emailRes.json()
-*
-*       return ctx.subject("user", {
-*         linkedinId: profile.id,
-*         firstName: profile.localizedFirstName,
-*         lastName: profile.localizedLastName,
-*         email: emailData.elements[0]['handle~'].emailAddress,
-*         profileUrl: `https://www.linkedin.com/in/${profile.vanityName || profile.id}`
-*       })
-*     }
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/linkedin/callback`
-* - Production: `https://yourapp.com/auth/linkedin/callback`
-*
-* Register this URL in your LinkedIn Developer Portal.
-*/
-const LinkedInProvider = (config) => {
-	return Oauth2Provider({
-		...config,
-		type: "linkedin",
-		endpoint: {
-			authorization: "https://www.linkedin.com/oauth/v2/authorization",
-			token: "https://www.linkedin.com/oauth/v2/accessToken"
-		}
-	});
-};
-
-//#endregion
-export { LinkedInProvider };

package/dist/provider/magiclink.d.mts

@@ -1,89 +0,0 @@
-import { Provider } from "./provider.mjs";
-
-//#region src/provider/magiclink.d.ts
-
-/**
- * Configuration options for the Magic Link authentication provider.
- *
- * @template Claims - Type of claims collected during authentication (email, phone, etc.)
- */
-interface MagicLinkConfig<Claims extends Record<string, string> = Record<string, string>> {
-  /**
-   * Token expiration time in seconds.
-   * After this time, the magic link becomes invalid.
-   *
-   * @default 900 (15 minutes)
-   */
-  readonly expiry?: number;
-  /**
-   * Request handler for rendering the magic link UI.
-   * Handles both the initial claim collection and "check your email" screens.
-   *
-   * @param req - The HTTP request object
-   * @param state - Current authentication state
-   * @param form - Form data from POST requests (if any)
-   * @param error - Authentication error to display (if any)
-   * @returns Promise resolving to the authentication page response
-   */
-  request: (req: Request, state: MagicLinkState, form?: FormData, error?: MagicLinkError) => Promise<Response>;
-  /**
-   * Callback for sending magic links to users.
-   * Should handle delivery via email, SMS, or other communication channels.
-   *
-   * @param claims - User claims containing contact information
-   * @param magicUrl - The magic link URL to send
-   * @returns Promise resolving to undefined on success, or error object on failure
-   */
-  sendLink: (claims: Claims, magicUrl: string) => Promise<MagicLinkError | undefined>;
-}
-/**
- * Authentication flow states for the magic link provider.
- * The provider transitions between these states during authentication.
- */
-type MagicLinkState = {
-  /** Initial state: user enters their claims (email, phone, etc.) */
-  readonly type: "start";
-} | {
-  /** Link sent state: user checks their email/phone */
-  readonly type: "sent";
-  /** Whether this is a resend request */
-  readonly resend?: boolean;
-  /** The secure token for verification */
-  readonly token: string;
-  /** User claims collected during the start phase */
-  readonly claims: Record<string, string>;
-};
-/**
- * Possible errors during magic link authentication.
- */
-type MagicLinkError = {
-  /** The magic link is invalid or expired */
-  readonly type: "invalid_link";
-} | {
-  /** A user claim is invalid or missing */
-  readonly type: "invalid_claim";
-  /** The claim field that failed validation */
-  readonly key: string;
-  /** The invalid value or error description */
-  readonly value: string;
-};
-/**
- * User data returned by successful magic link authentication.
- *
- * @template Claims - Type of claims collected during authentication
- */
-interface MagicLinkUserData<Claims extends Record<string, string> = Record<string, string>> {
-  /** The verified claims collected during authentication */
-  readonly claims: Claims;
-}
-/**
- * Creates a Magic Link authentication provider.
- * Implements a flexible claim-based authentication flow with magic link verification.
- *
- * @template Claims - Type of claims to collect (email, phone, username, etc.)
- * @param config - Magic Link provider configuration
- * @returns Provider instance implementing magic link authentication
- */
-declare const MagicLinkProvider: <Claims extends Record<string, string> = Record<string, string>>(config: MagicLinkConfig<Claims>) => Provider<MagicLinkUserData<Claims>>;
-//#endregion
-export { MagicLinkConfig, MagicLinkError, MagicLinkProvider, MagicLinkState, MagicLinkUserData };