@draftlab/auth 0.15.0 → 0.16.0

package/dist/toolkit/client.d.mts

@@ -1,169 +0,0 @@
-import { OAuthStrategy } from "./providers/strategy.mjs";
-import { AuthStorage } from "./storage.mjs";
-
-//#region src/toolkit/client.d.ts
-
-/**
- * Configuration for a single OAuth provider.
- */
-interface ProviderConfig<TStrategy extends OAuthStrategy> {
-  /** OAuth strategy defining endpoints and defaults */
-  readonly strategy: TStrategy;
-  /** OAuth client ID from provider */
-  readonly clientId: string;
-  /** OAuth client secret from provider */
-  readonly clientSecret: string;
-  /** Redirect URI registered with provider */
-  readonly redirectUri: string;
-  /** Optional default scopes for this provider */
-  readonly scopes?: string[];
-}
-/**
- * Options for initiating OAuth authorization flow.
- */
-interface AuthorizeOptions {
-  /** Optional scopes to request (overrides provider defaults) */
-  readonly scopes?: string[];
-  /** Optional additional parameters to include in authorization URL */
-  readonly params?: Record<string, string>;
-  /** Optional nonce for additional security */
-  readonly nonce?: string;
-}
-/**
- * Result of successful OAuth callback handling.
- */
-interface CallbackResult {
-  /** OAuth provider that was used */
-  readonly provider: string;
-  /** Access token from provider */
-  readonly accessToken: string;
-  /** Optional refresh token from provider */
-  readonly refreshToken?: string;
-  /** Token expiration time in seconds */
-  readonly expiresIn?: number;
-  /** Token type (usually "Bearer") */
-  readonly tokenType?: string;
-  /** Optional ID token (OpenID Connect) */
-  readonly idToken?: string;
-}
-/**
- * OAuth 2.0 client configuration.
- */
-interface OAuthClientConfig<TProviders extends Record<string, ProviderConfig<OAuthStrategy>>> {
-  /** Provider configurations keyed by provider name */
-  readonly providers: TProviders;
-  /** Storage adapter for PKCE state (defaults to sessionStorage in browser) */
-  readonly storage?: AuthStorage;
-}
-/**
- * OAuth 2.0 client for managing authentication flows.
- */
-interface OAuthClient<TProviders extends Record<string, ProviderConfig<OAuthStrategy>>> {
-  /**
-   * Initiate OAuth authorization flow.
-   *
-   * @param provider - Provider name (key from providers config)
-   * @param options - Authorization options
-   * @returns Authorization URL to redirect user to
-   *
-   * @example
-   * ```ts
-   * // Basic usage
-   * const { url } = await client.authorize('github')
-   * window.location.href = url
-   *
-   * // With custom scopes
-   * const { url } = await client.authorize('google', {
-   *   scopes: ['openid', 'email', 'profile']
-   * })
-   *
-   * // With additional params
-   * const { url } = await client.authorize('github', {
-   *   params: { prompt: 'consent' }
-   * })
-   * ```
-   */
-  authorize(provider: (string & {}) | keyof TProviders, options?: AuthorizeOptions): Promise<{
-    url: string;
-    state: string;
-  }>;
-  /**
-   * Handle OAuth callback and exchange code for tokens.
-   *
-   * @param callbackUrl - Full callback URL with query parameters
-   * @returns Token exchange result
-   *
-   * @throws {Error} If callback URL is invalid, state mismatch, or token exchange fails
-   *
-   * @example
-   * ```ts
-   * // Client-side
-   * const result = await client.handleCallback(window.location.href)
-   * console.log(result.accessToken, result.provider)
-   *
-   * // Server-side (Next.js)
-   * export async function GET(req: Request) {
-   *   const result = await client.handleCallback(req.url)
-   *   // Store tokens, create session, etc.
-   *   return Response.redirect('/')
-   * }
-   * ```
-   */
-  handleCallback(callbackUrl: string): Promise<CallbackResult>;
-  /**
-   * Get user info from OAuth provider using access token.
-   *
-   * @param provider - Provider name
-   * @param accessToken - Access token from provider
-   * @returns User info from provider
-   *
-   * @example
-   * ```ts
-   * const userInfo = await client.getUserInfo('github', accessToken)
-   * console.log(userInfo.email, userInfo.name)
-   * ```
-   */
-  getUserInfo(provider: (string & {}) | keyof TProviders, accessToken: string): Promise<Record<string, unknown>>;
-}
-/**
- * Creates an OAuth 2.0 client for managing authentication flows.
- *
- * Supports PKCE (Proof Key for Code Exchange) for enhanced security.
- * Works in both client-side (browser) and server-side (Node.js) environments.
- *
- * @param config - OAuth client configuration
- * @returns OAuth client instance
- *
- * @example
- * ```ts
- * import { createOAuthClient } from '@draftlab/auth/toolkit/client'
- * import { GitHubStrategy, GoogleStrategy } from '@draftlab/auth/toolkit/providers'
- *
- * const client = createOAuthClient({
- *   providers: {
- *     github: {
- *       strategy: GitHubStrategy,
- *       clientId: 'YOUR_CLIENT_ID',
- *       clientSecret: 'YOUR_CLIENT_SECRET',
- *       redirectUri: 'http://localhost:3000/auth/callback'
- *     },
- *     google: {
- *       strategy: GoogleStrategy,
- *       clientId: 'YOUR_CLIENT_ID',
- *       clientSecret: 'YOUR_CLIENT_SECRET',
- *       redirectUri: 'http://localhost:3000/auth/callback',
- *       scopes: ['openid', 'email', 'profile']
- *     }
- *   }
- * })
- *
- * // Initiate login
- * const { url } = await client.authorize('github')
- *
- * // Handle callback
- * const result = await client.handleCallback(callbackUrl)
- * ```
- */
-declare const createOAuthClient: <TProviders extends Record<string, ProviderConfig<OAuthStrategy>>>(config: OAuthClientConfig<TProviders>) => OAuthClient<TProviders>;
-//#endregion
-export { AuthorizeOptions, CallbackResult, OAuthClient, OAuthClientConfig, ProviderConfig, createOAuthClient };

package/dist/toolkit/client.mjs

@@ -1,209 +0,0 @@
-import { generatePKCE } from "../pkce.mjs";
-import { createSessionStorage } from "./storage.mjs";
-import { generateSecureRandom } from "./utils.mjs";
-
-//#region src/toolkit/client.ts
-/**
-* Lightweight OAuth 2.0 client toolkit for DraftAuth.
-*
-* Provides a simple, framework-agnostic way to implement OAuth 2.0 authentication
-* with PKCE support. Works in both client-side (SPA) and server-side (Next.js, Remix) environments.
-*
-* @example
-* ```ts
-* // Client-side SPA (React, Vue, Solid, etc.)
-* import { createOAuthClient } from '@draftlab/auth/toolkit/client'
-* import { GitHubStrategy, GoogleStrategy } from '@draftlab/auth/toolkit/providers'
-* import { createSessionStorage } from '@draftlab/auth/toolkit/storage'
-*
-* const client = createOAuthClient({
-*   providers: {
-*     github: {
-*       strategy: GitHubStrategy,
-*       clientId: 'YOUR_CLIENT_ID',
-*       clientSecret: 'YOUR_CLIENT_SECRET',
-*       redirectUri: 'http://localhost:3000/auth/callback'
-*     },
-*     google: {
-*       strategy: GoogleStrategy,
-*       clientId: 'YOUR_CLIENT_ID',
-*       clientSecret: 'YOUR_CLIENT_SECRET',
-*       redirectUri: 'http://localhost:3000/auth/callback'
-*     }
-*   },
-*   storage: createSessionStorage()
-* })
-*
-* // Initiate login
-* const { url } = await client.authorize('github', { scopes: ['user:email'] })
-* window.location.href = url
-*
-* // Handle callback
-* const result = await client.handleCallback(window.location.href)
-* console.log(result.accessToken, result.provider)
-* ```
-*
-* @example
-* ```ts
-* // Server-side (Next.js App Router)
-* import { createOAuthClient } from '@draftlab/auth/toolkit/client'
-* import { GitHubStrategy } from '@draftlab/auth/toolkit/providers'
-* import { createCookieStorage } from '@draftlab/auth/toolkit/storage'
-* import { cookies } from 'next/headers'
-*
-* export async function GET(req: Request) {
-*   const client = createOAuthClient({
-*     providers: {
-*       github: {
-*         strategy: GitHubStrategy,
-*         clientId: process.env.GITHUB_CLIENT_ID!,
-*         clientSecret: process.env.GITHUB_CLIENT_SECRET!,
-*         redirectUri: 'https://myapp.com/auth/callback'
-*       }
-*     },
-*     storage: createCookieStorage({
-*       getCookie: (name) => cookies().get(name)?.value ?? null,
-*       setCookie: (name, value, opts) => cookies().set(name, value, opts),
-*       deleteCookie: (name) => cookies().delete(name)
-*     })
-*   })
-*
-*   const { url } = await client.authorize('github')
-*   return Response.redirect(url)
-* }
-* ```
-*/
-/**
-* Creates an OAuth 2.0 client for managing authentication flows.
-*
-* Supports PKCE (Proof Key for Code Exchange) for enhanced security.
-* Works in both client-side (browser) and server-side (Node.js) environments.
-*
-* @param config - OAuth client configuration
-* @returns OAuth client instance
-*
-* @example
-* ```ts
-* import { createOAuthClient } from '@draftlab/auth/toolkit/client'
-* import { GitHubStrategy, GoogleStrategy } from '@draftlab/auth/toolkit/providers'
-*
-* const client = createOAuthClient({
-*   providers: {
-*     github: {
-*       strategy: GitHubStrategy,
-*       clientId: 'YOUR_CLIENT_ID',
-*       clientSecret: 'YOUR_CLIENT_SECRET',
-*       redirectUri: 'http://localhost:3000/auth/callback'
-*     },
-*     google: {
-*       strategy: GoogleStrategy,
-*       clientId: 'YOUR_CLIENT_ID',
-*       clientSecret: 'YOUR_CLIENT_SECRET',
-*       redirectUri: 'http://localhost:3000/auth/callback',
-*       scopes: ['openid', 'email', 'profile']
-*     }
-*   }
-* })
-*
-* // Initiate login
-* const { url } = await client.authorize('github')
-*
-* // Handle callback
-* const result = await client.handleCallback(callbackUrl)
-* ```
-*/
-const createOAuthClient = (config) => {
-	const storage = config.storage || (typeof sessionStorage !== "undefined" ? createSessionStorage() : null);
-	if (!storage) throw new Error("No storage adapter provided. Please provide a storage adapter for server-side environments.");
-	return {
-		async authorize(provider, options) {
-			const providerConfig = config.providers[provider];
-			if (!providerConfig) throw new Error(`Provider '${String(provider)}' not configured`);
-			const pkce = await generatePKCE();
-			const state = generateSecureRandom(16);
-			await storage.set({
-				state,
-				verifier: pkce.verifier,
-				provider: String(provider),
-				nonce: options?.nonce
-			});
-			const scopes = options?.scopes || providerConfig.scopes || providerConfig.strategy.scopes;
-			const params = new URLSearchParams({
-				client_id: providerConfig.clientId,
-				redirect_uri: providerConfig.redirectUri,
-				response_type: "code",
-				scope: Array.isArray(scopes) ? scopes.join(" ") : scopes,
-				state,
-				code_challenge: pkce.challenge,
-				code_challenge_method: pkce.method,
-				...options?.params
-			});
-			return {
-				url: `${providerConfig.strategy.authorizationEndpoint}?${params.toString()}`,
-				state
-			};
-		},
-		async handleCallback(callbackUrl) {
-			const url = new URL(callbackUrl);
-			const code = url.searchParams.get("code");
-			const state = url.searchParams.get("state");
-			const error = url.searchParams.get("error");
-			const errorDescription = url.searchParams.get("error_description");
-			if (error) throw new Error(`OAuth error: ${error}${errorDescription ? ` - ${errorDescription}` : ""}`);
-			if (!code || !state) throw new Error("Invalid callback URL: missing code or state parameter");
-			const storedState = await storage.get();
-			await storage.clear();
-			if (!storedState) throw new Error("No stored PKCE state found. OAuth flow may have expired or been tampered with.");
-			if (state !== storedState.state) throw new Error("State mismatch. Possible CSRF attack detected.");
-			const providerConfig = config.providers[storedState.provider];
-			if (!providerConfig) throw new Error(`Provider '${storedState.provider}' from callback not configured`);
-			const tokenParams = new URLSearchParams({
-				grant_type: "authorization_code",
-				code,
-				redirect_uri: providerConfig.redirectUri,
-				client_id: providerConfig.clientId,
-				client_secret: providerConfig.clientSecret,
-				code_verifier: storedState.verifier
-			});
-			const tokenResponse = await fetch(providerConfig.strategy.tokenEndpoint, {
-				method: "POST",
-				headers: {
-					"Content-Type": "application/x-www-form-urlencoded",
-					Accept: "application/json"
-				},
-				body: tokenParams
-			});
-			if (!tokenResponse.ok) {
-				const errorText = await tokenResponse.text();
-				throw new Error(`Token exchange failed (${tokenResponse.status}): ${errorText}`);
-			}
-			const tokenData = await tokenResponse.json();
-			if (!tokenData.access_token) throw new Error("No access token in provider response");
-			return {
-				provider: storedState.provider,
-				accessToken: tokenData.access_token,
-				refreshToken: tokenData.refresh_token,
-				expiresIn: tokenData.expires_in,
-				tokenType: tokenData.token_type,
-				idToken: tokenData.id_token
-			};
-		},
-		async getUserInfo(provider, accessToken) {
-			const providerConfig = config.providers[provider];
-			if (!providerConfig) throw new Error(`Provider '${String(provider)}' not configured`);
-			if (!providerConfig.strategy.userInfoEndpoint) throw new Error(`Provider '${String(provider)}' does not support user info endpoint`);
-			const response = await fetch(providerConfig.strategy.userInfoEndpoint, { headers: {
-				Authorization: `Bearer ${accessToken}`,
-				Accept: "application/json"
-			} });
-			if (!response.ok) {
-				const errorText = await response.text();
-				throw new Error(`Failed to fetch user info (${response.status}): ${errorText}`);
-			}
-			return response.json();
-		}
-	};
-};
-
-//#endregion
-export { createOAuthClient };

package/dist/toolkit/index.d.mts

@@ -1,9 +0,0 @@
-import { generatePKCE } from "../pkce.mjs";
-import { OAuth2TokenResponse, OAuthStrategy } from "./providers/strategy.mjs";
-import { AuthStorage, PKCEState, createCookieStorage, createLocalStorage, createMemoryStorage, createSessionStorage } from "./storage.mjs";
-import { AuthorizeOptions, CallbackResult, OAuthClient, OAuthClientConfig, ProviderConfig, createOAuthClient } from "./client.mjs";
-import { FacebookStrategy } from "./providers/facebook.mjs";
-import { GitHubStrategy } from "./providers/github.mjs";
-import { GoogleStrategy } from "./providers/google.mjs";
-import { generateSecureRandom } from "./utils.mjs";
-export { type AuthStorage, type AuthorizeOptions, type CallbackResult, FacebookStrategy, GitHubStrategy, GoogleStrategy, type OAuth2TokenResponse, type OAuthClient, type OAuthClientConfig, type OAuthStrategy, type PKCEState, type ProviderConfig, createCookieStorage, createLocalStorage, createMemoryStorage, createOAuthClient, createSessionStorage, generatePKCE, generateSecureRandom };

package/dist/toolkit/index.mjs

@@ -1,9 +0,0 @@
-import { generatePKCE } from "../pkce.mjs";
-import { createCookieStorage, createLocalStorage, createMemoryStorage, createSessionStorage } from "./storage.mjs";
-import { generateSecureRandom } from "./utils.mjs";
-import { createOAuthClient } from "./client.mjs";
-import { FacebookStrategy } from "./providers/facebook.mjs";
-import { GitHubStrategy } from "./providers/github.mjs";
-import { GoogleStrategy } from "./providers/google.mjs";
-
-export { FacebookStrategy, GitHubStrategy, GoogleStrategy, createCookieStorage, createLocalStorage, createMemoryStorage, createOAuthClient, createSessionStorage, generatePKCE, generateSecureRandom };

package/dist/toolkit/providers/facebook.d.mts

@@ -1,12 +0,0 @@
-import { OAuthStrategy } from "./strategy.mjs";
-
-//#region src/toolkit/providers/facebook.d.ts
-
-/**
- * Facebook OAuth 2.0 strategy.
- *
- * @see https://developers.facebook.com/docs/facebook-login/guides/advanced/manual-flow
- */
-declare const FacebookStrategy: OAuthStrategy;
-//#endregion
-export { FacebookStrategy };

package/dist/toolkit/providers/facebook.mjs

@@ -1,16 +0,0 @@
-//#region src/toolkit/providers/facebook.ts
-/**
-* Facebook OAuth 2.0 strategy.
-*
-* @see https://developers.facebook.com/docs/facebook-login/guides/advanced/manual-flow
-*/
-const FacebookStrategy = {
-	name: "facebook",
-	authorizationEndpoint: "https://www.facebook.com/v23.0/dialog/oauth",
-	tokenEndpoint: "https://graph.facebook.com/v23.0/oauth/access_token",
-	userInfoEndpoint: "https://graph.facebook.com/me?fields=id,name,email",
-	scopes: ["public_profile", "email"]
-};
-
-//#endregion
-export { FacebookStrategy };

package/dist/toolkit/providers/github.d.mts

@@ -1,12 +0,0 @@
-import { OAuthStrategy } from "./strategy.mjs";
-
-//#region src/toolkit/providers/github.d.ts
-
-/**
- * GitHub OAuth 2.0 strategy.
- *
- * @see https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
- */
-declare const GitHubStrategy: OAuthStrategy;
-//#endregion
-export { GitHubStrategy };

package/dist/toolkit/providers/github.mjs

@@ -1,16 +0,0 @@
-//#region src/toolkit/providers/github.ts
-/**
-* GitHub OAuth 2.0 strategy.
-*
-* @see https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
-*/
-const GitHubStrategy = {
-	name: "github",
-	authorizationEndpoint: "https://github.com/login/oauth/authorize",
-	tokenEndpoint: "https://github.com/login/oauth/access_token",
-	userInfoEndpoint: "https://api.github.com/user",
-	scopes: ["read:user", "user:email"]
-};
-
-//#endregion
-export { GitHubStrategy };

package/dist/toolkit/providers/google.d.mts

@@ -1,12 +0,0 @@
-import { OAuthStrategy } from "./strategy.mjs";
-
-//#region src/toolkit/providers/google.d.ts
-
-/**
- * Google OAuth 2.0 / OpenID Connect strategy.
- *
- * @see https://developers.google.com/identity/protocols/oauth2
- */
-declare const GoogleStrategy: OAuthStrategy;
-//#endregion
-export { GoogleStrategy };

package/dist/toolkit/providers/google.mjs

@@ -1,20 +0,0 @@
-//#region src/toolkit/providers/google.ts
-/**
-* Google OAuth 2.0 / OpenID Connect strategy.
-*
-* @see https://developers.google.com/identity/protocols/oauth2
-*/
-const GoogleStrategy = {
-	name: "google",
-	authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth",
-	tokenEndpoint: "https://oauth2.googleapis.com/token",
-	userInfoEndpoint: "https://www.googleapis.com/oauth2/v3/userinfo",
-	scopes: [
-		"openid",
-		"email",
-		"profile"
-	]
-};
-
-//#endregion
-export { GoogleStrategy };

package/dist/toolkit/providers/strategy.d.mts

@@ -1,40 +0,0 @@
-//#region src/toolkit/providers/strategy.d.ts
-/**
- * OAuth 2.0 strategy interface and types for provider configurations.
- */
-/**
- * OAuth 2.0 token response from provider's token endpoint.
- * Based on RFC 6749 Section 5.1.
- */
-interface OAuth2TokenResponse {
-  /** The access token issued by the authorization server */
-  access_token: string;
-  /** The type of token (usually "Bearer") */
-  token_type?: string;
-  /** The lifetime in seconds of the access token */
-  expires_in?: number;
-  /** The refresh token for obtaining new access tokens */
-  refresh_token?: string;
-  /** The scope of the access token (space-separated list) */
-  scope?: string;
-  /** OpenID Connect ID token (JWT) */
-  id_token?: string;
-}
-/**
- * OAuth 2.0 provider strategy definition.
- * Defines the endpoints and default configuration for an OAuth provider.
- */
-interface OAuthStrategy {
-  /** Provider name (e.g., "github", "google") */
-  readonly name: string;
-  /** OAuth authorization endpoint URL */
-  readonly authorizationEndpoint: string;
-  /** OAuth token exchange endpoint URL */
-  readonly tokenEndpoint: string;
-  /** Optional user info endpoint URL (for OpenID Connect) */
-  readonly userInfoEndpoint?: string;
-  /** Default scopes to request */
-  readonly scopes: string[];
-}
-//#endregion
-export { OAuth2TokenResponse, OAuthStrategy };

package/dist/toolkit/providers/strategy.mjs

@@ -1 +0,0 @@
-export {  };