@draftlab/auth 0.2.5 → 0.3.0

package/dist/provider/discord.d.ts

@@ -0,0 +1,140 @@
+import { Provider } from "./provider.js";
+import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.js";
+
+//#region src/provider/discord.d.ts
+
+/**
+ * Configuration options for Discord OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with Discord-specific documentation.
+ */
+interface DiscordConfig extends Oauth2WrappedConfig {
+  /**
+   * Discord OAuth 2.0 client ID from Discord Developer Portal.
+   * Found in your Discord application settings.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientID: "1234567890123456789"
+   * }
+   * ```
+   */
+  readonly clientID: string;
+  /**
+   * Discord OAuth 2.0 client secret from Discord Developer Portal.
+   * Keep this secure and never expose it to client-side code.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientSecret: process.env.DISCORD_CLIENT_SECRET
+   * }
+   * ```
+   */
+  readonly clientSecret: string;
+  /**
+   * Discord OAuth scopes to request access for.
+   * Determines what data and actions your app can access.
+   *
+   * @example
+   * ```ts
+   * {
+   *   scopes: [
+   *     "identify",    // Basic user information
+   *     "email",       // Email address
+   *     "guilds",      // User's Discord servers
+   *     "connections"  // Connected accounts (Steam, etc.)
+   *   ]
+   * }
+   * ```
+   */
+  readonly scopes: string[];
+  /**
+   * Additional query parameters for Discord OAuth authorization.
+   * Useful for Discord-specific options like permissions.
+   *
+   * @example
+   * ```ts
+   * {
+   *   query: {
+   *     permissions: "8",        // Administrator permission
+   *     guild_id: "123456789",   // Pre-select specific guild
+   *     disable_guild_select: "true" // Disable guild selection
+   *   }
+   * }
+   * ```
+   */
+  readonly query?: Record<string, string>;
+}
+/**
+ * Creates a Discord OAuth 2.0 authentication provider.
+ * Use this when you need access tokens to call Discord APIs on behalf of the user.
+ *
+ * @param config - Discord OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for Discord
+ *
+ * @example
+ * ```ts
+ * // Basic Discord authentication
+ * const basicDiscord = DiscordProvider({
+ *   clientID: process.env.DISCORD_CLIENT_ID,
+ *   clientSecret: process.env.DISCORD_CLIENT_SECRET
+ * })
+ *
+ * // Discord with specific scopes
+ * const discordWithScopes = DiscordProvider({
+ *   clientID: process.env.DISCORD_CLIENT_ID,
+ *   clientSecret: process.env.DISCORD_CLIENT_SECRET,
+ *   scopes: [
+ *     "identify",
+ *     "email",
+ *     "guilds",
+ *     "connections"
+ *   ]
+ * })
+ *
+ * // Discord bot integration
+ * const discordBot = DiscordProvider({
+ *   clientID: process.env.DISCORD_CLIENT_ID,
+ *   clientSecret: process.env.DISCORD_CLIENT_SECRET,
+ *   scopes: ["bot", "guilds"],
+ *   query: {
+ *     permissions: "2048" // Send Messages permission
+ *   }
+ * })
+ *
+ * // Using the access token to fetch data
+ * export default issuer({
+ *   providers: { discord: discordWithScopes },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "discord") {
+ *       const token = value.tokenset.access
+ *
+ *       // Get user profile
+ *       const userRes = await fetch('https://discord.com/api/users/@me', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const user = await userRes.json()
+ *
+ *       // Get user guilds (if guilds scope granted)
+ *       const guildsRes = await fetch('https://discord.com/api/users/@me/guilds', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const guilds = await guildsRes.json()
+ *
+ *       return ctx.subject("user", {
+ *         discordId: user.id,
+ *         username: user.username,
+ *         discriminator: user.discriminator,
+ *         email: user.email,
+ *         avatar: user.avatar ? `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png` : null,
+ *         guildCount: guilds.length
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ */
+declare const DiscordProvider: (config: DiscordConfig) => Provider<Oauth2UserData>;
+//#endregion
+export { DiscordConfig, DiscordProvider };

package/dist/provider/discord.js

@@ -0,0 +1,85 @@
+import { Oauth2Provider } from "./oauth2.js";
+
+//#region src/provider/discord.ts
+/**
+* Creates a Discord OAuth 2.0 authentication provider.
+* Use this when you need access tokens to call Discord APIs on behalf of the user.
+*
+* @param config - Discord OAuth 2.0 configuration
+* @returns OAuth 2.0 provider configured for Discord
+*
+* @example
+* ```ts
+* // Basic Discord authentication
+* const basicDiscord = DiscordProvider({
+*   clientID: process.env.DISCORD_CLIENT_ID,
+*   clientSecret: process.env.DISCORD_CLIENT_SECRET
+* })
+*
+* // Discord with specific scopes
+* const discordWithScopes = DiscordProvider({
+*   clientID: process.env.DISCORD_CLIENT_ID,
+*   clientSecret: process.env.DISCORD_CLIENT_SECRET,
+*   scopes: [
+*     "identify",
+*     "email",
+*     "guilds",
+*     "connections"
+*   ]
+* })
+*
+* // Discord bot integration
+* const discordBot = DiscordProvider({
+*   clientID: process.env.DISCORD_CLIENT_ID,
+*   clientSecret: process.env.DISCORD_CLIENT_SECRET,
+*   scopes: ["bot", "guilds"],
+*   query: {
+*     permissions: "2048" // Send Messages permission
+*   }
+* })
+*
+* // Using the access token to fetch data
+* export default issuer({
+*   providers: { discord: discordWithScopes },
+*   success: async (ctx, value) => {
+*     if (value.provider === "discord") {
+*       const token = value.tokenset.access
+*
+*       // Get user profile
+*       const userRes = await fetch('https://discord.com/api/users/@me', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const user = await userRes.json()
+*
+*       // Get user guilds (if guilds scope granted)
+*       const guildsRes = await fetch('https://discord.com/api/users/@me/guilds', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const guilds = await guildsRes.json()
+*
+*       return ctx.subject("user", {
+*         discordId: user.id,
+*         username: user.username,
+*         discriminator: user.discriminator,
+*         email: user.email,
+*         avatar: user.avatar ? `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png` : null,
+*         guildCount: guilds.length
+*       })
+*     }
+*   }
+* })
+* ```
+*/
+const DiscordProvider = (config) => {
+	return Oauth2Provider({
+		...config,
+		type: "discord",
+		endpoint: {
+			authorization: "https://discord.com/oauth2/authorize",
+			token: "https://discord.com/api/oauth2/token"
+		}
+	});
+};
+
+//#endregion
+export { DiscordProvider };

package/dist/provider/linkedin.d.ts

@@ -0,0 +1,126 @@
+import { Provider } from "./provider.js";
+import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.js";
+
+//#region src/provider/linkedin.d.ts
+
+/**
+ * Configuration options for LinkedIn OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with LinkedIn-specific documentation.
+ */
+interface LinkedInConfig extends Oauth2WrappedConfig {
+  /**
+   * LinkedIn OAuth 2.0 client ID from LinkedIn Developer Console.
+   * Found in your LinkedIn app settings.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientID: "78abc123456789"
+   * }
+   * ```
+   */
+  readonly clientID: string;
+  /**
+   * LinkedIn OAuth 2.0 client secret from LinkedIn Developer Console.
+   * Keep this secure and never expose it to client-side code.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
+   * }
+   * ```
+   */
+  readonly clientSecret: string;
+  /**
+   * LinkedIn OAuth scopes to request access for.
+   * Determines what data and actions your app can access.
+   *
+   * @example
+   * ```ts
+   * {
+   *   scopes: [
+   *     "r_liteprofile",    // Basic profile information
+   *     "r_emailaddress",   // Email address
+   *     "w_member_social",  // Share content on behalf of user
+   *     "r_organization_social" // Organization content access
+   *   ]
+   * }
+   * ```
+   */
+  readonly scopes: string[];
+  /**
+   * Additional query parameters for LinkedIn OAuth authorization.
+   * Useful for LinkedIn-specific options.
+   *
+   * @example
+   * ```ts
+   * {
+   *   query: {
+   *     state: "custom-state-value" // Custom state parameter
+   *   }
+   * }
+   * ```
+   */
+  readonly query?: Record<string, string>;
+}
+/**
+ * Creates a LinkedIn OAuth 2.0 authentication provider.
+ * Use this when you need access tokens to call LinkedIn APIs on behalf of the user.
+ *
+ * @param config - LinkedIn OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for LinkedIn
+ *
+ * @example
+ * ```ts
+ * // Basic LinkedIn authentication
+ * const basicLinkedIn = LinkedInProvider({
+ *   clientID: process.env.LINKEDIN_CLIENT_ID,
+ *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
+ * })
+ *
+ * // LinkedIn with specific scopes
+ * const linkedInWithScopes = LinkedInProvider({
+ *   clientID: process.env.LINKEDIN_CLIENT_ID,
+ *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
+ *   scopes: [
+ *     "r_liteprofile",
+ *     "r_emailaddress",
+ *     "w_member_social"
+ *   ]
+ * })
+ *
+ * // Using the access token to fetch data
+ * export default issuer({
+ *   providers: { linkedin: linkedInWithScopes },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "linkedin") {
+ *       const token = value.tokenset.access
+ *
+ *       // Get user profile
+ *       const profileRes = await fetch('https://api.linkedin.com/v2/people/~', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const profile = await profileRes.json()
+ *
+ *       // Get user email
+ *       const emailRes = await fetch('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const emailData = await emailRes.json()
+ *
+ *       return ctx.subject("user", {
+ *         linkedinId: profile.id,
+ *         firstName: profile.localizedFirstName,
+ *         lastName: profile.localizedLastName,
+ *         email: emailData.elements[0]['handle~'].emailAddress,
+ *         profileUrl: `https://www.linkedin.com/in/${profile.vanityName || profile.id}`
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ */
+declare const LinkedInProvider: (config: LinkedInConfig) => Provider<Oauth2UserData>;
+//#endregion
+export { LinkedInConfig, LinkedInProvider };

package/dist/provider/linkedin.js

@@ -0,0 +1,73 @@
+import { Oauth2Provider } from "./oauth2.js";
+
+//#region src/provider/linkedin.ts
+/**
+* Creates a LinkedIn OAuth 2.0 authentication provider.
+* Use this when you need access tokens to call LinkedIn APIs on behalf of the user.
+*
+* @param config - LinkedIn OAuth 2.0 configuration
+* @returns OAuth 2.0 provider configured for LinkedIn
+*
+* @example
+* ```ts
+* // Basic LinkedIn authentication
+* const basicLinkedIn = LinkedInProvider({
+*   clientID: process.env.LINKEDIN_CLIENT_ID,
+*   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
+* })
+*
+* // LinkedIn with specific scopes
+* const linkedInWithScopes = LinkedInProvider({
+*   clientID: process.env.LINKEDIN_CLIENT_ID,
+*   clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
+*   scopes: [
+*     "r_liteprofile",
+*     "r_emailaddress",
+*     "w_member_social"
+*   ]
+* })
+*
+* // Using the access token to fetch data
+* export default issuer({
+*   providers: { linkedin: linkedInWithScopes },
+*   success: async (ctx, value) => {
+*     if (value.provider === "linkedin") {
+*       const token = value.tokenset.access
+*
+*       // Get user profile
+*       const profileRes = await fetch('https://api.linkedin.com/v2/people/~', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const profile = await profileRes.json()
+*
+*       // Get user email
+*       const emailRes = await fetch('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const emailData = await emailRes.json()
+*
+*       return ctx.subject("user", {
+*         linkedinId: profile.id,
+*         firstName: profile.localizedFirstName,
+*         lastName: profile.localizedLastName,
+*         email: emailData.elements[0]['handle~'].emailAddress,
+*         profileUrl: `https://www.linkedin.com/in/${profile.vanityName || profile.id}`
+*       })
+*     }
+*   }
+* })
+* ```
+*/
+const LinkedInProvider = (config) => {
+	return Oauth2Provider({
+		...config,
+		type: "linkedin",
+		endpoint: {
+			authorization: "https://www.linkedin.com/oauth/v2/authorization",
+			token: "https://www.linkedin.com/oauth/v2/accessToken"
+		}
+	});
+};
+
+//#endregion
+export { LinkedInProvider };

package/dist/provider/microsoft.d.ts

@@ -0,0 +1,172 @@
+import { Provider } from "./provider.js";
+import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.js";
+
+//#region src/provider/microsoft.d.ts
+
+/**
+ * Configuration options for Microsoft OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with Microsoft-specific documentation.
+ */
+interface MicrosoftConfig extends Oauth2WrappedConfig {
+  /**
+   * Microsoft Azure AD tenant ID or tenant type.
+   * Determines which types of accounts can sign in.
+   *
+   * @example
+   * ```ts
+   * {
+   *   tenant: "common"        // Personal + work/school accounts
+   *   // or
+   *   tenant: "organizations" // Work/school accounts only
+   *   // or
+   *   tenant: "consumers"     // Personal accounts only
+   *   // or
+   *   tenant: "12345678-1234-1234-1234-123456789012" // Specific tenant
+   * }
+   * ```
+   */
+  readonly tenant: string;
+  /**
+   * Microsoft OAuth 2.0 client ID from Azure App Registration.
+   * Found in your Azure portal app registration.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientID: "12345678-1234-1234-1234-123456789012"
+   * }
+   * ```
+   */
+  readonly clientID: string;
+  /**
+   * Microsoft OAuth 2.0 client secret from Azure App Registration.
+   * Keep this secure and never expose it to client-side code.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
+   * }
+   * ```
+   */
+  readonly clientSecret: string;
+  /**
+   * Microsoft OAuth scopes to request access for.
+   * Determines what data and actions your app can access via Microsoft Graph.
+   *
+   * @example
+   * ```ts
+   * {
+   *   scopes: [
+   *     "openid",           // OpenID Connect sign-in
+   *     "profile",          // Basic profile
+   *     "email",            // Email address
+   *     "User.Read",        // Read user profile
+   *     "Mail.Read",        // Read user mail
+   *     "Calendars.Read"    // Read user calendars
+   *   ]
+   * }
+   * ```
+   */
+  readonly scopes: string[];
+  /**
+   * Additional query parameters for Microsoft OAuth authorization.
+   * Useful for Microsoft-specific options like domain hints.
+   *
+   * @example
+   * ```ts
+   * {
+   *   query: {
+   *     domain_hint: "contoso.com",    // Pre-fill domain
+   *     login_hint: "user@contoso.com", // Pre-fill username
+   *     prompt: "consent"              // Force consent screen
+   *   }
+   * }
+   * ```
+   */
+  readonly query?: Record<string, string>;
+}
+/**
+ * Creates a Microsoft OAuth 2.0 authentication provider.
+ * Use this when you need access tokens to call Microsoft Graph APIs on behalf of the user.
+ *
+ * @param config - Microsoft OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for Microsoft
+ *
+ * @example
+ * ```ts
+ * // Basic Microsoft authentication (all account types)
+ * const basicMicrosoft = MicrosoftProvider({
+ *   tenant: "common",
+ *   clientID: process.env.MICROSOFT_CLIENT_ID,
+ *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
+ * })
+ *
+ * // Work/school accounts only
+ * const workMicrosoft = MicrosoftProvider({
+ *   tenant: "organizations",
+ *   clientID: process.env.MICROSOFT_CLIENT_ID,
+ *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+ *   scopes: [
+ *     "openid",
+ *     "profile",
+ *     "email",
+ *     "User.Read",
+ *     "Mail.Read"
+ *   ]
+ * })
+ *
+ * // Specific tenant with advanced scopes
+ * const enterpriseMicrosoft = MicrosoftProvider({
+ *   tenant: "12345678-1234-1234-1234-123456789012",
+ *   clientID: process.env.MICROSOFT_CLIENT_ID,
+ *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+ *   scopes: [
+ *     "openid",
+ *     "profile",
+ *     "email",
+ *     "User.Read",
+ *     "Directory.Read.All",
+ *     "Sites.Read.All"
+ *   ],
+ *   query: {
+ *     domain_hint: "contoso.com"
+ *   }
+ * })
+ *
+ * // Using the access token to fetch data
+ * export default issuer({
+ *   providers: { microsoft: workMicrosoft },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "microsoft") {
+ *       const token = value.tokenset.access
+ *
+ *       // Get user profile from Microsoft Graph
+ *       const userRes = await fetch('https://graph.microsoft.com/v1.0/me', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const user = await userRes.json()
+ *
+ *       // Get user's manager (if available)
+ *       const managerRes = await fetch('https://graph.microsoft.com/v1.0/me/manager', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const manager = await managerRes.json()
+ *
+ *       return ctx.subject("user", {
+ *         microsoftId: user.id,
+ *         displayName: user.displayName,
+ *         email: user.mail || user.userPrincipalName,
+ *         jobTitle: user.jobTitle,
+ *         department: user.department,
+ *         officeLocation: user.officeLocation,
+ *         managerName: manager?.displayName
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ */
+declare const MicrosoftProvider: (config: MicrosoftConfig) => Provider<Oauth2UserData>;
+//#endregion
+export { MicrosoftConfig, MicrosoftProvider };

package/dist/provider/microsoft.js

@@ -0,0 +1,97 @@
+import { Oauth2Provider } from "./oauth2.js";
+
+//#region src/provider/microsoft.ts
+/**
+* Creates a Microsoft OAuth 2.0 authentication provider.
+* Use this when you need access tokens to call Microsoft Graph APIs on behalf of the user.
+*
+* @param config - Microsoft OAuth 2.0 configuration
+* @returns OAuth 2.0 provider configured for Microsoft
+*
+* @example
+* ```ts
+* // Basic Microsoft authentication (all account types)
+* const basicMicrosoft = MicrosoftProvider({
+*   tenant: "common",
+*   clientID: process.env.MICROSOFT_CLIENT_ID,
+*   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
+* })
+*
+* // Work/school accounts only
+* const workMicrosoft = MicrosoftProvider({
+*   tenant: "organizations",
+*   clientID: process.env.MICROSOFT_CLIENT_ID,
+*   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+*   scopes: [
+*     "openid",
+*     "profile",
+*     "email",
+*     "User.Read",
+*     "Mail.Read"
+*   ]
+* })
+*
+* // Specific tenant with advanced scopes
+* const enterpriseMicrosoft = MicrosoftProvider({
+*   tenant: "12345678-1234-1234-1234-123456789012",
+*   clientID: process.env.MICROSOFT_CLIENT_ID,
+*   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+*   scopes: [
+*     "openid",
+*     "profile",
+*     "email",
+*     "User.Read",
+*     "Directory.Read.All",
+*     "Sites.Read.All"
+*   ],
+*   query: {
+*     domain_hint: "contoso.com"
+*   }
+* })
+*
+* // Using the access token to fetch data
+* export default issuer({
+*   providers: { microsoft: workMicrosoft },
+*   success: async (ctx, value) => {
+*     if (value.provider === "microsoft") {
+*       const token = value.tokenset.access
+*
+*       // Get user profile from Microsoft Graph
+*       const userRes = await fetch('https://graph.microsoft.com/v1.0/me', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const user = await userRes.json()
+*
+*       // Get user's manager (if available)
+*       const managerRes = await fetch('https://graph.microsoft.com/v1.0/me/manager', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const manager = await managerRes.json()
+*
+*       return ctx.subject("user", {
+*         microsoftId: user.id,
+*         displayName: user.displayName,
+*         email: user.mail || user.userPrincipalName,
+*         jobTitle: user.jobTitle,
+*         department: user.department,
+*         officeLocation: user.officeLocation,
+*         managerName: manager?.displayName
+*       })
+*     }
+*   }
+* })
+* ```
+*/
+const MicrosoftProvider = (config) => {
+	return Oauth2Provider({
+		...config,
+		type: "microsoft",
+		endpoint: {
+			authorization: `https://login.microsoftonline.com/${config.tenant}/oauth2/v2.0/authorize`,
+			token: `https://login.microsoftonline.com/${config.tenant}/oauth2/v2.0/token`
+		}
+	});
+};
+
+//#endregion
+export { MicrosoftProvider };

package/dist/provider/totp.d.ts

@@ -47,14 +47,6 @@ interface TOTPProviderConfig {
    * @param error - Optional error message to display
    */
   register: (req: Request, qrCodeUrl: string, secret: string, backupCodes: string[], error?: string, email?: string) => Promise<Response>;
-  /**
-   * Custom verification handler that generates the UI for TOTP verification.
-   * Called when user needs to enter their TOTP code.
-   *
-   * @param req - The HTTP request object
-   * @param error - Optional error message to display
-   */
-  verify: (req: Request, error?: string) => Promise<Response>;
   /**
    * Custom recovery handler that generates the UI for backup code entry.
    * Called when user wants to use a recovery code instead of TOTP.

package/dist/provider/totp.js

@@ -42,9 +42,6 @@ const TOTPProvider = (config) => {
 			const saveTOTPData = async (userId, data) => {
 				await Storage.set(ctx.storage, totpKey(userId), data);
 			};
-			const deleteTOTPData = async (userId) => {
-				await Storage.remove(ctx.storage, totpKey(userId));
-			};
 			const generateBackupCodes = (count) => {
 				const codes = [];
 				for (let i = 0; i < count; i++) {
@@ -66,7 +63,7 @@ const TOTPProvider = (config) => {
 			routes.get("/register", async (c) => {
 				return ctx.forward(c, await config.register(c.request, "", "", []));
 			});
-			routes.post("/register-verify", async (c) => {
+			routes.post("/register", async (c) => {
 				const formData = await c.formData();
 				const email = formData.get("email")?.toString();
 				const action = formData.get("action")?.toString();
@@ -110,13 +107,13 @@ const TOTPProvider = (config) => {
 			routes.get("/authorize", async (c) => {
 				return ctx.forward(c, await config.authorize(c.request));
 			});
-			routes.post("/verify", async (c) => {
+			routes.post("/authorize", async (c) => {
 				const formData = await c.formData();
 				const email = formData.get("email")?.toString();
 				const token = formData.get("token")?.toString();
-				if (!email || !token) return ctx.forward(c, await config.verify(c.request, "Email and verification code are required"));
+				if (!email || !token) return ctx.forward(c, await config.authorize(c.request, "Email and verification code are required"));
 				const totpData = await getTOTPData(email);
-				if (!totpData || !totpData.enabled) return ctx.forward(c, await config.verify(c.request, "TOTP is not set up for this email"));
+				if (!totpData || !totpData.enabled) return ctx.forward(c, await config.authorize(c.request, "TOTP is not set up for this email"));
 				const totp = createTOTPInstance(totpData.secret, totpData.label || email);
 				const delta = totp.validate({
 					token,
@@ -126,12 +123,12 @@ const TOTPProvider = (config) => {
 					email,
 					method: "totp"
 				});
-				return ctx.forward(c, await config.verify(c.request, "Invalid verification code"));
+				return ctx.forward(c, await config.authorize(c.request, "Invalid verification code"));
 			});
 			routes.get("/recovery", async (c) => {
 				return ctx.forward(c, await config.recovery(c.request));
 			});
-			routes.post("/recovery-verify", async (c) => {
+			routes.post("/recovery", async (c) => {
 				const formData = await c.formData();
 				const email = formData.get("email")?.toString();
 				const code = formData.get("code")?.toString()?.toUpperCase();
@@ -149,40 +146,6 @@ const TOTPProvider = (config) => {
 				}
 				return ctx.forward(c, await config.recovery(c.request, "Invalid or already used recovery code"));
 			});
-			routes.post("/disable", async (c) => {
-				const userId = c.query("userId");
-				if (!userId) return c.json({ error: "User ID is required" }, { status: 400 });
-				await deleteTOTPData(userId);
-				return c.json({
-					success: true,
-					message: "TOTP has been disabled"
-				});
-			});
-			routes.get("/status", async (c) => {
-				const userId = c.query("userId");
-				if (!userId) return c.json({ error: "User ID is required" }, { status: 400 });
-				const totpData = await getTOTPData(userId);
-				return c.json({
-					enabled: totpData?.enabled || false,
-					hasBackupCodes: (totpData?.backupCodes?.length || 0) > 0,
-					backupCodesCount: totpData?.backupCodes?.length || 0,
-					setupDate: totpData?.createdAt
-				});
-			});
-			routes.post("/regenerate-backup-codes", async (c) => {
-				const userId = c.query("userId");
-				if (!userId) return c.json({ error: "User ID is required" }, { status: 400 });
-				const totpData = await getTOTPData(userId);
-				if (!totpData || !totpData.enabled) return c.json({ error: "TOTP is not enabled for this user" }, { status: 400 });
-				const newBackupCodes = generateBackupCodes(backupCodesCount);
-				totpData.backupCodes = newBackupCodes;
-				await saveTOTPData(userId, totpData);
-				return c.json({
-					success: true,
-					backupCodes: newBackupCodes,
-					message: "New backup codes generated"
-				});
-			});
 		}
 	};
 };

package/dist/ui/select.js

@@ -8,16 +8,7 @@ import { jsx, jsxs } from "preact/jsx-runtime";
 */
 const PROVIDER_ICONS = {
 	github: ICON_GITHUB,
-	google: ICON_GOOGLE,
-	code: () => /* @__PURE__ */ jsx("svg", {
-		width: "20",
-		height: "20",
-		viewBox: "0 0 52 52",
-		fill: "currentColor",
-		"aria-label": "Code authentication",
-		role: "img",
-		children: /* @__PURE__ */ jsx("path", { d: "M8.55,36.91A6.55,6.55,0,1,1,2,43.45,6.54,6.54,0,0,1,8.55,36.91Zm17.45,0a6.55,6.55,0,1,1-6.55,6.54A6.55,6.55,0,0,1,26,36.91Zm17.45,0a6.55,6.55,0,1,1-6.54,6.54A6.54,6.54,0,0,1,43.45,36.91ZM8.55,19.45A6.55,6.55,0,1,1,2,26,6.55,6.55,0,0,1,8.55,19.45Zm17.45,0A6.55,6.55,0,1,1,19.45,26,6.56,6.56,0,0,1,26,19.45Zm17.45,0A6.55,6.55,0,1,1,36.91,26,6.55,6.55,0,0,1,43.45,19.45ZM8.55,2A6.55,6.55,0,1,1,2,8.55,6.54,6.54,0,0,1,8.55,2ZM26,2a6.55,6.55,0,1,1-6.55,6.55A6.55,6.55,0,0,1,26,2ZM43.45,2a6.55,6.55,0,1,1-6.54,6.55A6.55,6.55,0,0,1,43.45,2Z" })
-	})
+	google: ICON_GOOGLE
 };
 /**
 * Default display names for provider types
@@ -30,28 +21,6 @@ const DEFAULT_DISPLAYS = {
 	password: "Password"
 };
 /**
-* Individual provider button component
-*/
-const ProviderButton = ({ providerKey, providerType, config, displays, buttonText }) => {
-	const displayName = config?.display || displays[providerType] || DEFAULT_DISPLAYS[providerType] || providerType;
-	const IconComponent = PROVIDER_ICONS[providerKey] || PROVIDER_ICONS[providerType];
-	return /* @__PURE__ */ jsxs("a", {
-		href: `./${providerKey}/authorize`,
-		"data-component": "button",
-		"data-color": "ghost",
-		"aria-label": `${buttonText} ${displayName}`,
-		children: [
-			IconComponent && /* @__PURE__ */ jsx("i", {
-				"data-slot": "icon",
-				children: /* @__PURE__ */ jsx(IconComponent, {})
-			}),
-			buttonText,
-			" ",
-			displayName
-		]
-	});
-};
-/**
 * Main provider selection component
 */
 const ProviderSelect = ({ providers, config = {}, theme }) => {
@@ -66,13 +35,25 @@ const ProviderSelect = ({ providers, config = {}, theme }) => {
 		title: "Sign In",
 		children: /* @__PURE__ */ jsx("div", {
 			"data-component": "form",
-			children: visibleProviders.map(([key, type]) => /* @__PURE__ */ jsx(ProviderButton, {
-				providerKey: key,
-				providerType: type,
-				config: config.providers?.[key],
-				displays,
-				buttonText
-			}, key))
+			children: visibleProviders.map(([key, type]) => {
+				const displayName = config.providers?.[key]?.display || displays[type] || DEFAULT_DISPLAYS[type] || type;
+				const IconComponent = PROVIDER_ICONS[key] || PROVIDER_ICONS[type];
+				return /* @__PURE__ */ jsxs("a", {
+					href: `./${key}/authorize`,
+					"data-component": "button",
+					"data-color": "ghost",
+					"aria-label": `${buttonText} ${displayName}`,
+					children: [
+						IconComponent && /* @__PURE__ */ jsx("i", {
+							"data-slot": "icon",
+							children: /* @__PURE__ */ jsx(IconComponent, {})
+						}),
+						buttonText,
+						" ",
+						displayName
+					]
+				}, key);
+			})
 		})
 	});
 };

package/dist/ui/totp.d.ts

@@ -6,12 +6,6 @@ import { TOTPProviderConfig } from "../provider/totp.js";
  * Strongly typed copy text configuration for TOTP UI
  */
 interface TOTPUICopy {
-  readonly setup_title: string;
-  readonly setup_description: string;
-  readonly verify_title: string;
-  readonly verify_description: string;
-  readonly recovery_title: string;
-  readonly recovery_description: string;
   readonly setup_manual_entry: string;
   readonly setup_backup_codes_title: string;
   readonly setup_backup_codes_description: string;

package/dist/ui/totp.js

@@ -5,12 +5,6 @@ import QRCode from "qrcode";
 
 //#region src/ui/totp.tsx
 const DEFAULT_COPY = {
-	setup_title: "Set up Two-Factor Authentication",
-	setup_description: "Scan the QR code with your authenticator app, then enter the verification code.",
-	verify_title: "Enter authentication code",
-	verify_description: "Open your authenticator app and enter the current 6-digit code.",
-	recovery_title: "Use backup code",
-	recovery_description: "Enter one of your backup codes. Each code can only be used once.",
 	setup_manual_entry: "Can't scan? Enter this code manually:",
 	setup_backup_codes_title: "Save your backup codes",
 	setup_backup_codes_description: "Store these backup codes in a safe place. You can use them to access your account if you lose your device.",
@@ -54,7 +48,7 @@ const TOTPUI = (options = {}) => {
 		if (!qrCodeUrl) return /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
 			"data-component": "form",
 			method: "post",
-			action: "./register-verify",
+			action: "./register",
 			children: [
 				/* @__PURE__ */ jsx(FormAlert, { message: error }),
 				/* @__PURE__ */ jsx("input", {
@@ -93,7 +87,7 @@ const TOTPUI = (options = {}) => {
 		return /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
 			"data-component": "form",
 			method: "post",
-			action: "./register-verify",
+			action: "./register",
 			children: [
 				/* @__PURE__ */ jsx(FormAlert, { message: error }),
 				email && /* @__PURE__ */ jsx("input", {
@@ -169,7 +163,7 @@ const TOTPUI = (options = {}) => {
 	const renderAuthorize = (error) => /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
 		"data-component": "form",
 		method: "post",
-		action: "./verify",
+		action: "./authorize",
 		children: [
 			/* @__PURE__ */ jsx(FormAlert, { message: error }),
 			/* @__PURE__ */ jsx("input", {
@@ -215,55 +209,12 @@ const TOTPUI = (options = {}) => {
 		]
 	}) });
 	/**
-	* Renders the verification form
-	*/
-	const renderVerify = (error) => /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
-		"data-component": "form",
-		method: "post",
-		action: "./verify",
-		children: [
-			/* @__PURE__ */ jsx(FormAlert, { message: error }),
-			/* @__PURE__ */ jsx("input", {
-				type: "email",
-				name: "email",
-				placeholder: "Email",
-				autoComplete: "email",
-				"data-component": "input",
-				required: true
-			}),
-			/* @__PURE__ */ jsx("input", {
-				type: "text",
-				name: "token",
-				placeholder: copy.input_token,
-				pattern: "[0-9]{6}",
-				maxLength: 6,
-				minLength: 6,
-				autoComplete: "one-time-code",
-				"data-component": "input",
-				required: true
-			}),
-			/* @__PURE__ */ jsx("button", {
-				type: "submit",
-				"data-component": "button",
-				children: copy.button_continue
-			}),
-			/* @__PURE__ */ jsx("div", {
-				"data-component": "form-footer",
-				children: /* @__PURE__ */ jsx("a", {
-					href: "./recovery",
-					"data-component": "link",
-					children: copy.link_use_recovery
-				})
-			})
-		]
-	}) });
-	/**
 	* Renders the recovery form
 	*/
 	const renderRecovery = (error) => /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
 		"data-component": "form",
 		method: "post",
-		action: "./recovery-verify",
+		action: "./recovery",
 		children: [
 			/* @__PURE__ */ jsx(FormAlert, { message: error }),
 			/* @__PURE__ */ jsx("input", {
@@ -308,10 +259,6 @@ const TOTPUI = (options = {}) => {
 			const jsx$1 = await renderRegister(qrCodeUrl, secret, backupCodes, error, email);
 			return new Response(renderToHTML(jsx$1), { headers: { "Content-Type": "text/html" } });
 		},
-		verify: async (_req, error) => {
-			const jsx$1 = renderVerify(error);
-			return new Response(renderToHTML(jsx$1), { headers: { "Content-Type": "text/html" } });
-		},
 		recovery: async (_req, error) => {
 			const jsx$1 = renderRecovery(error);
 			return new Response(renderToHTML(jsx$1), { headers: { "Content-Type": "text/html" } });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@draftlab/auth",
-  "version": "0.2.5",
+  "version": "0.3.0",
   "type": "module",
   "description": "Core implementation for @draftlab/auth",
   "author": "Matheus Pergoli",
@@ -60,10 +60,10 @@
     "@standard-schema/spec": "^1.0.0",
     "jose": "^6.0.12",
     "otpauth": "^9.4.0",
-    "preact": "^10.26.9",
+    "preact": "^10.27.0",
     "preact-render-to-string": "^6.5.13",
     "qrcode": "^1.5.4",
-    "@draftlab/auth-router": "0.0.4"
+    "@draftlab/auth-router": "0.0.5"
   },
   "engines": {
     "node": ">=18"