@draftlab/auth 0.2.6 → 0.3.0

package/dist/provider/discord.d.ts

@@ -0,0 +1,140 @@
+import { Provider } from "./provider.js";
+import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.js";
+
+//#region src/provider/discord.d.ts
+
+/**
+ * Configuration options for Discord OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with Discord-specific documentation.
+ */
+interface DiscordConfig extends Oauth2WrappedConfig {
+  /**
+   * Discord OAuth 2.0 client ID from Discord Developer Portal.
+   * Found in your Discord application settings.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientID: "1234567890123456789"
+   * }
+   * ```
+   */
+  readonly clientID: string;
+  /**
+   * Discord OAuth 2.0 client secret from Discord Developer Portal.
+   * Keep this secure and never expose it to client-side code.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientSecret: process.env.DISCORD_CLIENT_SECRET
+   * }
+   * ```
+   */
+  readonly clientSecret: string;
+  /**
+   * Discord OAuth scopes to request access for.
+   * Determines what data and actions your app can access.
+   *
+   * @example
+   * ```ts
+   * {
+   *   scopes: [
+   *     "identify",    // Basic user information
+   *     "email",       // Email address
+   *     "guilds",      // User's Discord servers
+   *     "connections"  // Connected accounts (Steam, etc.)
+   *   ]
+   * }
+   * ```
+   */
+  readonly scopes: string[];
+  /**
+   * Additional query parameters for Discord OAuth authorization.
+   * Useful for Discord-specific options like permissions.
+   *
+   * @example
+   * ```ts
+   * {
+   *   query: {
+   *     permissions: "8",        // Administrator permission
+   *     guild_id: "123456789",   // Pre-select specific guild
+   *     disable_guild_select: "true" // Disable guild selection
+   *   }
+   * }
+   * ```
+   */
+  readonly query?: Record<string, string>;
+}
+/**
+ * Creates a Discord OAuth 2.0 authentication provider.
+ * Use this when you need access tokens to call Discord APIs on behalf of the user.
+ *
+ * @param config - Discord OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for Discord
+ *
+ * @example
+ * ```ts
+ * // Basic Discord authentication
+ * const basicDiscord = DiscordProvider({
+ *   clientID: process.env.DISCORD_CLIENT_ID,
+ *   clientSecret: process.env.DISCORD_CLIENT_SECRET
+ * })
+ *
+ * // Discord with specific scopes
+ * const discordWithScopes = DiscordProvider({
+ *   clientID: process.env.DISCORD_CLIENT_ID,
+ *   clientSecret: process.env.DISCORD_CLIENT_SECRET,
+ *   scopes: [
+ *     "identify",
+ *     "email",
+ *     "guilds",
+ *     "connections"
+ *   ]
+ * })
+ *
+ * // Discord bot integration
+ * const discordBot = DiscordProvider({
+ *   clientID: process.env.DISCORD_CLIENT_ID,
+ *   clientSecret: process.env.DISCORD_CLIENT_SECRET,
+ *   scopes: ["bot", "guilds"],
+ *   query: {
+ *     permissions: "2048" // Send Messages permission
+ *   }
+ * })
+ *
+ * // Using the access token to fetch data
+ * export default issuer({
+ *   providers: { discord: discordWithScopes },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "discord") {
+ *       const token = value.tokenset.access
+ *
+ *       // Get user profile
+ *       const userRes = await fetch('https://discord.com/api/users/@me', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const user = await userRes.json()
+ *
+ *       // Get user guilds (if guilds scope granted)
+ *       const guildsRes = await fetch('https://discord.com/api/users/@me/guilds', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const guilds = await guildsRes.json()
+ *
+ *       return ctx.subject("user", {
+ *         discordId: user.id,
+ *         username: user.username,
+ *         discriminator: user.discriminator,
+ *         email: user.email,
+ *         avatar: user.avatar ? `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png` : null,
+ *         guildCount: guilds.length
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ */
+declare const DiscordProvider: (config: DiscordConfig) => Provider<Oauth2UserData>;
+//#endregion
+export { DiscordConfig, DiscordProvider };

package/dist/provider/discord.js

@@ -0,0 +1,85 @@
+import { Oauth2Provider } from "./oauth2.js";
+
+//#region src/provider/discord.ts
+/**
+* Creates a Discord OAuth 2.0 authentication provider.
+* Use this when you need access tokens to call Discord APIs on behalf of the user.
+*
+* @param config - Discord OAuth 2.0 configuration
+* @returns OAuth 2.0 provider configured for Discord
+*
+* @example
+* ```ts
+* // Basic Discord authentication
+* const basicDiscord = DiscordProvider({
+*   clientID: process.env.DISCORD_CLIENT_ID,
+*   clientSecret: process.env.DISCORD_CLIENT_SECRET
+* })
+*
+* // Discord with specific scopes
+* const discordWithScopes = DiscordProvider({
+*   clientID: process.env.DISCORD_CLIENT_ID,
+*   clientSecret: process.env.DISCORD_CLIENT_SECRET,
+*   scopes: [
+*     "identify",
+*     "email",
+*     "guilds",
+*     "connections"
+*   ]
+* })
+*
+* // Discord bot integration
+* const discordBot = DiscordProvider({
+*   clientID: process.env.DISCORD_CLIENT_ID,
+*   clientSecret: process.env.DISCORD_CLIENT_SECRET,
+*   scopes: ["bot", "guilds"],
+*   query: {
+*     permissions: "2048" // Send Messages permission
+*   }
+* })
+*
+* // Using the access token to fetch data
+* export default issuer({
+*   providers: { discord: discordWithScopes },
+*   success: async (ctx, value) => {
+*     if (value.provider === "discord") {
+*       const token = value.tokenset.access
+*
+*       // Get user profile
+*       const userRes = await fetch('https://discord.com/api/users/@me', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const user = await userRes.json()
+*
+*       // Get user guilds (if guilds scope granted)
+*       const guildsRes = await fetch('https://discord.com/api/users/@me/guilds', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const guilds = await guildsRes.json()
+*
+*       return ctx.subject("user", {
+*         discordId: user.id,
+*         username: user.username,
+*         discriminator: user.discriminator,
+*         email: user.email,
+*         avatar: user.avatar ? `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png` : null,
+*         guildCount: guilds.length
+*       })
+*     }
+*   }
+* })
+* ```
+*/
+const DiscordProvider = (config) => {
+	return Oauth2Provider({
+		...config,
+		type: "discord",
+		endpoint: {
+			authorization: "https://discord.com/oauth2/authorize",
+			token: "https://discord.com/api/oauth2/token"
+		}
+	});
+};
+
+//#endregion
+export { DiscordProvider };

package/dist/provider/linkedin.d.ts

@@ -0,0 +1,126 @@
+import { Provider } from "./provider.js";
+import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.js";
+
+//#region src/provider/linkedin.d.ts
+
+/**
+ * Configuration options for LinkedIn OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with LinkedIn-specific documentation.
+ */
+interface LinkedInConfig extends Oauth2WrappedConfig {
+  /**
+   * LinkedIn OAuth 2.0 client ID from LinkedIn Developer Console.
+   * Found in your LinkedIn app settings.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientID: "78abc123456789"
+   * }
+   * ```
+   */
+  readonly clientID: string;
+  /**
+   * LinkedIn OAuth 2.0 client secret from LinkedIn Developer Console.
+   * Keep this secure and never expose it to client-side code.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
+   * }
+   * ```
+   */
+  readonly clientSecret: string;
+  /**
+   * LinkedIn OAuth scopes to request access for.
+   * Determines what data and actions your app can access.
+   *
+   * @example
+   * ```ts
+   * {
+   *   scopes: [
+   *     "r_liteprofile",    // Basic profile information
+   *     "r_emailaddress",   // Email address
+   *     "w_member_social",  // Share content on behalf of user
+   *     "r_organization_social" // Organization content access
+   *   ]
+   * }
+   * ```
+   */
+  readonly scopes: string[];
+  /**
+   * Additional query parameters for LinkedIn OAuth authorization.
+   * Useful for LinkedIn-specific options.
+   *
+   * @example
+   * ```ts
+   * {
+   *   query: {
+   *     state: "custom-state-value" // Custom state parameter
+   *   }
+   * }
+   * ```
+   */
+  readonly query?: Record<string, string>;
+}
+/**
+ * Creates a LinkedIn OAuth 2.0 authentication provider.
+ * Use this when you need access tokens to call LinkedIn APIs on behalf of the user.
+ *
+ * @param config - LinkedIn OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for LinkedIn
+ *
+ * @example
+ * ```ts
+ * // Basic LinkedIn authentication
+ * const basicLinkedIn = LinkedInProvider({
+ *   clientID: process.env.LINKEDIN_CLIENT_ID,
+ *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
+ * })
+ *
+ * // LinkedIn with specific scopes
+ * const linkedInWithScopes = LinkedInProvider({
+ *   clientID: process.env.LINKEDIN_CLIENT_ID,
+ *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
+ *   scopes: [
+ *     "r_liteprofile",
+ *     "r_emailaddress",
+ *     "w_member_social"
+ *   ]
+ * })
+ *
+ * // Using the access token to fetch data
+ * export default issuer({
+ *   providers: { linkedin: linkedInWithScopes },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "linkedin") {
+ *       const token = value.tokenset.access
+ *
+ *       // Get user profile
+ *       const profileRes = await fetch('https://api.linkedin.com/v2/people/~', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const profile = await profileRes.json()
+ *
+ *       // Get user email
+ *       const emailRes = await fetch('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const emailData = await emailRes.json()
+ *
+ *       return ctx.subject("user", {
+ *         linkedinId: profile.id,
+ *         firstName: profile.localizedFirstName,
+ *         lastName: profile.localizedLastName,
+ *         email: emailData.elements[0]['handle~'].emailAddress,
+ *         profileUrl: `https://www.linkedin.com/in/${profile.vanityName || profile.id}`
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ */
+declare const LinkedInProvider: (config: LinkedInConfig) => Provider<Oauth2UserData>;
+//#endregion
+export { LinkedInConfig, LinkedInProvider };

package/dist/provider/linkedin.js

@@ -0,0 +1,73 @@
+import { Oauth2Provider } from "./oauth2.js";
+
+//#region src/provider/linkedin.ts
+/**
+* Creates a LinkedIn OAuth 2.0 authentication provider.
+* Use this when you need access tokens to call LinkedIn APIs on behalf of the user.
+*
+* @param config - LinkedIn OAuth 2.0 configuration
+* @returns OAuth 2.0 provider configured for LinkedIn
+*
+* @example
+* ```ts
+* // Basic LinkedIn authentication
+* const basicLinkedIn = LinkedInProvider({
+*   clientID: process.env.LINKEDIN_CLIENT_ID,
+*   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
+* })
+*
+* // LinkedIn with specific scopes
+* const linkedInWithScopes = LinkedInProvider({
+*   clientID: process.env.LINKEDIN_CLIENT_ID,
+*   clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
+*   scopes: [
+*     "r_liteprofile",
+*     "r_emailaddress",
+*     "w_member_social"
+*   ]
+* })
+*
+* // Using the access token to fetch data
+* export default issuer({
+*   providers: { linkedin: linkedInWithScopes },
+*   success: async (ctx, value) => {
+*     if (value.provider === "linkedin") {
+*       const token = value.tokenset.access
+*
+*       // Get user profile
+*       const profileRes = await fetch('https://api.linkedin.com/v2/people/~', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const profile = await profileRes.json()
+*
+*       // Get user email
+*       const emailRes = await fetch('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const emailData = await emailRes.json()
+*
+*       return ctx.subject("user", {
+*         linkedinId: profile.id,
+*         firstName: profile.localizedFirstName,
+*         lastName: profile.localizedLastName,
+*         email: emailData.elements[0]['handle~'].emailAddress,
+*         profileUrl: `https://www.linkedin.com/in/${profile.vanityName || profile.id}`
+*       })
+*     }
+*   }
+* })
+* ```
+*/
+const LinkedInProvider = (config) => {
+	return Oauth2Provider({
+		...config,
+		type: "linkedin",
+		endpoint: {
+			authorization: "https://www.linkedin.com/oauth/v2/authorization",
+			token: "https://www.linkedin.com/oauth/v2/accessToken"
+		}
+	});
+};
+
+//#endregion
+export { LinkedInProvider };

package/dist/provider/microsoft.d.ts

@@ -0,0 +1,172 @@
+import { Provider } from "./provider.js";
+import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.js";
+
+//#region src/provider/microsoft.d.ts
+
+/**
+ * Configuration options for Microsoft OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with Microsoft-specific documentation.
+ */
+interface MicrosoftConfig extends Oauth2WrappedConfig {
+  /**
+   * Microsoft Azure AD tenant ID or tenant type.
+   * Determines which types of accounts can sign in.
+   *
+   * @example
+   * ```ts
+   * {
+   *   tenant: "common"        // Personal + work/school accounts
+   *   // or
+   *   tenant: "organizations" // Work/school accounts only
+   *   // or
+   *   tenant: "consumers"     // Personal accounts only
+   *   // or
+   *   tenant: "12345678-1234-1234-1234-123456789012" // Specific tenant
+   * }
+   * ```
+   */
+  readonly tenant: string;
+  /**
+   * Microsoft OAuth 2.0 client ID from Azure App Registration.
+   * Found in your Azure portal app registration.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientID: "12345678-1234-1234-1234-123456789012"
+   * }
+   * ```
+   */
+  readonly clientID: string;
+  /**
+   * Microsoft OAuth 2.0 client secret from Azure App Registration.
+   * Keep this secure and never expose it to client-side code.
+   *
+   * @example
+   * ```ts
+   * {
+   *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
+   * }
+   * ```
+   */
+  readonly clientSecret: string;
+  /**
+   * Microsoft OAuth scopes to request access for.
+   * Determines what data and actions your app can access via Microsoft Graph.
+   *
+   * @example
+   * ```ts
+   * {
+   *   scopes: [
+   *     "openid",           // OpenID Connect sign-in
+   *     "profile",          // Basic profile
+   *     "email",            // Email address
+   *     "User.Read",        // Read user profile
+   *     "Mail.Read",        // Read user mail
+   *     "Calendars.Read"    // Read user calendars
+   *   ]
+   * }
+   * ```
+   */
+  readonly scopes: string[];
+  /**
+   * Additional query parameters for Microsoft OAuth authorization.
+   * Useful for Microsoft-specific options like domain hints.
+   *
+   * @example
+   * ```ts
+   * {
+   *   query: {
+   *     domain_hint: "contoso.com",    // Pre-fill domain
+   *     login_hint: "user@contoso.com", // Pre-fill username
+   *     prompt: "consent"              // Force consent screen
+   *   }
+   * }
+   * ```
+   */
+  readonly query?: Record<string, string>;
+}
+/**
+ * Creates a Microsoft OAuth 2.0 authentication provider.
+ * Use this when you need access tokens to call Microsoft Graph APIs on behalf of the user.
+ *
+ * @param config - Microsoft OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for Microsoft
+ *
+ * @example
+ * ```ts
+ * // Basic Microsoft authentication (all account types)
+ * const basicMicrosoft = MicrosoftProvider({
+ *   tenant: "common",
+ *   clientID: process.env.MICROSOFT_CLIENT_ID,
+ *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
+ * })
+ *
+ * // Work/school accounts only
+ * const workMicrosoft = MicrosoftProvider({
+ *   tenant: "organizations",
+ *   clientID: process.env.MICROSOFT_CLIENT_ID,
+ *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+ *   scopes: [
+ *     "openid",
+ *     "profile",
+ *     "email",
+ *     "User.Read",
+ *     "Mail.Read"
+ *   ]
+ * })
+ *
+ * // Specific tenant with advanced scopes
+ * const enterpriseMicrosoft = MicrosoftProvider({
+ *   tenant: "12345678-1234-1234-1234-123456789012",
+ *   clientID: process.env.MICROSOFT_CLIENT_ID,
+ *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+ *   scopes: [
+ *     "openid",
+ *     "profile",
+ *     "email",
+ *     "User.Read",
+ *     "Directory.Read.All",
+ *     "Sites.Read.All"
+ *   ],
+ *   query: {
+ *     domain_hint: "contoso.com"
+ *   }
+ * })
+ *
+ * // Using the access token to fetch data
+ * export default issuer({
+ *   providers: { microsoft: workMicrosoft },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "microsoft") {
+ *       const token = value.tokenset.access
+ *
+ *       // Get user profile from Microsoft Graph
+ *       const userRes = await fetch('https://graph.microsoft.com/v1.0/me', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const user = await userRes.json()
+ *
+ *       // Get user's manager (if available)
+ *       const managerRes = await fetch('https://graph.microsoft.com/v1.0/me/manager', {
+ *         headers: { Authorization: `Bearer ${token}` }
+ *       })
+ *       const manager = await managerRes.json()
+ *
+ *       return ctx.subject("user", {
+ *         microsoftId: user.id,
+ *         displayName: user.displayName,
+ *         email: user.mail || user.userPrincipalName,
+ *         jobTitle: user.jobTitle,
+ *         department: user.department,
+ *         officeLocation: user.officeLocation,
+ *         managerName: manager?.displayName
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ */
+declare const MicrosoftProvider: (config: MicrosoftConfig) => Provider<Oauth2UserData>;
+//#endregion
+export { MicrosoftConfig, MicrosoftProvider };

package/dist/provider/microsoft.js

@@ -0,0 +1,97 @@
+import { Oauth2Provider } from "./oauth2.js";
+
+//#region src/provider/microsoft.ts
+/**
+* Creates a Microsoft OAuth 2.0 authentication provider.
+* Use this when you need access tokens to call Microsoft Graph APIs on behalf of the user.
+*
+* @param config - Microsoft OAuth 2.0 configuration
+* @returns OAuth 2.0 provider configured for Microsoft
+*
+* @example
+* ```ts
+* // Basic Microsoft authentication (all account types)
+* const basicMicrosoft = MicrosoftProvider({
+*   tenant: "common",
+*   clientID: process.env.MICROSOFT_CLIENT_ID,
+*   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
+* })
+*
+* // Work/school accounts only
+* const workMicrosoft = MicrosoftProvider({
+*   tenant: "organizations",
+*   clientID: process.env.MICROSOFT_CLIENT_ID,
+*   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+*   scopes: [
+*     "openid",
+*     "profile",
+*     "email",
+*     "User.Read",
+*     "Mail.Read"
+*   ]
+* })
+*
+* // Specific tenant with advanced scopes
+* const enterpriseMicrosoft = MicrosoftProvider({
+*   tenant: "12345678-1234-1234-1234-123456789012",
+*   clientID: process.env.MICROSOFT_CLIENT_ID,
+*   clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+*   scopes: [
+*     "openid",
+*     "profile",
+*     "email",
+*     "User.Read",
+*     "Directory.Read.All",
+*     "Sites.Read.All"
+*   ],
+*   query: {
+*     domain_hint: "contoso.com"
+*   }
+* })
+*
+* // Using the access token to fetch data
+* export default issuer({
+*   providers: { microsoft: workMicrosoft },
+*   success: async (ctx, value) => {
+*     if (value.provider === "microsoft") {
+*       const token = value.tokenset.access
+*
+*       // Get user profile from Microsoft Graph
+*       const userRes = await fetch('https://graph.microsoft.com/v1.0/me', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const user = await userRes.json()
+*
+*       // Get user's manager (if available)
+*       const managerRes = await fetch('https://graph.microsoft.com/v1.0/me/manager', {
+*         headers: { Authorization: `Bearer ${token}` }
+*       })
+*       const manager = await managerRes.json()
+*
+*       return ctx.subject("user", {
+*         microsoftId: user.id,
+*         displayName: user.displayName,
+*         email: user.mail || user.userPrincipalName,
+*         jobTitle: user.jobTitle,
+*         department: user.department,
+*         officeLocation: user.officeLocation,
+*         managerName: manager?.displayName
+*       })
+*     }
+*   }
+* })
+* ```
+*/
+const MicrosoftProvider = (config) => {
+	return Oauth2Provider({
+		...config,
+		type: "microsoft",
+		endpoint: {
+			authorization: `https://login.microsoftonline.com/${config.tenant}/oauth2/v2.0/authorize`,
+			token: `https://login.microsoftonline.com/${config.tenant}/oauth2/v2.0/token`
+		}
+	});
+};
+
+//#endregion
+export { MicrosoftProvider };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@draftlab/auth",
-  "version": "0.2.6",
+  "version": "0.3.0",
   "type": "module",
   "description": "Core implementation for @draftlab/auth",
   "author": "Matheus Pergoli",