@ereo/auth 0.1.6

package/dist/providers/index.d.ts

@@ -0,0 +1,191 @@
+/**
+ * @ereo/auth/providers - Built-in authentication providers
+ *
+ * Provides credential-based and OAuth authentication providers.
+ */
+import type { AuthProvider, User, Session } from '../auth';
+/** Credentials provider configuration */
+export interface CredentialsConfig {
+    /** Provider display name */
+    name?: string;
+    /** Custom provider ID (default: 'credentials') */
+    id?: string;
+    /** Authorize function - receives credentials, returns user or null */
+    authorize: (credentials: Record<string, unknown>) => Promise<User | null>;
+}
+/** OAuth provider base configuration */
+export interface OAuthConfig {
+    /** OAuth client ID */
+    clientId: string;
+    /** OAuth client secret */
+    clientSecret: string;
+    /** Redirect URI (callback URL) */
+    redirectUri?: string;
+    /** OAuth scopes to request */
+    scope?: string[];
+    /** Authorization URL */
+    authorizationUrl?: string;
+    /** Token URL */
+    tokenUrl?: string;
+    /** User info URL */
+    userInfoUrl?: string;
+}
+/** GitHub OAuth configuration */
+export interface GitHubConfig extends OAuthConfig {
+    /** Allow sign-in with GitHub Enterprise */
+    enterprise?: {
+        baseUrl: string;
+    };
+}
+/** Google OAuth configuration */
+export interface GoogleConfig extends OAuthConfig {
+    /** Enable Google Workspace domain restriction */
+    hostedDomain?: string;
+}
+/** Discord OAuth configuration */
+export interface DiscordConfig extends OAuthConfig {
+    /** Discord guild ID to require membership */
+    guildId?: string;
+}
+/** Generic OAuth provider configuration */
+export interface GenericOAuthConfig extends OAuthConfig {
+    /** Provider ID */
+    id: string;
+    /** Provider display name */
+    name: string;
+    /** Profile URL for fetching user data */
+    profileUrl?: string;
+    /** Function to map provider profile to User */
+    profile?: (profile: Record<string, unknown>, tokens: OAuthTokens) => User | Promise<User>;
+}
+/** OAuth tokens returned from token exchange */
+export interface OAuthTokens {
+    access_token: string;
+    token_type: string;
+    refresh_token?: string;
+    expires_in?: number;
+    scope?: string;
+    id_token?: string;
+}
+/**
+ * Credentials provider (email/password or custom authentication).
+ *
+ * @example
+ * ```typescript
+ * credentials({
+ *   authorize: async ({ email, password }) => {
+ *     const user = await db.users.findByEmail(email);
+ *     if (user && await bcrypt.compare(password, user.passwordHash)) {
+ *       return { id: user.id, email: user.email, roles: user.roles };
+ *     }
+ *     return null;
+ *   }
+ * })
+ * ```
+ */
+export declare function credentials(config: CredentialsConfig): AuthProvider;
+/**
+ * GitHub OAuth provider.
+ *
+ * @example
+ * ```typescript
+ * github({
+ *   clientId: process.env.GITHUB_CLIENT_ID,
+ *   clientSecret: process.env.GITHUB_CLIENT_SECRET,
+ * })
+ * ```
+ */
+export declare function github(config: GitHubConfig): AuthProvider;
+/**
+ * Google OAuth provider.
+ *
+ * @example
+ * ```typescript
+ * google({
+ *   clientId: process.env.GOOGLE_CLIENT_ID,
+ *   clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+ * })
+ * ```
+ */
+export declare function google(config: GoogleConfig): AuthProvider;
+/**
+ * Discord OAuth provider.
+ *
+ * @example
+ * ```typescript
+ * discord({
+ *   clientId: process.env.DISCORD_CLIENT_ID,
+ *   clientSecret: process.env.DISCORD_CLIENT_SECRET,
+ * })
+ * ```
+ */
+export declare function discord(config: DiscordConfig): AuthProvider;
+/**
+ * Generic OAuth provider for any OAuth 2.0 service.
+ *
+ * @example
+ * ```typescript
+ * oauth({
+ *   id: 'custom',
+ *   name: 'Custom OAuth',
+ *   clientId: process.env.OAUTH_CLIENT_ID,
+ *   clientSecret: process.env.OAUTH_CLIENT_SECRET,
+ *   authorizationUrl: 'https://example.com/oauth/authorize',
+ *   tokenUrl: 'https://example.com/oauth/token',
+ *   userInfoUrl: 'https://example.com/api/user',
+ *   profile: (profile) => ({
+ *     id: profile.sub,
+ *     email: profile.email,
+ *     name: profile.name,
+ *   }),
+ * })
+ * ```
+ */
+export declare function oauth(config: GenericOAuthConfig): AuthProvider;
+/** Mock provider configuration */
+export interface MockConfig {
+    /** Pre-configured session to return */
+    session?: Session;
+    /** Pre-configured user to return */
+    user?: User;
+    /** Delay before returning (for testing loading states) */
+    delay?: number;
+}
+/**
+ * Simple mock provider for development and testing.
+ *
+ * @example
+ * ```typescript
+ * mock({
+ *   user: { id: 'test-123', email: 'test@example.com', roles: ['admin'] }
+ * })
+ * ```
+ */
+export declare function mock(config?: MockConfig): AuthProvider;
+/** API Key provider configuration */
+export interface ApiKeyConfig {
+    /** Function to validate API key and return user */
+    validate: (apiKey: string) => Promise<User | null>;
+    /** Header name to check (default: 'x-api-key') */
+    header?: string;
+    /** Query parameter name to check */
+    queryParam?: string;
+}
+/**
+ * API Key authentication provider.
+ *
+ * @example
+ * ```typescript
+ * apiKey({
+ *   validate: async (key) => {
+ *     const apiKey = await db.apiKeys.findByKey(key);
+ *     if (apiKey && !apiKey.expired) {
+ *       return { id: apiKey.userId, roles: apiKey.scopes };
+ *     }
+ *     return null;
+ *   }
+ * })
+ * ```
+ */
+export declare function apiKey(config: ApiKeyConfig): AuthProvider;
+//# sourceMappingURL=index.d.ts.map

package/dist/providers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAM3D,yCAAyC;AACzC,MAAM,WAAW,iBAAiB;IAChC,4BAA4B;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kDAAkD;IAClD,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,sEAAsE;IACtE,SAAS,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;CAC3E;AAED,wCAAwC;AACxC,MAAM,WAAW,WAAW;IAC1B,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,wBAAwB;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oBAAoB;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,iCAAiC;AACjC,MAAM,WAAW,YAAa,SAAQ,WAAW;IAC/C,2CAA2C;IAC3C,UAAU,CAAC,EAAE;QACX,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,iCAAiC;AACjC,MAAM,WAAW,YAAa,SAAQ,WAAW;IAC/C,iDAAiD;IACjD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,kCAAkC;AAClC,MAAM,WAAW,aAAc,SAAQ,WAAW;IAChD,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,2CAA2C;AAC3C,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,kBAAkB;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,4BAA4B;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,yCAAyC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,WAAW,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3F;AAED,gDAAgD;AAChD,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAMD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,YAAY,CAOnE;AAMD;;;;;;;;;;GAUG;AACH,wBAAgB,MAAM,CAAC,MAAM,EAAE,YAAY,GAAG,YAAY,CA+IzD;AAMD;;;;;;;;;;GAUG;AACH,wBAAgB,MAAM,CAAC,MAAM,EAAE,YAAY,GAAG,YAAY,CAuHzD;AAMD;;;;;;;;;;GAUG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,YAAY,CAyI3D;AAMD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,KAAK,CAAC,MAAM,EAAE,kBAAkB,GAAG,YAAY,CAoI9D;AAMD,kCAAkC;AAClC,MAAM,WAAW,UAAU;IACzB,uCAAuC;IACvC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,oCAAoC;IACpC,IAAI,CAAC,EAAE,IAAI,CAAC;IACZ,0DAA0D;IAC1D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;GASG;AACH,wBAAgB,IAAI,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,YAAY,CAoCtD;AAMD,qCAAqC;AACrC,MAAM,WAAW,YAAY;IAC3B,mDAAmD;IACnD,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACnD,kDAAkD;IAClD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,MAAM,CAAC,MAAM,EAAE,YAAY,GAAG,YAAY,CAazD"}

package/dist/providers/index.js

@@ -0,0 +1,495 @@
+// @bun
+// src/providers/index.ts
+function credentials(config) {
+  return {
+    id: config.id || "credentials",
+    name: config.name || "Credentials",
+    type: "credentials",
+    authorize: config.authorize
+  };
+}
+function github(config) {
+  const baseUrl = config.enterprise?.baseUrl || "https://github.com";
+  const apiBaseUrl = config.enterprise?.baseUrl ? `${config.enterprise.baseUrl}/api/v3` : "https://api.github.com";
+  const authorizationUrl = config.authorizationUrl || `${baseUrl}/login/oauth/authorize`;
+  const tokenUrl = config.tokenUrl || `${baseUrl}/login/oauth/access_token`;
+  const userInfoUrl = config.userInfoUrl || `${apiBaseUrl}/user`;
+  const scope = config.scope || ["read:user", "user:email"];
+  return {
+    id: "github",
+    name: "GitHub",
+    type: "oauth",
+    async authorize(credentials2) {
+      if (credentials2.user) {
+        return credentials2.user;
+      }
+      const code = credentials2.code;
+      if (!code)
+        return null;
+      const tokenResponse = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+          Accept: "application/json",
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          code,
+          redirect_uri: config.redirectUri
+        })
+      });
+      const tokenData = await tokenResponse.json();
+      if (!tokenData.access_token)
+        return null;
+      const userResponse = await fetch(userInfoUrl, {
+        headers: {
+          Authorization: `token ${tokenData.access_token}`,
+          "User-Agent": "EreoJS-Auth",
+          Accept: "application/json"
+        }
+      });
+      const user = await userResponse.json();
+      let email = user.email;
+      if (!email) {
+        const emailsResponse = await fetch(`${apiBaseUrl}/user/emails`, {
+          headers: {
+            Authorization: `token ${tokenData.access_token}`,
+            "User-Agent": "EreoJS-Auth",
+            Accept: "application/json"
+          }
+        });
+        const emails = await emailsResponse.json();
+        const primaryEmail = emails.find((e) => e.primary && e.verified);
+        email = primaryEmail?.email || emails[0]?.email || null;
+      }
+      return {
+        id: String(user.id),
+        email: email || undefined,
+        name: user.name || user.login,
+        avatar: user.avatar_url,
+        username: user.login
+      };
+    },
+    getAuthorizationUrl(state, redirectUri) {
+      const params = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: redirectUri,
+        scope: scope.join(" "),
+        state
+      });
+      return `${authorizationUrl}?${params.toString()}`;
+    },
+    async handleCallback(params) {
+      const { code, redirectUri } = params;
+      const tokenResponse = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+          Accept: "application/json",
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          code,
+          redirect_uri: redirectUri
+        })
+      });
+      const tokenData = await tokenResponse.json();
+      if (!tokenData.access_token)
+        return null;
+      const userResponse = await fetch(userInfoUrl, {
+        headers: {
+          Authorization: `token ${tokenData.access_token}`,
+          "User-Agent": "EreoJS-Auth",
+          Accept: "application/json"
+        }
+      });
+      const user = await userResponse.json();
+      let email = user.email;
+      if (!email) {
+        const emailsResponse = await fetch(`${apiBaseUrl}/user/emails`, {
+          headers: {
+            Authorization: `token ${tokenData.access_token}`,
+            "User-Agent": "EreoJS-Auth",
+            Accept: "application/json"
+          }
+        });
+        const emails = await emailsResponse.json();
+        const primaryEmail = emails.find((e) => e.primary && e.verified);
+        email = primaryEmail?.email || emails[0]?.email || null;
+      }
+      return {
+        id: String(user.id),
+        email: email || undefined,
+        name: user.name || user.login,
+        avatar: user.avatar_url,
+        username: user.login
+      };
+    }
+  };
+}
+function google(config) {
+  const authorizationUrl = config.authorizationUrl || "https://accounts.google.com/o/oauth2/v2/auth";
+  const tokenUrl = config.tokenUrl || "https://oauth2.googleapis.com/token";
+  const userInfoUrl = config.userInfoUrl || "https://www.googleapis.com/oauth2/v2/userinfo";
+  const scope = config.scope || ["openid", "email", "profile"];
+  return {
+    id: "google",
+    name: "Google",
+    type: "oauth",
+    async authorize(credentials2) {
+      if (credentials2.user) {
+        return credentials2.user;
+      }
+      const code = credentials2.code;
+      if (!code)
+        return null;
+      const tokenResponse = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({
+          code,
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          redirect_uri: config.redirectUri || "postmessage",
+          grant_type: "authorization_code"
+        })
+      });
+      const tokenData = await tokenResponse.json();
+      if (!tokenData.access_token)
+        return null;
+      const userResponse = await fetch(`${userInfoUrl}?access_token=${tokenData.access_token}`);
+      const user = await userResponse.json();
+      if (config.hostedDomain && user.hd !== config.hostedDomain) {
+        return null;
+      }
+      return {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        picture: user.picture,
+        emailVerified: user.verified_email
+      };
+    },
+    getAuthorizationUrl(state, redirectUri) {
+      const params = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: redirectUri,
+        response_type: "code",
+        scope: scope.join(" "),
+        state,
+        access_type: "offline",
+        prompt: "consent"
+      });
+      if (config.hostedDomain) {
+        params.set("hd", config.hostedDomain);
+      }
+      return `${authorizationUrl}?${params.toString()}`;
+    },
+    async handleCallback(params) {
+      const { code, redirectUri } = params;
+      const tokenResponse = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({
+          code,
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          redirect_uri: redirectUri,
+          grant_type: "authorization_code"
+        })
+      });
+      const tokenData = await tokenResponse.json();
+      if (!tokenData.access_token)
+        return null;
+      const userResponse = await fetch(`${userInfoUrl}?access_token=${tokenData.access_token}`);
+      const user = await userResponse.json();
+      if (config.hostedDomain && user.hd !== config.hostedDomain) {
+        return null;
+      }
+      return {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        picture: user.picture,
+        emailVerified: user.verified_email
+      };
+    }
+  };
+}
+function discord(config) {
+  const authorizationUrl = config.authorizationUrl || "https://discord.com/api/oauth2/authorize";
+  const tokenUrl = config.tokenUrl || "https://discord.com/api/oauth2/token";
+  const userInfoUrl = config.userInfoUrl || "https://discord.com/api/users/@me";
+  const scope = config.scope || ["identify", "email"];
+  return {
+    id: "discord",
+    name: "Discord",
+    type: "oauth",
+    async authorize(credentials2) {
+      if (credentials2.user) {
+        return credentials2.user;
+      }
+      const code = credentials2.code;
+      if (!code)
+        return null;
+      const tokenResponse = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          code,
+          grant_type: "authorization_code",
+          redirect_uri: config.redirectUri || ""
+        })
+      });
+      const tokenData = await tokenResponse.json();
+      if (!tokenData.access_token)
+        return null;
+      const userResponse = await fetch(userInfoUrl, {
+        headers: {
+          Authorization: `Bearer ${tokenData.access_token}`
+        }
+      });
+      const user = await userResponse.json();
+      if (config.guildId) {
+        const guildsResponse = await fetch("https://discord.com/api/users/@me/guilds", {
+          headers: {
+            Authorization: `Bearer ${tokenData.access_token}`
+          }
+        });
+        const guilds = await guildsResponse.json();
+        const isMember = guilds.some((g) => g.id === config.guildId);
+        if (!isMember)
+          return null;
+      }
+      const avatarUrl = user.avatar ? `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png` : null;
+      return {
+        id: user.id,
+        email: user.email,
+        name: user.username,
+        avatar: avatarUrl || undefined,
+        discriminator: user.discriminator
+      };
+    },
+    getAuthorizationUrl(state, redirectUri) {
+      const params = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: redirectUri,
+        response_type: "code",
+        scope: scope.join(" "),
+        state
+      });
+      return `${authorizationUrl}?${params.toString()}`;
+    },
+    async handleCallback(params) {
+      const { code, redirectUri } = params;
+      const tokenResponse = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          code,
+          grant_type: "authorization_code",
+          redirect_uri: redirectUri
+        })
+      });
+      const tokenData = await tokenResponse.json();
+      if (!tokenData.access_token)
+        return null;
+      const userResponse = await fetch(userInfoUrl, {
+        headers: {
+          Authorization: `Bearer ${tokenData.access_token}`
+        }
+      });
+      const user = await userResponse.json();
+      if (config.guildId) {
+        const guildsResponse = await fetch("https://discord.com/api/users/@me/guilds", {
+          headers: {
+            Authorization: `Bearer ${tokenData.access_token}`
+          }
+        });
+        const guilds = await guildsResponse.json();
+        const isMember = guilds.some((g) => g.id === config.guildId);
+        if (!isMember)
+          return null;
+      }
+      const avatarUrl = user.avatar ? `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png` : null;
+      return {
+        id: user.id,
+        email: user.email,
+        name: user.username,
+        avatar: avatarUrl || undefined,
+        discriminator: user.discriminator
+      };
+    }
+  };
+}
+function oauth(config) {
+  const scope = config.scope || [];
+  return {
+    id: config.id,
+    name: config.name,
+    type: "oauth",
+    async authorize(credentials2) {
+      if (credentials2.user) {
+        return credentials2.user;
+      }
+      const code = credentials2.code;
+      if (!code || !config.tokenUrl)
+        return null;
+      const tokenResponse = await fetch(config.tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          code,
+          grant_type: "authorization_code",
+          redirect_uri: config.redirectUri || ""
+        })
+      });
+      const tokenData = await tokenResponse.json();
+      if (!tokenData.access_token)
+        return null;
+      const userInfoUrl = config.userInfoUrl || config.profileUrl;
+      if (!userInfoUrl) {
+        return null;
+      }
+      const userResponse = await fetch(userInfoUrl, {
+        headers: {
+          Authorization: `Bearer ${tokenData.access_token}`
+        }
+      });
+      const profile = await userResponse.json();
+      if (config.profile) {
+        return config.profile(profile, tokenData);
+      }
+      return {
+        id: profile.id || profile.sub || profile.user_id,
+        email: profile.email,
+        name: profile.name || profile.username
+      };
+    },
+    getAuthorizationUrl(state, redirectUri) {
+      if (!config.authorizationUrl) {
+        throw new Error(`Authorization URL not configured for provider: ${config.id}`);
+      }
+      const params = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: redirectUri,
+        response_type: "code",
+        state
+      });
+      if (scope.length > 0) {
+        params.set("scope", scope.join(" "));
+      }
+      return `${config.authorizationUrl}?${params.toString()}`;
+    },
+    async handleCallback(params) {
+      const { code, redirectUri } = params;
+      if (!config.tokenUrl) {
+        throw new Error(`Token URL not configured for provider: ${config.id}`);
+      }
+      const tokenResponse = await fetch(config.tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          code,
+          grant_type: "authorization_code",
+          redirect_uri: redirectUri
+        })
+      });
+      const tokenData = await tokenResponse.json();
+      if (!tokenData.access_token)
+        return null;
+      const userInfoUrl = config.userInfoUrl || config.profileUrl;
+      if (!userInfoUrl) {
+        return null;
+      }
+      const userResponse = await fetch(userInfoUrl, {
+        headers: {
+          Authorization: `Bearer ${tokenData.access_token}`
+        }
+      });
+      const profile = await userResponse.json();
+      if (config.profile) {
+        return config.profile(profile, tokenData);
+      }
+      return {
+        id: profile.id || profile.sub || profile.user_id,
+        email: profile.email,
+        name: profile.name || profile.username
+      };
+    }
+  };
+}
+function mock(config) {
+  return {
+    id: "mock",
+    name: "Mock",
+    type: "credentials",
+    async authorize() {
+      if (config?.delay) {
+        await new Promise((resolve) => setTimeout(resolve, config.delay));
+      }
+      if (config?.user) {
+        return config.user;
+      }
+      if (config?.session) {
+        return {
+          id: config.session.userId,
+          email: config.session.email,
+          name: config.session.name,
+          roles: config.session.roles,
+          ...config.session.claims
+        };
+      }
+      return {
+        id: "mock-user-123",
+        email: "mock@example.com",
+        name: "Mock User",
+        roles: ["user"]
+      };
+    }
+  };
+}
+function apiKey(config) {
+  return {
+    id: "api-key",
+    name: "API Key",
+    type: "credentials",
+    async authorize(credentials2) {
+      const key = credentials2.apiKey;
+      if (!key)
+        return null;
+      return config.validate(key);
+    }
+  };
+}
+export {
+  oauth,
+  mock,
+  google,
+  github,
+  discord,
+  credentials,
+  apiKey
+};