@hammadj/better-auth-core 1.5.0-beta.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +266 -0
- package/.turbo/turbo-test.log +2 -0
- package/LICENSE.md +20 -0
- package/dist/api/index.d.mts +181 -0
- package/dist/api/index.mjs +34 -0
- package/dist/api/index.mjs.map +1 -0
- package/dist/async_hooks/index.d.mts +7 -0
- package/dist/async_hooks/index.mjs +22 -0
- package/dist/async_hooks/index.mjs.map +1 -0
- package/dist/async_hooks/pure.index.d.mts +7 -0
- package/dist/async_hooks/pure.index.mjs +35 -0
- package/dist/async_hooks/pure.index.mjs.map +1 -0
- package/dist/context/endpoint-context.d.mts +19 -0
- package/dist/context/endpoint-context.mjs +32 -0
- package/dist/context/endpoint-context.mjs.map +1 -0
- package/dist/context/global.d.mts +7 -0
- package/dist/context/global.mjs +38 -0
- package/dist/context/global.mjs.map +1 -0
- package/dist/context/index.d.mts +5 -0
- package/dist/context/index.mjs +6 -0
- package/dist/context/request-state.d.mts +26 -0
- package/dist/context/request-state.mjs +50 -0
- package/dist/context/request-state.mjs.map +1 -0
- package/dist/context/transaction.d.mts +25 -0
- package/dist/context/transaction.mjs +96 -0
- package/dist/context/transaction.mjs.map +1 -0
- package/dist/db/adapter/factory.d.mts +28 -0
- package/dist/db/adapter/factory.mjs +716 -0
- package/dist/db/adapter/factory.mjs.map +1 -0
- package/dist/db/adapter/get-default-field-name.d.mts +19 -0
- package/dist/db/adapter/get-default-field-name.mjs +39 -0
- package/dist/db/adapter/get-default-field-name.mjs.map +1 -0
- package/dist/db/adapter/get-default-model-name.d.mts +13 -0
- package/dist/db/adapter/get-default-model-name.mjs +33 -0
- package/dist/db/adapter/get-default-model-name.mjs.map +1 -0
- package/dist/db/adapter/get-field-attributes.d.mts +30 -0
- package/dist/db/adapter/get-field-attributes.mjs +40 -0
- package/dist/db/adapter/get-field-attributes.mjs.map +1 -0
- package/dist/db/adapter/get-field-name.d.mts +19 -0
- package/dist/db/adapter/get-field-name.mjs +34 -0
- package/dist/db/adapter/get-field-name.mjs.map +1 -0
- package/dist/db/adapter/get-id-field.d.mts +40 -0
- package/dist/db/adapter/get-id-field.mjs +68 -0
- package/dist/db/adapter/get-id-field.mjs.map +1 -0
- package/dist/db/adapter/get-model-name.d.mts +13 -0
- package/dist/db/adapter/get-model-name.mjs +24 -0
- package/dist/db/adapter/get-model-name.mjs.map +1 -0
- package/dist/db/adapter/index.d.mts +515 -0
- package/dist/db/adapter/index.mjs +10 -0
- package/dist/db/adapter/types.d.mts +140 -0
- package/dist/db/adapter/utils.d.mts +8 -0
- package/dist/db/adapter/utils.mjs +39 -0
- package/dist/db/adapter/utils.mjs.map +1 -0
- package/dist/db/get-tables.d.mts +9 -0
- package/dist/db/get-tables.mjs +267 -0
- package/dist/db/get-tables.mjs.map +1 -0
- package/dist/db/index.d.mts +10 -0
- package/dist/db/index.mjs +9 -0
- package/dist/db/plugin.d.mts +13 -0
- package/dist/db/schema/account.d.mts +27 -0
- package/dist/db/schema/account.mjs +20 -0
- package/dist/db/schema/account.mjs.map +1 -0
- package/dist/db/schema/rate-limit.d.mts +15 -0
- package/dist/db/schema/rate-limit.mjs +12 -0
- package/dist/db/schema/rate-limit.mjs.map +1 -0
- package/dist/db/schema/session.d.mts +22 -0
- package/dist/db/schema/session.mjs +15 -0
- package/dist/db/schema/session.mjs.map +1 -0
- package/dist/db/schema/shared.d.mts +11 -0
- package/dist/db/schema/shared.mjs +12 -0
- package/dist/db/schema/shared.mjs.map +1 -0
- package/dist/db/schema/user.d.mts +21 -0
- package/dist/db/schema/user.mjs +14 -0
- package/dist/db/schema/user.mjs.map +1 -0
- package/dist/db/schema/verification.d.mts +20 -0
- package/dist/db/schema/verification.mjs +13 -0
- package/dist/db/schema/verification.mjs.map +1 -0
- package/dist/db/type.d.mts +147 -0
- package/dist/env/color-depth.d.mts +5 -0
- package/dist/env/color-depth.mjs +89 -0
- package/dist/env/color-depth.mjs.map +1 -0
- package/dist/env/env-impl.d.mts +33 -0
- package/dist/env/env-impl.mjs +83 -0
- package/dist/env/env-impl.mjs.map +1 -0
- package/dist/env/index.d.mts +4 -0
- package/dist/env/index.mjs +5 -0
- package/dist/env/logger.d.mts +49 -0
- package/dist/env/logger.mjs +82 -0
- package/dist/env/logger.mjs.map +1 -0
- package/dist/error/codes.d.mts +199 -0
- package/dist/error/codes.mjs +57 -0
- package/dist/error/codes.mjs.map +1 -0
- package/dist/error/index.d.mts +20 -0
- package/dist/error/index.mjs +30 -0
- package/dist/error/index.mjs.map +1 -0
- package/dist/index.d.mts +8 -0
- package/dist/index.mjs +1 -0
- package/dist/oauth2/client-credentials-token.d.mts +37 -0
- package/dist/oauth2/client-credentials-token.mjs +55 -0
- package/dist/oauth2/client-credentials-token.mjs.map +1 -0
- package/dist/oauth2/create-authorization-url.d.mts +46 -0
- package/dist/oauth2/create-authorization-url.mjs +43 -0
- package/dist/oauth2/create-authorization-url.mjs.map +1 -0
- package/dist/oauth2/index.d.mts +8 -0
- package/dist/oauth2/index.mjs +8 -0
- package/dist/oauth2/oauth-provider.d.mts +195 -0
- package/dist/oauth2/refresh-access-token.d.mts +36 -0
- package/dist/oauth2/refresh-access-token.mjs +59 -0
- package/dist/oauth2/refresh-access-token.mjs.map +1 -0
- package/dist/oauth2/utils.d.mts +8 -0
- package/dist/oauth2/utils.mjs +28 -0
- package/dist/oauth2/utils.mjs.map +1 -0
- package/dist/oauth2/validate-authorization-code.d.mts +56 -0
- package/dist/oauth2/validate-authorization-code.mjs +72 -0
- package/dist/oauth2/validate-authorization-code.mjs.map +1 -0
- package/dist/oauth2/verify.d.mts +43 -0
- package/dist/oauth2/verify.mjs +96 -0
- package/dist/oauth2/verify.mjs.map +1 -0
- package/dist/social-providers/apple.d.mts +120 -0
- package/dist/social-providers/apple.mjs +105 -0
- package/dist/social-providers/apple.mjs.map +1 -0
- package/dist/social-providers/atlassian.d.mts +73 -0
- package/dist/social-providers/atlassian.mjs +84 -0
- package/dist/social-providers/atlassian.mjs.map +1 -0
- package/dist/social-providers/cognito.d.mts +88 -0
- package/dist/social-providers/cognito.mjs +166 -0
- package/dist/social-providers/cognito.mjs.map +1 -0
- package/dist/social-providers/discord.d.mts +127 -0
- package/dist/social-providers/discord.mjs +65 -0
- package/dist/social-providers/discord.mjs.map +1 -0
- package/dist/social-providers/dropbox.d.mts +72 -0
- package/dist/social-providers/dropbox.mjs +76 -0
- package/dist/social-providers/dropbox.mjs.map +1 -0
- package/dist/social-providers/facebook.d.mts +82 -0
- package/dist/social-providers/facebook.mjs +121 -0
- package/dist/social-providers/facebook.mjs.map +1 -0
- package/dist/social-providers/figma.d.mts +64 -0
- package/dist/social-providers/figma.mjs +87 -0
- package/dist/social-providers/figma.mjs.map +1 -0
- package/dist/social-providers/github.d.mts +105 -0
- package/dist/social-providers/github.mjs +97 -0
- package/dist/social-providers/github.mjs.map +1 -0
- package/dist/social-providers/gitlab.d.mts +126 -0
- package/dist/social-providers/gitlab.mjs +83 -0
- package/dist/social-providers/gitlab.mjs.map +1 -0
- package/dist/social-providers/google.d.mts +100 -0
- package/dist/social-providers/google.mjs +109 -0
- package/dist/social-providers/google.mjs.map +1 -0
- package/dist/social-providers/huggingface.d.mts +86 -0
- package/dist/social-providers/huggingface.mjs +76 -0
- package/dist/social-providers/huggingface.mjs.map +1 -0
- package/dist/social-providers/index.d.mts +1725 -0
- package/dist/social-providers/index.mjs +77 -0
- package/dist/social-providers/index.mjs.map +1 -0
- package/dist/social-providers/kakao.d.mts +164 -0
- package/dist/social-providers/kakao.mjs +73 -0
- package/dist/social-providers/kakao.mjs.map +1 -0
- package/dist/social-providers/kick.d.mts +76 -0
- package/dist/social-providers/kick.mjs +72 -0
- package/dist/social-providers/kick.mjs.map +1 -0
- package/dist/social-providers/line.d.mts +108 -0
- package/dist/social-providers/line.mjs +114 -0
- package/dist/social-providers/line.mjs.map +1 -0
- package/dist/social-providers/linear.d.mts +71 -0
- package/dist/social-providers/linear.mjs +89 -0
- package/dist/social-providers/linear.mjs.map +1 -0
- package/dist/social-providers/linkedin.d.mts +70 -0
- package/dist/social-providers/linkedin.mjs +77 -0
- package/dist/social-providers/linkedin.mjs.map +1 -0
- package/dist/social-providers/microsoft-entra-id.d.mts +175 -0
- package/dist/social-providers/microsoft-entra-id.mjs +107 -0
- package/dist/social-providers/microsoft-entra-id.mjs.map +1 -0
- package/dist/social-providers/naver.d.mts +95 -0
- package/dist/social-providers/naver.mjs +68 -0
- package/dist/social-providers/naver.mjs.map +1 -0
- package/dist/social-providers/notion.d.mts +67 -0
- package/dist/social-providers/notion.mjs +76 -0
- package/dist/social-providers/notion.mjs.map +1 -0
- package/dist/social-providers/paybin.d.mts +74 -0
- package/dist/social-providers/paybin.mjs +86 -0
- package/dist/social-providers/paybin.mjs.map +1 -0
- package/dist/social-providers/paypal.d.mts +132 -0
- package/dist/social-providers/paypal.mjs +145 -0
- package/dist/social-providers/paypal.mjs.map +1 -0
- package/dist/social-providers/polar.d.mts +77 -0
- package/dist/social-providers/polar.mjs +74 -0
- package/dist/social-providers/polar.mjs.map +1 -0
- package/dist/social-providers/reddit.d.mts +65 -0
- package/dist/social-providers/reddit.mjs +84 -0
- package/dist/social-providers/reddit.mjs.map +1 -0
- package/dist/social-providers/roblox.d.mts +73 -0
- package/dist/social-providers/roblox.mjs +60 -0
- package/dist/social-providers/roblox.mjs.map +1 -0
- package/dist/social-providers/salesforce.d.mts +82 -0
- package/dist/social-providers/salesforce.mjs +92 -0
- package/dist/social-providers/salesforce.mjs.map +1 -0
- package/dist/social-providers/slack.d.mts +86 -0
- package/dist/social-providers/slack.mjs +69 -0
- package/dist/social-providers/slack.mjs.map +1 -0
- package/dist/social-providers/spotify.d.mts +66 -0
- package/dist/social-providers/spotify.mjs +72 -0
- package/dist/social-providers/spotify.mjs.map +1 -0
- package/dist/social-providers/tiktok.d.mts +171 -0
- package/dist/social-providers/tiktok.mjs +63 -0
- package/dist/social-providers/tiktok.mjs.map +1 -0
- package/dist/social-providers/twitch.d.mts +82 -0
- package/dist/social-providers/twitch.mjs +79 -0
- package/dist/social-providers/twitch.mjs.map +1 -0
- package/dist/social-providers/twitter.d.mts +129 -0
- package/dist/social-providers/twitter.mjs +88 -0
- package/dist/social-providers/twitter.mjs.map +1 -0
- package/dist/social-providers/vercel.d.mts +65 -0
- package/dist/social-providers/vercel.mjs +62 -0
- package/dist/social-providers/vercel.mjs.map +1 -0
- package/dist/social-providers/vk.d.mts +73 -0
- package/dist/social-providers/vk.mjs +84 -0
- package/dist/social-providers/vk.mjs.map +1 -0
- package/dist/social-providers/zoom.d.mts +173 -0
- package/dist/social-providers/zoom.mjs +73 -0
- package/dist/social-providers/zoom.mjs.map +1 -0
- package/dist/types/context.d.mts +267 -0
- package/dist/types/cookie.d.mts +16 -0
- package/dist/types/helper.d.mts +10 -0
- package/dist/types/index.d.mts +8 -0
- package/dist/types/init-options.d.mts +1314 -0
- package/dist/types/plugin-client.d.mts +112 -0
- package/dist/types/plugin.d.mts +125 -0
- package/dist/utils/db.d.mts +12 -0
- package/dist/utils/db.mjs +17 -0
- package/dist/utils/db.mjs.map +1 -0
- package/dist/utils/deprecate.d.mts +10 -0
- package/dist/utils/deprecate.mjs +18 -0
- package/dist/utils/deprecate.mjs.map +1 -0
- package/dist/utils/error-codes.d.mts +13 -0
- package/dist/utils/error-codes.mjs +12 -0
- package/dist/utils/error-codes.mjs.map +1 -0
- package/dist/utils/id.d.mts +5 -0
- package/dist/utils/id.mjs +10 -0
- package/dist/utils/id.mjs.map +1 -0
- package/dist/utils/ip.d.mts +55 -0
- package/dist/utils/ip.mjs +119 -0
- package/dist/utils/ip.mjs.map +1 -0
- package/dist/utils/json.d.mts +5 -0
- package/dist/utils/json.mjs +26 -0
- package/dist/utils/json.mjs.map +1 -0
- package/dist/utils/string.d.mts +5 -0
- package/dist/utils/string.mjs +8 -0
- package/dist/utils/string.mjs.map +1 -0
- package/dist/utils/url.d.mts +21 -0
- package/dist/utils/url.mjs +33 -0
- package/dist/utils/url.mjs.map +1 -0
- package/package.json +147 -0
- package/src/api/index.ts +106 -0
- package/src/async_hooks/index.ts +40 -0
- package/src/async_hooks/pure.index.ts +46 -0
- package/src/context/endpoint-context.ts +50 -0
- package/src/context/global.ts +57 -0
- package/src/context/index.ts +23 -0
- package/src/context/request-state.test.ts +94 -0
- package/src/context/request-state.ts +91 -0
- package/src/context/transaction.ts +136 -0
- package/src/db/adapter/factory.ts +1362 -0
- package/src/db/adapter/get-default-field-name.ts +59 -0
- package/src/db/adapter/get-default-model-name.ts +51 -0
- package/src/db/adapter/get-field-attributes.ts +62 -0
- package/src/db/adapter/get-field-name.ts +43 -0
- package/src/db/adapter/get-id-field.ts +141 -0
- package/src/db/adapter/get-model-name.ts +36 -0
- package/src/db/adapter/index.ts +554 -0
- package/src/db/adapter/types.ts +171 -0
- package/src/db/adapter/utils.ts +61 -0
- package/src/db/get-tables.ts +296 -0
- package/src/db/index.ts +18 -0
- package/src/db/plugin.ts +11 -0
- package/src/db/schema/account.ts +34 -0
- package/src/db/schema/rate-limit.ts +21 -0
- package/src/db/schema/session.ts +17 -0
- package/src/db/schema/shared.ts +7 -0
- package/src/db/schema/user.ts +16 -0
- package/src/db/schema/verification.ts +15 -0
- package/src/db/test/get-tables.test.ts +116 -0
- package/src/db/type.ts +180 -0
- package/src/env/color-depth.ts +172 -0
- package/src/env/env-impl.ts +124 -0
- package/src/env/index.ts +23 -0
- package/src/env/logger.test.ts +34 -0
- package/src/env/logger.ts +145 -0
- package/src/error/codes.ts +58 -0
- package/src/error/index.ts +35 -0
- package/src/index.ts +1 -0
- package/src/oauth2/client-credentials-token.ts +102 -0
- package/src/oauth2/create-authorization-url.ts +87 -0
- package/src/oauth2/index.ts +26 -0
- package/src/oauth2/oauth-provider.ts +222 -0
- package/src/oauth2/refresh-access-token.ts +124 -0
- package/src/oauth2/utils.ts +38 -0
- package/src/oauth2/validate-authorization-code.ts +149 -0
- package/src/oauth2/validate-token.test.ts +174 -0
- package/src/oauth2/verify.ts +221 -0
- package/src/social-providers/apple.ts +223 -0
- package/src/social-providers/atlassian.ts +132 -0
- package/src/social-providers/cognito.ts +279 -0
- package/src/social-providers/discord.ts +169 -0
- package/src/social-providers/dropbox.ts +112 -0
- package/src/social-providers/facebook.ts +206 -0
- package/src/social-providers/figma.ts +117 -0
- package/src/social-providers/github.ts +184 -0
- package/src/social-providers/gitlab.ts +155 -0
- package/src/social-providers/google.ts +199 -0
- package/src/social-providers/huggingface.ts +118 -0
- package/src/social-providers/index.ts +127 -0
- package/src/social-providers/kakao.ts +178 -0
- package/src/social-providers/kick.ts +109 -0
- package/src/social-providers/line.ts +169 -0
- package/src/social-providers/linear.ts +121 -0
- package/src/social-providers/linkedin.ts +110 -0
- package/src/social-providers/microsoft-entra-id.ts +259 -0
- package/src/social-providers/naver.ts +112 -0
- package/src/social-providers/notion.ts +108 -0
- package/src/social-providers/paybin.ts +122 -0
- package/src/social-providers/paypal.ts +263 -0
- package/src/social-providers/polar.ts +110 -0
- package/src/social-providers/reddit.ts +122 -0
- package/src/social-providers/roblox.ts +111 -0
- package/src/social-providers/salesforce.ts +159 -0
- package/src/social-providers/slack.ts +111 -0
- package/src/social-providers/spotify.ts +93 -0
- package/src/social-providers/tiktok.ts +209 -0
- package/src/social-providers/twitch.ts +111 -0
- package/src/social-providers/twitter.ts +198 -0
- package/src/social-providers/vercel.ts +87 -0
- package/src/social-providers/vk.ts +124 -0
- package/src/social-providers/zoom.ts +238 -0
- package/src/types/context.ts +396 -0
- package/src/types/cookie.ts +10 -0
- package/src/types/helper.ts +26 -0
- package/src/types/index.ts +32 -0
- package/src/types/init-options.ts +1529 -0
- package/src/types/plugin-client.ts +127 -0
- package/src/types/plugin.ts +157 -0
- package/src/utils/db.ts +20 -0
- package/src/utils/deprecate.test.ts +72 -0
- package/src/utils/deprecate.ts +21 -0
- package/src/utils/error-codes.ts +65 -0
- package/src/utils/id.ts +5 -0
- package/src/utils/ip.test.ts +255 -0
- package/src/utils/ip.ts +211 -0
- package/src/utils/json.ts +25 -0
- package/src/utils/string.ts +3 -0
- package/src/utils/url.ts +43 -0
- package/tsconfig.json +7 -0
- package/tsdown.config.ts +35 -0
- package/vitest.config.ts +3 -0
|
@@ -0,0 +1,184 @@
|
|
|
1
|
+
import { betterFetch } from "@better-fetch/fetch";
|
|
2
|
+
import { logger } from "../env";
|
|
3
|
+
import type { OAuthProvider, ProviderOptions } from "../oauth2";
|
|
4
|
+
import {
|
|
5
|
+
createAuthorizationURL,
|
|
6
|
+
getOAuth2Tokens,
|
|
7
|
+
refreshAccessToken,
|
|
8
|
+
} from "../oauth2";
|
|
9
|
+
import { createAuthorizationCodeRequest } from "../oauth2/validate-authorization-code";
|
|
10
|
+
|
|
11
|
+
export interface GithubProfile {
|
|
12
|
+
login: string;
|
|
13
|
+
id: string;
|
|
14
|
+
node_id: string;
|
|
15
|
+
avatar_url: string;
|
|
16
|
+
gravatar_id: string;
|
|
17
|
+
url: string;
|
|
18
|
+
html_url: string;
|
|
19
|
+
followers_url: string;
|
|
20
|
+
following_url: string;
|
|
21
|
+
gists_url: string;
|
|
22
|
+
starred_url: string;
|
|
23
|
+
subscriptions_url: string;
|
|
24
|
+
organizations_url: string;
|
|
25
|
+
repos_url: string;
|
|
26
|
+
events_url: string;
|
|
27
|
+
received_events_url: string;
|
|
28
|
+
type: string;
|
|
29
|
+
site_admin: boolean;
|
|
30
|
+
name: string;
|
|
31
|
+
company: string;
|
|
32
|
+
blog: string;
|
|
33
|
+
location: string;
|
|
34
|
+
email: string;
|
|
35
|
+
hireable: boolean;
|
|
36
|
+
bio: string;
|
|
37
|
+
twitter_username: string;
|
|
38
|
+
public_repos: string;
|
|
39
|
+
public_gists: string;
|
|
40
|
+
followers: string;
|
|
41
|
+
following: string;
|
|
42
|
+
created_at: string;
|
|
43
|
+
updated_at: string;
|
|
44
|
+
private_gists: string;
|
|
45
|
+
total_private_repos: string;
|
|
46
|
+
owned_private_repos: string;
|
|
47
|
+
disk_usage: string;
|
|
48
|
+
collaborators: string;
|
|
49
|
+
two_factor_authentication: boolean;
|
|
50
|
+
plan: {
|
|
51
|
+
name: string;
|
|
52
|
+
space: string;
|
|
53
|
+
private_repos: string;
|
|
54
|
+
collaborators: string;
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
export interface GithubOptions extends ProviderOptions<GithubProfile> {
|
|
59
|
+
clientId: string;
|
|
60
|
+
}
|
|
61
|
+
export const github = (options: GithubOptions) => {
|
|
62
|
+
const tokenEndpoint = "https://github.com/login/oauth/access_token";
|
|
63
|
+
return {
|
|
64
|
+
id: "github",
|
|
65
|
+
name: "GitHub",
|
|
66
|
+
createAuthorizationURL({
|
|
67
|
+
state,
|
|
68
|
+
scopes,
|
|
69
|
+
loginHint,
|
|
70
|
+
codeVerifier,
|
|
71
|
+
redirectURI,
|
|
72
|
+
}) {
|
|
73
|
+
const _scopes = options.disableDefaultScope
|
|
74
|
+
? []
|
|
75
|
+
: ["read:user", "user:email"];
|
|
76
|
+
if (options.scope) _scopes.push(...options.scope);
|
|
77
|
+
if (scopes) _scopes.push(...scopes);
|
|
78
|
+
return createAuthorizationURL({
|
|
79
|
+
id: "github",
|
|
80
|
+
options,
|
|
81
|
+
authorizationEndpoint: "https://github.com/login/oauth/authorize",
|
|
82
|
+
scopes: _scopes,
|
|
83
|
+
state,
|
|
84
|
+
codeVerifier,
|
|
85
|
+
redirectURI,
|
|
86
|
+
loginHint,
|
|
87
|
+
prompt: options.prompt,
|
|
88
|
+
});
|
|
89
|
+
},
|
|
90
|
+
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
|
|
91
|
+
const { body, headers: requestHeaders } = createAuthorizationCodeRequest({
|
|
92
|
+
code,
|
|
93
|
+
codeVerifier,
|
|
94
|
+
redirectURI,
|
|
95
|
+
options,
|
|
96
|
+
});
|
|
97
|
+
|
|
98
|
+
const { data, error } = await betterFetch<
|
|
99
|
+
| { access_token: string; token_type: string; scope: string }
|
|
100
|
+
| { error: string; error_description?: string; error_uri?: string }
|
|
101
|
+
>(tokenEndpoint, {
|
|
102
|
+
method: "POST",
|
|
103
|
+
body: body,
|
|
104
|
+
headers: requestHeaders,
|
|
105
|
+
});
|
|
106
|
+
|
|
107
|
+
if (error) {
|
|
108
|
+
logger.error("GitHub OAuth token exchange failed:", error);
|
|
109
|
+
return null;
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
if ("error" in data) {
|
|
113
|
+
logger.error("GitHub OAuth token exchange failed:", data);
|
|
114
|
+
return null;
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
return getOAuth2Tokens(data);
|
|
118
|
+
},
|
|
119
|
+
refreshAccessToken: options.refreshAccessToken
|
|
120
|
+
? options.refreshAccessToken
|
|
121
|
+
: async (refreshToken) => {
|
|
122
|
+
return refreshAccessToken({
|
|
123
|
+
refreshToken,
|
|
124
|
+
options: {
|
|
125
|
+
clientId: options.clientId,
|
|
126
|
+
clientKey: options.clientKey,
|
|
127
|
+
clientSecret: options.clientSecret,
|
|
128
|
+
},
|
|
129
|
+
tokenEndpoint: "https://github.com/login/oauth/access_token",
|
|
130
|
+
});
|
|
131
|
+
},
|
|
132
|
+
async getUserInfo(token) {
|
|
133
|
+
if (options.getUserInfo) {
|
|
134
|
+
return options.getUserInfo(token);
|
|
135
|
+
}
|
|
136
|
+
const { data: profile, error } = await betterFetch<GithubProfile>(
|
|
137
|
+
"https://api.github.com/user",
|
|
138
|
+
{
|
|
139
|
+
headers: {
|
|
140
|
+
"User-Agent": "better-auth",
|
|
141
|
+
authorization: `Bearer ${token.accessToken}`,
|
|
142
|
+
},
|
|
143
|
+
},
|
|
144
|
+
);
|
|
145
|
+
if (error) {
|
|
146
|
+
return null;
|
|
147
|
+
}
|
|
148
|
+
const { data: emails } = await betterFetch<
|
|
149
|
+
{
|
|
150
|
+
email: string;
|
|
151
|
+
primary: boolean;
|
|
152
|
+
verified: boolean;
|
|
153
|
+
visibility: "public" | "private";
|
|
154
|
+
}[]
|
|
155
|
+
>("https://api.github.com/user/emails", {
|
|
156
|
+
headers: {
|
|
157
|
+
Authorization: `Bearer ${token.accessToken}`,
|
|
158
|
+
"User-Agent": "better-auth",
|
|
159
|
+
},
|
|
160
|
+
});
|
|
161
|
+
|
|
162
|
+
if (!profile.email && emails) {
|
|
163
|
+
profile.email = (emails.find((e) => e.primary) ?? emails[0])
|
|
164
|
+
?.email as string;
|
|
165
|
+
}
|
|
166
|
+
const emailVerified =
|
|
167
|
+
emails?.find((e) => e.email === profile.email)?.verified ?? false;
|
|
168
|
+
|
|
169
|
+
const userMap = await options.mapProfileToUser?.(profile);
|
|
170
|
+
return {
|
|
171
|
+
user: {
|
|
172
|
+
id: profile.id,
|
|
173
|
+
name: profile.name || profile.login,
|
|
174
|
+
email: profile.email,
|
|
175
|
+
image: profile.avatar_url,
|
|
176
|
+
emailVerified,
|
|
177
|
+
...userMap,
|
|
178
|
+
},
|
|
179
|
+
data: profile,
|
|
180
|
+
};
|
|
181
|
+
},
|
|
182
|
+
options,
|
|
183
|
+
} satisfies OAuthProvider<GithubProfile>;
|
|
184
|
+
};
|
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
import { betterFetch } from "@better-fetch/fetch";
|
|
2
|
+
import type { OAuthProvider, ProviderOptions } from "../oauth2";
|
|
3
|
+
import {
|
|
4
|
+
createAuthorizationURL,
|
|
5
|
+
refreshAccessToken,
|
|
6
|
+
validateAuthorizationCode,
|
|
7
|
+
} from "../oauth2";
|
|
8
|
+
|
|
9
|
+
export interface GitlabProfile extends Record<string, any> {
|
|
10
|
+
id: number;
|
|
11
|
+
username: string;
|
|
12
|
+
email: string;
|
|
13
|
+
name: string;
|
|
14
|
+
state: string;
|
|
15
|
+
avatar_url: string;
|
|
16
|
+
web_url: string;
|
|
17
|
+
created_at: string;
|
|
18
|
+
bio: string;
|
|
19
|
+
location?: string | undefined;
|
|
20
|
+
public_email: string;
|
|
21
|
+
skype: string;
|
|
22
|
+
linkedin: string;
|
|
23
|
+
twitter: string;
|
|
24
|
+
website_url: string;
|
|
25
|
+
organization: string;
|
|
26
|
+
job_title: string;
|
|
27
|
+
pronouns: string;
|
|
28
|
+
bot: boolean;
|
|
29
|
+
work_information?: string | undefined;
|
|
30
|
+
followers: number;
|
|
31
|
+
following: number;
|
|
32
|
+
local_time: string;
|
|
33
|
+
last_sign_in_at: string;
|
|
34
|
+
confirmed_at: string;
|
|
35
|
+
theme_id: number;
|
|
36
|
+
last_activity_on: string;
|
|
37
|
+
color_scheme_id: number;
|
|
38
|
+
projects_limit: number;
|
|
39
|
+
current_sign_in_at: string;
|
|
40
|
+
identities: Array<{
|
|
41
|
+
provider: string;
|
|
42
|
+
extern_uid: string;
|
|
43
|
+
}>;
|
|
44
|
+
can_create_group: boolean;
|
|
45
|
+
can_create_project: boolean;
|
|
46
|
+
two_factor_enabled: boolean;
|
|
47
|
+
external: boolean;
|
|
48
|
+
private_profile: boolean;
|
|
49
|
+
commit_email: string;
|
|
50
|
+
shared_runners_minutes_limit: number;
|
|
51
|
+
extra_shared_runners_minutes_limit: number;
|
|
52
|
+
email_verified?: boolean | undefined;
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
export interface GitlabOptions extends ProviderOptions<GitlabProfile> {
|
|
56
|
+
clientId: string;
|
|
57
|
+
issuer?: string | undefined;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
const cleanDoubleSlashes = (input: string = "") => {
|
|
61
|
+
return input
|
|
62
|
+
.split("://")
|
|
63
|
+
.map((str) => str.replace(/\/{2,}/g, "/"))
|
|
64
|
+
.join("://");
|
|
65
|
+
};
|
|
66
|
+
|
|
67
|
+
const issuerToEndpoints = (issuer?: string | undefined) => {
|
|
68
|
+
const baseUrl = issuer || "https://gitlab.com";
|
|
69
|
+
return {
|
|
70
|
+
authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
|
|
71
|
+
tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),
|
|
72
|
+
userinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`),
|
|
73
|
+
};
|
|
74
|
+
};
|
|
75
|
+
|
|
76
|
+
export const gitlab = (options: GitlabOptions) => {
|
|
77
|
+
const { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } =
|
|
78
|
+
issuerToEndpoints(options.issuer);
|
|
79
|
+
const issuerId = "gitlab";
|
|
80
|
+
const issuerName = "Gitlab";
|
|
81
|
+
return {
|
|
82
|
+
id: issuerId,
|
|
83
|
+
name: issuerName,
|
|
84
|
+
createAuthorizationURL: async ({
|
|
85
|
+
state,
|
|
86
|
+
scopes,
|
|
87
|
+
codeVerifier,
|
|
88
|
+
loginHint,
|
|
89
|
+
redirectURI,
|
|
90
|
+
}) => {
|
|
91
|
+
const _scopes = options.disableDefaultScope ? [] : ["read_user"];
|
|
92
|
+
if (options.scope) _scopes.push(...options.scope);
|
|
93
|
+
if (scopes) _scopes.push(...scopes);
|
|
94
|
+
return await createAuthorizationURL({
|
|
95
|
+
id: issuerId,
|
|
96
|
+
options,
|
|
97
|
+
authorizationEndpoint,
|
|
98
|
+
scopes: _scopes,
|
|
99
|
+
state,
|
|
100
|
+
redirectURI,
|
|
101
|
+
codeVerifier,
|
|
102
|
+
loginHint,
|
|
103
|
+
});
|
|
104
|
+
},
|
|
105
|
+
validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
|
|
106
|
+
return validateAuthorizationCode({
|
|
107
|
+
code,
|
|
108
|
+
redirectURI,
|
|
109
|
+
options,
|
|
110
|
+
codeVerifier,
|
|
111
|
+
tokenEndpoint,
|
|
112
|
+
});
|
|
113
|
+
},
|
|
114
|
+
refreshAccessToken: options.refreshAccessToken
|
|
115
|
+
? options.refreshAccessToken
|
|
116
|
+
: async (refreshToken) => {
|
|
117
|
+
return refreshAccessToken({
|
|
118
|
+
refreshToken,
|
|
119
|
+
options: {
|
|
120
|
+
clientId: options.clientId,
|
|
121
|
+
clientKey: options.clientKey,
|
|
122
|
+
clientSecret: options.clientSecret,
|
|
123
|
+
},
|
|
124
|
+
tokenEndpoint: tokenEndpoint,
|
|
125
|
+
});
|
|
126
|
+
},
|
|
127
|
+
async getUserInfo(token) {
|
|
128
|
+
if (options.getUserInfo) {
|
|
129
|
+
return options.getUserInfo(token);
|
|
130
|
+
}
|
|
131
|
+
const { data: profile, error } = await betterFetch<GitlabProfile>(
|
|
132
|
+
userinfoEndpoint,
|
|
133
|
+
{ headers: { authorization: `Bearer ${token.accessToken}` } },
|
|
134
|
+
);
|
|
135
|
+
if (error || profile.state !== "active" || profile.locked) {
|
|
136
|
+
return null;
|
|
137
|
+
}
|
|
138
|
+
const userMap = await options.mapProfileToUser?.(profile);
|
|
139
|
+
// GitLab may provide email_verified claim, but it's not guaranteed.
|
|
140
|
+
// We check for it first, then default to false for security consistency.
|
|
141
|
+
return {
|
|
142
|
+
user: {
|
|
143
|
+
id: profile.id,
|
|
144
|
+
name: profile.name ?? profile.username,
|
|
145
|
+
email: profile.email,
|
|
146
|
+
image: profile.avatar_url,
|
|
147
|
+
emailVerified: profile.email_verified ?? false,
|
|
148
|
+
...userMap,
|
|
149
|
+
},
|
|
150
|
+
data: profile,
|
|
151
|
+
};
|
|
152
|
+
},
|
|
153
|
+
options,
|
|
154
|
+
} satisfies OAuthProvider<GitlabProfile>;
|
|
155
|
+
};
|
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
import { betterFetch } from "@better-fetch/fetch";
|
|
2
|
+
import { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
|
|
3
|
+
import { logger } from "../env";
|
|
4
|
+
import { APIError, BetterAuthError } from "../error";
|
|
5
|
+
import type { OAuthProvider, ProviderOptions } from "../oauth2";
|
|
6
|
+
import {
|
|
7
|
+
createAuthorizationURL,
|
|
8
|
+
refreshAccessToken,
|
|
9
|
+
validateAuthorizationCode,
|
|
10
|
+
} from "../oauth2";
|
|
11
|
+
|
|
12
|
+
export interface GoogleProfile {
|
|
13
|
+
aud: string;
|
|
14
|
+
azp: string;
|
|
15
|
+
email: string;
|
|
16
|
+
email_verified: boolean;
|
|
17
|
+
exp: number;
|
|
18
|
+
/**
|
|
19
|
+
* The family name of the user, or last name in most
|
|
20
|
+
* Western languages.
|
|
21
|
+
*/
|
|
22
|
+
family_name: string;
|
|
23
|
+
/**
|
|
24
|
+
* The given name of the user, or first name in most
|
|
25
|
+
* Western languages.
|
|
26
|
+
*/
|
|
27
|
+
given_name: string;
|
|
28
|
+
hd?: string | undefined;
|
|
29
|
+
iat: number;
|
|
30
|
+
iss: string;
|
|
31
|
+
jti?: string | undefined;
|
|
32
|
+
locale?: string | undefined;
|
|
33
|
+
name: string;
|
|
34
|
+
nbf?: number | undefined;
|
|
35
|
+
picture: string;
|
|
36
|
+
sub: string;
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
export interface GoogleOptions extends ProviderOptions<GoogleProfile> {
|
|
40
|
+
clientId: string;
|
|
41
|
+
/**
|
|
42
|
+
* The access type to use for the authorization code request
|
|
43
|
+
*/
|
|
44
|
+
accessType?: ("offline" | "online") | undefined;
|
|
45
|
+
/**
|
|
46
|
+
* The display mode to use for the authorization code request
|
|
47
|
+
*/
|
|
48
|
+
display?: ("page" | "popup" | "touch" | "wap") | undefined;
|
|
49
|
+
/**
|
|
50
|
+
* The hosted domain of the user
|
|
51
|
+
*/
|
|
52
|
+
hd?: string | undefined;
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
export const google = (options: GoogleOptions) => {
|
|
56
|
+
return {
|
|
57
|
+
id: "google",
|
|
58
|
+
name: "Google",
|
|
59
|
+
async createAuthorizationURL({
|
|
60
|
+
state,
|
|
61
|
+
scopes,
|
|
62
|
+
codeVerifier,
|
|
63
|
+
redirectURI,
|
|
64
|
+
loginHint,
|
|
65
|
+
display,
|
|
66
|
+
}) {
|
|
67
|
+
if (!options.clientId || !options.clientSecret) {
|
|
68
|
+
logger.error(
|
|
69
|
+
"Client Id and Client Secret is required for Google. Make sure to provide them in the options.",
|
|
70
|
+
);
|
|
71
|
+
throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
|
|
72
|
+
}
|
|
73
|
+
if (!codeVerifier) {
|
|
74
|
+
throw new BetterAuthError("codeVerifier is required for Google");
|
|
75
|
+
}
|
|
76
|
+
const _scopes = options.disableDefaultScope
|
|
77
|
+
? []
|
|
78
|
+
: ["email", "profile", "openid"];
|
|
79
|
+
if (options.scope) _scopes.push(...options.scope);
|
|
80
|
+
if (scopes) _scopes.push(...scopes);
|
|
81
|
+
const url = await createAuthorizationURL({
|
|
82
|
+
id: "google",
|
|
83
|
+
options,
|
|
84
|
+
authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth",
|
|
85
|
+
scopes: _scopes,
|
|
86
|
+
state,
|
|
87
|
+
codeVerifier,
|
|
88
|
+
redirectURI,
|
|
89
|
+
prompt: options.prompt,
|
|
90
|
+
accessType: options.accessType,
|
|
91
|
+
display: display || options.display,
|
|
92
|
+
loginHint,
|
|
93
|
+
hd: options.hd,
|
|
94
|
+
additionalParams: {
|
|
95
|
+
include_granted_scopes: "true",
|
|
96
|
+
},
|
|
97
|
+
});
|
|
98
|
+
return url;
|
|
99
|
+
},
|
|
100
|
+
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
|
|
101
|
+
return validateAuthorizationCode({
|
|
102
|
+
code,
|
|
103
|
+
codeVerifier,
|
|
104
|
+
redirectURI,
|
|
105
|
+
options,
|
|
106
|
+
tokenEndpoint: "https://oauth2.googleapis.com/token",
|
|
107
|
+
});
|
|
108
|
+
},
|
|
109
|
+
refreshAccessToken: options.refreshAccessToken
|
|
110
|
+
? options.refreshAccessToken
|
|
111
|
+
: async (refreshToken) => {
|
|
112
|
+
return refreshAccessToken({
|
|
113
|
+
refreshToken,
|
|
114
|
+
options: {
|
|
115
|
+
clientId: options.clientId,
|
|
116
|
+
clientKey: options.clientKey,
|
|
117
|
+
clientSecret: options.clientSecret,
|
|
118
|
+
},
|
|
119
|
+
tokenEndpoint: "https://oauth2.googleapis.com/token",
|
|
120
|
+
});
|
|
121
|
+
},
|
|
122
|
+
async verifyIdToken(token, nonce) {
|
|
123
|
+
if (options.disableIdTokenSignIn) {
|
|
124
|
+
return false;
|
|
125
|
+
}
|
|
126
|
+
if (options.verifyIdToken) {
|
|
127
|
+
return options.verifyIdToken(token, nonce);
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
// Verify JWT integrity
|
|
131
|
+
// See https://developers.google.com/identity/sign-in/web/backend-auth#verify-the-integrity-of-the-id-token
|
|
132
|
+
|
|
133
|
+
const { kid, alg: jwtAlg } = decodeProtectedHeader(token);
|
|
134
|
+
if (!kid || !jwtAlg) return false;
|
|
135
|
+
|
|
136
|
+
const publicKey = await getGooglePublicKey(kid);
|
|
137
|
+
const { payload: jwtClaims } = await jwtVerify(token, publicKey, {
|
|
138
|
+
algorithms: [jwtAlg],
|
|
139
|
+
issuer: ["https://accounts.google.com", "accounts.google.com"],
|
|
140
|
+
audience: options.clientId,
|
|
141
|
+
maxTokenAge: "1h",
|
|
142
|
+
});
|
|
143
|
+
|
|
144
|
+
if (nonce && jwtClaims.nonce !== nonce) {
|
|
145
|
+
return false;
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
return true;
|
|
149
|
+
},
|
|
150
|
+
async getUserInfo(token) {
|
|
151
|
+
if (options.getUserInfo) {
|
|
152
|
+
return options.getUserInfo(token);
|
|
153
|
+
}
|
|
154
|
+
if (!token.idToken) {
|
|
155
|
+
return null;
|
|
156
|
+
}
|
|
157
|
+
const user = decodeJwt(token.idToken) as GoogleProfile;
|
|
158
|
+
const userMap = await options.mapProfileToUser?.(user);
|
|
159
|
+
return {
|
|
160
|
+
user: {
|
|
161
|
+
id: user.sub,
|
|
162
|
+
name: user.name,
|
|
163
|
+
email: user.email,
|
|
164
|
+
image: user.picture,
|
|
165
|
+
emailVerified: user.email_verified,
|
|
166
|
+
...userMap,
|
|
167
|
+
},
|
|
168
|
+
data: user,
|
|
169
|
+
};
|
|
170
|
+
},
|
|
171
|
+
options,
|
|
172
|
+
} satisfies OAuthProvider<GoogleProfile>;
|
|
173
|
+
};
|
|
174
|
+
|
|
175
|
+
export const getGooglePublicKey = async (kid: string) => {
|
|
176
|
+
const { data } = await betterFetch<{
|
|
177
|
+
keys: Array<{
|
|
178
|
+
kid: string;
|
|
179
|
+
alg: string;
|
|
180
|
+
kty: string;
|
|
181
|
+
use: string;
|
|
182
|
+
n: string;
|
|
183
|
+
e: string;
|
|
184
|
+
}>;
|
|
185
|
+
}>("https://www.googleapis.com/oauth2/v3/certs");
|
|
186
|
+
|
|
187
|
+
if (!data?.keys) {
|
|
188
|
+
throw new APIError("BAD_REQUEST", {
|
|
189
|
+
message: "Keys not found",
|
|
190
|
+
});
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
const jwk = data.keys.find((key) => key.kid === kid);
|
|
194
|
+
if (!jwk) {
|
|
195
|
+
throw new Error(`JWK with kid ${kid} not found`);
|
|
196
|
+
}
|
|
197
|
+
|
|
198
|
+
return await importJWK(jwk, jwk.alg);
|
|
199
|
+
};
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
import { betterFetch } from "@better-fetch/fetch";
|
|
2
|
+
import type { OAuthProvider, ProviderOptions } from "../oauth2";
|
|
3
|
+
import {
|
|
4
|
+
createAuthorizationURL,
|
|
5
|
+
refreshAccessToken,
|
|
6
|
+
validateAuthorizationCode,
|
|
7
|
+
} from "../oauth2";
|
|
8
|
+
|
|
9
|
+
export interface HuggingFaceProfile {
|
|
10
|
+
sub: string;
|
|
11
|
+
name: string;
|
|
12
|
+
preferred_username: string;
|
|
13
|
+
profile: string;
|
|
14
|
+
picture: string;
|
|
15
|
+
website?: string | undefined;
|
|
16
|
+
email?: string | undefined;
|
|
17
|
+
email_verified?: boolean | undefined;
|
|
18
|
+
isPro: boolean;
|
|
19
|
+
canPay?: boolean | undefined;
|
|
20
|
+
orgs?:
|
|
21
|
+
| {
|
|
22
|
+
sub: string;
|
|
23
|
+
name: string;
|
|
24
|
+
picture: string;
|
|
25
|
+
preferred_username: string;
|
|
26
|
+
isEnterprise: boolean | "plus";
|
|
27
|
+
canPay?: boolean;
|
|
28
|
+
roleInOrg?: "admin" | "write" | "contributor" | "read";
|
|
29
|
+
pendingSSO?: boolean;
|
|
30
|
+
missingMFA?: boolean;
|
|
31
|
+
resourceGroups?: {
|
|
32
|
+
sub: string;
|
|
33
|
+
name: string;
|
|
34
|
+
role: "admin" | "write" | "contributor" | "read";
|
|
35
|
+
}[];
|
|
36
|
+
}
|
|
37
|
+
| undefined;
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
export interface HuggingFaceOptions
|
|
41
|
+
extends ProviderOptions<HuggingFaceProfile> {
|
|
42
|
+
clientId: string;
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
export const huggingface = (options: HuggingFaceOptions) => {
|
|
46
|
+
return {
|
|
47
|
+
id: "huggingface",
|
|
48
|
+
name: "Hugging Face",
|
|
49
|
+
createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
|
|
50
|
+
const _scopes = options.disableDefaultScope
|
|
51
|
+
? []
|
|
52
|
+
: ["openid", "profile", "email"];
|
|
53
|
+
if (options.scope) _scopes.push(...options.scope);
|
|
54
|
+
if (scopes) _scopes.push(...scopes);
|
|
55
|
+
return createAuthorizationURL({
|
|
56
|
+
id: "huggingface",
|
|
57
|
+
options,
|
|
58
|
+
authorizationEndpoint: "https://huggingface.co/oauth/authorize",
|
|
59
|
+
scopes: _scopes,
|
|
60
|
+
state,
|
|
61
|
+
codeVerifier,
|
|
62
|
+
redirectURI,
|
|
63
|
+
});
|
|
64
|
+
},
|
|
65
|
+
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
|
|
66
|
+
return validateAuthorizationCode({
|
|
67
|
+
code,
|
|
68
|
+
codeVerifier,
|
|
69
|
+
redirectURI,
|
|
70
|
+
options,
|
|
71
|
+
tokenEndpoint: "https://huggingface.co/oauth/token",
|
|
72
|
+
});
|
|
73
|
+
},
|
|
74
|
+
refreshAccessToken: options.refreshAccessToken
|
|
75
|
+
? options.refreshAccessToken
|
|
76
|
+
: async (refreshToken) => {
|
|
77
|
+
return refreshAccessToken({
|
|
78
|
+
refreshToken,
|
|
79
|
+
options: {
|
|
80
|
+
clientId: options.clientId,
|
|
81
|
+
clientKey: options.clientKey,
|
|
82
|
+
clientSecret: options.clientSecret,
|
|
83
|
+
},
|
|
84
|
+
tokenEndpoint: "https://huggingface.co/oauth/token",
|
|
85
|
+
});
|
|
86
|
+
},
|
|
87
|
+
async getUserInfo(token) {
|
|
88
|
+
if (options.getUserInfo) {
|
|
89
|
+
return options.getUserInfo(token);
|
|
90
|
+
}
|
|
91
|
+
const { data: profile, error } = await betterFetch<HuggingFaceProfile>(
|
|
92
|
+
"https://huggingface.co/oauth/userinfo",
|
|
93
|
+
{
|
|
94
|
+
method: "GET",
|
|
95
|
+
headers: {
|
|
96
|
+
Authorization: `Bearer ${token.accessToken}`,
|
|
97
|
+
},
|
|
98
|
+
},
|
|
99
|
+
);
|
|
100
|
+
if (error) {
|
|
101
|
+
return null;
|
|
102
|
+
}
|
|
103
|
+
const userMap = await options.mapProfileToUser?.(profile);
|
|
104
|
+
return {
|
|
105
|
+
user: {
|
|
106
|
+
id: profile.sub,
|
|
107
|
+
name: profile.name || profile.preferred_username,
|
|
108
|
+
email: profile.email,
|
|
109
|
+
image: profile.picture,
|
|
110
|
+
emailVerified: profile.email_verified ?? false,
|
|
111
|
+
...userMap,
|
|
112
|
+
},
|
|
113
|
+
data: profile,
|
|
114
|
+
};
|
|
115
|
+
},
|
|
116
|
+
options,
|
|
117
|
+
} satisfies OAuthProvider<HuggingFaceProfile>;
|
|
118
|
+
};
|