@hammadj/better-auth-core 1.5.0-beta.9

package/src/social-providers/twitter.ts

@@ -0,0 +1,198 @@
+import { betterFetch } from "@better-fetch/fetch";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	createAuthorizationURL,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+
+export interface TwitterProfile {
+	data: {
+		/**
+		 * Unique identifier of this user. This is returned as a string in order to avoid complications with languages and tools
+		 * that cannot handle large integers.
+		 */
+		id: string;
+		/** The friendly name of this user, as shown on their profile. */
+		name: string;
+		/** The email address of this user. */
+		email?: string | undefined;
+		/** The Twitter handle (screen name) of this user. */
+		username: string;
+		/**
+		 * The location specified in the user's profile, if the user provided one.
+		 * As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries.
+		 *
+		 * To return this field, add `user.fields=location` in the authorization request's query parameter.
+		 */
+		location?: string | undefined;
+		/**
+		 * This object and its children fields contain details about text that has a special meaning in the user's description.
+		 *
+		 *To return this field, add `user.fields=entities` in the authorization request's query parameter.
+		 */
+		entities?:
+			| {
+					/** Contains details about the user's profile website. */
+					url: {
+						/** Contains details about the user's profile website. */
+						urls: Array<{
+							/** The start position (zero-based) of the recognized user's profile website. All start indices are inclusive. */
+							start: number;
+							/** The end position (zero-based) of the recognized user's profile website. This end index is exclusive. */
+							end: number;
+							/** The URL in the format entered by the user. */
+							url: string;
+							/** The fully resolved URL. */
+							expanded_url: string;
+							/** The URL as displayed in the user's profile. */
+							display_url: string;
+						}>;
+					};
+					/** Contains details about URLs, Hashtags, Cashtags, or mentions located within a user's description. */
+					description: {
+						hashtags: Array<{
+							start: number;
+							end: number;
+							tag: string;
+						}>;
+					};
+			  }
+			| undefined;
+		/**
+		 * Indicate if this user is a verified Twitter user.
+		 *
+		 * To return this field, add `user.fields=verified` in the authorization request's query parameter.
+		 */
+		verified?: boolean | undefined;
+		/**
+		 * The text of this user's profile description (also known as bio), if the user provided one.
+		 *
+		 * To return this field, add `user.fields=description` in the authorization request's query parameter.
+		 */
+		description?: string | undefined;
+		/**
+		 * The URL specified in the user's profile, if present.
+		 *
+		 * To return this field, add `user.fields=url` in the authorization request's query parameter.
+		 */
+		url?: string | undefined;
+		/** The URL to the profile image for this user, as shown on the user's profile. */
+		profile_image_url?: string | undefined;
+		protected?: boolean | undefined;
+		/**
+		 * Unique identifier of this user's pinned Tweet.
+		 *
+		 *  You can obtain the expanded object in `includes.tweets` by adding `expansions=pinned_tweet_id` in the authorization request's query parameter.
+		 */
+		pinned_tweet_id?: string | undefined;
+		created_at?: string | undefined;
+	};
+	includes?:
+		| {
+				tweets?: Array<{
+					id: string;
+					text: string;
+				}>;
+		  }
+		| undefined;
+	[claims: string]: unknown;
+}
+
+export interface TwitterOption extends ProviderOptions<TwitterProfile> {
+	clientId: string;
+}
+
+export const twitter = (options: TwitterOption) => {
+	return {
+		id: "twitter",
+		name: "Twitter",
+		createAuthorizationURL(data) {
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["users.read", "tweet.read", "offline.access", "users.email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (data.scopes) _scopes.push(...data.scopes);
+			return createAuthorizationURL({
+				id: "twitter",
+				options,
+				authorizationEndpoint: "https://x.com/i/oauth2/authorize",
+				scopes: _scopes,
+				state: data.state,
+				codeVerifier: data.codeVerifier,
+				redirectURI: data.redirectURI,
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				authentication: "basic",
+				redirectURI,
+				options,
+				tokenEndpoint: "https://api.x.com/2/oauth2/token",
+			});
+		},
+
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) => {
+					return refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						authentication: "basic",
+						tokenEndpoint: "https://api.x.com/2/oauth2/token",
+					});
+				},
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			const { data: profile, error: profileError } =
+				await betterFetch<TwitterProfile>(
+					"https://api.x.com/2/users/me?user.fields=profile_image_url",
+					{
+						method: "GET",
+						headers: {
+							Authorization: `Bearer ${token.accessToken}`,
+						},
+					},
+				);
+
+			if (profileError) {
+				return null;
+			}
+
+			const { data: emailData, error: emailError } = await betterFetch<{
+				data: { confirmed_email: string };
+			}>("https://api.x.com/2/users/me?user.fields=confirmed_email", {
+				method: "GET",
+				headers: {
+					Authorization: `Bearer ${token.accessToken}`,
+				},
+			});
+			let emailVerified = false;
+			if (!emailError && emailData?.data?.confirmed_email) {
+				profile.data.email = emailData.data.confirmed_email;
+				emailVerified = true;
+			}
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.data.id,
+					name: profile.data.name,
+					email: profile.data.email || profile.data.username || null,
+					image: profile.data.profile_image_url,
+					emailVerified: emailVerified,
+					...userMap,
+				},
+				data: profile,
+			};
+		},
+		options,
+	} satisfies OAuthProvider<TwitterProfile>;
+};

package/src/social-providers/vercel.ts

@@ -0,0 +1,87 @@
+import { betterFetch } from "@better-fetch/fetch";
+import { BetterAuthError } from "../error";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import { createAuthorizationURL, validateAuthorizationCode } from "../oauth2";
+
+export interface VercelProfile {
+	sub: string;
+	name?: string;
+	preferred_username?: string;
+	email?: string;
+	email_verified?: boolean;
+	picture?: string;
+}
+
+export interface VercelOptions extends ProviderOptions<VercelProfile> {
+	clientId: string;
+}
+
+export const vercel = (options: VercelOptions) => {
+	return {
+		id: "vercel",
+		name: "Vercel",
+		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			if (!codeVerifier) {
+				throw new BetterAuthError("codeVerifier is required for Vercel");
+			}
+
+			let _scopes: string[] | undefined = undefined;
+			if (options.scope !== undefined || scopes !== undefined) {
+				_scopes = [];
+				if (options.scope) _scopes.push(...options.scope);
+				if (scopes) _scopes.push(...scopes);
+			}
+
+			return createAuthorizationURL({
+				id: "vercel",
+				options,
+				authorizationEndpoint: "https://vercel.com/oauth/authorize",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://api.vercel.com/login/oauth/token",
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+
+			const { data: profile, error } = await betterFetch<VercelProfile>(
+				"https://api.vercel.com/login/oauth/userinfo",
+				{
+					headers: {
+						Authorization: `Bearer ${token.accessToken}`,
+					},
+				},
+			);
+
+			if (error || !profile) {
+				return null;
+			}
+
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.sub,
+					name: profile.name ?? profile.preferred_username,
+					email: profile.email,
+					image: profile.picture,
+					emailVerified: profile.email_verified ?? false,
+					...userMap,
+				},
+				data: profile,
+			};
+		},
+		options,
+	} satisfies OAuthProvider<VercelProfile>;
+};

package/src/social-providers/vk.ts

@@ -0,0 +1,124 @@
+import { betterFetch } from "@better-fetch/fetch";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	createAuthorizationURL,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+
+export interface VkProfile {
+	user: {
+		user_id: string;
+		first_name: string;
+		last_name: string;
+		email?: string | undefined;
+		phone?: number | undefined;
+		avatar?: string | undefined;
+		sex?: number | undefined;
+		verified?: boolean | undefined;
+		birthday: string;
+	};
+}
+
+export interface VkOption extends ProviderOptions {
+	clientId: string;
+	scheme?: ("light" | "dark") | undefined;
+}
+
+export const vk = (options: VkOption) => {
+	return {
+		id: "vk",
+		name: "VK",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["email", "phone"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			const authorizationEndpoint = "https://id.vk.com/authorize";
+
+			return createAuthorizationURL({
+				id: "vk",
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				redirectURI,
+				codeVerifier,
+			});
+		},
+		validateAuthorizationCode: async ({
+			code,
+			codeVerifier,
+			redirectURI,
+			deviceId,
+		}) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI: options.redirectURI || redirectURI,
+				options,
+				deviceId,
+				tokenEndpoint: "https://id.vk.com/oauth2/auth",
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) => {
+					return refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint: "https://id.vk.com/oauth2/auth",
+					});
+				},
+		async getUserInfo(data) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(data);
+			}
+			if (!data.accessToken) {
+				return null;
+			}
+			const formBody = new URLSearchParams({
+				access_token: data.accessToken,
+				client_id: options.clientId,
+			}).toString();
+			const { data: profile, error } = await betterFetch<VkProfile>(
+				"https://id.vk.com/oauth2/user_info",
+				{
+					method: "POST",
+					headers: {
+						"Content-Type": "application/x-www-form-urlencoded",
+					},
+					body: formBody,
+				},
+			);
+			if (error) {
+				return null;
+			}
+
+			const userMap = await options.mapProfileToUser?.(profile);
+			if (!profile.user.email && !userMap?.email) {
+				return null;
+			}
+
+			return {
+				user: {
+					id: profile.user.user_id,
+					first_name: profile.user.first_name,
+					last_name: profile.user.last_name,
+					email: profile.user.email,
+					image: profile.user.avatar,
+					emailVerified: false,
+					birthday: profile.user.birthday,
+					sex: profile.user.sex,
+					name: `${profile.user.first_name} ${profile.user.last_name}`,
+					...userMap,
+				},
+				data: profile,
+			};
+		},
+		options,
+	} satisfies OAuthProvider<VkProfile>;
+};

package/src/social-providers/zoom.ts

@@ -0,0 +1,238 @@
+import { betterFetch } from "@better-fetch/fetch";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	generateCodeChallenge,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+
+export type LoginType =
+	| 0 /** Facebook OAuth */
+	| 1 /** Google OAuth */
+	| 24 /** Apple OAuth */
+	| 27 /** Microsoft OAuth */
+	| 97 /** Mobile device */
+	| 98 /** RingCentral OAuth */
+	| 99 /** API user */
+	| 100 /** Zoom Work email */
+	| 101; /** Single Sign-On (SSO) */
+
+export type AccountStatus = "pending" | "active" | "inactive";
+
+export type PronounOption =
+	| 1 /** Ask the user every time */
+	| 2 /** Always display */
+	| 3; /** Do not display */
+
+export interface PhoneNumber {
+	/** The country code of the phone number (Example: "+1") */
+	code: string;
+
+	/** The country of the phone number (Example: "US") */
+	country: string;
+
+	/** The label for the phone number (Example: "Mobile") */
+	label: string;
+
+	/** The phone number itself (Example: "800000000") */
+	number: string;
+
+	/** Whether the phone number has been verified (Example: true) */
+	verified: boolean;
+}
+
+/**
+ * See the full documentation below:
+ * https://developers.zoom.us/docs/api/users/#tag/users/GET/users/{userId}
+ */
+export interface ZoomProfile extends Record<string, any> {
+	/* cspell:disable-next-line */
+	/** The user's account ID (Example: "q6gBJVO5TzexKYTb_I2rpg") */
+	account_id: string;
+	/** The user's account number (Example: 10009239) */
+	account_number: number;
+	/** The user's cluster (Example: "us04") */
+	cluster: string;
+	/** The user's CMS ID. Only enabled for Kaltura integration (Example: "KDcuGIm1QgePTO8WbOqwIQ") */
+	cms_user_id: string;
+	/** The user's cost center (Example: "cost center") */
+	cost_center: string;
+	/** User create time (Example: "2018-10-31T04:32:37Z") */
+	created_at: string;
+	/** Department (Example: "Developers") */
+	dept: string;
+	/** User's display name (Example: "Jill Chill") */
+	display_name: string;
+	/** User's email address (Example: "jchill@example.com") */
+	email: string;
+	/** User's first name (Example: "Jill") */
+	first_name: string;
+	/* cspell:disable-next-line */
+	/** IDs of the web groups that the user belongs to (Example: ["RSMaSp8sTEGK0_oamiA2_w"]) */
+	group_ids: string[];
+	/* cspell:disable-next-line */
+	/** User ID (Example: "zJKyaiAyTNC-MWjiWC18KQ") */
+	id: string;
+	/* cspell:disable-next-line */
+	/** IM IDs of the groups that the user belongs to (Example: ["t-_-d56CSWG-7BF15LLrOw"]) */
+	im_group_ids: string[];
+	/** The user's JID (Example: "jchill@example.com") */
+	jid: string;
+	/** The user's job title (Example: "API Developer") */
+	job_title: string;
+	/** Default language for the Zoom Web Portal (Example: "en-US") */
+	language: string;
+	/** User last login client version (Example: "5.9.6.4993(mac)") */
+	last_client_version: string;
+	/** User last login time (Example: "2021-05-05T20:40:30Z") */
+	last_login_time: string;
+	/** User's last name (Example: "Chill") */
+	last_name: string;
+	/** The time zone of the user (Example: "Asia/Shanghai") */
+	timezone: string;
+	/** User's location (Example: "Paris") */
+	location: string;
+	/** The user's login method (Example: 101) */
+	login_types: LoginType[];
+	/** User's personal meeting URL (Example: "example.com") */
+	personal_meeting_url: string;
+	/** This field has been deprecated and will not be supported in the future.
+	 * Use the phone_numbers field instead of this field.
+	 * The user's phone number (Example: "+1 800000000") */
+	// @deprecated true
+	phone_number?: string | undefined;
+	/** The URL for user's profile picture (Example: "example.com") */
+	pic_url: string;
+	/** Personal Meeting ID (PMI) (Example: 3542471135) */
+	pmi: number;
+	/** Unique identifier of the user's assigned role (Example: "0") */
+	role_id: string;
+	/** User's role name (Example: "Admin") */
+	role_name: string;
+	/** Status of user's account (Example: "pending") */
+	status: AccountStatus;
+	/** Use the personal meeting ID (PMI) for instant meetings (Example: false) */
+	use_pmi: boolean;
+	/** The time and date when the user was created (Example: "2018-10-31T04:32:37Z") */
+	user_created_at: string;
+	/** Displays whether user is verified or not (Example: 1) */
+	verified: number;
+	/** The user's Zoom Workplace plan option (Example: 64) */
+	zoom_one_type: number;
+	/** The user's company (Example: "Jill") */
+	company?: string | undefined;
+	/* cspell:disable-next-line */
+	/** Custom attributes that have been assigned to the user (Example: [{ "key": "cbf_cywdkexrtqc73f97gd4w6g", "name": "A1", "value": "1" }]) */
+	custom_attributes?:
+		| { key: string; name: string; value: string }[]
+		| undefined;
+	/* cspell:disable-next-line */
+	/** The employee's unique ID. This field only returns when SAML single sign-on (SSO) is enabled. The `login_type` value is `101` (SSO) (Example: "HqDyI037Qjili1kNsSIrIg") */
+	employee_unique_id?: string | undefined;
+	/** The manager for the user (Example: "thill@example.com") */
+	manager?: string | undefined;
+	/** The user's country for the company phone number (Example: "US")
+	 * @deprecated true */
+	phone_country?: string | undefined;
+	/** The phone number's ISO country code (Example: "+1") */
+	phone_numbers?: PhoneNumber[] | undefined;
+	/** The user's plan type (Example: "1") */
+	plan_united_type?: string | undefined;
+	/** The user's pronouns (Example: "3123") */
+	pronouns?: string | undefined;
+	/** The user's display pronouns setting (Example: 1) */
+	pronouns_option?: PronounOption | undefined;
+	/** Personal meeting room URL, if the user has one (Example: "example.com") */
+	vanity_url?: string | undefined;
+}
+
+export interface ZoomOptions extends ProviderOptions<ZoomProfile> {
+	clientId: string;
+	pkce?: boolean | undefined;
+}
+
+export const zoom = (userOptions: ZoomOptions) => {
+	const options = {
+		pkce: true,
+		...userOptions,
+	};
+
+	return {
+		id: "zoom",
+		name: "Zoom",
+		createAuthorizationURL: async ({ state, redirectURI, codeVerifier }) => {
+			const params = new URLSearchParams({
+				response_type: "code",
+				redirect_uri: options.redirectURI ? options.redirectURI : redirectURI,
+				client_id: options.clientId,
+				state,
+			});
+
+			if (options.pkce) {
+				const codeChallenge = await generateCodeChallenge(codeVerifier);
+				params.set("code_challenge_method", "S256");
+				params.set("code_challenge", codeChallenge);
+			}
+
+			const url = new URL("https://zoom.us/oauth/authorize");
+			url.search = params.toString();
+
+			return url;
+		},
+		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI: options.redirectURI || redirectURI,
+				codeVerifier,
+				options,
+				tokenEndpoint: "https://zoom.us/oauth/token",
+				authentication: "post",
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) =>
+					refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint: "https://zoom.us/oauth/token",
+					}),
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			const { data: profile, error } = await betterFetch<ZoomProfile>(
+				"https://api.zoom.us/v2/users/me",
+				{
+					headers: {
+						authorization: `Bearer ${token.accessToken}`,
+					},
+				},
+			);
+
+			if (error) {
+				return null;
+			}
+
+			const userMap = await options.mapProfileToUser?.(profile);
+
+			return {
+				user: {
+					id: profile.id,
+					name: profile.display_name,
+					image: profile.pic_url,
+					email: profile.email,
+					emailVerified: Boolean(profile.verified),
+					...userMap,
+				},
+				data: {
+					...profile,
+				},
+			};
+		},
+	} satisfies OAuthProvider<ZoomProfile>;
+};