npm - @hanzo/iam - Versions diffs - 0.4.0 → 0.4.2 - Mend

@hanzo/iam 0.4.0 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

package/src/betterauth.ts DELETED Viewed

@@ -1,86 +0,0 @@
-/**
- * BetterAuth SSO provider configuration for Hanzo IAM.
- *
- * Returns a provider config object compatible with BetterAuth's
- * `socialProviders` or generic OAuth plugin.
- *
- * @example
- * ```ts
- * import { betterAuth } from "better-auth";
- * import { hanzoIamProvider } from "@hanzo/iam/betterauth";
- *
- * export const auth = betterAuth({
- *   socialProviders: [
- *     hanzoIamProvider({
- *       serverUrl: process.env.IAM_SERVER_URL!,
- *       clientId: process.env.IAM_CLIENT_ID!,
- *       clientSecret: process.env.IAM_CLIENT_SECRET!,
- *     }),
- *   ],
- * });
- * ```
- *
- * @packageDocumentation
- */
-import type { IamConfig } from "./types.js";
-export interface HanzoIamSocialProvider {
-  id: string;
-  name: string;
-  type: "oidc";
-  issuer: string;
-  clientId: string;
-  clientSecret?: string;
-  authorization: { url: string; params: { scope: string } };
-  token: { url: string };
-  userinfo: { url: string };
-  profile: (profile: Record<string, unknown>) => {
-    id: string;
-    name: string;
-    email: string;
-    image: string | null;
-  };
-}
-/**
- * Create a BetterAuth-compatible social provider for Hanzo IAM.
- *
- * Works with BetterAuth's SSO plugin or generic OAuth integration.
- * Uses the standard Hanzo IAM / Casdoor OIDC endpoints.
- */
-export function hanzoIamProvider(
-  config: IamConfig & { redirectUri?: string },
-): HanzoIamSocialProvider {
-  const baseUrl = config.serverUrl.replace(/\/+$/, "");
-  return {
-    id: "hanzo-iam",
-    name: "Hanzo IAM",
-    type: "oidc",
-    issuer: baseUrl,
-    clientId: config.clientId,
-    clientSecret: config.clientSecret,
-    authorization: {
-      url: `${baseUrl}/login/oauth/authorize`,
-      params: { scope: "openid profile email" },
-    },
-    token: { url: `${baseUrl}/api/login/oauth/access_token` },
-    userinfo: { url: `${baseUrl}/api/userinfo` },
-    profile(profile: Record<string, unknown>) {
-      return {
-        id: (profile.sub as string) ?? (profile.id as string) ?? "",
-        name:
-          (profile.displayName as string) ??
-          (profile.name as string) ??
-          (profile.preferred_username as string) ??
-          "",
-        email: (profile.email as string) ?? "",
-        image: (profile.avatar as string) ?? (profile.picture as string) ?? null,
-      };
-    },
-  };
-}
-// Backwards-compatible alias
-export { hanzoIamProvider as hanzoIamSocialProvider };

package/src/passport.ts DELETED Viewed

@@ -1,97 +0,0 @@
-/**
- * Passport.js OAuth2 strategy factory for Hanzo IAM.
- *
- * Creates a pre-configured passport-oauth2 strategy that authenticates
- * against hanzo.id with PKCE and fetches user info on callback.
- *
- * @example
- * ```ts
- * import passport from "passport";
- * import { createIamPassportStrategy } from "@hanzo/iam/passport";
- *
- * passport.use("iam", createIamPassportStrategy({
- *   serverUrl: "https://hanzo.id",
- *   clientId: "hanzo-kms-client-id",
- *   clientSecret: process.env.IAM_CLIENT_SECRET!,
- *   callbackUrl: "https://kms.hanzo.ai/api/v1/sso/oidc/callback",
- * }));
- * ```
- *
- * @packageDocumentation
- */
-import type { IamConfig } from "./types.js";
-export interface IamPassportConfig extends IamConfig {
-  /** Full callback URL for OAuth2 redirect. */
-  callbackUrl: string;
-  /** OAuth2 scopes. Default: "openid profile email". */
-  scope?: string;
-}
-export interface IamPassportUser {
-  accessToken: string;
-  refreshToken?: string;
-  userinfo: Record<string, unknown>;
-}
-/**
- * Create a Passport OAuth2 strategy for Hanzo IAM.
- *
- * Requires `passport-oauth2` as a peer dependency.
- * Returns an OAuth2Strategy instance ready to pass to `passport.use()`.
- *
- * The verify callback fetches userinfo from the IAM server and passes
- * `{ accessToken, refreshToken, userinfo }` as the user object.
- */
-export function createIamPassportStrategy(
-  config: IamPassportConfig,
-): unknown {
-  // Dynamic import to keep passport-oauth2 as optional peer dep.
-  // eslint-disable-next-line @typescript-eslint/no-require-imports
-  const { Strategy: OAuth2Strategy } = require("passport-oauth2") as {
-    Strategy: new (
-      options: Record<string, unknown>,
-      verify: (...args: unknown[]) => void,
-    ) => unknown;
-  };
-  const baseUrl = config.serverUrl.replace(/\/+$/, "");
-  const verify = async (
-    ...args: unknown[]
-  ): Promise<void> => {
-    // passReqToCallback=true: (req, accessToken, refreshToken, profile, done)
-    const accessToken = args[1] as string;
-    const refreshToken = args[2] as string | undefined;
-    const done = args[4] as (err: Error | null, user?: IamPassportUser) => void;
-    try {
-      const res = await fetch(`${baseUrl}/api/userinfo`, {
-        headers: { Authorization: `Bearer ${accessToken}` },
-      });
-      if (!res.ok) {
-        return done(new Error(`IAM userinfo failed: ${res.status}`));
-      }
-      const userinfo = (await res.json()) as Record<string, unknown>;
-      done(null, { accessToken, refreshToken, userinfo });
-    } catch (err) {
-      done(err instanceof Error ? err : new Error(String(err)));
-    }
-  };
-  return new OAuth2Strategy(
-    {
-      authorizationURL: `${baseUrl}/login/oauth/authorize`,
-      tokenURL: `${baseUrl}/api/login/oauth/access_token`,
-      clientID: config.clientId,
-      clientSecret: config.clientSecret ?? "",
-      callbackURL: config.callbackUrl,
-      scope: config.scope ?? "openid profile email",
-      state: true,
-      pkce: true,
-      passReqToCallback: true,
-    },
-    verify,
-  );
-}