npm - @hanzo/iam - Versions diffs - 0.4.1 → 0.5.0 - Mend

@hanzo/iam 0.4.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/dist/betterauth.js DELETED Viewed

@@ -1,64 +0,0 @@
-/**
- * BetterAuth SSO provider configuration for IAM.
- *
- * Returns a provider config object compatible with BetterAuth's
- * `socialProviders` or generic OAuth plugin.
- *
- * @example
- * ```ts
- * import { betterAuth } from "better-auth";
- * import { iamProvider } from "@hanzo/iam/betterauth";
- *
- * export const auth = betterAuth({
- *   socialProviders: [
- *     iamProvider({
- *       serverUrl: process.env.IAM_SERVER_URL!,
- *       clientId: process.env.IAM_CLIENT_ID!,
- *       clientSecret: process.env.IAM_CLIENT_SECRET!,
- *     }),
- *   ],
- * });
- * ```
- *
- * @packageDocumentation
- */
-/**
- * Create a BetterAuth-compatible social provider for IAM.
- *
- * Works with BetterAuth's SSO plugin or generic OAuth integration.
- * Uses standard OIDC endpoints.
- */
-export function iamProvider(config) {
-    const baseUrl = config.serverUrl.replace(/\/+$/, "");
-    return {
-        id: "iam",
-        name: "IAM",
-        type: "oidc",
-        issuer: baseUrl,
-        clientId: config.clientId,
-        clientSecret: config.clientSecret,
-        authorization: {
-            url: `${baseUrl}/login/oauth/authorize`,
-            params: { scope: "openid profile email" },
-        },
-        token: { url: `${baseUrl}/api/login/oauth/access_token` },
-        userinfo: { url: `${baseUrl}/api/userinfo` },
-        profile(profile) {
-            return {
-                id: profile.sub ?? profile.id ?? "",
-                name: profile.displayName ??
-                    profile.name ??
-                    profile.preferred_username ??
-                    "",
-                email: profile.email ?? "",
-                image: profile.avatar ?? profile.picture ?? null,
-            };
-        },
-    };
-}
-// Backwards-compatible aliases
-/** @deprecated Use iamProvider instead */
-export { iamProvider as hanzoIamProvider };
-/** @deprecated Use iamProvider instead */
-export { iamProvider as hanzoIamSocialProvider };
-//# sourceMappingURL=betterauth.js.map

package/dist/betterauth.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"betterauth.js","sourceRoot":"","sources":["../src/betterauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAsBH;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CACzB,MAA4C;IAE5C,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErD,OAAO;QACL,EAAE,EAAE,KAAK;QACT,IAAI,EAAE,KAAK;QACX,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,OAAO;QACf,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,aAAa,EAAE;YACb,GAAG,EAAE,GAAG,OAAO,wBAAwB;YACvC,MAAM,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE;SAC1C;QACD,KAAK,EAAE,EAAE,GAAG,EAAE,GAAG,OAAO,+BAA+B,EAAE;QACzD,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,OAAO,eAAe,EAAE;QAC5C,OAAO,CAAC,OAAgC;YACtC,OAAO;gBACL,EAAE,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,EAAa,IAAI,EAAE;gBAC3D,IAAI,EACD,OAAO,CAAC,WAAsB;oBAC9B,OAAO,CAAC,IAAe;oBACvB,OAAO,CAAC,kBAA6B;oBACtC,EAAE;gBACJ,KAAK,EAAG,OAAO,CAAC,KAAgB,IAAI,EAAE;gBACtC,KAAK,EAAG,OAAO,CAAC,MAAiB,IAAK,OAAO,CAAC,OAAkB,IAAI,IAAI;aACzE,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,+BAA+B;AAC/B,0CAA0C;AAC1C,OAAO,EAAE,WAAW,IAAI,gBAAgB,EAAE,CAAC;AAC3C,0CAA0C;AAC1C,OAAO,EAAE,WAAW,IAAI,sBAAsB,EAAE,CAAC"}

package/dist/passport.d.ts DELETED Viewed

@@ -1,44 +0,0 @@
-/**
- * Passport.js OAuth2 strategy factory for Hanzo IAM.
- *
- * Creates a pre-configured passport-oauth2 strategy that authenticates
- * against hanzo.id with PKCE and fetches user info on callback.
- *
- * @example
- * ```ts
- * import passport from "passport";
- * import { createIamPassportStrategy } from "@hanzo/iam/passport";
- *
- * passport.use("iam", createIamPassportStrategy({
- *   serverUrl: "https://hanzo.id",
- *   clientId: "hanzo-kms-client-id",
- *   clientSecret: process.env.IAM_CLIENT_SECRET!,
- *   callbackUrl: "https://kms.hanzo.ai/api/v1/sso/oidc/callback",
- * }));
- * ```
- *
- * @packageDocumentation
- */
-import type { IamConfig } from "./types.js";
-export interface IamPassportConfig extends IamConfig {
-    /** Full callback URL for OAuth2 redirect. */
-    callbackUrl: string;
-    /** OAuth2 scopes. Default: "openid profile email". */
-    scope?: string;
-}
-export interface IamPassportUser {
-    accessToken: string;
-    refreshToken?: string;
-    userinfo: Record<string, unknown>;
-}
-/**
- * Create a Passport OAuth2 strategy for Hanzo IAM.
- *
- * Requires `passport-oauth2` as a peer dependency.
- * Returns an OAuth2Strategy instance ready to pass to `passport.use()`.
- *
- * The verify callback fetches userinfo from the IAM server and passes
- * `{ accessToken, refreshToken, userinfo }` as the user object.
- */
-export declare function createIamPassportStrategy(config: IamPassportConfig): unknown;
-//# sourceMappingURL=passport.d.ts.map

package/dist/passport.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"passport.d.ts","sourceRoot":"","sources":["../src/passport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD,6CAA6C;IAC7C,WAAW,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;;;;;;;GAQG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAgDT"}

package/dist/passport.js DELETED Viewed

@@ -1,67 +0,0 @@
-/**
- * Passport.js OAuth2 strategy factory for Hanzo IAM.
- *
- * Creates a pre-configured passport-oauth2 strategy that authenticates
- * against hanzo.id with PKCE and fetches user info on callback.
- *
- * @example
- * ```ts
- * import passport from "passport";
- * import { createIamPassportStrategy } from "@hanzo/iam/passport";
- *
- * passport.use("iam", createIamPassportStrategy({
- *   serverUrl: "https://hanzo.id",
- *   clientId: "hanzo-kms-client-id",
- *   clientSecret: process.env.IAM_CLIENT_SECRET!,
- *   callbackUrl: "https://kms.hanzo.ai/api/v1/sso/oidc/callback",
- * }));
- * ```
- *
- * @packageDocumentation
- */
-/**
- * Create a Passport OAuth2 strategy for Hanzo IAM.
- *
- * Requires `passport-oauth2` as a peer dependency.
- * Returns an OAuth2Strategy instance ready to pass to `passport.use()`.
- *
- * The verify callback fetches userinfo from the IAM server and passes
- * `{ accessToken, refreshToken, userinfo }` as the user object.
- */
-export function createIamPassportStrategy(config) {
-    // Dynamic import to keep passport-oauth2 as optional peer dep.
-    // eslint-disable-next-line @typescript-eslint/no-require-imports
-    const { Strategy: OAuth2Strategy } = require("passport-oauth2");
-    const baseUrl = config.serverUrl.replace(/\/+$/, "");
-    const verify = async (...args) => {
-        // passReqToCallback=true: (req, accessToken, refreshToken, profile, done)
-        const accessToken = args[1];
-        const refreshToken = args[2];
-        const done = args[4];
-        try {
-            const res = await fetch(`${baseUrl}/api/userinfo`, {
-                headers: { Authorization: `Bearer ${accessToken}` },
-            });
-            if (!res.ok) {
-                return done(new Error(`IAM userinfo failed: ${res.status}`));
-            }
-            const userinfo = (await res.json());
-            done(null, { accessToken, refreshToken, userinfo });
-        }
-        catch (err) {
-            done(err instanceof Error ? err : new Error(String(err)));
-        }
-    };
-    return new OAuth2Strategy({
-        authorizationURL: `${baseUrl}/login/oauth/authorize`,
-        tokenURL: `${baseUrl}/api/login/oauth/access_token`,
-        clientID: config.clientId,
-        clientSecret: config.clientSecret ?? "",
-        callbackURL: config.callbackUrl,
-        scope: config.scope ?? "openid profile email",
-        state: true,
-        pkce: true,
-        passReqToCallback: true,
-    }, verify);
-}
-//# sourceMappingURL=passport.js.map

package/dist/passport.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"passport.js","sourceRoot":"","sources":["../src/passport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAiBH;;;;;;;;GAQG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAyB;IAEzB,+DAA+D;IAC/D,iEAAiE;IACjE,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAK7D,CAAC;IAEF,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,KAAK,EAClB,GAAG,IAAe,EACH,EAAE;QACjB,0EAA0E;QAC1E,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAW,CAAC;QACtC,MAAM,YAAY,GAAG,IAAI,CAAC,CAAC,CAAuB,CAAC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAwD,CAAC;QAE5E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,eAAe,EAAE;gBACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;aACpD,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,IAAI,CAAC,IAAI,KAAK,CAAC,wBAAwB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,QAAQ,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;YAC/D,IAAI,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,IAAI,cAAc,CACvB;QACE,gBAAgB,EAAE,GAAG,OAAO,wBAAwB;QACpD,QAAQ,EAAE,GAAG,OAAO,+BAA+B;QACnD,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;QACvC,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,sBAAsB;QAC7C,KAAK,EAAE,IAAI;QACX,IAAI,EAAE,IAAI;QACV,iBAAiB,EAAE,IAAI;KACxB,EACD,MAAM,CACP,CAAC;AACJ,CAAC"}

package/src/betterauth.ts DELETED Viewed

@@ -1,91 +0,0 @@
-/**
- * BetterAuth SSO provider configuration for IAM.
- *
- * Returns a provider config object compatible with BetterAuth's
- * `socialProviders` or generic OAuth plugin.
- *
- * @example
- * ```ts
- * import { betterAuth } from "better-auth";
- * import { iamProvider } from "@hanzo/iam/betterauth";
- *
- * export const auth = betterAuth({
- *   socialProviders: [
- *     iamProvider({
- *       serverUrl: process.env.IAM_SERVER_URL!,
- *       clientId: process.env.IAM_CLIENT_ID!,
- *       clientSecret: process.env.IAM_CLIENT_SECRET!,
- *     }),
- *   ],
- * });
- * ```
- *
- * @packageDocumentation
- */
-import type { IamConfig } from "./types.js";
-export interface IamSocialProvider {
-  id: string;
-  name: string;
-  type: "oidc";
-  issuer: string;
-  clientId: string;
-  clientSecret?: string;
-  authorization: { url: string; params: { scope: string } };
-  token: { url: string };
-  userinfo: { url: string };
-  profile: (profile: Record<string, unknown>) => {
-    id: string;
-    name: string;
-    email: string;
-    image: string | null;
-  };
-}
-/**
- * Create a BetterAuth-compatible social provider for IAM.
- *
- * Works with BetterAuth's SSO plugin or generic OAuth integration.
- * Uses standard OIDC endpoints.
- */
-export function iamProvider(
-  config: IamConfig & { redirectUri?: string },
-): IamSocialProvider {
-  const baseUrl = config.serverUrl.replace(/\/+$/, "");
-  return {
-    id: "iam",
-    name: "IAM",
-    type: "oidc",
-    issuer: baseUrl,
-    clientId: config.clientId,
-    clientSecret: config.clientSecret,
-    authorization: {
-      url: `${baseUrl}/login/oauth/authorize`,
-      params: { scope: "openid profile email" },
-    },
-    token: { url: `${baseUrl}/api/login/oauth/access_token` },
-    userinfo: { url: `${baseUrl}/api/userinfo` },
-    profile(profile: Record<string, unknown>) {
-      return {
-        id: (profile.sub as string) ?? (profile.id as string) ?? "",
-        name:
-          (profile.displayName as string) ??
-          (profile.name as string) ??
-          (profile.preferred_username as string) ??
-          "",
-        email: (profile.email as string) ?? "",
-        image: (profile.avatar as string) ?? (profile.picture as string) ?? null,
-      };
-    },
-  };
-}
-// Backwards-compatible aliases
-/** @deprecated Use iamProvider instead */
-export { iamProvider as hanzoIamProvider };
-/** @deprecated Use iamProvider instead */
-export { iamProvider as hanzoIamSocialProvider };
-/** @deprecated Use IamSocialProvider instead */
-export type { IamSocialProvider as HanzoIamSocialProvider };

package/src/passport.ts DELETED Viewed

@@ -1,97 +0,0 @@
-/**
- * Passport.js OAuth2 strategy factory for Hanzo IAM.
- *
- * Creates a pre-configured passport-oauth2 strategy that authenticates
- * against hanzo.id with PKCE and fetches user info on callback.
- *
- * @example
- * ```ts
- * import passport from "passport";
- * import { createIamPassportStrategy } from "@hanzo/iam/passport";
- *
- * passport.use("iam", createIamPassportStrategy({
- *   serverUrl: "https://hanzo.id",
- *   clientId: "hanzo-kms-client-id",
- *   clientSecret: process.env.IAM_CLIENT_SECRET!,
- *   callbackUrl: "https://kms.hanzo.ai/api/v1/sso/oidc/callback",
- * }));
- * ```
- *
- * @packageDocumentation
- */
-import type { IamConfig } from "./types.js";
-export interface IamPassportConfig extends IamConfig {
-  /** Full callback URL for OAuth2 redirect. */
-  callbackUrl: string;
-  /** OAuth2 scopes. Default: "openid profile email". */
-  scope?: string;
-}
-export interface IamPassportUser {
-  accessToken: string;
-  refreshToken?: string;
-  userinfo: Record<string, unknown>;
-}
-/**
- * Create a Passport OAuth2 strategy for Hanzo IAM.
- *
- * Requires `passport-oauth2` as a peer dependency.
- * Returns an OAuth2Strategy instance ready to pass to `passport.use()`.
- *
- * The verify callback fetches userinfo from the IAM server and passes
- * `{ accessToken, refreshToken, userinfo }` as the user object.
- */
-export function createIamPassportStrategy(
-  config: IamPassportConfig,
-): unknown {
-  // Dynamic import to keep passport-oauth2 as optional peer dep.
-  // eslint-disable-next-line @typescript-eslint/no-require-imports
-  const { Strategy: OAuth2Strategy } = require("passport-oauth2") as {
-    Strategy: new (
-      options: Record<string, unknown>,
-      verify: (...args: unknown[]) => void,
-    ) => unknown;
-  };
-  const baseUrl = config.serverUrl.replace(/\/+$/, "");
-  const verify = async (
-    ...args: unknown[]
-  ): Promise<void> => {
-    // passReqToCallback=true: (req, accessToken, refreshToken, profile, done)
-    const accessToken = args[1] as string;
-    const refreshToken = args[2] as string | undefined;
-    const done = args[4] as (err: Error | null, user?: IamPassportUser) => void;
-    try {
-      const res = await fetch(`${baseUrl}/api/userinfo`, {
-        headers: { Authorization: `Bearer ${accessToken}` },
-      });
-      if (!res.ok) {
-        return done(new Error(`IAM userinfo failed: ${res.status}`));
-      }
-      const userinfo = (await res.json()) as Record<string, unknown>;
-      done(null, { accessToken, refreshToken, userinfo });
-    } catch (err) {
-      done(err instanceof Error ? err : new Error(String(err)));
-    }
-  };
-  return new OAuth2Strategy(
-    {
-      authorizationURL: `${baseUrl}/login/oauth/authorize`,
-      tokenURL: `${baseUrl}/api/login/oauth/access_token`,
-      clientID: config.clientId,
-      clientSecret: config.clientSecret ?? "",
-      callbackURL: config.callbackUrl,
-      scope: config.scope ?? "openid profile email",
-      state: true,
-      pkce: true,
-      passReqToCallback: true,
-    },
-    verify,
-  );
-}