@hanzo/iam 0.9.1 → 0.9.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/betterauth.cjs.map +1 -1
- package/dist/betterauth.d.cts +1 -1
- package/dist/betterauth.d.ts +1 -1
- package/dist/betterauth.js.map +1 -1
- package/dist/nextauth.cjs.map +1 -1
- package/dist/nextauth.d.cts +1 -1
- package/dist/nextauth.d.ts +1 -1
- package/dist/nextauth.js.map +1 -1
- package/dist/passport.cjs +6 -8
- package/dist/passport.cjs.map +1 -1
- package/dist/passport.d.cts +5 -2
- package/dist/passport.d.ts +5 -2
- package/dist/passport.js +1 -7
- package/dist/passport.js.map +1 -1
- package/package.json +5 -3
- package/src/betterauth.ts +1 -1
- package/src/nextauth.ts +1 -1
- package/src/passport.ts +7 -10
package/dist/betterauth.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/betterauth.ts"],"names":[],"mappings":";;;AAmDO,SAAS,YACd,MAAA,EACmB;AACnB,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAEnD,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,KAAA;AAAA,IACJ,IAAA,EAAM,KAAA;AAAA,IACN,IAAA,EAAM,MAAA;AAAA,IACN,MAAA,EAAQ,OAAA;AAAA,IACR,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,aAAA,EAAe;AAAA,MACb,GAAA,EAAK,GAAG,OAAO,CAAA,gBAAA,CAAA;AAAA,MACf,MAAA,EAAQ,EAAE,KAAA,EAAO,sBAAA;AAAuB,KAC1C;AAAA,IACA,KAAA,EAAO,EAAE,GAAA,EAAK,CAAA,EAAG,OAAO,CAAA,YAAA,CAAA,EAAe;AAAA,IACvC,QAAA,EAAU,EAAE,GAAA,EAAK,CAAA,EAAG,OAAO,CAAA,eAAA,CAAA,EAAkB;AAAA,IAC7C,QAAQ,OAAA,EAAkC;AACxC,MAAA,OAAO;AAAA,QACL,EAAA,EAAK,OAAA,CAAQ,GAAA,IAAmB,OAAA,CAAQ,EAAA,IAAiB,EAAA;AAAA,QACzD,MACG,OAAA,CAAQ,WAAA,IACR,OAAA,CAAQ,IAAA,IACR,QAAQ,kBAAA,IACT,EAAA;AAAA,QACF,KAAA,EAAQ,QAAQ,KAAA,IAAoB,EAAA;AAAA,QACpC,KAAA,EAAQ,OAAA,CAAQ,MAAA,IAAsB,OAAA,CAAQ,OAAA,IAAsB;AAAA,OACtE;AAAA,IACF;AAAA,GACF;AACF","file":"betterauth.cjs","sourcesContent":["/**\n * BetterAuth SSO provider configuration for IAM.\n *\n * Returns a provider config object compatible with BetterAuth's\n * `socialProviders` or generic OAuth plugin.\n *\n * @example\n * ```ts\n * import { betterAuth } from \"better-auth\";\n * import { iamProvider } from \"@hanzo/iam/betterauth\";\n *\n * export const auth = betterAuth({\n * socialProviders: [\n * iamProvider({\n * serverUrl: process.env.
|
|
1
|
+
{"version":3,"sources":["../src/betterauth.ts"],"names":[],"mappings":";;;AAmDO,SAAS,YACd,MAAA,EACmB;AACnB,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAEnD,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,KAAA;AAAA,IACJ,IAAA,EAAM,KAAA;AAAA,IACN,IAAA,EAAM,MAAA;AAAA,IACN,MAAA,EAAQ,OAAA;AAAA,IACR,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,aAAA,EAAe;AAAA,MACb,GAAA,EAAK,GAAG,OAAO,CAAA,gBAAA,CAAA;AAAA,MACf,MAAA,EAAQ,EAAE,KAAA,EAAO,sBAAA;AAAuB,KAC1C;AAAA,IACA,KAAA,EAAO,EAAE,GAAA,EAAK,CAAA,EAAG,OAAO,CAAA,YAAA,CAAA,EAAe;AAAA,IACvC,QAAA,EAAU,EAAE,GAAA,EAAK,CAAA,EAAG,OAAO,CAAA,eAAA,CAAA,EAAkB;AAAA,IAC7C,QAAQ,OAAA,EAAkC;AACxC,MAAA,OAAO;AAAA,QACL,EAAA,EAAK,OAAA,CAAQ,GAAA,IAAmB,OAAA,CAAQ,EAAA,IAAiB,EAAA;AAAA,QACzD,MACG,OAAA,CAAQ,WAAA,IACR,OAAA,CAAQ,IAAA,IACR,QAAQ,kBAAA,IACT,EAAA;AAAA,QACF,KAAA,EAAQ,QAAQ,KAAA,IAAoB,EAAA;AAAA,QACpC,KAAA,EAAQ,OAAA,CAAQ,MAAA,IAAsB,OAAA,CAAQ,OAAA,IAAsB;AAAA,OACtE;AAAA,IACF;AAAA,GACF;AACF","file":"betterauth.cjs","sourcesContent":["/**\n * BetterAuth SSO provider configuration for IAM.\n *\n * Returns a provider config object compatible with BetterAuth's\n * `socialProviders` or generic OAuth plugin.\n *\n * @example\n * ```ts\n * import { betterAuth } from \"better-auth\";\n * import { iamProvider } from \"@hanzo/iam/betterauth\";\n *\n * export const auth = betterAuth({\n * socialProviders: [\n * iamProvider({\n * serverUrl: process.env.IAM_ENDPOINT!,\n * clientId: process.env.IAM_CLIENT_ID!,\n * clientSecret: process.env.IAM_CLIENT_SECRET!,\n * }),\n * ],\n * });\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { IamConfig } from \"./types.js\";\n\nexport interface IamSocialProvider {\n id: string;\n name: string;\n type: \"oidc\";\n issuer: string;\n clientId: string;\n clientSecret?: string;\n authorization: { url: string; params: { scope: string } };\n token: { url: string };\n userinfo: { url: string };\n profile: (profile: Record<string, unknown>) => {\n id: string;\n name: string;\n email: string;\n image: string | null;\n };\n}\n\n/**\n * Create a BetterAuth-compatible social provider for IAM.\n *\n * Works with BetterAuth's SSO plugin or generic OAuth integration.\n * Uses standard OIDC endpoints.\n */\nexport function iamProvider(\n config: IamConfig & { redirectUri?: string },\n): IamSocialProvider {\n const baseUrl = config.serverUrl.replace(/\\/+$/, \"\");\n\n return {\n id: \"iam\",\n name: \"IAM\",\n type: \"oidc\",\n issuer: baseUrl,\n clientId: config.clientId,\n clientSecret: config.clientSecret,\n authorization: {\n url: `${baseUrl}/oauth/authorize`,\n params: { scope: \"openid profile email\" },\n },\n token: { url: `${baseUrl}/oauth/token` },\n userinfo: { url: `${baseUrl}/oauth/userinfo` },\n profile(profile: Record<string, unknown>) {\n return {\n id: (profile.sub as string) ?? (profile.id as string) ?? \"\",\n name:\n (profile.displayName as string) ??\n (profile.name as string) ??\n (profile.preferred_username as string) ??\n \"\",\n email: (profile.email as string) ?? \"\",\n image: (profile.avatar as string) ?? (profile.picture as string) ?? null,\n };\n },\n };\n}\n\n// Backwards-compatible aliases\n/** @deprecated Use iamProvider instead */\nexport { iamProvider as hanzoIamProvider };\n/** @deprecated Use iamProvider instead */\nexport { iamProvider as hanzoIamSocialProvider };\n/** @deprecated Use IamSocialProvider instead */\nexport type { IamSocialProvider as HanzoIamSocialProvider };\n"]}
|
package/dist/betterauth.d.cts
CHANGED
|
@@ -14,7 +14,7 @@ import { IamConfig } from './types.cjs';
|
|
|
14
14
|
* export const auth = betterAuth({
|
|
15
15
|
* socialProviders: [
|
|
16
16
|
* iamProvider({
|
|
17
|
-
* serverUrl: process.env.
|
|
17
|
+
* serverUrl: process.env.IAM_ENDPOINT!,
|
|
18
18
|
* clientId: process.env.IAM_CLIENT_ID!,
|
|
19
19
|
* clientSecret: process.env.IAM_CLIENT_SECRET!,
|
|
20
20
|
* }),
|
package/dist/betterauth.d.ts
CHANGED
|
@@ -14,7 +14,7 @@ import { IamConfig } from './types.js';
|
|
|
14
14
|
* export const auth = betterAuth({
|
|
15
15
|
* socialProviders: [
|
|
16
16
|
* iamProvider({
|
|
17
|
-
* serverUrl: process.env.
|
|
17
|
+
* serverUrl: process.env.IAM_ENDPOINT!,
|
|
18
18
|
* clientId: process.env.IAM_CLIENT_ID!,
|
|
19
19
|
* clientSecret: process.env.IAM_CLIENT_SECRET!,
|
|
20
20
|
* }),
|
package/dist/betterauth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/betterauth.ts"],"names":[],"mappings":";AAmDO,SAAS,YACd,MAAA,EACmB;AACnB,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAEnD,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,KAAA;AAAA,IACJ,IAAA,EAAM,KAAA;AAAA,IACN,IAAA,EAAM,MAAA;AAAA,IACN,MAAA,EAAQ,OAAA;AAAA,IACR,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,aAAA,EAAe;AAAA,MACb,GAAA,EAAK,GAAG,OAAO,CAAA,gBAAA,CAAA;AAAA,MACf,MAAA,EAAQ,EAAE,KAAA,EAAO,sBAAA;AAAuB,KAC1C;AAAA,IACA,KAAA,EAAO,EAAE,GAAA,EAAK,CAAA,EAAG,OAAO,CAAA,YAAA,CAAA,EAAe;AAAA,IACvC,QAAA,EAAU,EAAE,GAAA,EAAK,CAAA,EAAG,OAAO,CAAA,eAAA,CAAA,EAAkB;AAAA,IAC7C,QAAQ,OAAA,EAAkC;AACxC,MAAA,OAAO;AAAA,QACL,EAAA,EAAK,OAAA,CAAQ,GAAA,IAAmB,OAAA,CAAQ,EAAA,IAAiB,EAAA;AAAA,QACzD,MACG,OAAA,CAAQ,WAAA,IACR,OAAA,CAAQ,IAAA,IACR,QAAQ,kBAAA,IACT,EAAA;AAAA,QACF,KAAA,EAAQ,QAAQ,KAAA,IAAoB,EAAA;AAAA,QACpC,KAAA,EAAQ,OAAA,CAAQ,MAAA,IAAsB,OAAA,CAAQ,OAAA,IAAsB;AAAA,OACtE;AAAA,IACF;AAAA,GACF;AACF","file":"betterauth.js","sourcesContent":["/**\n * BetterAuth SSO provider configuration for IAM.\n *\n * Returns a provider config object compatible with BetterAuth's\n * `socialProviders` or generic OAuth plugin.\n *\n * @example\n * ```ts\n * import { betterAuth } from \"better-auth\";\n * import { iamProvider } from \"@hanzo/iam/betterauth\";\n *\n * export const auth = betterAuth({\n * socialProviders: [\n * iamProvider({\n * serverUrl: process.env.
|
|
1
|
+
{"version":3,"sources":["../src/betterauth.ts"],"names":[],"mappings":";AAmDO,SAAS,YACd,MAAA,EACmB;AACnB,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAEnD,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,KAAA;AAAA,IACJ,IAAA,EAAM,KAAA;AAAA,IACN,IAAA,EAAM,MAAA;AAAA,IACN,MAAA,EAAQ,OAAA;AAAA,IACR,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,aAAA,EAAe;AAAA,MACb,GAAA,EAAK,GAAG,OAAO,CAAA,gBAAA,CAAA;AAAA,MACf,MAAA,EAAQ,EAAE,KAAA,EAAO,sBAAA;AAAuB,KAC1C;AAAA,IACA,KAAA,EAAO,EAAE,GAAA,EAAK,CAAA,EAAG,OAAO,CAAA,YAAA,CAAA,EAAe;AAAA,IACvC,QAAA,EAAU,EAAE,GAAA,EAAK,CAAA,EAAG,OAAO,CAAA,eAAA,CAAA,EAAkB;AAAA,IAC7C,QAAQ,OAAA,EAAkC;AACxC,MAAA,OAAO;AAAA,QACL,EAAA,EAAK,OAAA,CAAQ,GAAA,IAAmB,OAAA,CAAQ,EAAA,IAAiB,EAAA;AAAA,QACzD,MACG,OAAA,CAAQ,WAAA,IACR,OAAA,CAAQ,IAAA,IACR,QAAQ,kBAAA,IACT,EAAA;AAAA,QACF,KAAA,EAAQ,QAAQ,KAAA,IAAoB,EAAA;AAAA,QACpC,KAAA,EAAQ,OAAA,CAAQ,MAAA,IAAsB,OAAA,CAAQ,OAAA,IAAsB;AAAA,OACtE;AAAA,IACF;AAAA,GACF;AACF","file":"betterauth.js","sourcesContent":["/**\n * BetterAuth SSO provider configuration for IAM.\n *\n * Returns a provider config object compatible with BetterAuth's\n * `socialProviders` or generic OAuth plugin.\n *\n * @example\n * ```ts\n * import { betterAuth } from \"better-auth\";\n * import { iamProvider } from \"@hanzo/iam/betterauth\";\n *\n * export const auth = betterAuth({\n * socialProviders: [\n * iamProvider({\n * serverUrl: process.env.IAM_ENDPOINT!,\n * clientId: process.env.IAM_CLIENT_ID!,\n * clientSecret: process.env.IAM_CLIENT_SECRET!,\n * }),\n * ],\n * });\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { IamConfig } from \"./types.js\";\n\nexport interface IamSocialProvider {\n id: string;\n name: string;\n type: \"oidc\";\n issuer: string;\n clientId: string;\n clientSecret?: string;\n authorization: { url: string; params: { scope: string } };\n token: { url: string };\n userinfo: { url: string };\n profile: (profile: Record<string, unknown>) => {\n id: string;\n name: string;\n email: string;\n image: string | null;\n };\n}\n\n/**\n * Create a BetterAuth-compatible social provider for IAM.\n *\n * Works with BetterAuth's SSO plugin or generic OAuth integration.\n * Uses standard OIDC endpoints.\n */\nexport function iamProvider(\n config: IamConfig & { redirectUri?: string },\n): IamSocialProvider {\n const baseUrl = config.serverUrl.replace(/\\/+$/, \"\");\n\n return {\n id: \"iam\",\n name: \"IAM\",\n type: \"oidc\",\n issuer: baseUrl,\n clientId: config.clientId,\n clientSecret: config.clientSecret,\n authorization: {\n url: `${baseUrl}/oauth/authorize`,\n params: { scope: \"openid profile email\" },\n },\n token: { url: `${baseUrl}/oauth/token` },\n userinfo: { url: `${baseUrl}/oauth/userinfo` },\n profile(profile: Record<string, unknown>) {\n return {\n id: (profile.sub as string) ?? (profile.id as string) ?? \"\",\n name:\n (profile.displayName as string) ??\n (profile.name as string) ??\n (profile.preferred_username as string) ??\n \"\",\n email: (profile.email as string) ?? \"\",\n image: (profile.avatar as string) ?? (profile.picture as string) ?? null,\n };\n },\n };\n}\n\n// Backwards-compatible aliases\n/** @deprecated Use iamProvider instead */\nexport { iamProvider as hanzoIamProvider };\n/** @deprecated Use iamProvider instead */\nexport { iamProvider as hanzoIamSocialProvider };\n/** @deprecated Use IamSocialProvider instead */\nexport type { IamSocialProvider as HanzoIamSocialProvider };\n"]}
|
package/dist/nextauth.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/nextauth.ts"],"names":[],"mappings":";;;AA6CO,SAAS,YACd,OAAA,EAUyB;AACzB,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,SAAA,CAAU,OAAA,CAAQ,OAAO,EAAE,CAAA;AAClD,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,MAAA,IAAU,CAAC,OAAO,CAAA;AAEzC,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,KAAA;AAAA,IACJ,IAAA,EAAM,KAAA;AAAA,IACN,IAAA,EAAM,OAAA;AAAA,IACN,SAAA,EAAW,GAAG,MAAM,CAAA,iCAAA,CAAA;AAAA,IACpB,OAAA,EAAS,IAAA;AAAA,IACT,MAAA;AAAA,IACA,eAAe,EAAE,MAAA,EAAQ,EAAE,KAAA,EAAO,wBAAuB,EAAE;AAAA,IAC3D,QAAQ,OAAA,EAAY;AAClB,MAAA,OAAO;AAAA,QACL,IAAI,OAAA,CAAQ,GAAA;AAAA,QACZ,IAAA,EACE,QAAQ,WAAA,IACR,OAAA,CAAQ,QACR,OAAA,CAAQ,kBAAA,IACR,QAAQ,KAAA,IACR,EAAA;AAAA,QACF,OAAO,OAAA,CAAQ,KAAA;AAAA,QACf,KAAA,EAAO,OAAA,CAAQ,MAAA,IAAU,OAAA,CAAQ,OAAA,IAAW;AAAA,OAC9C;AAAA,IACF,CAAA;AAAA,IACA,KAAA,EAAO;AAAA,MACL,EAAA,EAAI,SAAA;AAAA,MACJ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM;AAAA,KACR;AAAA,IACA;AAAA,GACF;AACF","file":"nextauth.cjs","sourcesContent":["/**\n * NextAuth.js / Auth.js provider for IAM (OIDC-based).\n *\n * Provides a canonical NextAuth/Auth.js provider configuration\n * so all Next.js apps can share one implementation.\n *\n * @example\n * ```ts\n * // next-auth config\n * import { IamProvider } from \"@hanzo/iam/nextauth\";\n *\n * export default NextAuth({\n * providers: [\n * IamProvider({\n * serverUrl: process.env.
|
|
1
|
+
{"version":3,"sources":["../src/nextauth.ts"],"names":[],"mappings":";;;AA6CO,SAAS,YACd,OAAA,EAUyB;AACzB,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,SAAA,CAAU,OAAA,CAAQ,OAAO,EAAE,CAAA;AAClD,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,MAAA,IAAU,CAAC,OAAO,CAAA;AAEzC,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,KAAA;AAAA,IACJ,IAAA,EAAM,KAAA;AAAA,IACN,IAAA,EAAM,OAAA;AAAA,IACN,SAAA,EAAW,GAAG,MAAM,CAAA,iCAAA,CAAA;AAAA,IACpB,OAAA,EAAS,IAAA;AAAA,IACT,MAAA;AAAA,IACA,eAAe,EAAE,MAAA,EAAQ,EAAE,KAAA,EAAO,wBAAuB,EAAE;AAAA,IAC3D,QAAQ,OAAA,EAAY;AAClB,MAAA,OAAO;AAAA,QACL,IAAI,OAAA,CAAQ,GAAA;AAAA,QACZ,IAAA,EACE,QAAQ,WAAA,IACR,OAAA,CAAQ,QACR,OAAA,CAAQ,kBAAA,IACR,QAAQ,KAAA,IACR,EAAA;AAAA,QACF,OAAO,OAAA,CAAQ,KAAA;AAAA,QACf,KAAA,EAAO,OAAA,CAAQ,MAAA,IAAU,OAAA,CAAQ,OAAA,IAAW;AAAA,OAC9C;AAAA,IACF,CAAA;AAAA,IACA,KAAA,EAAO;AAAA,MACL,EAAA,EAAI,SAAA;AAAA,MACJ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM;AAAA,KACR;AAAA,IACA;AAAA,GACF;AACF","file":"nextauth.cjs","sourcesContent":["/**\n * NextAuth.js / Auth.js provider for IAM (OIDC-based).\n *\n * Provides a canonical NextAuth/Auth.js provider configuration\n * so all Next.js apps can share one implementation.\n *\n * @example\n * ```ts\n * // next-auth config\n * import { IamProvider } from \"@hanzo/iam/nextauth\";\n *\n * export default NextAuth({\n * providers: [\n * IamProvider({\n * serverUrl: process.env.IAM_ENDPOINT!,\n * clientId: process.env.IAM_CLIENT_ID!,\n * clientSecret: process.env.IAM_CLIENT_SECRET!,\n * }),\n * ],\n * });\n * ```\n *\n * @packageDocumentation\n */\n\nexport interface IamProfile extends Record<string, unknown> {\n sub: string;\n name: string;\n email: string;\n preferred_username?: string;\n picture?: string;\n avatar?: string;\n displayName?: string;\n email_verified?: boolean;\n}\n\n/**\n * NextAuth.js / Auth.js compatible OAuth provider for IAM.\n *\n * Uses standard OIDC well-known endpoint for automatic configuration.\n * JWT id_token validation (issuer, audience, signature) is handled by\n * openid-client using the JWKS published at `{serverUrl}/.well-known/jwks`.\n *\n * Pass `checks: [\"state\", \"pkce\"]` in options for PKCE alignment.\n */\nexport function IamProvider<P extends IamProfile>(\n options: {\n serverUrl: string;\n clientId: string;\n clientSecret?: string;\n orgName?: string;\n appName?: string;\n /** OAuth state/PKCE checks. Default: [\"state\"]. Add \"pkce\" for extra security. */\n checks?: (\"state\" | \"pkce\" | \"nonce\" | \"none\")[];\n [key: string]: unknown;\n },\n): Record<string, unknown> {\n const issuer = options.serverUrl.replace(/\\/$/, \"\");\n const checks = options.checks ?? [\"state\"];\n\n return {\n id: \"iam\",\n name: \"IAM\",\n type: \"oauth\",\n wellKnown: `${issuer}/.well-known/openid-configuration`,\n idToken: true,\n checks,\n authorization: { params: { scope: \"openid profile email\" } },\n profile(profile: P) {\n return {\n id: profile.sub,\n name:\n profile.displayName ||\n profile.name ||\n profile.preferred_username ||\n profile.email ||\n \"\",\n email: profile.email,\n image: profile.avatar || profile.picture || null,\n };\n },\n style: {\n bg: \"#050508\",\n text: \"#fff\",\n logo: \"\",\n },\n options,\n };\n}\n\n// Backwards-compatible aliases\n/** @deprecated Use IamProvider instead */\nexport { IamProvider as HanzoIamProvider };\n/** @deprecated Use IamProfile instead */\nexport type { IamProfile as HanzoIamProfile };\n"]}
|
package/dist/nextauth.d.cts
CHANGED
package/dist/nextauth.d.ts
CHANGED
package/dist/nextauth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/nextauth.ts"],"names":[],"mappings":";AA6CO,SAAS,YACd,OAAA,EAUyB;AACzB,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,SAAA,CAAU,OAAA,CAAQ,OAAO,EAAE,CAAA;AAClD,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,MAAA,IAAU,CAAC,OAAO,CAAA;AAEzC,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,KAAA;AAAA,IACJ,IAAA,EAAM,KAAA;AAAA,IACN,IAAA,EAAM,OAAA;AAAA,IACN,SAAA,EAAW,GAAG,MAAM,CAAA,iCAAA,CAAA;AAAA,IACpB,OAAA,EAAS,IAAA;AAAA,IACT,MAAA;AAAA,IACA,eAAe,EAAE,MAAA,EAAQ,EAAE,KAAA,EAAO,wBAAuB,EAAE;AAAA,IAC3D,QAAQ,OAAA,EAAY;AAClB,MAAA,OAAO;AAAA,QACL,IAAI,OAAA,CAAQ,GAAA;AAAA,QACZ,IAAA,EACE,QAAQ,WAAA,IACR,OAAA,CAAQ,QACR,OAAA,CAAQ,kBAAA,IACR,QAAQ,KAAA,IACR,EAAA;AAAA,QACF,OAAO,OAAA,CAAQ,KAAA;AAAA,QACf,KAAA,EAAO,OAAA,CAAQ,MAAA,IAAU,OAAA,CAAQ,OAAA,IAAW;AAAA,OAC9C;AAAA,IACF,CAAA;AAAA,IACA,KAAA,EAAO;AAAA,MACL,EAAA,EAAI,SAAA;AAAA,MACJ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM;AAAA,KACR;AAAA,IACA;AAAA,GACF;AACF","file":"nextauth.js","sourcesContent":["/**\n * NextAuth.js / Auth.js provider for IAM (OIDC-based).\n *\n * Provides a canonical NextAuth/Auth.js provider configuration\n * so all Next.js apps can share one implementation.\n *\n * @example\n * ```ts\n * // next-auth config\n * import { IamProvider } from \"@hanzo/iam/nextauth\";\n *\n * export default NextAuth({\n * providers: [\n * IamProvider({\n * serverUrl: process.env.
|
|
1
|
+
{"version":3,"sources":["../src/nextauth.ts"],"names":[],"mappings":";AA6CO,SAAS,YACd,OAAA,EAUyB;AACzB,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,SAAA,CAAU,OAAA,CAAQ,OAAO,EAAE,CAAA;AAClD,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,MAAA,IAAU,CAAC,OAAO,CAAA;AAEzC,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,KAAA;AAAA,IACJ,IAAA,EAAM,KAAA;AAAA,IACN,IAAA,EAAM,OAAA;AAAA,IACN,SAAA,EAAW,GAAG,MAAM,CAAA,iCAAA,CAAA;AAAA,IACpB,OAAA,EAAS,IAAA;AAAA,IACT,MAAA;AAAA,IACA,eAAe,EAAE,MAAA,EAAQ,EAAE,KAAA,EAAO,wBAAuB,EAAE;AAAA,IAC3D,QAAQ,OAAA,EAAY;AAClB,MAAA,OAAO;AAAA,QACL,IAAI,OAAA,CAAQ,GAAA;AAAA,QACZ,IAAA,EACE,QAAQ,WAAA,IACR,OAAA,CAAQ,QACR,OAAA,CAAQ,kBAAA,IACR,QAAQ,KAAA,IACR,EAAA;AAAA,QACF,OAAO,OAAA,CAAQ,KAAA;AAAA,QACf,KAAA,EAAO,OAAA,CAAQ,MAAA,IAAU,OAAA,CAAQ,OAAA,IAAW;AAAA,OAC9C;AAAA,IACF,CAAA;AAAA,IACA,KAAA,EAAO;AAAA,MACL,EAAA,EAAI,SAAA;AAAA,MACJ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM;AAAA,KACR;AAAA,IACA;AAAA,GACF;AACF","file":"nextauth.js","sourcesContent":["/**\n * NextAuth.js / Auth.js provider for IAM (OIDC-based).\n *\n * Provides a canonical NextAuth/Auth.js provider configuration\n * so all Next.js apps can share one implementation.\n *\n * @example\n * ```ts\n * // next-auth config\n * import { IamProvider } from \"@hanzo/iam/nextauth\";\n *\n * export default NextAuth({\n * providers: [\n * IamProvider({\n * serverUrl: process.env.IAM_ENDPOINT!,\n * clientId: process.env.IAM_CLIENT_ID!,\n * clientSecret: process.env.IAM_CLIENT_SECRET!,\n * }),\n * ],\n * });\n * ```\n *\n * @packageDocumentation\n */\n\nexport interface IamProfile extends Record<string, unknown> {\n sub: string;\n name: string;\n email: string;\n preferred_username?: string;\n picture?: string;\n avatar?: string;\n displayName?: string;\n email_verified?: boolean;\n}\n\n/**\n * NextAuth.js / Auth.js compatible OAuth provider for IAM.\n *\n * Uses standard OIDC well-known endpoint for automatic configuration.\n * JWT id_token validation (issuer, audience, signature) is handled by\n * openid-client using the JWKS published at `{serverUrl}/.well-known/jwks`.\n *\n * Pass `checks: [\"state\", \"pkce\"]` in options for PKCE alignment.\n */\nexport function IamProvider<P extends IamProfile>(\n options: {\n serverUrl: string;\n clientId: string;\n clientSecret?: string;\n orgName?: string;\n appName?: string;\n /** OAuth state/PKCE checks. Default: [\"state\"]. Add \"pkce\" for extra security. */\n checks?: (\"state\" | \"pkce\" | \"nonce\" | \"none\")[];\n [key: string]: unknown;\n },\n): Record<string, unknown> {\n const issuer = options.serverUrl.replace(/\\/$/, \"\");\n const checks = options.checks ?? [\"state\"];\n\n return {\n id: \"iam\",\n name: \"IAM\",\n type: \"oauth\",\n wellKnown: `${issuer}/.well-known/openid-configuration`,\n idToken: true,\n checks,\n authorization: { params: { scope: \"openid profile email\" } },\n profile(profile: P) {\n return {\n id: profile.sub,\n name:\n profile.displayName ||\n profile.name ||\n profile.preferred_username ||\n profile.email ||\n \"\",\n email: profile.email,\n image: profile.avatar || profile.picture || null,\n };\n },\n style: {\n bg: \"#050508\",\n text: \"#fff\",\n logo: \"\",\n },\n options,\n };\n}\n\n// Backwards-compatible aliases\n/** @deprecated Use IamProvider instead */\nexport { IamProvider as HanzoIamProvider };\n/** @deprecated Use IamProfile instead */\nexport type { IamProfile as HanzoIamProfile };\n"]}
|
package/dist/passport.cjs
CHANGED
|
@@ -1,15 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
});
|
|
3
|
+
var OAuth2Strategy = require('passport-oauth2');
|
|
4
|
+
|
|
5
|
+
function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
|
|
6
|
+
|
|
7
|
+
var OAuth2Strategy__default = /*#__PURE__*/_interopDefault(OAuth2Strategy);
|
|
9
8
|
|
|
10
9
|
// src/passport.ts
|
|
11
10
|
function createIamPassportStrategy(config) {
|
|
12
|
-
const { Strategy: OAuth2Strategy } = __require("passport-oauth2");
|
|
13
11
|
const baseUrl = config.serverUrl.replace(/\/+$/, "");
|
|
14
12
|
const verify = async (...args) => {
|
|
15
13
|
const accessToken = args[1];
|
|
@@ -28,7 +26,7 @@ function createIamPassportStrategy(config) {
|
|
|
28
26
|
done(err instanceof Error ? err : new Error(String(err)));
|
|
29
27
|
}
|
|
30
28
|
};
|
|
31
|
-
return new
|
|
29
|
+
return new OAuth2Strategy__default.default(
|
|
32
30
|
{
|
|
33
31
|
authorizationURL: `${baseUrl}/oauth/authorize`,
|
|
34
32
|
tokenURL: `${baseUrl}/oauth/token`,
|
package/dist/passport.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/passport.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../src/passport.ts"],"names":["OAuth2Strategy"],"mappings":";;;;;;;;;AAmDO,SAAS,0BACd,MAAA,EACS;AAET,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAEnD,EAAA,MAAM,MAAA,GAAS,UACV,IAAA,KACe;AAElB,IAAA,MAAM,WAAA,GAAc,KAAK,CAAC,CAAA;AAC1B,IAAA,MAAM,YAAA,GAAe,KAAK,CAAC,CAAA;AAC3B,IAAA,MAAM,IAAA,GAAO,KAAK,CAAC,CAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,OAAO,CAAA,eAAA,CAAA,EAAmB;AAAA,QACnD,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,WAAW,CAAA,CAAA;AAAG,OACnD,CAAA;AACD,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,OAAO,KAAK,IAAI,KAAA,CAAM,wBAAwB,GAAA,CAAI,MAAM,EAAE,CAAC,CAAA;AAAA,MAC7D;AACA,MAAA,MAAM,QAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,MAAA,IAAA,CAAK,IAAA,EAAM,EAAE,WAAA,EAAa,YAAA,EAAc,UAAU,CAAA;AAAA,IACpD,SAAS,GAAA,EAAK;AACZ,MAAA,IAAA,CAAK,GAAA,YAAe,QAAQ,GAAA,GAAM,IAAI,MAAM,MAAA,CAAO,GAAG,CAAC,CAAC,CAAA;AAAA,IAC1D;AAAA,EACF,CAAA;AAEA,EAAA,OAAO,IAAIA,+BAAA;AAAA,IACT;AAAA,MACE,gBAAA,EAAkB,GAAG,OAAO,CAAA,gBAAA,CAAA;AAAA,MAC5B,QAAA,EAAU,GAAG,OAAO,CAAA,YAAA,CAAA;AAAA,MACpB,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,YAAA,EAAc,OAAO,YAAA,IAAgB,EAAA;AAAA,MACrC,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,KAAA,EAAO,OAAO,KAAA,IAAS,sBAAA;AAAA,MACvB,KAAA,EAAO,IAAA;AAAA,MACP,IAAA,EAAM,IAAA;AAAA,MACN,iBAAA,EAAmB;AAAA,KACrB;AAAA,IACA;AAAA,GACF;AACF","file":"passport.cjs","sourcesContent":["/**\n * Passport.js OAuth2 strategy factory for Hanzo IAM.\n *\n * Creates a pre-configured passport-oauth2 strategy that authenticates\n * against hanzo.id with PKCE and fetches user info on callback.\n *\n * @example\n * ```ts\n * import passport from \"passport\";\n * import { createIamPassportStrategy } from \"@hanzo/iam/passport\";\n *\n * passport.use(\"iam\", createIamPassportStrategy({\n * serverUrl: \"https://hanzo.id\",\n * clientId: \"hanzo-kms-client-id\",\n * clientSecret: process.env.IAM_CLIENT_SECRET!,\n * callbackUrl: \"https://kms.hanzo.ai/api/v1/sso/oidc/callback\",\n * }));\n * ```\n *\n * @packageDocumentation\n */\n\nimport OAuth2Strategy from \"passport-oauth2\";\n\nimport type { IamConfig } from \"./types.js\";\n\nexport interface IamPassportConfig extends IamConfig {\n /** Full callback URL for OAuth2 redirect. */\n callbackUrl: string;\n /** OAuth2 scopes. Default: \"openid profile email\". */\n scope?: string;\n}\n\nexport interface IamPassportUser {\n accessToken: string;\n refreshToken?: string;\n userinfo: Record<string, unknown>;\n}\n\n/**\n * Create a Passport OAuth2 strategy for Hanzo IAM.\n *\n * Returns an OAuth2Strategy instance ready to pass to `passport.use()`.\n * The verify callback fetches userinfo from the IAM server and passes\n * `{ accessToken, refreshToken, userinfo }` as the user object.\n *\n * `passport-oauth2` is a runtime dependency of this entry — using a\n * static import lets downstream bundlers (esbuild, webpack, etc.)\n * statically resolve and bundle it. Consumers who don't need passport\n * can import from `@hanzo/iam` directly to avoid pulling it in.\n */\nexport function createIamPassportStrategy(\n config: IamPassportConfig,\n): unknown {\n\n const baseUrl = config.serverUrl.replace(/\\/+$/, \"\");\n\n const verify = async (\n ...args: unknown[]\n ): Promise<void> => {\n // passReqToCallback=true: (req, accessToken, refreshToken, profile, done)\n const accessToken = args[1] as string;\n const refreshToken = args[2] as string | undefined;\n const done = args[4] as (err: Error | null, user?: IamPassportUser) => void;\n\n try {\n const res = await fetch(`${baseUrl}/oauth/userinfo`, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n if (!res.ok) {\n return done(new Error(`IAM userinfo failed: ${res.status}`));\n }\n const userinfo = (await res.json()) as Record<string, unknown>;\n done(null, { accessToken, refreshToken, userinfo });\n } catch (err) {\n done(err instanceof Error ? err : new Error(String(err)));\n }\n };\n\n return new OAuth2Strategy(\n {\n authorizationURL: `${baseUrl}/oauth/authorize`,\n tokenURL: `${baseUrl}/oauth/token`,\n clientID: config.clientId,\n clientSecret: config.clientSecret ?? \"\",\n callbackURL: config.callbackUrl,\n scope: config.scope ?? \"openid profile email\",\n state: true,\n pkce: true,\n passReqToCallback: true,\n },\n verify,\n );\n}\n"]}
|
package/dist/passport.d.cts
CHANGED
|
@@ -36,11 +36,14 @@ interface IamPassportUser {
|
|
|
36
36
|
/**
|
|
37
37
|
* Create a Passport OAuth2 strategy for Hanzo IAM.
|
|
38
38
|
*
|
|
39
|
-
* Requires `passport-oauth2` as a peer dependency.
|
|
40
39
|
* Returns an OAuth2Strategy instance ready to pass to `passport.use()`.
|
|
41
|
-
*
|
|
42
40
|
* The verify callback fetches userinfo from the IAM server and passes
|
|
43
41
|
* `{ accessToken, refreshToken, userinfo }` as the user object.
|
|
42
|
+
*
|
|
43
|
+
* `passport-oauth2` is a runtime dependency of this entry — using a
|
|
44
|
+
* static import lets downstream bundlers (esbuild, webpack, etc.)
|
|
45
|
+
* statically resolve and bundle it. Consumers who don't need passport
|
|
46
|
+
* can import from `@hanzo/iam` directly to avoid pulling it in.
|
|
44
47
|
*/
|
|
45
48
|
declare function createIamPassportStrategy(config: IamPassportConfig): unknown;
|
|
46
49
|
|
package/dist/passport.d.ts
CHANGED
|
@@ -36,11 +36,14 @@ interface IamPassportUser {
|
|
|
36
36
|
/**
|
|
37
37
|
* Create a Passport OAuth2 strategy for Hanzo IAM.
|
|
38
38
|
*
|
|
39
|
-
* Requires `passport-oauth2` as a peer dependency.
|
|
40
39
|
* Returns an OAuth2Strategy instance ready to pass to `passport.use()`.
|
|
41
|
-
*
|
|
42
40
|
* The verify callback fetches userinfo from the IAM server and passes
|
|
43
41
|
* `{ accessToken, refreshToken, userinfo }` as the user object.
|
|
42
|
+
*
|
|
43
|
+
* `passport-oauth2` is a runtime dependency of this entry — using a
|
|
44
|
+
* static import lets downstream bundlers (esbuild, webpack, etc.)
|
|
45
|
+
* statically resolve and bundle it. Consumers who don't need passport
|
|
46
|
+
* can import from `@hanzo/iam` directly to avoid pulling it in.
|
|
44
47
|
*/
|
|
45
48
|
declare function createIamPassportStrategy(config: IamPassportConfig): unknown;
|
|
46
49
|
|
package/dist/passport.js
CHANGED
|
@@ -1,13 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
|
|
3
|
-
}) : x)(function(x) {
|
|
4
|
-
if (typeof require !== "undefined") return require.apply(this, arguments);
|
|
5
|
-
throw Error('Dynamic require of "' + x + '" is not supported');
|
|
6
|
-
});
|
|
1
|
+
import OAuth2Strategy from 'passport-oauth2';
|
|
7
2
|
|
|
8
3
|
// src/passport.ts
|
|
9
4
|
function createIamPassportStrategy(config) {
|
|
10
|
-
const { Strategy: OAuth2Strategy } = __require("passport-oauth2");
|
|
11
5
|
const baseUrl = config.serverUrl.replace(/\/+$/, "");
|
|
12
6
|
const verify = async (...args) => {
|
|
13
7
|
const accessToken = args[1];
|
package/dist/passport.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/passport.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../src/passport.ts"],"names":[],"mappings":";;;AAmDO,SAAS,0BACd,MAAA,EACS;AAET,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAEnD,EAAA,MAAM,MAAA,GAAS,UACV,IAAA,KACe;AAElB,IAAA,MAAM,WAAA,GAAc,KAAK,CAAC,CAAA;AAC1B,IAAA,MAAM,YAAA,GAAe,KAAK,CAAC,CAAA;AAC3B,IAAA,MAAM,IAAA,GAAO,KAAK,CAAC,CAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,OAAO,CAAA,eAAA,CAAA,EAAmB;AAAA,QACnD,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,WAAW,CAAA,CAAA;AAAG,OACnD,CAAA;AACD,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,OAAO,KAAK,IAAI,KAAA,CAAM,wBAAwB,GAAA,CAAI,MAAM,EAAE,CAAC,CAAA;AAAA,MAC7D;AACA,MAAA,MAAM,QAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,MAAA,IAAA,CAAK,IAAA,EAAM,EAAE,WAAA,EAAa,YAAA,EAAc,UAAU,CAAA;AAAA,IACpD,SAAS,GAAA,EAAK;AACZ,MAAA,IAAA,CAAK,GAAA,YAAe,QAAQ,GAAA,GAAM,IAAI,MAAM,MAAA,CAAO,GAAG,CAAC,CAAC,CAAA;AAAA,IAC1D;AAAA,EACF,CAAA;AAEA,EAAA,OAAO,IAAI,cAAA;AAAA,IACT;AAAA,MACE,gBAAA,EAAkB,GAAG,OAAO,CAAA,gBAAA,CAAA;AAAA,MAC5B,QAAA,EAAU,GAAG,OAAO,CAAA,YAAA,CAAA;AAAA,MACpB,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,YAAA,EAAc,OAAO,YAAA,IAAgB,EAAA;AAAA,MACrC,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,KAAA,EAAO,OAAO,KAAA,IAAS,sBAAA;AAAA,MACvB,KAAA,EAAO,IAAA;AAAA,MACP,IAAA,EAAM,IAAA;AAAA,MACN,iBAAA,EAAmB;AAAA,KACrB;AAAA,IACA;AAAA,GACF;AACF","file":"passport.js","sourcesContent":["/**\n * Passport.js OAuth2 strategy factory for Hanzo IAM.\n *\n * Creates a pre-configured passport-oauth2 strategy that authenticates\n * against hanzo.id with PKCE and fetches user info on callback.\n *\n * @example\n * ```ts\n * import passport from \"passport\";\n * import { createIamPassportStrategy } from \"@hanzo/iam/passport\";\n *\n * passport.use(\"iam\", createIamPassportStrategy({\n * serverUrl: \"https://hanzo.id\",\n * clientId: \"hanzo-kms-client-id\",\n * clientSecret: process.env.IAM_CLIENT_SECRET!,\n * callbackUrl: \"https://kms.hanzo.ai/api/v1/sso/oidc/callback\",\n * }));\n * ```\n *\n * @packageDocumentation\n */\n\nimport OAuth2Strategy from \"passport-oauth2\";\n\nimport type { IamConfig } from \"./types.js\";\n\nexport interface IamPassportConfig extends IamConfig {\n /** Full callback URL for OAuth2 redirect. */\n callbackUrl: string;\n /** OAuth2 scopes. Default: \"openid profile email\". */\n scope?: string;\n}\n\nexport interface IamPassportUser {\n accessToken: string;\n refreshToken?: string;\n userinfo: Record<string, unknown>;\n}\n\n/**\n * Create a Passport OAuth2 strategy for Hanzo IAM.\n *\n * Returns an OAuth2Strategy instance ready to pass to `passport.use()`.\n * The verify callback fetches userinfo from the IAM server and passes\n * `{ accessToken, refreshToken, userinfo }` as the user object.\n *\n * `passport-oauth2` is a runtime dependency of this entry — using a\n * static import lets downstream bundlers (esbuild, webpack, etc.)\n * statically resolve and bundle it. Consumers who don't need passport\n * can import from `@hanzo/iam` directly to avoid pulling it in.\n */\nexport function createIamPassportStrategy(\n config: IamPassportConfig,\n): unknown {\n\n const baseUrl = config.serverUrl.replace(/\\/+$/, \"\");\n\n const verify = async (\n ...args: unknown[]\n ): Promise<void> => {\n // passReqToCallback=true: (req, accessToken, refreshToken, profile, done)\n const accessToken = args[1] as string;\n const refreshToken = args[2] as string | undefined;\n const done = args[4] as (err: Error | null, user?: IamPassportUser) => void;\n\n try {\n const res = await fetch(`${baseUrl}/oauth/userinfo`, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n if (!res.ok) {\n return done(new Error(`IAM userinfo failed: ${res.status}`));\n }\n const userinfo = (await res.json()) as Record<string, unknown>;\n done(null, { accessToken, refreshToken, userinfo });\n } catch (err) {\n done(err instanceof Error ? err : new Error(String(err)));\n }\n };\n\n return new OAuth2Strategy(\n {\n authorizationURL: `${baseUrl}/oauth/authorize`,\n tokenURL: `${baseUrl}/oauth/token`,\n clientID: config.clientId,\n clientSecret: config.clientSecret ?? \"\",\n callbackURL: config.callbackUrl,\n scope: config.scope ?? \"openid profile email\",\n state: true,\n pkce: true,\n passReqToCallback: true,\n },\n verify,\n );\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hanzo/iam",
|
|
3
|
-
"version": "0.9.
|
|
4
|
-
"description": "TypeScript SDK for Hanzo IAM
|
|
3
|
+
"version": "0.9.3",
|
|
4
|
+
"description": "TypeScript SDK for Hanzo IAM — OIDC auth, JWT validation, OAuth2 PKCE, user/org/project APIs",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.cjs",
|
|
7
7
|
"module": "dist/index.js",
|
|
@@ -70,7 +70,8 @@
|
|
|
70
70
|
"test": "node --test --import tsx src/**/*.test.ts"
|
|
71
71
|
},
|
|
72
72
|
"dependencies": {
|
|
73
|
-
"jose": "^6.1.0"
|
|
73
|
+
"jose": "^6.1.0",
|
|
74
|
+
"passport-oauth2": "^1.8.0"
|
|
74
75
|
},
|
|
75
76
|
"peerDependencies": {
|
|
76
77
|
"react": ">=17"
|
|
@@ -82,6 +83,7 @@
|
|
|
82
83
|
},
|
|
83
84
|
"devDependencies": {
|
|
84
85
|
"@types/node": "^22.19.11",
|
|
86
|
+
"@types/passport-oauth2": "^1.8.0",
|
|
85
87
|
"@types/react": "^19.0.0",
|
|
86
88
|
"tsup": "^8.5.0",
|
|
87
89
|
"typescript": "^5.5.0"
|
package/src/betterauth.ts
CHANGED
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
* export const auth = betterAuth({
|
|
13
13
|
* socialProviders: [
|
|
14
14
|
* iamProvider({
|
|
15
|
-
* serverUrl: process.env.
|
|
15
|
+
* serverUrl: process.env.IAM_ENDPOINT!,
|
|
16
16
|
* clientId: process.env.IAM_CLIENT_ID!,
|
|
17
17
|
* clientSecret: process.env.IAM_CLIENT_SECRET!,
|
|
18
18
|
* }),
|
package/src/nextauth.ts
CHANGED
package/src/passport.ts
CHANGED
|
@@ -20,6 +20,8 @@
|
|
|
20
20
|
* @packageDocumentation
|
|
21
21
|
*/
|
|
22
22
|
|
|
23
|
+
import OAuth2Strategy from "passport-oauth2";
|
|
24
|
+
|
|
23
25
|
import type { IamConfig } from "./types.js";
|
|
24
26
|
|
|
25
27
|
export interface IamPassportConfig extends IamConfig {
|
|
@@ -38,23 +40,18 @@ export interface IamPassportUser {
|
|
|
38
40
|
/**
|
|
39
41
|
* Create a Passport OAuth2 strategy for Hanzo IAM.
|
|
40
42
|
*
|
|
41
|
-
* Requires `passport-oauth2` as a peer dependency.
|
|
42
43
|
* Returns an OAuth2Strategy instance ready to pass to `passport.use()`.
|
|
43
|
-
*
|
|
44
44
|
* The verify callback fetches userinfo from the IAM server and passes
|
|
45
45
|
* `{ accessToken, refreshToken, userinfo }` as the user object.
|
|
46
|
+
*
|
|
47
|
+
* `passport-oauth2` is a runtime dependency of this entry — using a
|
|
48
|
+
* static import lets downstream bundlers (esbuild, webpack, etc.)
|
|
49
|
+
* statically resolve and bundle it. Consumers who don't need passport
|
|
50
|
+
* can import from `@hanzo/iam` directly to avoid pulling it in.
|
|
46
51
|
*/
|
|
47
52
|
export function createIamPassportStrategy(
|
|
48
53
|
config: IamPassportConfig,
|
|
49
54
|
): unknown {
|
|
50
|
-
// Dynamic import to keep passport-oauth2 as optional peer dep.
|
|
51
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
52
|
-
const { Strategy: OAuth2Strategy } = require("passport-oauth2") as {
|
|
53
|
-
Strategy: new (
|
|
54
|
-
options: Record<string, unknown>,
|
|
55
|
-
verify: (...args: unknown[]) => void,
|
|
56
|
-
) => unknown;
|
|
57
|
-
};
|
|
58
55
|
|
|
59
56
|
const baseUrl = config.serverUrl.replace(/\/+$/, "");
|
|
60
57
|
|