@hazeljs/oauth 0.2.0-alpha.1

package/dist/oauth.service.test.js

@@ -0,0 +1,248 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const oauth_service_1 = require("./oauth.service");
+const arctic = __importStar(require("arctic"));
+jest.mock('arctic', () => ({
+    generateState: jest.fn(() => 'mock-state-123'),
+    generateCodeVerifier: jest.fn(() => 'mock-code-verifier-456'),
+    Google: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, _cv, scopes) => new URL(`https://accounts.google.com/o/oauth2/v2/auth?state=${state}&scope=${scopes.join(' ')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+    MicrosoftEntraId: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, _cv, scopes) => new URL(`https://login.microsoftonline.com/oauth2/v2.0/authorize?state=${state}&scope=${scopes.join(' ')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+    Twitter: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, _cv, scopes) => new URL(`https://twitter.com/i/oauth2/authorize?state=${state}&scope=${scopes.join(' ')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+    GitHub: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, scopes) => new URL(`https://github.com/login/oauth/authorize?state=${state}&scope=${scopes.join(' ')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+    Facebook: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, scopes) => new URL(`https://facebook.com/v18.0/dialog/oauth?state=${state}&scope=${scopes.join(',')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+}));
+const mockFetch = jest.fn();
+global.fetch = mockFetch;
+describe('OAuthService', () => {
+    const baseConfig = {
+        clientId: 'test-client-id',
+        clientSecret: 'test-client-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    beforeEach(() => {
+        jest.clearAllMocks();
+        oauth_service_1.OAuthService.configure({
+            providers: {
+                google: { ...baseConfig },
+                github: { ...baseConfig },
+                facebook: { ...baseConfig },
+                microsoft: { ...baseConfig },
+                twitter: { ...baseConfig },
+            },
+        });
+        mockFetch.mockResolvedValue({
+            ok: true,
+            json: () => Promise.resolve({
+                sub: 'user-123',
+                email: 'test@example.com',
+                name: 'Test User',
+                picture: 'https://example.com/avatar.png',
+            }),
+        });
+    });
+    describe('configure and getOptions', () => {
+        it('should throw when not configured', () => {
+            oauth_service_1.OAuthService.options = null;
+            expect(() => new oauth_service_1.OAuthService()).toThrow('OAuthModule not configured');
+            oauth_service_1.OAuthService.configure({ providers: { google: baseConfig } });
+        });
+    });
+    describe('getAuthorizationUrl', () => {
+        it('should return URL with state for GitHub (no PKCE)', () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = service.getAuthorizationUrl('github');
+            expect(result.url).toContain('github.com');
+            expect(result.state).toBe('mock-state-123');
+            expect(result.codeVerifier).toBeUndefined();
+            expect(arctic.generateState).toHaveBeenCalled();
+        });
+        it('should return URL with state and codeVerifier for Google (PKCE)', () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = service.getAuthorizationUrl('google');
+            expect(result.url).toContain('accounts.google.com');
+            expect(result.state).toBe('mock-state-123');
+            expect(result.codeVerifier).toBe('mock-code-verifier-456');
+            expect(arctic.generateCodeVerifier).toHaveBeenCalled();
+        });
+        it('should use provided state when given', () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = service.getAuthorizationUrl('github', 'custom-state');
+            expect(result.state).toBe('custom-state');
+            expect(result.url).toContain('custom-state');
+        });
+        it('should use custom scopes when provided', () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = service.getAuthorizationUrl('github', undefined, ['user:email', 'repo']);
+            expect(result.url).toMatch(/user:email|user%3Aemail/);
+            expect(result.url).toContain('repo');
+        });
+        it('should throw for unconfigured provider', () => {
+            oauth_service_1.OAuthService.configure({ providers: { google: baseConfig } });
+            const service = new oauth_service_1.OAuthService();
+            expect(() => service.getAuthorizationUrl('github')).toThrow('GitHub OAuth is not configured');
+        });
+    });
+    describe('validateState', () => {
+        it('should return true when states match', () => {
+            const service = new oauth_service_1.OAuthService();
+            expect(service.validateState('abc123', 'abc123')).toBe(true);
+        });
+        it('should return false when states differ', () => {
+            const service = new oauth_service_1.OAuthService();
+            expect(service.validateState('abc123', 'xyz789')).toBe(false);
+        });
+        it('should return false when received state is empty', () => {
+            const service = new oauth_service_1.OAuthService();
+            expect(service.validateState('', 'stored')).toBe(false);
+        });
+    });
+    describe('generateState', () => {
+        it('should return generated state', () => {
+            const service = new oauth_service_1.OAuthService();
+            const state = service.generateState();
+            expect(state).toBe('mock-state-123');
+            expect(arctic.generateState).toHaveBeenCalled();
+        });
+    });
+    describe('handleCallback', () => {
+        it('should exchange code and fetch user for GitHub', async () => {
+            const service = new oauth_service_1.OAuthService();
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 12345,
+                    email: 'github@example.com',
+                    name: 'GitHub User',
+                    avatar_url: 'https://github.com/avatar.png',
+                }),
+            });
+            const result = await service.handleCallback('github', 'auth-code', 'mock-state-123');
+            expect(result.accessToken).toBe('mock-access-token');
+            expect(result.user.id).toBe('12345');
+            expect(result.user.email).toBe('github@example.com');
+            expect(result.user.name).toBe('GitHub User');
+            expect(result.user.picture).toBe('https://github.com/avatar.png');
+        });
+        it('should require codeVerifier for Google (PKCE)', async () => {
+            const service = new oauth_service_1.OAuthService();
+            await expect(service.handleCallback('google', 'code', 'state')).rejects.toThrow('requires codeVerifier');
+        });
+        it('should exchange code with codeVerifier for Google', async () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = await service.handleCallback('google', 'auth-code', 'mock-state-123', 'mock-code-verifier-456');
+            expect(result.accessToken).toBe('mock-access-token');
+            expect(result.user.email).toBe('test@example.com');
+        });
+        it('should fetch Facebook user with correct API', async () => {
+            const service = new oauth_service_1.OAuthService();
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 'fb-123',
+                    email: 'fb@example.com',
+                    name: 'FB User',
+                    picture: { data: { url: 'https://fb.com/pic.png' } },
+                }),
+            });
+            const result = await service.handleCallback('facebook', 'code', 'state');
+            expect(result.user.id).toBe('fb-123');
+            expect(result.user.picture).toBe('https://fb.com/pic.png');
+        });
+        it('should fetch Twitter user (no email from API v2)', async () => {
+            const service = new oauth_service_1.OAuthService();
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    data: {
+                        id: 'tw-123',
+                        name: 'Twitter User',
+                        username: 'twuser',
+                        profile_image_url: 'https://twitter.com/pic.png',
+                    },
+                }),
+            });
+            const result = await service.handleCallback('twitter', 'code', 'state', 'code-verifier');
+            expect(result.user.id).toBe('tw-123');
+            expect(result.user.email).toBe('');
+            expect(result.user.name).toBe('Twitter User');
+        });
+        it('should throw for unconfigured provider', async () => {
+            oauth_service_1.OAuthService.configure({ providers: { google: baseConfig } });
+            const service = new oauth_service_1.OAuthService();
+            await expect(service.handleCallback('facebook', 'code', 'state')).rejects.toThrow('Facebook OAuth is not configured');
+        });
+    });
+});

package/dist/providers/facebook.provider.d.ts

@@ -0,0 +1,11 @@
+import * as arctic from 'arctic';
+import type { FacebookProviderConfig } from './provider.types';
+export declare function createFacebookProvider(config: FacebookProviderConfig): arctic.Facebook;
+export declare function getFacebookDefaultScopes(): string[];
+export declare function fetchFacebookUser(accessToken: string): Promise<{
+    id: string;
+    email: string;
+    name: string | null;
+    picture?: string | null;
+}>;
+//# sourceMappingURL=facebook.provider.d.ts.map

package/dist/providers/facebook.provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"facebook.provider.d.ts","sourceRoot":"","sources":["../../src/providers/facebook.provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAI/D,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,sBAAsB,GAAG,MAAM,CAAC,QAAQ,CAEtF;AAED,wBAAgB,wBAAwB,IAAI,MAAM,EAAE,CAEnD;AAED,wBAAsB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;IACpE,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAqBD"}

package/dist/providers/facebook.provider.js

@@ -0,0 +1,63 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createFacebookProvider = createFacebookProvider;
+exports.getFacebookDefaultScopes = getFacebookDefaultScopes;
+exports.fetchFacebookUser = fetchFacebookUser;
+const arctic = __importStar(require("arctic"));
+const DEFAULT_SCOPES = ['email', 'public_profile'];
+function createFacebookProvider(config) {
+    return new arctic.Facebook(config.clientId, config.clientSecret, config.redirectUri);
+}
+function getFacebookDefaultScopes() {
+    return [...DEFAULT_SCOPES];
+}
+async function fetchFacebookUser(accessToken) {
+    const params = new URLSearchParams();
+    params.set('access_token', accessToken);
+    params.set('fields', ['id', 'name', 'picture', 'email'].join(','));
+    const res = await fetch(`https://graph.facebook.com/me?${params.toString()}`);
+    if (!res.ok) {
+        throw new Error(`Failed to fetch Facebook user: ${res.status}`);
+    }
+    const data = (await res.json());
+    const pictureUrl = data.picture?.data?.url ?? null;
+    return {
+        id: data.id,
+        email: data.email || '',
+        name: data.name || null,
+        picture: pictureUrl,
+    };
+}

package/dist/providers/facebook.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=facebook.provider.test.d.ts.map

package/dist/providers/facebook.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"facebook.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/facebook.provider.test.ts"],"names":[],"mappings":""}

package/dist/providers/facebook.provider.test.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const facebook_provider_1 = require("./facebook.provider");
+jest.mock('arctic', () => ({
+    Facebook: jest.fn().mockImplementation(() => ({})),
+}));
+describe('Facebook Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createFacebookProvider', () => {
+        it('should create provider instance', () => {
+            const provider = (0, facebook_provider_1.createFacebookProvider)(config);
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getFacebookDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, facebook_provider_1.getFacebookDefaultScopes)();
+            expect(scopes).toContain('email');
+            expect(scopes).toContain('public_profile');
+        });
+    });
+    describe('fetchFacebookUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data with nested picture', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 'fb-123',
+                    email: 'user@fb.com',
+                    name: 'FB User',
+                    picture: { data: { url: 'https://fb.com/pic.jpg' } },
+                }),
+            });
+            const user = await (0, facebook_provider_1.fetchFacebookUser)('access-token');
+            expect(user.id).toBe('fb-123');
+            expect(user.email).toBe('user@fb.com');
+            expect(user.name).toBe('FB User');
+            expect(user.picture).toBe('https://fb.com/pic.jpg');
+        });
+        it('should handle missing picture', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 'fb-456',
+                    name: 'No Pic User',
+                }),
+            });
+            const user = await (0, facebook_provider_1.fetchFacebookUser)('access-token');
+            expect(user.picture).toBeNull();
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, facebook_provider_1.fetchFacebookUser)('bad-token')).rejects.toThrow('Failed to fetch Facebook user');
+        });
+    });
+});

package/dist/providers/github.provider.d.ts

@@ -0,0 +1,11 @@
+import * as arctic from 'arctic';
+import type { GitHubProviderConfig } from './provider.types';
+export declare function createGitHubProvider(config: GitHubProviderConfig): arctic.GitHub;
+export declare function getGitHubDefaultScopes(): string[];
+export declare function fetchGitHubUser(accessToken: string): Promise<{
+    id: string;
+    email: string;
+    name: string | null;
+    picture?: string | null;
+}>;
+//# sourceMappingURL=github.provider.d.ts.map

package/dist/providers/github.provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.provider.d.ts","sourceRoot":"","sources":["../../src/providers/github.provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAI7D,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAEhF;AAED,wBAAgB,sBAAsB,IAAI,MAAM,EAAE,CAEjD;AAED,wBAAsB,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAuCD"}

package/dist/providers/github.provider.js

@@ -0,0 +1,79 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createGitHubProvider = createGitHubProvider;
+exports.getGitHubDefaultScopes = getGitHubDefaultScopes;
+exports.fetchGitHubUser = fetchGitHubUser;
+const arctic = __importStar(require("arctic"));
+const DEFAULT_SCOPES = ['user:email'];
+function createGitHubProvider(config) {
+    return new arctic.GitHub(config.clientId, config.clientSecret, config.redirectUri);
+}
+function getGitHubDefaultScopes() {
+    return [...DEFAULT_SCOPES];
+}
+async function fetchGitHubUser(accessToken) {
+    const res = await fetch('https://api.github.com/user', {
+        headers: {
+            Authorization: `Bearer ${accessToken}`,
+            Accept: 'application/vnd.github+json',
+            'X-GitHub-Api-Version': '2022-11-28',
+        },
+    });
+    if (!res.ok) {
+        throw new Error(`Failed to fetch GitHub user: ${res.status}`);
+    }
+    const data = (await res.json());
+    let email = data.email || '';
+    if (!email) {
+        const emailsRes = await fetch('https://api.github.com/user/emails', {
+            headers: {
+                Authorization: `Bearer ${accessToken}`,
+                Accept: 'application/vnd.github+json',
+            },
+        });
+        if (emailsRes.ok) {
+            const emails = (await emailsRes.json());
+            const primary = emails.find((e) => e.primary) || emails[0];
+            email = primary?.email || '';
+        }
+    }
+    return {
+        id: String(data.id),
+        email,
+        name: data.name || null,
+        picture: data.avatar_url ?? null,
+    };
+}

package/dist/providers/github.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=github.provider.test.d.ts.map

package/dist/providers/github.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/github.provider.test.ts"],"names":[],"mappings":""}

package/dist/providers/github.provider.test.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const github_provider_1 = require("./github.provider");
+jest.mock('arctic', () => ({
+    GitHub: jest.fn().mockImplementation(() => ({})),
+}));
+describe('GitHub Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createGitHubProvider', () => {
+        it('should create provider instance', () => {
+            const provider = (0, github_provider_1.createGitHubProvider)(config);
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getGitHubDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, github_provider_1.getGitHubDefaultScopes)();
+            expect(scopes).toContain('user:email');
+        });
+    });
+    describe('fetchGitHubUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data', async () => {
+            global.fetch.mockResolvedValueOnce({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 999,
+                    email: 'dev@github.com',
+                    name: 'Dev User',
+                    avatar_url: 'https://github.com/avatar.png',
+                }),
+            });
+            const user = await (0, github_provider_1.fetchGitHubUser)('access-token');
+            expect(user.id).toBe('999');
+            expect(user.email).toBe('dev@github.com');
+            expect(user.name).toBe('Dev User');
+            expect(user.picture).toBe('https://github.com/avatar.png');
+        });
+        it('should fetch email from emails endpoint when not in user', async () => {
+            global.fetch
+                .mockResolvedValueOnce({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 888,
+                    name: 'No Email User',
+                }),
+            })
+                .mockResolvedValueOnce({
+                ok: true,
+                json: () => Promise.resolve([
+                    { email: 'primary@example.com', primary: true },
+                    { email: 'other@example.com', primary: false },
+                ]),
+            });
+            const user = await (0, github_provider_1.fetchGitHubUser)('access-token');
+            expect(user.email).toBe('primary@example.com');
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, github_provider_1.fetchGitHubUser)('bad-token')).rejects.toThrow('Failed to fetch GitHub user');
+        });
+    });
+});

package/dist/providers/google.provider.d.ts

@@ -0,0 +1,11 @@
+import * as arctic from 'arctic';
+import type { GoogleProviderConfig } from './provider.types';
+export declare function createGoogleProvider(config: GoogleProviderConfig): arctic.Google;
+export declare function getGoogleDefaultScopes(): string[];
+export declare function fetchGoogleUser(accessToken: string): Promise<{
+    id: string;
+    email: string;
+    name: string | null;
+    picture?: string | null;
+}>;
+//# sourceMappingURL=google.provider.d.ts.map

package/dist/providers/google.provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.provider.d.ts","sourceRoot":"","sources":["../../src/providers/google.provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAI7D,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAEhF;AAED,wBAAgB,sBAAsB,IAAI,MAAM,EAAE,CAEjD;AAED,wBAAsB,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAmBD"}

package/dist/providers/google.provider.js

@@ -0,0 +1,61 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createGoogleProvider = createGoogleProvider;
+exports.getGoogleDefaultScopes = getGoogleDefaultScopes;
+exports.fetchGoogleUser = fetchGoogleUser;
+const arctic = __importStar(require("arctic"));
+const DEFAULT_SCOPES = ['openid', 'profile', 'email'];
+function createGoogleProvider(config) {
+    return new arctic.Google(config.clientId, config.clientSecret, config.redirectUri);
+}
+function getGoogleDefaultScopes() {
+    return [...DEFAULT_SCOPES];
+}
+async function fetchGoogleUser(accessToken) {
+    const res = await fetch('https://openidconnect.googleapis.com/v1/userinfo', {
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!res.ok) {
+        throw new Error(`Failed to fetch Google user: ${res.status}`);
+    }
+    const data = (await res.json());
+    return {
+        id: data.sub,
+        email: data.email || '',
+        name: data.name || null,
+        picture: data.picture ?? null,
+    };
+}

package/dist/providers/google.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=google.provider.test.d.ts.map

package/dist/providers/google.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/google.provider.test.ts"],"names":[],"mappings":""}