@hazeljs/oauth 0.2.0-alpha.1

package/dist/providers/google.provider.test.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const google_provider_1 = require("./google.provider");
+jest.mock('arctic', () => ({
+    Google: jest.fn().mockImplementation(() => ({})),
+}));
+describe('Google Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createGoogleProvider', () => {
+        it('should create provider instance', () => {
+            const provider = (0, google_provider_1.createGoogleProvider)(config);
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getGoogleDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, google_provider_1.getGoogleDefaultScopes)();
+            expect(scopes).toContain('openid');
+            expect(scopes).toContain('profile');
+            expect(scopes).toContain('email');
+        });
+    });
+    describe('fetchGoogleUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    sub: 'google-123',
+                    email: 'user@gmail.com',
+                    name: 'Google User',
+                    picture: 'https://google.com/photo.jpg',
+                }),
+            });
+            const user = await (0, google_provider_1.fetchGoogleUser)('access-token');
+            expect(user.id).toBe('google-123');
+            expect(user.email).toBe('user@gmail.com');
+            expect(user.name).toBe('Google User');
+            expect(user.picture).toBe('https://google.com/photo.jpg');
+        });
+        it('should handle missing optional fields', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    sub: 'google-456',
+                }),
+            });
+            const user = await (0, google_provider_1.fetchGoogleUser)('access-token');
+            expect(user.id).toBe('google-456');
+            expect(user.email).toBe('');
+            expect(user.name).toBeNull();
+            expect(user.picture).toBeNull();
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, google_provider_1.fetchGoogleUser)('bad-token')).rejects.toThrow('Failed to fetch Google user');
+        });
+    });
+});

package/dist/providers/index.d.ts

@@ -0,0 +1,7 @@
+export * from './provider.types';
+export * from './google.provider';
+export * from './microsoft.provider';
+export * from './github.provider';
+export * from './facebook.provider';
+export * from './twitter.provider';
+//# sourceMappingURL=index.d.ts.map

package/dist/providers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC"}

package/dist/providers/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./provider.types"), exports);
+__exportStar(require("./google.provider"), exports);
+__exportStar(require("./microsoft.provider"), exports);
+__exportStar(require("./github.provider"), exports);
+__exportStar(require("./facebook.provider"), exports);
+__exportStar(require("./twitter.provider"), exports);

package/dist/providers/microsoft.provider.d.ts

@@ -0,0 +1,11 @@
+import * as arctic from 'arctic';
+import type { MicrosoftProviderConfig } from './provider.types';
+export declare function createMicrosoftProvider(config: MicrosoftProviderConfig): arctic.MicrosoftEntraId;
+export declare function getMicrosoftDefaultScopes(): string[];
+export declare function fetchMicrosoftUser(accessToken: string): Promise<{
+    id: string;
+    email: string;
+    name: string | null;
+    picture?: string | null;
+}>;
+//# sourceMappingURL=microsoft.provider.d.ts.map

package/dist/providers/microsoft.provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"microsoft.provider.d.ts","sourceRoot":"","sources":["../../src/providers/microsoft.provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAIhE,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,uBAAuB,GAAG,MAAM,CAAC,gBAAgB,CAQhG;AAED,wBAAgB,yBAAyB,IAAI,MAAM,EAAE,CAEpD;AAED,wBAAsB,kBAAkB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;IACrE,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAmBD"}

package/dist/providers/microsoft.provider.js

@@ -0,0 +1,62 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createMicrosoftProvider = createMicrosoftProvider;
+exports.getMicrosoftDefaultScopes = getMicrosoftDefaultScopes;
+exports.fetchMicrosoftUser = fetchMicrosoftUser;
+const arctic = __importStar(require("arctic"));
+const DEFAULT_SCOPES = ['openid', 'profile', 'email'];
+function createMicrosoftProvider(config) {
+    const tenant = config.tenant || 'common';
+    return new arctic.MicrosoftEntraId(tenant, config.clientId, config.clientSecret, config.redirectUri);
+}
+function getMicrosoftDefaultScopes() {
+    return [...DEFAULT_SCOPES];
+}
+async function fetchMicrosoftUser(accessToken) {
+    const res = await fetch('https://graph.microsoft.com/oidc/userinfo', {
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!res.ok) {
+        throw new Error(`Failed to fetch Microsoft user: ${res.status}`);
+    }
+    const data = (await res.json());
+    return {
+        id: data.sub,
+        email: data.email || '',
+        name: data.name || null,
+        picture: data.picture ?? null,
+    };
+}

package/dist/providers/microsoft.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=microsoft.provider.test.d.ts.map

package/dist/providers/microsoft.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"microsoft.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/microsoft.provider.test.ts"],"names":[],"mappings":""}

package/dist/providers/microsoft.provider.test.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const microsoft_provider_1 = require("./microsoft.provider");
+jest.mock('arctic', () => ({
+    MicrosoftEntraId: jest.fn().mockImplementation(() => ({})),
+}));
+describe('Microsoft Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createMicrosoftProvider', () => {
+        it('should create provider with common tenant by default', () => {
+            const provider = (0, microsoft_provider_1.createMicrosoftProvider)(config);
+            expect(provider).toBeDefined();
+        });
+        it('should create provider with custom tenant', () => {
+            const provider = (0, microsoft_provider_1.createMicrosoftProvider)({
+                ...config,
+                tenant: 'my-tenant-id',
+            });
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getMicrosoftDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, microsoft_provider_1.getMicrosoftDefaultScopes)();
+            expect(scopes).toContain('openid');
+            expect(scopes).toContain('profile');
+            expect(scopes).toContain('email');
+        });
+    });
+    describe('fetchMicrosoftUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    sub: 'ms-123',
+                    email: 'user@outlook.com',
+                    name: 'MS User',
+                    picture: 'https://graph.microsoft.com/photo',
+                }),
+            });
+            const user = await (0, microsoft_provider_1.fetchMicrosoftUser)('access-token');
+            expect(user.id).toBe('ms-123');
+            expect(user.email).toBe('user@outlook.com');
+            expect(user.name).toBe('MS User');
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, microsoft_provider_1.fetchMicrosoftUser)('bad-token')).rejects.toThrow('Failed to fetch Microsoft user');
+        });
+    });
+});

package/dist/providers/provider.types.d.ts

@@ -0,0 +1,94 @@
+/**
+ * OAuth provider configuration types
+ */
+export interface BaseProviderConfig {
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+}
+export type GoogleProviderConfig = BaseProviderConfig;
+export interface MicrosoftProviderConfig extends BaseProviderConfig {
+    /** Azure AD tenant ID. Use 'common' for multi-tenant. Default: 'common' */
+    tenant?: string;
+}
+export type GitHubProviderConfig = BaseProviderConfig;
+export type FacebookProviderConfig = BaseProviderConfig;
+export interface TwitterProviderConfig extends Omit<BaseProviderConfig, 'clientSecret'> {
+    /** Optional for public clients (PKCE-only) */
+    clientSecret?: string | null;
+}
+export type OAuthProviderConfig = {
+    google: GoogleProviderConfig;
+} | {
+    microsoft: MicrosoftProviderConfig;
+} | {
+    github: GitHubProviderConfig;
+} | {
+    facebook: FacebookProviderConfig;
+} | {
+    twitter: TwitterProviderConfig;
+};
+export interface OAuthProvidersConfig {
+    google?: GoogleProviderConfig;
+    microsoft?: MicrosoftProviderConfig;
+    github?: GitHubProviderConfig;
+    facebook?: FacebookProviderConfig;
+    twitter?: TwitterProviderConfig;
+}
+export type SupportedProvider = 'google' | 'microsoft' | 'github' | 'facebook' | 'twitter';
+export interface OAuthUser {
+    id: string;
+    email: string;
+    name: string | null;
+    picture?: string | null;
+}
+export interface OAuthCallbackResult {
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt?: Date;
+    user: OAuthUser;
+}
+export interface OAuthAuthorizationResult {
+    url: string;
+    state: string;
+    /** Required for PKCE providers (Google, Microsoft). Store and pass to handleCallback. */
+    codeVerifier?: string;
+}
+/**
+ * Implement this interface and pass the class to OAuthModule.forRoot({ callbackHandler })
+ * to hook into the OAuth callback before the response is sent.
+ *
+ * The handler is resolved from the DI container, so it can inject any service
+ * (JwtService, a UsersRepository, etc.) through its constructor.
+ *
+ * @example
+ * ```ts
+ * @Injectable()
+ * export class MyOAuthHandler implements OAuthCallbackHandler {
+ *   constructor(
+ *     private readonly jwtService: JwtService,
+ *     private readonly usersRepo: UsersRepository,
+ *   ) {}
+ *
+ *   async handle(result: OAuthCallbackResult, provider: SupportedProvider) {
+ *     const user = await this.usersRepo.findOrCreate(result.user);
+ *     return { token: this.jwtService.sign({ sub: user.id, role: user.role, tenantId: user.orgId }) };
+ *   }
+ * }
+ * ```
+ */
+export interface OAuthCallbackHandler {
+    handle(result: OAuthCallbackResult, provider: SupportedProvider): Promise<unknown> | unknown;
+}
+export interface OAuthModuleOptions {
+    providers: OAuthProvidersConfig;
+    /** Default scopes per provider. Override via getAuthorizationUrl scopes param. */
+    defaultScopes?: Partial<Record<SupportedProvider, string[]>>;
+    /**
+     * Optional class (must be registered in the DI container) whose `handle()` method is
+     * called after a successful OAuth callback.  Use it to look up / create the user in
+     * your database and return a JWT.  When omitted the raw OAuthCallbackResult is returned.
+     */
+    callbackHandler?: new (...args: any[]) => OAuthCallbackHandler;
+}
+//# sourceMappingURL=provider.types.d.ts.map

package/dist/providers/provider.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.types.d.ts","sourceRoot":"","sources":["../../src/providers/provider.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AAEtD,MAAM,WAAW,uBAAwB,SAAQ,kBAAkB;IACjE,2EAA2E;IAC3E,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AAEtD,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC;AAExD,MAAM,WAAW,qBAAsB,SAAQ,IAAI,CAAC,kBAAkB,EAAE,cAAc,CAAC;IACrF,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,MAAM,MAAM,mBAAmB,GAC3B;IAAE,MAAM,EAAE,oBAAoB,CAAA;CAAE,GAChC;IAAE,SAAS,EAAE,uBAAuB,CAAA;CAAE,GACtC;IAAE,MAAM,EAAE,oBAAoB,CAAA;CAAE,GAChC;IAAE,QAAQ,EAAE,sBAAsB,CAAA;CAAE,GACpC;IAAE,OAAO,EAAE,qBAAqB,CAAA;CAAE,CAAC;AAEvC,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,oBAAoB,CAAC;IAC9B,SAAS,CAAC,EAAE,uBAAuB,CAAC;IACpC,MAAM,CAAC,EAAE,oBAAoB,CAAC;IAC9B,QAAQ,CAAC,EAAE,sBAAsB,CAAC;IAClC,OAAO,CAAC,EAAE,qBAAqB,CAAC;CACjC;AAED,MAAM,MAAM,iBAAiB,GAAG,QAAQ,GAAG,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,CAAC;AAE3F,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;CACjB;AAED,MAAM,WAAW,wBAAwB;IACvC,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,yFAAyF;IACzF,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,MAAM,EAAE,mBAAmB,EAAE,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;CAC9F;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,oBAAoB,CAAC;IAChC,kFAAkF;IAClF,aAAa,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC7D;;;;OAIG;IAEH,eAAe,CAAC,EAAE,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,oBAAoB,CAAC;CAChE"}

package/dist/providers/provider.types.js

@@ -0,0 +1,5 @@
+"use strict";
+/**
+ * OAuth provider configuration types
+ */
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/providers/provider.types.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=provider.types.test.d.ts.map

package/dist/providers/provider.types.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.types.test.d.ts","sourceRoot":"","sources":["../../src/providers/provider.types.test.ts"],"names":[],"mappings":""}

package/dist/providers/provider.types.test.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+describe('Provider Types', () => {
+    it('should allow valid BaseProviderConfig', () => {
+        const config = {
+            clientId: 'id',
+            clientSecret: 'secret',
+            redirectUri: 'https://app.com/cb',
+        };
+        expect(config.clientId).toBe('id');
+    });
+    it('should allow GoogleProviderConfig', () => {
+        const config = {
+            clientId: 'id',
+            clientSecret: 'secret',
+            redirectUri: 'https://app.com/cb',
+        };
+        expect(config).toBeDefined();
+    });
+    it('should allow MicrosoftProviderConfig with optional tenant', () => {
+        const config = {
+            clientId: 'id',
+            clientSecret: 'secret',
+            redirectUri: 'https://app.com/cb',
+            tenant: 'common',
+        };
+        expect(config.tenant).toBe('common');
+    });
+    it('should define OAuthUser shape', () => {
+        const user = {
+            id: '123',
+            email: 'a@b.com',
+            name: 'User',
+            picture: 'https://pic.com',
+        };
+        expect(user.id).toBe('123');
+    });
+    it('should define OAuthCallbackResult shape', () => {
+        const result = {
+            accessToken: 'token',
+            user: { id: '1', email: 'e@e.com', name: 'N' },
+        };
+        expect(result.accessToken).toBe('token');
+    });
+    it('should define OAuthAuthorizationResult shape', () => {
+        const result = {
+            url: 'https://provider.com',
+            state: 'state',
+            codeVerifier: 'verifier',
+        };
+        expect(result.codeVerifier).toBe('verifier');
+    });
+    it('should include all SupportedProvider values', () => {
+        const providers = ['google', 'microsoft', 'github', 'facebook', 'twitter'];
+        expect(providers).toHaveLength(5);
+    });
+});

package/dist/providers/twitter.provider.d.ts

@@ -0,0 +1,11 @@
+import * as arctic from 'arctic';
+import type { TwitterProviderConfig } from './provider.types';
+export declare function createTwitterProvider(config: TwitterProviderConfig): arctic.Twitter;
+export declare function getTwitterDefaultScopes(): string[];
+export declare function fetchTwitterUser(accessToken: string): Promise<{
+    id: string;
+    email: string;
+    name: string | null;
+    picture?: string | null;
+}>;
+//# sourceMappingURL=twitter.provider.d.ts.map

package/dist/providers/twitter.provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"twitter.provider.d.ts","sourceRoot":"","sources":["../../src/providers/twitter.provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAI9D,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,qBAAqB,GAAG,MAAM,CAAC,OAAO,CAEnF;AAED,wBAAgB,uBAAuB,IAAI,MAAM,EAAE,CAElD;AAED,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;IACnE,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CA2BD"}

package/dist/providers/twitter.provider.js

@@ -0,0 +1,67 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTwitterProvider = createTwitterProvider;
+exports.getTwitterDefaultScopes = getTwitterDefaultScopes;
+exports.fetchTwitterUser = fetchTwitterUser;
+const arctic = __importStar(require("arctic"));
+const DEFAULT_SCOPES = ['users.read', 'tweet.read'];
+function createTwitterProvider(config) {
+    return new arctic.Twitter(config.clientId, config.clientSecret ?? null, config.redirectUri);
+}
+function getTwitterDefaultScopes() {
+    return [...DEFAULT_SCOPES];
+}
+async function fetchTwitterUser(accessToken) {
+    const res = await fetch('https://api.twitter.com/2/users/me', {
+        headers: {
+            Authorization: `Bearer ${accessToken}`,
+        },
+    });
+    if (!res.ok) {
+        throw new Error(`Failed to fetch Twitter user: ${res.status}`);
+    }
+    const data = (await res.json());
+    const user = data.data;
+    if (!user) {
+        throw new Error('Twitter API returned no user data');
+    }
+    return {
+        id: user.id,
+        email: '', // Twitter API v2 does not provide email
+        name: user.name || user.username || null,
+        picture: user.profile_image_url ?? null,
+    };
+}

package/dist/providers/twitter.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=twitter.provider.test.d.ts.map

package/dist/providers/twitter.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"twitter.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/twitter.provider.test.ts"],"names":[],"mappings":""}

package/dist/providers/twitter.provider.test.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const twitter_provider_1 = require("./twitter.provider");
+jest.mock('arctic', () => ({
+    Twitter: jest.fn().mockImplementation(() => ({})),
+}));
+describe('Twitter Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createTwitterProvider', () => {
+        it('should create provider with client secret', () => {
+            const provider = (0, twitter_provider_1.createTwitterProvider)(config);
+            expect(provider).toBeDefined();
+        });
+        it('should create provider without client secret', () => {
+            const provider = (0, twitter_provider_1.createTwitterProvider)({
+                clientId: config.clientId,
+                redirectUri: config.redirectUri,
+            });
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getTwitterDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, twitter_provider_1.getTwitterDefaultScopes)();
+            expect(scopes).toContain('users.read');
+            expect(scopes).toContain('tweet.read');
+        });
+    });
+    describe('fetchTwitterUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    data: {
+                        id: 'tw-999',
+                        name: 'Twitter User',
+                        username: 'twuser',
+                        profile_image_url: 'https://twitter.com/pic.png',
+                    },
+                }),
+            });
+            const user = await (0, twitter_provider_1.fetchTwitterUser)('access-token');
+            expect(user.id).toBe('tw-999');
+            expect(user.name).toBe('Twitter User');
+            expect(user.email).toBe('');
+            expect(user.picture).toBe('https://twitter.com/pic.png');
+        });
+        it('should throw when no user data', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({}),
+            });
+            await expect((0, twitter_provider_1.fetchTwitterUser)('bad-token')).rejects.toThrow('Twitter API returned no user data');
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, twitter_provider_1.fetchTwitterUser)('bad-token')).rejects.toThrow('Failed to fetch Twitter user');
+        });
+    });
+});

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "@hazeljs/oauth",
+  "version": "0.2.0-alpha.1",
+  "description": "OAuth 2.0 social login module for HazelJS - Microsoft, Google, GitHub and more",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "jest --coverage --passWithNoTests",
+    "lint": "eslint \"src/**/*.ts\"",
+    "lint:fix": "eslint \"src/**/*.ts\" --fix",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "arctic": "^3.7.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.17.50",
+    "@typescript-eslint/eslint-plugin": "^8.18.2",
+    "@typescript-eslint/parser": "^8.18.2",
+    "eslint": "^8.56.0",
+    "jest": "^29.7.0",
+    "ts-jest": "^29.1.2",
+    "typescript": "^5.3.3"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/hazel-js/hazeljs.git",
+    "directory": "packages/oauth"
+  },
+  "keywords": [
+    "hazeljs",
+    "oauth",
+    "authentication",
+    "google",
+    "microsoft",
+    "github",
+    "social-login"
+  ],
+  "author": "Muhammad Arslan <muhammad.arslan@hazeljs.com>",
+  "license": "Apache-2.0",
+  "bugs": {
+    "url": "https://github.com/hazeljs/hazel-js/issues"
+  },
+  "homepage": "https://hazeljs.com",
+  "peerDependencies": {
+    "@hazeljs/core": ">=0.2.0-beta.0"
+  },
+  "gitHead": "cbc5ee2c12ced28fd0576faf13c5f078c1e8421e"
+}