@hazeljs/oauth 0.2.0-beta.54 → 0.2.0-beta.56

package/dist/guards/oauth-state.guard.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oauth-state.guard.test.d.ts.map

package/dist/guards/oauth-state.guard.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-state.guard.test.d.ts","sourceRoot":"","sources":["../../src/guards/oauth-state.guard.test.ts"],"names":[],"mappings":""}

package/dist/guards/oauth-state.guard.test.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+jest.mock('arctic', () => ({
+    generateState: jest.fn(() => 'state'),
+    generateCodeVerifier: jest.fn(() => 'verifier'),
+    Google: jest.fn(),
+    MicrosoftEntraId: jest.fn(),
+    Twitter: jest.fn(),
+    GitHub: jest.fn(),
+    Facebook: jest.fn(),
+}));
+const oauth_state_guard_1 = require("./oauth-state.guard");
+const core_1 = require("@hazeljs/core");
+describe('OAuthStateGuard', () => {
+    let guard;
+    let oauthService;
+    beforeEach(() => {
+        oauthService = {
+            validateState: jest.fn().mockReturnValue(true),
+        };
+        guard = new oauth_state_guard_1.OAuthStateGuard(oauthService);
+    });
+    const createContext = (query, body, oauth_stored_state) => ({
+        switchToHttp: () => ({
+            getRequest: () => ({
+                query,
+                body,
+                oauth_stored_state,
+            }),
+        }),
+    });
+    it('should return true when state is valid', async () => {
+        const context = createContext({ state: 'received-state' }, undefined, 'received-state');
+        const result = await guard.canActivate(context);
+        expect(result).toBe(true);
+        expect(oauthService.validateState).toHaveBeenCalledWith('received-state', 'received-state');
+    });
+    it('should use body state when query state is missing', async () => {
+        const context = createContext(undefined, { state: 'body-state' }, 'body-state');
+        const result = await guard.canActivate(context);
+        expect(result).toBe(true);
+        expect(oauthService.validateState).toHaveBeenCalledWith('body-state', 'body-state');
+    });
+    it('should throw UnauthorizedError when received state is missing', async () => {
+        const context = createContext(undefined, undefined, 'stored-state');
+        await expect(guard.canActivate(context)).rejects.toThrow(core_1.UnauthorizedError);
+        await expect(guard.canActivate(context)).rejects.toThrow('Missing OAuth state');
+    });
+    it('should throw UnauthorizedError when stored state is missing', async () => {
+        const context = createContext({ state: 'received' }, undefined, undefined);
+        await expect(guard.canActivate(context)).rejects.toThrow(core_1.UnauthorizedError);
+        await expect(guard.canActivate(context)).rejects.toThrow('Missing OAuth state');
+    });
+    it('should throw UnauthorizedError when state validation fails', async () => {
+        oauthService.validateState.mockReturnValue(false);
+        const context = createContext({ state: 'received' }, undefined, 'stored');
+        await expect(guard.canActivate(context)).rejects.toThrow(core_1.UnauthorizedError);
+        await expect(guard.canActivate(context)).rejects.toThrow('Invalid OAuth state');
+    });
+});

package/dist/oauth.module.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oauth.module.test.d.ts.map

package/dist/oauth.module.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.module.test.d.ts","sourceRoot":"","sources":["../src/oauth.module.test.ts"],"names":[],"mappings":""}

package/dist/oauth.module.test.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const oauth_module_1 = require("./oauth.module");
+const oauth_service_1 = require("./oauth.service");
+jest.mock('arctic', () => ({
+    generateState: jest.fn(() => 'state'),
+    generateCodeVerifier: jest.fn(() => 'verifier'),
+    Google: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: () => new URL('https://accounts.google.com/auth'),
+        validateAuthorizationCode: jest.fn(),
+    })),
+    MicrosoftEntraId: jest.fn(),
+    Twitter: jest.fn(),
+    GitHub: jest.fn(),
+    Facebook: jest.fn(),
+}));
+describe('OAuthModule', () => {
+    const testOptions = {
+        providers: {
+            google: {
+                clientId: 'test-id',
+                clientSecret: 'test-secret',
+                redirectUri: 'https://app.com/callback',
+            },
+        },
+    };
+    beforeEach(() => {
+        oauth_module_1.OAuthModule.forRoot(testOptions);
+    });
+    it('should return OAuthModule from forRoot', () => {
+        const result = oauth_module_1.OAuthModule.forRoot(testOptions);
+        expect(result).toBe(oauth_module_1.OAuthModule);
+    });
+    it('should configure OAuthService when forRoot is called', () => {
+        const service = new oauth_service_1.OAuthService();
+        expect(service).toBeInstanceOf(oauth_service_1.OAuthService);
+        const url = service.getAuthorizationUrl('google');
+        expect(url.url).toBeDefined();
+    });
+});

package/dist/oauth.service.js

@@ -234,6 +234,6 @@ let OAuthService = OAuthService_1 = class OAuthService {
 exports.OAuthService = OAuthService;
 OAuthService.options = null;
 exports.OAuthService = OAuthService = OAuthService_1 = __decorate([
-    (0, core_1.Injectable)(),
+    (0, core_1.Service)(),
     __metadata("design:paramtypes", [])
 ], OAuthService);

package/dist/oauth.service.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oauth.service.test.d.ts.map

package/dist/oauth.service.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.service.test.d.ts","sourceRoot":"","sources":["../src/oauth.service.test.ts"],"names":[],"mappings":""}

package/dist/oauth.service.test.js

@@ -0,0 +1,248 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const oauth_service_1 = require("./oauth.service");
+const arctic = __importStar(require("arctic"));
+jest.mock('arctic', () => ({
+    generateState: jest.fn(() => 'mock-state-123'),
+    generateCodeVerifier: jest.fn(() => 'mock-code-verifier-456'),
+    Google: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, _cv, scopes) => new URL(`https://accounts.google.com/o/oauth2/v2/auth?state=${state}&scope=${scopes.join(' ')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+    MicrosoftEntraId: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, _cv, scopes) => new URL(`https://login.microsoftonline.com/oauth2/v2.0/authorize?state=${state}&scope=${scopes.join(' ')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+    Twitter: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, _cv, scopes) => new URL(`https://twitter.com/i/oauth2/authorize?state=${state}&scope=${scopes.join(' ')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+    GitHub: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, scopes) => new URL(`https://github.com/login/oauth/authorize?state=${state}&scope=${scopes.join(' ')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+    Facebook: jest.fn().mockImplementation(() => ({
+        createAuthorizationURL: (state, scopes) => new URL(`https://facebook.com/v18.0/dialog/oauth?state=${state}&scope=${scopes.join(',')}`),
+        validateAuthorizationCode: jest.fn().mockResolvedValue({
+            accessToken: () => 'mock-access-token',
+            hasRefreshToken: () => true,
+            refreshToken: () => 'mock-refresh-token',
+            accessTokenExpiresAt: () => new Date(Date.now() + 3600 * 1000),
+        }),
+    })),
+}));
+const mockFetch = jest.fn();
+global.fetch = mockFetch;
+describe('OAuthService', () => {
+    const baseConfig = {
+        clientId: 'test-client-id',
+        clientSecret: 'test-client-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    beforeEach(() => {
+        jest.clearAllMocks();
+        oauth_service_1.OAuthService.configure({
+            providers: {
+                google: { ...baseConfig },
+                github: { ...baseConfig },
+                facebook: { ...baseConfig },
+                microsoft: { ...baseConfig },
+                twitter: { ...baseConfig },
+            },
+        });
+        mockFetch.mockResolvedValue({
+            ok: true,
+            json: () => Promise.resolve({
+                sub: 'user-123',
+                email: 'test@example.com',
+                name: 'Test User',
+                picture: 'https://example.com/avatar.png',
+            }),
+        });
+    });
+    describe('configure and getOptions', () => {
+        it('should throw when not configured', () => {
+            oauth_service_1.OAuthService.options = null;
+            expect(() => new oauth_service_1.OAuthService()).toThrow('OAuthModule not configured');
+            oauth_service_1.OAuthService.configure({ providers: { google: baseConfig } });
+        });
+    });
+    describe('getAuthorizationUrl', () => {
+        it('should return URL with state for GitHub (no PKCE)', () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = service.getAuthorizationUrl('github');
+            expect(result.url).toContain('github.com');
+            expect(result.state).toBe('mock-state-123');
+            expect(result.codeVerifier).toBeUndefined();
+            expect(arctic.generateState).toHaveBeenCalled();
+        });
+        it('should return URL with state and codeVerifier for Google (PKCE)', () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = service.getAuthorizationUrl('google');
+            expect(result.url).toContain('accounts.google.com');
+            expect(result.state).toBe('mock-state-123');
+            expect(result.codeVerifier).toBe('mock-code-verifier-456');
+            expect(arctic.generateCodeVerifier).toHaveBeenCalled();
+        });
+        it('should use provided state when given', () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = service.getAuthorizationUrl('github', 'custom-state');
+            expect(result.state).toBe('custom-state');
+            expect(result.url).toContain('custom-state');
+        });
+        it('should use custom scopes when provided', () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = service.getAuthorizationUrl('github', undefined, ['user:email', 'repo']);
+            expect(result.url).toMatch(/user:email|user%3Aemail/);
+            expect(result.url).toContain('repo');
+        });
+        it('should throw for unconfigured provider', () => {
+            oauth_service_1.OAuthService.configure({ providers: { google: baseConfig } });
+            const service = new oauth_service_1.OAuthService();
+            expect(() => service.getAuthorizationUrl('github')).toThrow('GitHub OAuth is not configured');
+        });
+    });
+    describe('validateState', () => {
+        it('should return true when states match', () => {
+            const service = new oauth_service_1.OAuthService();
+            expect(service.validateState('abc123', 'abc123')).toBe(true);
+        });
+        it('should return false when states differ', () => {
+            const service = new oauth_service_1.OAuthService();
+            expect(service.validateState('abc123', 'xyz789')).toBe(false);
+        });
+        it('should return false when received state is empty', () => {
+            const service = new oauth_service_1.OAuthService();
+            expect(service.validateState('', 'stored')).toBe(false);
+        });
+    });
+    describe('generateState', () => {
+        it('should return generated state', () => {
+            const service = new oauth_service_1.OAuthService();
+            const state = service.generateState();
+            expect(state).toBe('mock-state-123');
+            expect(arctic.generateState).toHaveBeenCalled();
+        });
+    });
+    describe('handleCallback', () => {
+        it('should exchange code and fetch user for GitHub', async () => {
+            const service = new oauth_service_1.OAuthService();
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 12345,
+                    email: 'github@example.com',
+                    name: 'GitHub User',
+                    avatar_url: 'https://github.com/avatar.png',
+                }),
+            });
+            const result = await service.handleCallback('github', 'auth-code', 'mock-state-123');
+            expect(result.accessToken).toBe('mock-access-token');
+            expect(result.user.id).toBe('12345');
+            expect(result.user.email).toBe('github@example.com');
+            expect(result.user.name).toBe('GitHub User');
+            expect(result.user.picture).toBe('https://github.com/avatar.png');
+        });
+        it('should require codeVerifier for Google (PKCE)', async () => {
+            const service = new oauth_service_1.OAuthService();
+            await expect(service.handleCallback('google', 'code', 'state')).rejects.toThrow('requires codeVerifier');
+        });
+        it('should exchange code with codeVerifier for Google', async () => {
+            const service = new oauth_service_1.OAuthService();
+            const result = await service.handleCallback('google', 'auth-code', 'mock-state-123', 'mock-code-verifier-456');
+            expect(result.accessToken).toBe('mock-access-token');
+            expect(result.user.email).toBe('test@example.com');
+        });
+        it('should fetch Facebook user with correct API', async () => {
+            const service = new oauth_service_1.OAuthService();
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 'fb-123',
+                    email: 'fb@example.com',
+                    name: 'FB User',
+                    picture: { data: { url: 'https://fb.com/pic.png' } },
+                }),
+            });
+            const result = await service.handleCallback('facebook', 'code', 'state');
+            expect(result.user.id).toBe('fb-123');
+            expect(result.user.picture).toBe('https://fb.com/pic.png');
+        });
+        it('should fetch Twitter user (no email from API v2)', async () => {
+            const service = new oauth_service_1.OAuthService();
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    data: {
+                        id: 'tw-123',
+                        name: 'Twitter User',
+                        username: 'twuser',
+                        profile_image_url: 'https://twitter.com/pic.png',
+                    },
+                }),
+            });
+            const result = await service.handleCallback('twitter', 'code', 'state', 'code-verifier');
+            expect(result.user.id).toBe('tw-123');
+            expect(result.user.email).toBe('');
+            expect(result.user.name).toBe('Twitter User');
+        });
+        it('should throw for unconfigured provider', async () => {
+            oauth_service_1.OAuthService.configure({ providers: { google: baseConfig } });
+            const service = new oauth_service_1.OAuthService();
+            await expect(service.handleCallback('facebook', 'code', 'state')).rejects.toThrow('Facebook OAuth is not configured');
+        });
+    });
+});

package/dist/providers/facebook.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=facebook.provider.test.d.ts.map

package/dist/providers/facebook.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"facebook.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/facebook.provider.test.ts"],"names":[],"mappings":""}

package/dist/providers/facebook.provider.test.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const facebook_provider_1 = require("./facebook.provider");
+jest.mock('arctic', () => ({
+    Facebook: jest.fn().mockImplementation(() => ({})),
+}));
+describe('Facebook Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createFacebookProvider', () => {
+        it('should create provider instance', () => {
+            const provider = (0, facebook_provider_1.createFacebookProvider)(config);
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getFacebookDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, facebook_provider_1.getFacebookDefaultScopes)();
+            expect(scopes).toContain('email');
+            expect(scopes).toContain('public_profile');
+        });
+    });
+    describe('fetchFacebookUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data with nested picture', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 'fb-123',
+                    email: 'user@fb.com',
+                    name: 'FB User',
+                    picture: { data: { url: 'https://fb.com/pic.jpg' } },
+                }),
+            });
+            const user = await (0, facebook_provider_1.fetchFacebookUser)('access-token');
+            expect(user.id).toBe('fb-123');
+            expect(user.email).toBe('user@fb.com');
+            expect(user.name).toBe('FB User');
+            expect(user.picture).toBe('https://fb.com/pic.jpg');
+        });
+        it('should handle missing picture', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 'fb-456',
+                    name: 'No Pic User',
+                }),
+            });
+            const user = await (0, facebook_provider_1.fetchFacebookUser)('access-token');
+            expect(user.picture).toBeNull();
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, facebook_provider_1.fetchFacebookUser)('bad-token')).rejects.toThrow('Failed to fetch Facebook user');
+        });
+    });
+});

package/dist/providers/github.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=github.provider.test.d.ts.map

package/dist/providers/github.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/github.provider.test.ts"],"names":[],"mappings":""}

package/dist/providers/github.provider.test.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const github_provider_1 = require("./github.provider");
+jest.mock('arctic', () => ({
+    GitHub: jest.fn().mockImplementation(() => ({})),
+}));
+describe('GitHub Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createGitHubProvider', () => {
+        it('should create provider instance', () => {
+            const provider = (0, github_provider_1.createGitHubProvider)(config);
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getGitHubDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, github_provider_1.getGitHubDefaultScopes)();
+            expect(scopes).toContain('user:email');
+        });
+    });
+    describe('fetchGitHubUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data', async () => {
+            global.fetch.mockResolvedValueOnce({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 999,
+                    email: 'dev@github.com',
+                    name: 'Dev User',
+                    avatar_url: 'https://github.com/avatar.png',
+                }),
+            });
+            const user = await (0, github_provider_1.fetchGitHubUser)('access-token');
+            expect(user.id).toBe('999');
+            expect(user.email).toBe('dev@github.com');
+            expect(user.name).toBe('Dev User');
+            expect(user.picture).toBe('https://github.com/avatar.png');
+        });
+        it('should fetch email from emails endpoint when not in user', async () => {
+            global.fetch
+                .mockResolvedValueOnce({
+                ok: true,
+                json: () => Promise.resolve({
+                    id: 888,
+                    name: 'No Email User',
+                }),
+            })
+                .mockResolvedValueOnce({
+                ok: true,
+                json: () => Promise.resolve([
+                    { email: 'primary@example.com', primary: true },
+                    { email: 'other@example.com', primary: false },
+                ]),
+            });
+            const user = await (0, github_provider_1.fetchGitHubUser)('access-token');
+            expect(user.email).toBe('primary@example.com');
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, github_provider_1.fetchGitHubUser)('bad-token')).rejects.toThrow('Failed to fetch GitHub user');
+        });
+    });
+});

package/dist/providers/google.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=google.provider.test.d.ts.map

package/dist/providers/google.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/google.provider.test.ts"],"names":[],"mappings":""}

package/dist/providers/google.provider.test.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const google_provider_1 = require("./google.provider");
+jest.mock('arctic', () => ({
+    Google: jest.fn().mockImplementation(() => ({})),
+}));
+describe('Google Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createGoogleProvider', () => {
+        it('should create provider instance', () => {
+            const provider = (0, google_provider_1.createGoogleProvider)(config);
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getGoogleDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, google_provider_1.getGoogleDefaultScopes)();
+            expect(scopes).toContain('openid');
+            expect(scopes).toContain('profile');
+            expect(scopes).toContain('email');
+        });
+    });
+    describe('fetchGoogleUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    sub: 'google-123',
+                    email: 'user@gmail.com',
+                    name: 'Google User',
+                    picture: 'https://google.com/photo.jpg',
+                }),
+            });
+            const user = await (0, google_provider_1.fetchGoogleUser)('access-token');
+            expect(user.id).toBe('google-123');
+            expect(user.email).toBe('user@gmail.com');
+            expect(user.name).toBe('Google User');
+            expect(user.picture).toBe('https://google.com/photo.jpg');
+        });
+        it('should handle missing optional fields', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    sub: 'google-456',
+                }),
+            });
+            const user = await (0, google_provider_1.fetchGoogleUser)('access-token');
+            expect(user.id).toBe('google-456');
+            expect(user.email).toBe('');
+            expect(user.name).toBeNull();
+            expect(user.picture).toBeNull();
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, google_provider_1.fetchGoogleUser)('bad-token')).rejects.toThrow('Failed to fetch Google user');
+        });
+    });
+});

package/dist/providers/microsoft.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=microsoft.provider.test.d.ts.map

package/dist/providers/microsoft.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"microsoft.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/microsoft.provider.test.ts"],"names":[],"mappings":""}

package/dist/providers/microsoft.provider.test.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const microsoft_provider_1 = require("./microsoft.provider");
+jest.mock('arctic', () => ({
+    MicrosoftEntraId: jest.fn().mockImplementation(() => ({})),
+}));
+describe('Microsoft Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createMicrosoftProvider', () => {
+        it('should create provider with common tenant by default', () => {
+            const provider = (0, microsoft_provider_1.createMicrosoftProvider)(config);
+            expect(provider).toBeDefined();
+        });
+        it('should create provider with custom tenant', () => {
+            const provider = (0, microsoft_provider_1.createMicrosoftProvider)({
+                ...config,
+                tenant: 'my-tenant-id',
+            });
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getMicrosoftDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, microsoft_provider_1.getMicrosoftDefaultScopes)();
+            expect(scopes).toContain('openid');
+            expect(scopes).toContain('profile');
+            expect(scopes).toContain('email');
+        });
+    });
+    describe('fetchMicrosoftUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    sub: 'ms-123',
+                    email: 'user@outlook.com',
+                    name: 'MS User',
+                    picture: 'https://graph.microsoft.com/photo',
+                }),
+            });
+            const user = await (0, microsoft_provider_1.fetchMicrosoftUser)('access-token');
+            expect(user.id).toBe('ms-123');
+            expect(user.email).toBe('user@outlook.com');
+            expect(user.name).toBe('MS User');
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, microsoft_provider_1.fetchMicrosoftUser)('bad-token')).rejects.toThrow('Failed to fetch Microsoft user');
+        });
+    });
+});

package/dist/providers/provider.types.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=provider.types.test.d.ts.map

package/dist/providers/provider.types.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.types.test.d.ts","sourceRoot":"","sources":["../../src/providers/provider.types.test.ts"],"names":[],"mappings":""}

package/dist/providers/provider.types.test.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+describe('Provider Types', () => {
+    it('should allow valid BaseProviderConfig', () => {
+        const config = {
+            clientId: 'id',
+            clientSecret: 'secret',
+            redirectUri: 'https://app.com/cb',
+        };
+        expect(config.clientId).toBe('id');
+    });
+    it('should allow GoogleProviderConfig', () => {
+        const config = {
+            clientId: 'id',
+            clientSecret: 'secret',
+            redirectUri: 'https://app.com/cb',
+        };
+        expect(config).toBeDefined();
+    });
+    it('should allow MicrosoftProviderConfig with optional tenant', () => {
+        const config = {
+            clientId: 'id',
+            clientSecret: 'secret',
+            redirectUri: 'https://app.com/cb',
+            tenant: 'common',
+        };
+        expect(config.tenant).toBe('common');
+    });
+    it('should define OAuthUser shape', () => {
+        const user = {
+            id: '123',
+            email: 'a@b.com',
+            name: 'User',
+            picture: 'https://pic.com',
+        };
+        expect(user.id).toBe('123');
+    });
+    it('should define OAuthCallbackResult shape', () => {
+        const result = {
+            accessToken: 'token',
+            user: { id: '1', email: 'e@e.com', name: 'N' },
+        };
+        expect(result.accessToken).toBe('token');
+    });
+    it('should define OAuthAuthorizationResult shape', () => {
+        const result = {
+            url: 'https://provider.com',
+            state: 'state',
+            codeVerifier: 'verifier',
+        };
+        expect(result.codeVerifier).toBe('verifier');
+    });
+    it('should include all SupportedProvider values', () => {
+        const providers = ['google', 'microsoft', 'github', 'facebook', 'twitter'];
+        expect(providers).toHaveLength(5);
+    });
+});

package/dist/providers/twitter.provider.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=twitter.provider.test.d.ts.map

package/dist/providers/twitter.provider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"twitter.provider.test.d.ts","sourceRoot":"","sources":["../../src/providers/twitter.provider.test.ts"],"names":[],"mappings":""}

package/dist/providers/twitter.provider.test.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const twitter_provider_1 = require("./twitter.provider");
+jest.mock('arctic', () => ({
+    Twitter: jest.fn().mockImplementation(() => ({})),
+}));
+describe('Twitter Provider', () => {
+    const config = {
+        clientId: 'test-id',
+        clientSecret: 'test-secret',
+        redirectUri: 'https://app.com/callback',
+    };
+    describe('createTwitterProvider', () => {
+        it('should create provider with client secret', () => {
+            const provider = (0, twitter_provider_1.createTwitterProvider)(config);
+            expect(provider).toBeDefined();
+        });
+        it('should create provider without client secret', () => {
+            const provider = (0, twitter_provider_1.createTwitterProvider)({
+                clientId: config.clientId,
+                redirectUri: config.redirectUri,
+            });
+            expect(provider).toBeDefined();
+        });
+    });
+    describe('getTwitterDefaultScopes', () => {
+        it('should return default scopes', () => {
+            const scopes = (0, twitter_provider_1.getTwitterDefaultScopes)();
+            expect(scopes).toContain('users.read');
+            expect(scopes).toContain('tweet.read');
+        });
+    });
+    describe('fetchTwitterUser', () => {
+        const originalFetch = global.fetch;
+        beforeEach(() => {
+            global.fetch = jest.fn();
+        });
+        afterEach(() => {
+            global.fetch = originalFetch;
+        });
+        it('should fetch and map user data', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    data: {
+                        id: 'tw-999',
+                        name: 'Twitter User',
+                        username: 'twuser',
+                        profile_image_url: 'https://twitter.com/pic.png',
+                    },
+                }),
+            });
+            const user = await (0, twitter_provider_1.fetchTwitterUser)('access-token');
+            expect(user.id).toBe('tw-999');
+            expect(user.name).toBe('Twitter User');
+            expect(user.email).toBe('');
+            expect(user.picture).toBe('https://twitter.com/pic.png');
+        });
+        it('should throw when no user data', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({}),
+            });
+            await expect((0, twitter_provider_1.fetchTwitterUser)('bad-token')).rejects.toThrow('Twitter API returned no user data');
+        });
+        it('should throw on failed request', async () => {
+            global.fetch.mockResolvedValue({ ok: false });
+            await expect((0, twitter_provider_1.fetchTwitterUser)('bad-token')).rejects.toThrow('Failed to fetch Twitter user');
+        });
+    });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hazeljs/oauth",
-  "version": "0.2.0-beta.54",
+  "version": "0.2.0-beta.56",
   "description": "OAuth 2.0 social login module for HazelJS - Microsoft, Google, GitHub and more",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -52,5 +52,5 @@
   "peerDependencies": {
     "@hazeljs/core": ">=0.2.0-beta.0"
   },
-  "gitHead": "c593ce33447cdc62d7bd2386cc2db47840292fcb"
+  "gitHead": "c2737e90974458a8438eee623726f0a453b66b8b"
 }