@mulverse/mulguard-core 1.0.0

package/providers/42-school.d.ts

@@ -0,0 +1,240 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#fff", display: "flex", justifyContent: "space-between", color: "#000", padding: 16}}>
+ * <span>Built-in <b>42School</b> integration.</span>
+ * <a href="https://api.intra.42.fr//">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/42-school.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/42-school
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js";
+export interface UserData {
+    id: number;
+    email: string;
+    login: string;
+    first_name: string;
+    last_name: string;
+    usual_full_name: null | string;
+    usual_first_name: null | string;
+    url: string;
+    phone: "hidden" | string | null;
+    displayname: string;
+    image_url: string | null;
+    "staff?": boolean;
+    correction_point: number;
+    pool_month: string | null;
+    pool_year: string | null;
+    location: string | null;
+    wallet: number;
+    anonymize_date: string;
+    created_at: string;
+    updated_at: string | null;
+    alumni: boolean;
+    "is_launched?": boolean;
+}
+export interface CursusUser {
+    grade: string | null;
+    level: number;
+    skills: Array<{
+        id: number;
+        name: string;
+        level: number;
+    }>;
+    blackholed_at: string | null;
+    id: number;
+    begin_at: string | null;
+    end_at: string | null;
+    cursus_id: number;
+    has_coalition: boolean;
+    created_at: string;
+    updated_at: string | null;
+    user: UserData;
+    cursus: {
+        id: number;
+        created_at: string;
+        name: string;
+        slug: string;
+    };
+}
+export interface ProjectUser {
+    id: number;
+    occurrence: number;
+    final_mark: number | null;
+    status: "in_progress" | "finished";
+    "validated?": boolean | null;
+    current_team_id: number;
+    project: {
+        id: number;
+        name: string;
+        slug: string;
+        parent_id: number | null;
+    };
+    cursus_ids: number[];
+    marked_at: string | null;
+    marked: boolean;
+    retriable_at: string | null;
+    created_at: string;
+    updated_at: string | null;
+}
+export interface Achievement {
+    id: number;
+    name: string;
+    description: string;
+    tier: "none" | "easy" | "medium" | "hard" | "challenge";
+    kind: "scolarity" | "project" | "pedagogy" | "scolarity";
+    visible: boolean;
+    image: string | null;
+    nbr_of_success: number | null;
+    users_url: string;
+}
+export interface LanguagesUser {
+    id: number;
+    language_id: number;
+    user_id: number;
+    position: number;
+    created_at: string;
+}
+export interface TitlesUser {
+    id: number;
+    user_id: number;
+    title_id: number;
+    selected: boolean;
+    created_at: string;
+    updated_at: string | null;
+}
+export interface ExpertisesUser {
+    id: number;
+    expertise_id: number;
+    interested: boolean;
+    value: number;
+    contact_me: boolean;
+    created_at: string;
+    user_id: number;
+}
+export interface Campus {
+    id: number;
+    name: string;
+    time_zone: string;
+    language: {
+        id: number;
+        name: string;
+        identifier: string;
+        created_at: string;
+        updated_at: string | null;
+    };
+    users_count: number;
+    vogsphere_id: number;
+    country: string;
+    address: string;
+    zip: string;
+    city: string;
+    website: string;
+    facebook: string;
+    twitter: string;
+    active: boolean;
+    email_extension: string;
+    default_hidden_phone: boolean;
+}
+export interface CampusUser {
+    id: number;
+    user_id: number;
+    campus_id: number;
+    is_primary: boolean;
+    created_at: string;
+    updated_at: string | null;
+}
+export interface Image {
+    link: string;
+    versions: {
+        micro: string;
+        small: string;
+        medium: string;
+        large: string;
+    };
+}
+export interface FortyTwoProfile extends UserData, Record<string, any> {
+    groups: Array<{
+        id: string;
+        name: string;
+    }>;
+    cursus_users: CursusUser[];
+    projects_users: ProjectUser[];
+    languages_users: LanguagesUser[];
+    achievements: Achievement[];
+    titles: Array<{
+        id: string;
+        name: string;
+    }>;
+    titles_users: TitlesUser[];
+    partnerships: any[];
+    patroned: any[];
+    patroning: any[];
+    expertises_users: ExpertisesUser[];
+    roles: Array<{
+        id: string;
+        name: string;
+    }>;
+    campus: Campus[];
+    campus_users: CampusUser[];
+    image: Image;
+    user: any | null;
+}
+/**
+ * Add 42School login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/42-school
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import FortyTwoSchool from "@auth/core/providers/42-school"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     FortyTwoSchool({
+ *       clientId: FORTY_TWO_SCHOOL_CLIENT_ID,
+ *       clientSecret: FORTY_TWO_SCHOOL_CLIENT_SECRET,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [42School OAuth documentation](https://api.intra.42.fr/apidoc/guides/web_application_flow)
+ *
+ * ### Notes
+ *
+ *
+ * :::note
+ * 42 returns a field on `Account` called `created_at` which is a number. See the [docs](https://api.intra.42.fr/apidoc/guides/getting_started#make-basic-requests). Make sure to add this field to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/core/adapters).
+ * :::
+ * By default, Auth.js assumes that the 42School provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The 42School provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/42-school.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function FortyTwo<P extends FortyTwoProfile>(options: OAuthUserConfig<P>): OAuthConfig<P>;
+//# sourceMappingURL=42-school.d.ts.map

package/providers/42-school.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"42-school.d.ts","sourceRoot":"","sources":["../src/providers/42-school.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE9D,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,eAAe,EAAE,IAAI,GAAG,MAAM,CAAA;IAC9B,gBAAgB,EAAE,IAAI,GAAG,MAAM,CAAA;IAC/B,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,QAAQ,GAAG,MAAM,GAAG,IAAI,CAAA;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,QAAQ,EAAE,OAAO,CAAA;IACjB,gBAAgB,EAAE,MAAM,CAAA;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,MAAM,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,MAAM,EAAE,OAAO,CAAA;IACf,cAAc,EAAE,OAAO,CAAA;CACxB;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC1D,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,OAAO,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,IAAI,EAAE,QAAQ,CAAA;IACd,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAA;CACvE;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,MAAM,EAAE,aAAa,GAAG,UAAU,CAAA;IAClC,YAAY,EAAE,OAAO,GAAG,IAAI,CAAA;IAC5B,eAAe,EAAE,MAAM,CAAA;IACvB,OAAO,EAAE;QACP,EAAE,EAAE,MAAM,CAAA;QACV,IAAI,EAAE,MAAM,CAAA;QACZ,IAAI,EAAE,MAAM,CAAA;QACZ,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;KACzB,CAAA;IACD,UAAU,EAAE,MAAM,EAAE,CAAA;IACpB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,MAAM,EAAE,OAAO,CAAA;IACf,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAC1B;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAA;IACvD,IAAI,EAAE,WAAW,GAAG,SAAS,GAAG,UAAU,GAAG,WAAW,CAAA;IACxD,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,OAAO,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAC1B;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAA;IACV,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,OAAO,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,OAAO,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE;QACR,EAAE,EAAE,MAAM,CAAA;QACV,IAAI,EAAE,MAAM,CAAA;QACZ,UAAU,EAAE,MAAM,CAAA;QAClB,UAAU,EAAE,MAAM,CAAA;QAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;KAC1B,CAAA;IACD,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,OAAO,CAAA;IACf,eAAe,EAAE,MAAM,CAAA;IACvB,oBAAoB,EAAE,OAAO,CAAA;CAC9B;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,OAAO,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAC1B;AAED,MAAM,WAAW,KAAK;IACpB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE;QACR,KAAK,EAAE,MAAM,CAAA;QACb,KAAK,EAAE,MAAM,CAAA;QACb,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;CACF;AAED,MAAM,WAAW,eAAgB,SAAQ,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IACpE,MAAM,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC3C,YAAY,EAAE,UAAU,EAAE,CAAA;IAC1B,cAAc,EAAE,WAAW,EAAE,CAAA;IAC7B,eAAe,EAAE,aAAa,EAAE,CAAA;IAChC,YAAY,EAAE,WAAW,EAAE,CAAA;IAC3B,MAAM,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC3C,YAAY,EAAE,UAAU,EAAE,CAAA;IAC1B,YAAY,EAAE,GAAG,EAAE,CAAA;IACnB,QAAQ,EAAE,GAAG,EAAE,CAAA;IACf,SAAS,EAAE,GAAG,EAAE,CAAA;IAChB,gBAAgB,EAAE,cAAc,EAAE,CAAA;IAClC,KAAK,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC1C,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,YAAY,EAAE,UAAU,EAAE,CAAA;IAC1B,KAAK,EAAE,KAAK,CAAA;IACZ,IAAI,EAAE,GAAG,GAAG,IAAI,CAAA;CACjB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;AACH,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,CAAC,SAAS,eAAe,EACxD,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,GAC1B,WAAW,CAAC,CAAC,CAAC,CAqBhB"}

package/providers/42-school.js

@@ -0,0 +1,78 @@
+/**
+ * Add 42School login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/42-school
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import FortyTwoSchool from "@auth/core/providers/42-school"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     FortyTwoSchool({
+ *       clientId: FORTY_TWO_SCHOOL_CLIENT_ID,
+ *       clientSecret: FORTY_TWO_SCHOOL_CLIENT_SECRET,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [42School OAuth documentation](https://api.intra.42.fr/apidoc/guides/web_application_flow)
+ *
+ * ### Notes
+ *
+ *
+ * :::note
+ * 42 returns a field on `Account` called `created_at` which is a number. See the [docs](https://api.intra.42.fr/apidoc/guides/getting_started#make-basic-requests). Make sure to add this field to your database schema, in case if you are using an [Adapter](https://authjs.dev/reference/core/adapters).
+ * :::
+ * By default, Auth.js assumes that the 42School provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The 42School provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/42-school.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function FortyTwo(options) {
+    return {
+        id: "42-school",
+        name: "42 School",
+        type: "oauth",
+        authorization: {
+            url: "https://api.intra.42.fr/oauth/authorize",
+            params: { scope: "public" },
+        },
+        token: "https://api.intra.42.fr/oauth/token",
+        userinfo: "https://api.intra.42.fr/v2/me",
+        profile(profile) {
+            return {
+                id: profile.id.toString(),
+                name: profile.usual_full_name,
+                email: profile.email,
+                image: profile.image.link,
+            };
+        },
+        options,
+    };
+}

package/providers/apple.d.ts

@@ -0,0 +1,149 @@
+/**
+ * <div class="provider" style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
+ * <span style={{fontSize: "1.35rem" }}>
+ *  Built-in sign in with <b>Apple</b> integration.
+ * </span>
+ * <a href="https://apple.com" style={{backgroundColor: "black", padding: "12px", borderRadius: "100%" }}>
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/apple.svg" width="24"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/apple
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js";
+/** The returned user profile from Apple when using the profile callback. */
+export interface AppleProfile extends Record<string, any> {
+    /**
+     * The issuer registered claim identifies the principal that issued the identity token.
+     * Since Apple generates the token, the value is `https://appleid.apple.com`.
+     */
+    iss: "https://appleid.apple.com";
+    /**
+     * The audience registered claim identifies the recipient for which the identity token is intended.
+     * Since the token is meant for your application, the value is the `client_id` from your developer account.
+     */
+    aud: string;
+    /**
+     * The issued at registered claim indicates the time at which Apple issued the identity token,
+     * in terms of the number of seconds since Epoch, in UTC.
+     */
+    iat: number;
+    /**
+     * The expiration time registered identifies the time on or after which the identity token expires,
+     * in terms of number of seconds since Epoch, in UTC.
+     * The value must be greater than the current date/time when verifying the token.
+     */
+    exp: number;
+    /**
+     * The subject registered claim identifies the principal that's the subject of the identity token.
+     * Since this token is meant for your application, the value is the unique identifier for the user.
+     */
+    sub: string;
+    /**
+     * A String value used to associate a client session and the identity token.
+     * This value mitigates replay attacks and is present only if passed during the authorization request.
+     */
+    nonce: string;
+    /**
+     * A Boolean value that indicates whether the transaction is on a nonce-supported platform.
+     * If you sent a nonce in the authorization request but don't see the nonce claim in the identity token,
+     * check this claim to determine how to proceed.
+     * If this claim returns true, you should treat nonce as mandatory and fail the transaction;
+     * otherwise, you can proceed treating the nonce as options.
+     */
+    nonce_supported: boolean;
+    /**
+     * A String value representing the user's email address.
+     * The email address is either the user's real email address or the proxy address,
+     * depending on their status private email relay service.
+     */
+    email: string;
+    /**
+     * A String or Boolean value that indicates whether the service has verified the email.
+     * The value of this claim is always true, because the servers only return verified email addresses.
+     * The value can either be a String (`"true"`) or a Boolean (`true`).
+     */
+    email_verified: "true" | true;
+    /**
+     * A String or Boolean value that indicates whether the email shared by the user is the proxy address.
+     * The value can either be a String (`"true"` or `"false"`) or a Boolean (`true` or `false`).
+     */
+    is_private_email: boolean | "true" | "false";
+    /**
+     * An Integer value that indicates whether the user appears to be a real person.
+     * Use the value of this claim to mitigate fraud. The possible values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal).
+     * For more information, see [`ASUserDetectionStatus`](https://developer.apple.com/documentation/authenticationservices/asuserdetectionstatus).
+     * This claim is present only on iOS 14 and later, macOS 11 and later, watchOS 7 and later, tvOS 14 and later;
+     * the claim isn't present or supported for web-based apps.
+     */
+    real_user_status: 0 | 1 | 2;
+    /**
+     * A String value representing the transfer identifier used to migrate users to your team.
+     * This claim is present only during the 60-day transfer period after an you transfer an app.
+     * For more information, see [Bringing New Apps and Users into Your Team](https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team).
+     */
+    transfer_sub: string;
+    at_hash: string;
+    auth_time: number;
+    user?: AppleNonConformUser;
+}
+/**
+ * This is the shape of the `user` query parameter that Apple sends the first
+ * time the user consents to the app.
+ * @see https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server#4066168
+ */
+export interface AppleNonConformUser {
+    name: {
+        firstName: string;
+        lastName: string;
+    };
+    email: string;
+}
+/**
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/auth/callback/apple
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import Apple from "@auth/core/providers/apple"
+ * ...
+ * providers: [
+ *   Apple({
+ *     clientId: env.AUTH_APPLE_ID,
+ *     clientSecret: env.AUTH_APPLE_SECRET,
+ *   })
+ * ]
+ * ...
+ * ```
+ *
+ * ### Resources
+ *
+ * - Sign in with Apple [Overview](https://developer.apple.com/sign-in-with-apple/get-started/)
+ * - Sign in with Apple [REST API](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api)
+ * - [How to retrieve](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383773) the user's information from Apple ID servers
+ * - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
+ * - [Creating the Client Secret](https://developer.apple.com/documentation/accountorganizationaldatasharing/creating-a-client-secret)
+ *
+ * ### Notes
+ *
+ * - Apple does not support localhost/http URLs. You can only use a live URL with HTTPS.
+ * - Apple requires the client secret to be a JWT. We provide a CLI command `npx auth add apple`, to help you generate one.
+ *   This will prompt you for the necessary information and at the end it will add the `AUTH_APPLE_ID` and `AUTH_APPLE_SECRET` to your `.env` file.
+ * - Apple provides minimal user information. It returns the user's email and name, but only the first time the user consents to the app.
+ * - The Apple provider does not support setting up the same client for multiple deployments (like [preview deployments](https://authjs.dev/getting-started/deployment#securing-a-preview-deployment)).
+ * - The Apple provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/apple.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * ## Help
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ */
+export default function Apple(config: OAuthUserConfig<AppleProfile>): OAuthConfig<AppleProfile>;
+//# sourceMappingURL=apple.d.ts.map

package/providers/apple.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple.d.ts","sourceRoot":"","sources":["../src/providers/apple.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE9D,4EAA4E;AAC5E,MAAM,WAAW,YAAa,SAAQ,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IACvD;;;OAGG;IACH,GAAG,EAAE,2BAA2B,CAAA;IAChC;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAA;IACX;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAA;IAEX;;;;OAIG;IACH,GAAG,EAAE,MAAM,CAAA;IACX;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAA;IACX;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAA;IAEb;;;;;;OAMG;IACH,eAAe,EAAE,OAAO,CAAA;IAExB;;;;OAIG;IACH,KAAK,EAAE,MAAM,CAAA;IAEb;;;;OAIG;IACH,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAE7B;;;OAGG;IACH,gBAAgB,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAA;IAE5C;;;;;;OAMG;IACH,gBAAgB,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAE3B;;;;OAIG;IACH,YAAY,EAAE,MAAM,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,CAAC,EAAE,mBAAmB,CAAA;CAC3B;AAED;;;;GAIG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE;QACJ,SAAS,EAAE,MAAM,CAAA;QACjB,QAAQ,EAAE,MAAM,CAAA;KACjB,CAAA;IACD,KAAK,EAAE,MAAM,CAAA;CACd;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,MAAM,CAAC,OAAO,UAAU,KAAK,CAC3B,MAAM,EAAE,eAAe,CAAC,YAAY,CAAC,GACpC,WAAW,CAAC,YAAY,CAAC,CA4C3B"}

package/providers/apple.js

@@ -0,0 +1,104 @@
+/**
+ * <div class="provider" style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
+ * <span style={{fontSize: "1.35rem" }}>
+ *  Built-in sign in with <b>Apple</b> integration.
+ * </span>
+ * <a href="https://apple.com" style={{backgroundColor: "black", padding: "12px", borderRadius: "100%" }}>
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/apple.svg" width="24"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/apple
+ */
+import { conformInternal, customFetch } from "../lib/symbols.js";
+/**
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/auth/callback/apple
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import Apple from "@auth/core/providers/apple"
+ * ...
+ * providers: [
+ *   Apple({
+ *     clientId: env.AUTH_APPLE_ID,
+ *     clientSecret: env.AUTH_APPLE_SECRET,
+ *   })
+ * ]
+ * ...
+ * ```
+ *
+ * ### Resources
+ *
+ * - Sign in with Apple [Overview](https://developer.apple.com/sign-in-with-apple/get-started/)
+ * - Sign in with Apple [REST API](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api)
+ * - [How to retrieve](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383773) the user's information from Apple ID servers
+ * - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
+ * - [Creating the Client Secret](https://developer.apple.com/documentation/accountorganizationaldatasharing/creating-a-client-secret)
+ *
+ * ### Notes
+ *
+ * - Apple does not support localhost/http URLs. You can only use a live URL with HTTPS.
+ * - Apple requires the client secret to be a JWT. We provide a CLI command `npx auth add apple`, to help you generate one.
+ *   This will prompt you for the necessary information and at the end it will add the `AUTH_APPLE_ID` and `AUTH_APPLE_SECRET` to your `.env` file.
+ * - Apple provides minimal user information. It returns the user's email and name, but only the first time the user consents to the app.
+ * - The Apple provider does not support setting up the same client for multiple deployments (like [preview deployments](https://authjs.dev/getting-started/deployment#securing-a-preview-deployment)).
+ * - The Apple provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/apple.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * ## Help
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ */
+export default function Apple(config) {
+    return {
+        id: "apple",
+        name: "Apple",
+        type: "oidc",
+        issuer: "https://appleid.apple.com",
+        authorization: {
+            params: {
+                scope: "name email",
+                response_mode: "form_post",
+            },
+        },
+        // We need to parse the special `user` parameter the first time the user consents to the app.
+        // It adds the `name` object to the `profile`, with `firstName` and `lastName` fields.
+        [conformInternal]: true,
+        profile(profile) {
+            const name = profile.user
+                ? `${profile.user.name.firstName} ${profile.user.name.lastName}`
+                : profile.email;
+            return {
+                id: profile.sub,
+                name: name,
+                email: profile.email,
+                image: null,
+            };
+        },
+        // Apple does not provide a userinfo endpoint.
+        async [customFetch](...args) {
+            const url = new URL(args[0] instanceof Request ? args[0].url : args[0]);
+            if (url.pathname.endsWith(".well-known/openid-configuration")) {
+                const response = await fetch(...args);
+                const json = await response.clone().json();
+                return Response.json({
+                    ...json,
+                    userinfo_endpoint: "https://appleid.apple.com/fake_endpoint",
+                });
+            }
+            return fetch(...args);
+        },
+        client: { token_endpoint_auth_method: "client_secret_post" },
+        style: { text: "#fff", bg: "#000" },
+        checks: ["nonce", "state"],
+        options: config,
+    };
+}