@mulverse/mulguard-core 1.0.0

package/providers/concept2.d.ts

@@ -0,0 +1,81 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Concept2</b> integration.</span>
+ * <a href="https://concept2.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/concept2.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/concept2
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js";
+export interface Concept2Profile extends Record<string, any> {
+    id: number;
+    username: string;
+    first_name: string;
+    last_name: string;
+    gender: string;
+    dob: string;
+    email: string;
+    country: string;
+    profile_image: string;
+    age_restricted: boolean;
+    email_permission: boolean | null;
+    max_heart_rate: number | null;
+    weight: number | null;
+    logbook_privacy: string | null;
+}
+/**
+ * Add Concept2 login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/concept2
+ * ```
+ *
+ * #### Configuration
+ *```js
+ * import { Auth } from "@auth/core"
+ * import Concept2 from "@auth/core/providers/concept2"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Concept2({
+ *       clientId: CONCEPT2_CLIENT_ID,
+ *       clientSecret: CONCEPT2_CLIENT_SECRET
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [Concept2 OAuth documentation](https://log.concept2.com/developers/documentation/)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the Concept2 provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Concept2 provider comes with a [default configuration](https://github.com/mulguard/mulguard/blob/main/packages/mulguard/src/providers/concept2.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Concept2(options: OAuthUserConfig<Concept2Profile>): OAuthConfig<Concept2Profile>;
+//# sourceMappingURL=concept2.d.ts.map

package/providers/concept2.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"concept2.d.ts","sourceRoot":"","sources":["../src/providers/concept2.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE9D,MAAM,WAAW,eAAgB,SAAQ,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAC1D,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,MAAM,CAAA;IACrB,cAAc,EAAE,OAAO,CAAA;IACvB,gBAAgB,EAAE,OAAO,GAAG,IAAI,CAAA;IAChC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;CAC/B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AACH,MAAM,CAAC,OAAO,UAAU,QAAQ,CAC9B,OAAO,EAAE,eAAe,CAAC,eAAe,CAAC,GACxC,WAAW,CAAC,eAAe,CAAC,CAuB9B"}

package/providers/concept2.js

@@ -0,0 +1,86 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Concept2</b> integration.</span>
+ * <a href="https://concept2.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/concept2.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/concept2
+ */
+/**
+ * Add Concept2 login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/concept2
+ * ```
+ *
+ * #### Configuration
+ *```js
+ * import { Auth } from "@auth/core"
+ * import Concept2 from "@auth/core/providers/concept2"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Concept2({
+ *       clientId: CONCEPT2_CLIENT_ID,
+ *       clientSecret: CONCEPT2_CLIENT_SECRET
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [Concept2 OAuth documentation](https://log.concept2.com/developers/documentation/)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the Concept2 provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Concept2 provider comes with a [default configuration](https://github.com/mulguard/mulguard/blob/main/packages/mulguard/src/providers/concept2.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Concept2(options) {
+    return {
+        id: "concept2",
+        name: "Concept2",
+        type: "oauth",
+        authorization: {
+            url: "https://log.concept2.com/oauth/authorize",
+            params: {
+                scope: "user:read,results:write",
+            },
+        },
+        token: "https://log.concept2.com/oauth/access_token",
+        userinfo: "https://log.concept2.com/api/users/me",
+        profile(profile) {
+            return {
+                id: profile.data.id,
+                name: profile.data.username,
+                email: profile.data.email,
+                image: profile.data.profile_image,
+            };
+        },
+        options,
+    };
+}

package/providers/credentials.d.ts

@@ -0,0 +1,132 @@
+import type { CommonProviderOptions } from "./index.js";
+import type { Awaitable, User } from "../types.js";
+import type { JSX } from "preact";
+/**
+ * Besides providing type safety inside {@link CredentialsConfig.authorize}
+ * it also determines how the credentials input fields will be rendered
+ * on the default sign in page.
+ */
+export interface CredentialInput extends Partial<JSX.IntrinsicElements["input"]> {
+    label?: string;
+}
+/** The Credentials Provider needs to be configured. */
+export interface CredentialsConfig<CredentialsInputs extends Record<string, CredentialInput> = Record<string, CredentialInput>> extends CommonProviderOptions {
+    type: "credentials";
+    credentials: CredentialsInputs;
+    /**
+     * Gives full control over how you handle the credentials received from the user.
+     *
+     * :::warning
+     * There is no validation on the user inputs by default, so make sure you do so
+     * by a popular library like [Zod](https://zod.dev)
+     * :::
+     *
+     * This method expects a `User` object to be returned for a successful login.
+     *
+     * If an `CredentialsSignin` is thrown or `null` is returned, two things can happen:
+     * 1. The user is redirected to the login page, with `error=CredentialsSignin&code=credentials` in the URL. `code` is configurable, see below.
+     * 2. If you throw this error in a framework that handles form actions server-side, this error is thrown by the login form action, so you'll need to handle it there.
+     *
+     * In case of 1., generally, we recommend not hinting if the user for example gave a wrong username or password specifically,
+     * try rather something like "invalid-credentials". Try to be as generic with client-side errors as possible.
+     *
+     * To customize the error code, you can create a custom error that extends {@link CredentialsSignin} and throw it in `authorize`.
+     *
+     * @example
+     * ```ts
+     * class CustomError extends CredentialsSignin {
+     *  code = "custom_error"
+     * }
+     * // URL will contain `error=CredentialsSignin&code=custom_error`
+     * ```
+     *
+     * @example
+     * ```ts
+     * async authorize(credentials, request) { // you have access to the original request as well
+     *   if(!isValidCredentials(credentials)) {
+     *      throw new CustomError()
+     *   }
+     *   return await getUser(credentials) // assuming it returns a User or null
+     * }
+     * ```
+     */
+    authorize: (
+    /**
+     * The available keys are determined by {@link CredentialInput}.
+     *
+     * @note The existence/correctness of a field cannot be guaranteed at compile time,
+     * so you should always validate the input before using it.
+     *
+     * You can add basic validation depending on your use case,
+     * or you can use a popular library like [Zod](https://zod.dev) for example.
+     */
+    credentials: Partial<Record<keyof CredentialsInputs, unknown>>, 
+    /** The original request. */
+    request: Request) => Awaitable<User | null>;
+}
+export type CredentialsProviderId = "credentials";
+/**
+ * The Credentials provider allows you to handle signing in with arbitrary credentials,
+ * such as a username and password, domain, or two factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
+ *
+ * It is intended to support use cases where you have an existing system you need to authenticate users against.
+ *
+ * It comes with the constraint that users authenticated in this manner are not persisted in the database,
+ * and consequently that the Credentials provider can only be used if JSON Web Tokens are enabled for sessions.
+ *
+ * :::caution
+ * The functionality provided for credentials-based authentication is intentionally limited to discourage the use of passwords due to the inherent security risks of the username-password model.
+ *
+ * OAuth providers spend significant amounts of money, time, and engineering effort to build:
+ *
+ * - abuse detection (bot-protection, rate-limiting)
+ * - password management (password reset, credential stuffing, rotation)
+ * - data security (encryption/salting, strength validation)
+ *
+ * and much more for authentication solutions. It is likely that your application would benefit from leveraging these battle-tested solutions rather than try to rebuild them from scratch.
+ *
+ * If you'd still like to build password-based authentication for your application despite these risks, Auth.js gives you full control to do so.
+ *
+ * :::
+ *
+ * See the [callbacks documentation](/reference/core#authconfig#callbacks) for more information on how to interact with the token. For example, you can add additional information to the token by returning an object from the `jwt()` callback:
+ *
+ * ```ts
+ * callbacks: {
+ *   async jwt({ token, user, account, profile, isNewUser }) {
+ *     if (user) {
+ *       token.id = user.id
+ *     }
+ *     return token
+ *   }
+ * }
+ * ```
+ *
+ * @example
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import Credentials from "@auth/core/providers/credentials"
+ *
+ * const request = new Request("https://example.com")
+ * const response = await AuthHandler(request, {
+ *   providers: [
+ *     Credentials({
+ *       credentials: {
+ *         username: { label: "Username" },
+ *         password: {  label: "Password", type: "password" }
+ *       },
+ *       async authorize({ request }) {
+ *         const response = await fetch(request)
+ *         if(!response.ok) return null
+ *         return await response.json() ?? null
+ *       }
+ *     })
+ *   ],
+ *   secret: "...",
+ *   trustHost: true,
+ * })
+ * ```
+ * @see [Username/Password Example](https://authjs.dev/getting-started/authentication/credentials)
+ */
+export default function Credentials<CredentialsInputs extends Record<string, CredentialInput> = Record<string, CredentialInput>>(config: Partial<CredentialsConfig<CredentialsInputs>>): CredentialsConfig;
+//# sourceMappingURL=credentials.d.ts.map

package/providers/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/providers/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAA;AACvD,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,aAAa,CAAA;AAClD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,QAAQ,CAAA;AAEjC;;;;GAIG;AACH,MAAM,WAAW,eACf,SAAQ,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,uDAAuD;AACvD,MAAM,WAAW,iBAAiB,CAChC,iBAAiB,SAAS,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,MAAM,CAChE,MAAM,EACN,eAAe,CAChB,CACD,SAAQ,qBAAqB;IAC7B,IAAI,EAAE,aAAa,CAAA;IACnB,WAAW,EAAE,iBAAiB,CAAA;IAC9B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAoCG;IACH,SAAS,EAAE;IACT;;;;;;;;OAQG;IACH,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,iBAAiB,EAAE,OAAO,CAAC,CAAC;IAC9D,4BAA4B;IAC5B,OAAO,EAAE,OAAO,KACb,SAAS,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;CAC5B;AAED,MAAM,MAAM,qBAAqB,GAAG,aAAa,CAAA;AAEjD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8DG;AACH,MAAM,CAAC,OAAO,UAAU,WAAW,CACjC,iBAAiB,SAAS,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,MAAM,CAChE,MAAM,EACN,eAAe,CAChB,EACD,MAAM,EAAE,OAAO,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,CAAC,GAAG,iBAAiB,CAU1E"}

package/providers/credentials.js

@@ -0,0 +1,74 @@
+/**
+ * The Credentials provider allows you to handle signing in with arbitrary credentials,
+ * such as a username and password, domain, or two factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
+ *
+ * It is intended to support use cases where you have an existing system you need to authenticate users against.
+ *
+ * It comes with the constraint that users authenticated in this manner are not persisted in the database,
+ * and consequently that the Credentials provider can only be used if JSON Web Tokens are enabled for sessions.
+ *
+ * :::caution
+ * The functionality provided for credentials-based authentication is intentionally limited to discourage the use of passwords due to the inherent security risks of the username-password model.
+ *
+ * OAuth providers spend significant amounts of money, time, and engineering effort to build:
+ *
+ * - abuse detection (bot-protection, rate-limiting)
+ * - password management (password reset, credential stuffing, rotation)
+ * - data security (encryption/salting, strength validation)
+ *
+ * and much more for authentication solutions. It is likely that your application would benefit from leveraging these battle-tested solutions rather than try to rebuild them from scratch.
+ *
+ * If you'd still like to build password-based authentication for your application despite these risks, Auth.js gives you full control to do so.
+ *
+ * :::
+ *
+ * See the [callbacks documentation](/reference/core#authconfig#callbacks) for more information on how to interact with the token. For example, you can add additional information to the token by returning an object from the `jwt()` callback:
+ *
+ * ```ts
+ * callbacks: {
+ *   async jwt({ token, user, account, profile, isNewUser }) {
+ *     if (user) {
+ *       token.id = user.id
+ *     }
+ *     return token
+ *   }
+ * }
+ * ```
+ *
+ * @example
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import Credentials from "@auth/core/providers/credentials"
+ *
+ * const request = new Request("https://example.com")
+ * const response = await AuthHandler(request, {
+ *   providers: [
+ *     Credentials({
+ *       credentials: {
+ *         username: { label: "Username" },
+ *         password: {  label: "Password", type: "password" }
+ *       },
+ *       async authorize({ request }) {
+ *         const response = await fetch(request)
+ *         if(!response.ok) return null
+ *         return await response.json() ?? null
+ *       }
+ *     })
+ *   ],
+ *   secret: "...",
+ *   trustHost: true,
+ * })
+ * ```
+ * @see [Username/Password Example](https://authjs.dev/getting-started/authentication/credentials)
+ */
+export default function Credentials(config) {
+    return {
+        id: "credentials",
+        name: "Credentials",
+        type: "credentials",
+        credentials: {},
+        authorize: () => null,
+        // @ts-expect-error
+        options: config,
+    };
+}

package/providers/descope.d.ts

@@ -0,0 +1,91 @@
+/**
+ * <div class="provider" style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
+ * <span style={{fontSize: "1.35rem" }}>
+ *  Built-in sign in with <b>Descope</b> integration.
+ * </span>
+ * <a href="https://descope.com" style={{backgroundColor: "#000000", padding: "12px", borderRadius: "100%" }}>
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/descope.svg" width="24"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/descope
+ */
+import type { OIDCConfig, OIDCUserConfig } from "./index.js";
+/** The returned user profile from Descope when using the profile callback.
+ * [See Load User](https://docs.descope.com/api/openapi/usermanagement/operation/LoadUser/)
+ */
+export interface DescopeProfile {
+    /** The user's unique Descope ID */
+    sub: string;
+    /** The user's name */
+    name: string;
+    /** The user's email */
+    email: string;
+    /** A boolean indicating if the user's email is verified */
+    email_verified: boolean;
+    /** The user's phone number */
+    phone_number: string;
+    /** A boolean indicating if the user's phone number is verified */
+    phone_number_verified: boolean;
+    /** The user's picture */
+    picture: string;
+    /** The user's custom attributes */
+    [claim: string]: unknown;
+}
+/**
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/descope
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import Descope from "@auth/core/providers/descope"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, { providers: [Descope({ clientId: AUTH_DESCOPE_ID, clientSecret: AUTH_DESCOPE_SECRET, issuer: AUTH_DESCOPE_ISSUER })] })
+ * ```
+ *
+ * ### Configuring Descope
+ *
+ * Follow these steps:
+ *
+ * 1. Log into the [Descope console](https://app.descope.com)
+ * 2. Follow the [OIDC instructions](https://docs.descope.com/customize/auth/oidc)
+ *
+ * Then, create a `.env.local` file in the project root add the following entries:
+ *
+ * Get the following from the Descope's console:
+ * ```
+ * AUTH_DESCOPE_ID="<Descope Issuer's last url segment>" # Descope's Issuer can be found in "Authentication Methods > SSO > Identity Provider" (Can also be taken from "Project > Project ID")
+ * AUTH_DESCOPE_SECRET="<Descope Access Key>" # Manage > Access Keys
+ * AUTH_DESCOPE_ISSUER="<Descope Issuer URL>" # Applications -> OIDC Application -> Issuer
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Descope OIDC](https://docs.descope.com/customize/auth/oidc)
+ * - [Descope Flows](https://docs.descope.com/customize/flows)
+ *
+ * ### Notes
+ *
+ * The Descope provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/descope.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::info
+ * By default, Auth.js assumes that the Descope provider is based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) spec
+ * :::
+ *
+ * ## Help
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ */
+export default function Descope(config: OIDCUserConfig<DescopeProfile>): OIDCConfig<DescopeProfile>;
+//# sourceMappingURL=descope.d.ts.map

package/providers/descope.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"descope.d.ts","sourceRoot":"","sources":["../src/providers/descope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAE5D;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,mCAAmC;IACnC,GAAG,EAAE,MAAM,CAAA;IACX,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAA;IACZ,uBAAuB;IACvB,KAAK,EAAE,MAAM,CAAA;IACb,2DAA2D;IAC3D,cAAc,EAAE,OAAO,CAAA;IACvB,8BAA8B;IAC9B,YAAY,EAAE,MAAM,CAAA;IACpB,kEAAkE;IAClE,qBAAqB,EAAE,OAAO,CAAA;IAC9B,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC;IACnC,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAA;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AACH,MAAM,CAAC,OAAO,UAAU,OAAO,CAC7B,MAAM,EAAE,cAAc,CAAC,cAAc,CAAC,GACrC,UAAU,CAAC,cAAc,CAAC,CAU5B"}

package/providers/descope.js

@@ -0,0 +1,78 @@
+/**
+ * <div class="provider" style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
+ * <span style={{fontSize: "1.35rem" }}>
+ *  Built-in sign in with <b>Descope</b> integration.
+ * </span>
+ * <a href="https://descope.com" style={{backgroundColor: "#000000", padding: "12px", borderRadius: "100%" }}>
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/descope.svg" width="24"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/descope
+ */
+/**
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/descope
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import Descope from "@auth/core/providers/descope"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, { providers: [Descope({ clientId: AUTH_DESCOPE_ID, clientSecret: AUTH_DESCOPE_SECRET, issuer: AUTH_DESCOPE_ISSUER })] })
+ * ```
+ *
+ * ### Configuring Descope
+ *
+ * Follow these steps:
+ *
+ * 1. Log into the [Descope console](https://app.descope.com)
+ * 2. Follow the [OIDC instructions](https://docs.descope.com/customize/auth/oidc)
+ *
+ * Then, create a `.env.local` file in the project root add the following entries:
+ *
+ * Get the following from the Descope's console:
+ * ```
+ * AUTH_DESCOPE_ID="<Descope Issuer's last url segment>" # Descope's Issuer can be found in "Authentication Methods > SSO > Identity Provider" (Can also be taken from "Project > Project ID")
+ * AUTH_DESCOPE_SECRET="<Descope Access Key>" # Manage > Access Keys
+ * AUTH_DESCOPE_ISSUER="<Descope Issuer URL>" # Applications -> OIDC Application -> Issuer
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Descope OIDC](https://docs.descope.com/customize/auth/oidc)
+ * - [Descope Flows](https://docs.descope.com/customize/flows)
+ *
+ * ### Notes
+ *
+ * The Descope provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/descope.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::info
+ * By default, Auth.js assumes that the Descope provider is based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) spec
+ * :::
+ *
+ * ## Help
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ */
+export default function Descope(config) {
+    config.issuer ?? (config.issuer = `https://api.descope.com/${config.clientId}`);
+    return {
+        id: "descope",
+        name: "Descope",
+        type: "oidc",
+        style: { bg: "#1C1C23", text: "#ffffff" },
+        checks: ["pkce", "state"],
+        options: config,
+    };
+}