@mulverse/mulguard-core 1.0.0

package/providers/fusionauth.js

@@ -0,0 +1,292 @@
+/**
+ * Add FusionAuth login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/fusionauth
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import FusionAuth from "@auth/core/providers/fusionauth"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     FusionAuth({
+ *       clientId: FUSIONAUTH_CLIENT_ID,
+ *       clientSecret: FUSIONAUTH_CLIENT_SECRET,
+ *       tenantId: FUSIONAUTH_TENANT_ID,
+ *       issuer: FUSIONAUTH_ISSUER,
+ *     }),
+ *   ],
+ * })
+ * ```
+ * :::warning
+ * If you're using multi-tenancy, you need to pass in the tenantId option to apply the proper theme.
+ * :::
+ *
+ * ### Resources
+ *
+ *  - [FusionAuth OAuth documentation](https://fusionauth.io/docs/lifecycle/authenticate-users/oauth/)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the FusionAuth provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * ## Configuration
+ * :::tip
+ * An application can be created at https://your-fusionauth-server-url/admin/application.
+ *
+ * For more information, follow the [FusionAuth 5-minute setup guide](https://fusionauth.io/docs/v1/tech/5-minute-setup-guide).
+ * :::
+ *
+ * In the OAuth settings for your application, configure the following.
+ *
+ * - Redirect URL
+ *   - https://localhost:3000/api/auth/callback/fusionauth
+ * - Enabled grants
+ *   - Make sure _Authorization Code_ is enabled.
+ *
+ * If using JSON Web Tokens, you need to make sure the signing algorithm is RS256, you can create an RS256 key pair by
+ * going to Settings, Key Master, generate RSA and choosing SHA-256 as algorithm. After that, go to the JWT settings of
+ * your application and select this key as Access Token signing key and Id Token signing key.
+ * :::tip
+ *
+ * The FusionAuth provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/fusionauth.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ *
+ *
+ * It is highly recommended to follow this example call when using the provider in Next.js
+ *  so that you can access both the access_token and id_token on the server.
+ *
+ * ```ts
+ * /// <reference types="next-auth" />
+import NextAuth from 'next-auth';
+export const { handlers, auth, signIn, signOut } = NextAuth({
+  providers: [
+    {
+      id: 'fusionauth',
+      name: 'FusionAuth',
+      type: 'oidc',
+      issuer: process.env.AUTH_FUSIONAUTH_ISSUER!,
+      clientId: process.env.AUTH_FUSIONAUTH_CLIENT_ID!,
+      clientSecret: process.env.AUTH_FUSIONAUTH_CLIENT_SECRET!,
+      authorization: {
+        params: {
+          scope: 'offline_access email openid profile',
+          tenantId: process.env.AUTH_FUSIONAUTH_TENANT_ID!,
+        },
+      },
+      userinfo: `${process.env.AUTH_FUSIONAUTH_ISSUER}/oauth2/userinfo`,
+      // This is due to a known processing issue
+      // TODO: https://github.com/nextauthjs/next-auth/issues/8745#issuecomment-1907799026
+      token: {
+        url: `${process.env.AUTH_FUSIONAUTH_ISSUER}/oauth2/token`,
+        conform: async (response: Response) => {
+          if (response.status === 401) return response;
+
+          const newHeaders = Array.from(response.headers.entries())
+            .filter(([key]) => key.toLowerCase() !== 'www-authenticate')
+            .reduce(
+              (headers, [key, value]) => (headers.append(key, value), headers),
+              new Headers()
+            );
+
+          return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: newHeaders,
+          });
+        },
+      },
+    },
+  ],
+  session: {
+    strategy: 'jwt',
+  },
+  // Required to get the account object in the session and enable
+  // the ability to call API's externally that rely on JWT tokens.
+  callbacks: {
+    async jwt(params) {
+      const { token, user, account } = params;
+      if (account) {
+        // First-time login, save the `access_token`, its expiry and the `refresh_token`
+        return {
+          ...token,
+          ...account,
+        };
+      } else if (
+        token.expires_at &&
+        Date.now() < (token.expires_at as number) * 1000
+      ) {
+        // Subsequent logins, but the `access_token` is still valid
+        return token;
+      } else {
+        // Subsequent logins, but the `access_token` has expired, try to refresh it
+        if (!token.refresh_token) throw new TypeError('Missing refresh_token');
+
+        try {
+          const refreshResponse = await fetch(
+            `${process.env.AUTH_FUSIONAUTH_ISSUER}/oauth2/token`,
+            {
+              method: 'POST',
+              headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+              },
+              body: new URLSearchParams({
+                client_id: process.env.AUTH_FUSIONAUTH_CLIENT_ID!,
+                client_secret: process.env.AUTH_FUSIONAUTH_CLIENT_SECRET!,
+                grant_type: 'refresh_token',
+                refresh_token: token.refresh_token as string,
+              }),
+            }
+          );
+
+          if (!refreshResponse.ok) {
+            throw new Error('Failed to refresh token');
+          }
+
+          const tokensOrError = await refreshResponse.json();
+
+          if (!refreshResponse.ok) throw tokensOrError;
+
+          const newTokens = tokensOrError as {
+            access_token: string;
+            expires_in: number;
+            refresh_token?: string;
+          };
+
+          return {
+            ...token,
+            access_token: newTokens.access_token,
+            expires_at: Math.floor(Date.now() / 1000 + newTokens.expires_in),
+            // Some providers only issue refresh tokens once, so preserve if we did not get a new one
+            refresh_token: newTokens.refresh_token
+              ? newTokens.refresh_token
+              : token.refresh_token,
+          };
+        } catch (error) {
+          console.error('Error refreshing access_token', error);
+          // If we fail to refresh the token, return an error so we can handle it on the page
+          token.error = 'RefreshTokenError';
+          return token;
+        }
+      }
+    },
+    async session(params) {
+      const { session, token } = params;
+      return { ...session, ...token };
+    },
+  },
+});
+
+declare module 'next-auth' {
+  interface Session {
+    access_token: string;
+    expires_in: number;
+    id_token?: string;
+    expires_at: number;
+    refresh_token?: string;
+    refresh_token_id?: string;
+    error?: 'RefreshTokenError';
+    scope: string;
+    token_type: string;
+    userId: string;
+    provider: string;
+    type: string;
+    providerAccountId: string;
+  }
+}
+
+declare module 'next-auth' {
+  interface JWT {
+    access_token: string;
+    expires_in: number;
+    id_token?: string;
+    expires_at: number;
+    refresh_token?: string;
+    refresh_token_id?: string;
+    error?: 'RefreshTokenError';
+    scope: string;
+    token_type: string;
+    userId: string;
+    provider: string;
+    type: string;
+    providerAccountId: string;
+  }
+}
+```
+ *
+ *
+ *
+ */
+export default function FusionAuth(
+// tenantId only needed if there is more than one tenant configured on the server
+options) {
+    return {
+        id: "fusionauth",
+        name: "FusionAuth",
+        type: "oidc",
+        issuer: options.issuer,
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+        wellKnown: options?.tenantId
+            ? `${options.issuer}/.well-known/openid-configuration?tenantId=${options.tenantId}`
+            : `${options.issuer}/.well-known/openid-configuration`,
+        authorization: {
+            params: {
+                scope: "openid offline_access email profile",
+                ...(options?.tenantId && { tenantId: options.tenantId }),
+            },
+        },
+        userinfo: `${options.issuer}/oauth2/userinfo`,
+        // This is due to a known processing issue
+        // TODO: https://github.com/nextauthjs/next-auth/issues/8745#issuecomment-1907799026
+        token: {
+            url: `${options.issuer}/oauth2/token`,
+            conform: async (response) => {
+                if (response.status === 401)
+                    return response;
+                const newHeaders = Array.from(response.headers.entries())
+                    .filter(([key]) => key.toLowerCase() !== "www-authenticate")
+                    .reduce((headers, [key, value]) => (headers.append(key, value), headers), new Headers());
+                return new Response(response.body, {
+                    status: response.status,
+                    statusText: response.statusText,
+                    headers: newHeaders,
+                });
+            },
+        },
+        checks: ["pkce", "state"],
+        profile(profile) {
+            return {
+                id: profile.sub,
+                email: profile.email,
+                name: profile.name ??
+                    profile.preferred_username ??
+                    [profile.given_name, profile.middle_name, profile.family_name]
+                        .filter((x) => x)
+                        .join(" "),
+                image: profile.picture,
+            };
+        },
+        options,
+    };
+}

package/providers/github.d.ts

@@ -0,0 +1,127 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#24292f", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>GitHub</b> integration.</span>
+ * <a href="https://github.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/github.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/github
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js";
+export interface GitHubEmail {
+    email: string;
+    primary: boolean;
+    verified: boolean;
+    visibility: "public" | "private";
+}
+/** @see [Get the authenticated user](https://docs.github.com/en/rest/users/users#get-the-authenticated-user) */
+export interface GitHubProfile {
+    login: string;
+    id: number;
+    node_id: string;
+    avatar_url: string;
+    gravatar_id: string | null;
+    url: string;
+    html_url: string;
+    followers_url: string;
+    following_url: string;
+    gists_url: string;
+    starred_url: string;
+    subscriptions_url: string;
+    organizations_url: string;
+    repos_url: string;
+    events_url: string;
+    received_events_url: string;
+    type: string;
+    site_admin: boolean;
+    name: string | null;
+    company: string | null;
+    blog: string | null;
+    location: string | null;
+    email: string | null;
+    hireable: boolean | null;
+    bio: string | null;
+    twitter_username?: string | null;
+    public_repos: number;
+    public_gists: number;
+    followers: number;
+    following: number;
+    created_at: string;
+    updated_at: string;
+    private_gists?: number;
+    total_private_repos?: number;
+    owned_private_repos?: number;
+    disk_usage?: number;
+    suspended_at?: string | null;
+    collaborators?: number;
+    two_factor_authentication: boolean;
+    plan?: {
+        collaborators: number;
+        name: string;
+        space: number;
+        private_repos: number;
+    };
+    [claim: string]: unknown;
+}
+/**
+ * Add GitHub login to your page and make requests to [GitHub APIs](https://docs.github.com/en/rest).
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/github
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import GitHub from "@auth/core/providers/github"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     GitHub({ clientId: GITHUB_CLIENT_ID, clientSecret: GITHUB_CLIENT_SECRET }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [GitHub - Creating an OAuth App](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
+ * - [GitHub - Authorizing OAuth Apps](https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps)
+ * - [GitHub - Configure your GitHub OAuth Apps](https://github.com/settings/developers)
+ * - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
+ * - [Source code](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/github.ts)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the GitHub provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The GitHub provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/github.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function GitHub(config: OAuthUserConfig<GitHubProfile> & {
+    /** Configuration for usage with [GitHub Enterprise Server](https://docs.github.com/en/enterprise-server/get-started). */
+    enterprise?: {
+        /** The base URL of your GitHub Enterprise Server instance. */
+        baseUrl?: string;
+    };
+}): OAuthConfig<GitHubProfile>;
+//# sourceMappingURL=github.d.ts.map

package/providers/github.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../src/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE9D,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,OAAO,CAAA;IAChB,QAAQ,EAAE,OAAO,CAAA;IACjB,UAAU,EAAE,QAAQ,GAAG,SAAS,CAAA;CACjC;AAED,gHAAgH;AAChH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAA;IACb,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,MAAM,CAAA;IACrB,aAAa,EAAE,MAAM,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;IACnB,iBAAiB,EAAE,MAAM,CAAA;IACzB,iBAAiB,EAAE,MAAM,CAAA;IACzB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,OAAO,CAAA;IACnB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IACnB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,QAAQ,EAAE,OAAO,GAAG,IAAI,CAAA;IACxB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IAClB,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,yBAAyB,EAAE,OAAO,CAAA;IAClC,IAAI,CAAC,EAAE;QACL,aAAa,EAAE,MAAM,CAAA;QACrB,IAAI,EAAE,MAAM,CAAA;QACZ,KAAK,EAAE,MAAM,CAAA;QACb,aAAa,EAAE,MAAM,CAAA;KACtB,CAAA;IACD,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAA;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AACH,MAAM,CAAC,OAAO,UAAU,MAAM,CAC5B,MAAM,EAAE,eAAe,CAAC,aAAa,CAAC,GAAG;IACvC,yHAAyH;IACzH,UAAU,CAAC,EAAE;QACX,8DAA8D;QAC9D,OAAO,CAAC,EAAE,MAAM,CAAA;KACjB,CAAA;CACF,GACA,WAAW,CAAC,aAAa,CAAC,CAuD5B"}

package/providers/github.js

@@ -0,0 +1,115 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#24292f", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>GitHub</b> integration.</span>
+ * <a href="https://github.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/github.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/github
+ */
+/**
+ * Add GitHub login to your page and make requests to [GitHub APIs](https://docs.github.com/en/rest).
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/github
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import GitHub from "@auth/core/providers/github"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     GitHub({ clientId: GITHUB_CLIENT_ID, clientSecret: GITHUB_CLIENT_SECRET }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [GitHub - Creating an OAuth App](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
+ * - [GitHub - Authorizing OAuth Apps](https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps)
+ * - [GitHub - Configure your GitHub OAuth Apps](https://github.com/settings/developers)
+ * - [Learn more about OAuth](https://authjs.dev/concepts/oauth)
+ * - [Source code](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/github.ts)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the GitHub provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The GitHub provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/github.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function GitHub(config) {
+    const baseUrl = config?.enterprise?.baseUrl ?? "https://github.com";
+    const apiBaseUrl = config?.enterprise?.baseUrl
+        ? `${config?.enterprise?.baseUrl}/api/v3`
+        : "https://api.github.com";
+    return {
+        id: "github",
+        name: "GitHub",
+        type: "oauth",
+        authorization: {
+            url: `${baseUrl}/login/oauth/authorize`,
+            params: { scope: "read:user user:email" },
+        },
+        token: `${baseUrl}/login/oauth/access_token`,
+        userinfo: {
+            url: `${apiBaseUrl}/user`,
+            async request({ tokens, provider }) {
+                const profile = await fetch(provider.userinfo?.url, {
+                    headers: {
+                        Authorization: `Bearer ${tokens.access_token}`,
+                        "User-Agent": "authjs",
+                    },
+                }).then(async (res) => await res.json());
+                if (!profile.email) {
+                    // If the user does not have a public email, get another via the GitHub API
+                    // See https://docs.github.com/en/rest/users/emails#list-public-email-addresses-for-the-authenticated-user
+                    const res = await fetch(`${apiBaseUrl}/user/emails`, {
+                        headers: {
+                            Authorization: `Bearer ${tokens.access_token}`,
+                            "User-Agent": "authjs",
+                        },
+                    });
+                    if (res.ok) {
+                        const emails = await res.json();
+                        profile.email = (emails.find((e) => e.primary) ?? emails[0]).email;
+                    }
+                }
+                return profile;
+            },
+        },
+        profile(profile) {
+            return {
+                id: profile.id.toString(),
+                name: profile.name ?? profile.login,
+                email: profile.email,
+                image: profile.avatar_url,
+            };
+        },
+        style: { bg: "#24292f", text: "#fff" },
+        options: config,
+    };
+}

package/providers/gitlab.d.ts

@@ -0,0 +1,115 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>GitLab</b> integration.</span>
+ * <a href="https://gitlab.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/gitlab.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/gitlab
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js";
+export interface GitLabProfile extends Record<string, any> {
+    id: number;
+    username: string;
+    email: string;
+    name: string;
+    state: string;
+    avatar_url: string;
+    web_url: string;
+    created_at: string;
+    bio: string;
+    location?: string;
+    public_email: string;
+    skype: string;
+    linkedin: string;
+    twitter: string;
+    website_url: string;
+    organization: string;
+    job_title: string;
+    pronouns: string;
+    bot: boolean;
+    work_information?: string;
+    followers: number;
+    following: number;
+    local_time: string;
+    last_sign_in_at: string;
+    confirmed_at: string;
+    theme_id: number;
+    last_activity_on: string;
+    color_scheme_id: number;
+    projects_limit: number;
+    current_sign_in_at: string;
+    identities: Array<{
+        provider: string;
+        extern_uid: string;
+    }>;
+    can_create_group: boolean;
+    can_create_project: boolean;
+    two_factor_enabled: boolean;
+    external: boolean;
+    private_profile: boolean;
+    commit_email: string;
+    shared_runners_minutes_limit: number;
+    extra_shared_runners_minutes_limit: number;
+}
+/**
+ * Add GitLab login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/gitlab
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import GitLab from "@auth/core/providers/gitlab"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     GitLab({ clientId: GITLAB_CLIENT_ID, clientSecret: GITLAB_CLIENT_SECRET }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [GitLab OAuth documentation](https://docs.gitlab.com/ee/api/oauth2.html)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the GitLab provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ * Enable the `read_user` option in scope if you want to save the users email address on sign up.
+ * :::
+ *
+ * :::tip
+ *
+ * The GitLab provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/gitlab.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function GitLab<P extends GitLabProfile>(options: OAuthUserConfig<P> & {
+    /**
+     * @default "https://gitlab.com"
+     */
+    baseUrl?: URL | string;
+}): OAuthConfig<P>;
+//# sourceMappingURL=gitlab.d.ts.map

package/providers/gitlab.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gitlab.d.ts","sourceRoot":"","sources":["../src/providers/gitlab.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE9D,MAAM,WAAW,aAAc,SAAQ,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IACxD,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,MAAM,CAAA;IAClB,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,EAAE,MAAM,CAAA;IACpB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,OAAO,CAAA;IACZ,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,eAAe,EAAE,MAAM,CAAA;IACvB,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,EAAE,MAAM,CAAA;IACxB,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,MAAM,CAAA;IACtB,kBAAkB,EAAE,MAAM,CAAA;IAC1B,UAAU,EAAE,KAAK,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;KACnB,CAAC,CAAA;IACF,gBAAgB,EAAE,OAAO,CAAA;IACzB,kBAAkB,EAAE,OAAO,CAAA;IAC3B,kBAAkB,EAAE,OAAO,CAAA;IAC3B,QAAQ,EAAE,OAAO,CAAA;IACjB,eAAe,EAAE,OAAO,CAAA;IACxB,YAAY,EAAE,MAAM,CAAA;IACpB,4BAA4B,EAAE,MAAM,CAAA;IACpC,kCAAkC,EAAE,MAAM,CAAA;CAC3C;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AACH,MAAM,CAAC,OAAO,UAAU,MAAM,CAAC,CAAC,SAAS,aAAa,EACpD,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,GAAG;IAC5B;;OAEG;IACH,OAAO,CAAC,EAAE,GAAG,GAAG,MAAM,CAAA;CACvB,GACA,WAAW,CAAC,CAAC,CAAC,CAsBhB"}