@mulverse/mulguard-core 1.0.0

package/providers/webauthn.js

@@ -0,0 +1,128 @@
+import { generateAuthenticationOptions, generateRegistrationOptions, verifyAuthenticationResponse, verifyRegistrationResponse, } from "@simplewebauthn/server";
+import { MissingAdapter } from "../errors.js";
+export const DEFAULT_WEBAUTHN_TIMEOUT = 5 * 60 * 1000; // 5 minutes
+export const DEFAULT_SIMPLEWEBAUTHN_BROWSER_VERSION = "v9.0.1";
+/**
+ * Add WebAuthn login to your page.
+ *
+ * ### Setup
+ *
+ * #### Configuration
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import WebAuthn from "@auth/core/providers/webauthn"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [WebAuthn],
+ * })
+ * ```
+ * ### Resources
+ *
+ * - [SimpleWebAuthn - Server side](https://simplewebauthn.dev/docs/packages/server)
+ * - [SimpleWebAuthn - Client side](https://simplewebauthn.dev/docs/packages/client)
+ * - [Source code](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/webauthn.ts)
+ *
+ * :::tip
+ *
+ * The WebAuthn provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/webauthn.ts).
+ * To override the defaults for your use case, check out [customizing the built-in WebAuthn provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function WebAuthn(config) {
+    return {
+        id: "webauthn",
+        name: "WebAuthn",
+        enableConditionalUI: true,
+        simpleWebAuthn: {
+            generateAuthenticationOptions,
+            generateRegistrationOptions,
+            verifyAuthenticationResponse,
+            verifyRegistrationResponse,
+        },
+        authenticationOptions: { timeout: DEFAULT_WEBAUTHN_TIMEOUT },
+        registrationOptions: { timeout: DEFAULT_WEBAUTHN_TIMEOUT },
+        formFields: {
+            email: {
+                label: "Email",
+                required: true,
+                autocomplete: "username webauthn",
+            },
+        },
+        simpleWebAuthnBrowserVersion: DEFAULT_SIMPLEWEBAUTHN_BROWSER_VERSION,
+        getUserInfo,
+        getRelayingParty,
+        ...config,
+        type: "webauthn",
+    };
+}
+/**
+ * Retrieves user information for the WebAuthn provider.
+ *
+ * It looks for the "email" query parameter and uses it to look up the user in the database.
+ * It also accepts a "name" query parameter to set the user's display name.
+ *
+ * @param options - The internaloptions object.
+ * @param request - The request object containing the query parameters.
+ * @returns The existing or new user info.
+ * @throws {MissingAdapter} If the adapter is missing.
+ * @throws {EmailSignInError} If the email address is not provided.
+ */
+const getUserInfo = async (options, request) => {
+    const { adapter } = options;
+    if (!adapter)
+        throw new MissingAdapter("WebAuthn provider requires a database adapter to be configured");
+    // Get email address from the query.
+    const { query, body, method } = request;
+    const email = (method === "POST" ? body?.email : query?.email);
+    // If email is not provided, return null
+    if (!email || typeof email !== "string")
+        return null;
+    const existingUser = await adapter.getUserByEmail(email);
+    if (existingUser) {
+        return { user: existingUser, exists: true };
+    }
+    // If the user does not exist, return a new user info.
+    return { user: { email }, exists: false };
+};
+/**
+ * Retrieves the relaying party information based on the provided options.
+ * If the relaying party information is not provided, it falls back to using the URL information.
+ */
+function getRelayingParty(
+/** The options object containing the provider and URL information. */
+options) {
+    const { provider, url } = options;
+    const { relayingParty } = provider;
+    const id = relayingParty
+        ? (Array.isArray(relayingParty.id)
+            ? relayingParty.id[0]
+            : relayingParty.id)
+        : undefined;
+    const name = relayingParty
+        ? (Array.isArray(relayingParty.name)
+            ? relayingParty.name[0]
+            : relayingParty.name)
+        : undefined;
+    const origin = relayingParty
+        ? (Array.isArray(relayingParty.origin)
+            ? relayingParty.origin[0]
+            : relayingParty.origin)
+        : undefined;
+    return {
+        id: id ?? url.hostname,
+        name: name ?? url.host,
+        origin: origin ?? url.origin,
+    };
+}

package/providers/webex.d.ts

@@ -0,0 +1,78 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Webex</b> integration.</span>
+ * <a href="https://webex.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/webex.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/webex
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js";
+/**
+ * The returned user profile from Webex when using the profile callback.
+ *
+ * Please refer to {@link https://developer.webex.com/docs/api/v1/people/get-my-own-details People - Get My Own Details}
+ * on Webex Developer portal for additional fields. Returned fields may vary depending on the user's role, the OAuth
+ * integration's scope, and the organization the OAuth integration belongs to.
+ */
+export interface WebexProfile extends Record<string, any> {
+    id: string;
+    emails: string[];
+    displayName?: string;
+    avatar?: string;
+}
+/**
+ * Add Webex login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/webex
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import Webex from "@auth/core/providers/webex"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Webex({ clientId: WEBEX_CLIENT_ID, clientSecret: WEBEX_CLIENT_SECRET }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Webex OAuth 2.0 Integration Guide](https://developer.webex.com/docs/integrations)
+ * - [Login with Webex](https://developer.webex.com/docs/login-with-webex)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the Webex provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Webex provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/webex.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Webex<P extends WebexProfile>(config: OAuthUserConfig<P> & {
+    apiBaseUrl?: string;
+}): OAuthConfig<P>;
+//# sourceMappingURL=webex.d.ts.map

package/providers/webex.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webex.d.ts","sourceRoot":"","sources":["../src/providers/webex.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE9D;;;;;;GAMG;AACH,MAAM,WAAW,YAAa,SAAQ,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IACvD,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,MAAM,CAAC,OAAO,UAAU,KAAK,CAAC,CAAC,SAAS,YAAY,EAClD,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,GAAG;IAAE,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD,WAAW,CAAC,CAAC,CAAC,CAuBhB"}

package/providers/webex.js

@@ -0,0 +1,73 @@
+/**
+ * Add Webex login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/webex
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import Webex from "@auth/core/providers/webex"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Webex({ clientId: WEBEX_CLIENT_ID, clientSecret: WEBEX_CLIENT_SECRET }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Webex OAuth 2.0 Integration Guide](https://developer.webex.com/docs/integrations)
+ * - [Login with Webex](https://developer.webex.com/docs/login-with-webex)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the Webex provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Webex provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/webex.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Webex(config) {
+    const apiBaseUrl = config?.apiBaseUrl ?? "https://webexapis.com/v1";
+    return {
+        id: "webex",
+        name: "Webex",
+        type: "oauth",
+        authorization: {
+            url: `${apiBaseUrl}/authorize`,
+            params: { scope: "spark:kms spark:people_read" },
+        },
+        token: `${apiBaseUrl}/access_token`,
+        userinfo: `${apiBaseUrl}/people/me`,
+        profile(profile) {
+            return {
+                id: profile.id,
+                email: profile.emails[0],
+                name: profile.displayName,
+                image: profile.avatar,
+            };
+        },
+        options: config,
+    };
+}

package/providers/wechat.d.ts

@@ -0,0 +1,78 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#24292f", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>WeChat</b> integration.</span>
+ * <a href="https://www.wechat.com/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/wechat.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/wechat
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js";
+/** @see [Get the authenticated user](https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Authorized_Interface_Calling_UnionID.html) */
+export interface WeChatProfile {
+    openid: string;
+    nickname: string;
+    sex: number;
+    province: string;
+    city: string;
+    country: string;
+    headimgurl: string;
+    privilege: string[];
+    unionid: string;
+    [claim: string]: unknown;
+}
+/**
+ * Add WeChat login to your page and make requests to [WeChat APIs](https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Authorized_Interface_Calling_UnionID.html).
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/wechat
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import WeChat from "@auth/core/providers/wechat"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [WeChat({
+ *     clientId: AUTH_WECHAT_APP_ID,
+ *     clientSecret: AUTH_WECHAT_APP_SECRET,
+ *     platformType: "OfficialAccount",
+ *   })],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [WeChat Official Account](https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html)
+ * - [WeChat Official Account - Webpage Authorization](https://developers.weixin.qq.com/doc/offiaccount/OA_Web_Apps/Wechat_webpage_authorization.html)
+ * - [WeChat Official Account Test Account](https://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login)
+ * - [WeChat WebsiteApp Login](https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html)
+ * - [使用微信测试账号对网页进行授权](https://cloud.tencent.com/developer/article/1703167)
+ *
+ * :::tip
+ *
+ * The WeChat provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/wechat.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function WeChat(options: OAuthUserConfig<WeChatProfile> & {
+    platformType?: "OfficialAccount" | "WebsiteApp";
+}): OAuthConfig<WeChatProfile>;
+//# sourceMappingURL=wechat.d.ts.map

package/providers/wechat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wechat.d.ts","sourceRoot":"","sources":["../src/providers/wechat.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE9D,2JAA2J;AAC3J,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,EAAE,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAA;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AAEH,MAAM,CAAC,OAAO,UAAU,MAAM,CAC5B,OAAO,EAAE,eAAe,CAAC,aAAa,CAAC,GAAG;IACxC,YAAY,CAAC,EAAE,iBAAiB,GAAG,YAAY,CAAA;CAChD,GACA,WAAW,CAAC,aAAa,CAAC,CA2D5B"}

package/providers/wechat.js

@@ -0,0 +1,105 @@
+/**
+ * Add WeChat login to your page and make requests to [WeChat APIs](https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Authorized_Interface_Calling_UnionID.html).
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/wechat
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import WeChat from "@auth/core/providers/wechat"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [WeChat({
+ *     clientId: AUTH_WECHAT_APP_ID,
+ *     clientSecret: AUTH_WECHAT_APP_SECRET,
+ *     platformType: "OfficialAccount",
+ *   })],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [WeChat Official Account](https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html)
+ * - [WeChat Official Account - Webpage Authorization](https://developers.weixin.qq.com/doc/offiaccount/OA_Web_Apps/Wechat_webpage_authorization.html)
+ * - [WeChat Official Account Test Account](https://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login)
+ * - [WeChat WebsiteApp Login](https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html)
+ * - [使用微信测试账号对网页进行授权](https://cloud.tencent.com/developer/article/1703167)
+ *
+ * :::tip
+ *
+ * The WeChat provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/wechat.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function WeChat(options) {
+    const { clientId, clientSecret, platformType = "OfficialAccount" } = options;
+    return {
+        id: "wechat",
+        name: "WeChat",
+        type: "oauth",
+        style: { logo: "/wechat.svg", bg: "#fff", text: "#000" },
+        checks: ["state"],
+        authorization: {
+            url: platformType === "OfficialAccount"
+                ? "https://open.weixin.qq.com/connect/oauth2/authorize"
+                : "https://open.weixin.qq.com/connect/qrconnect",
+            params: {
+                appid: clientId,
+                scope: platformType === "OfficialAccount"
+                    ? "snsapi_userinfo"
+                    : "snsapi_login",
+            },
+        },
+        token: {
+            url: "https://api.weixin.qq.com/sns/oauth2/access_token",
+            params: { appid: clientId, secret: clientSecret },
+            async conform(response) {
+                const data = await response.json();
+                if (data.token_type === "bearer") {
+                    console.warn("token_type is 'bearer'. Redundant workaround, please open an issue.");
+                    return response;
+                }
+                return Response.json({ ...data, token_type: "bearer" }, response);
+            },
+        },
+        userinfo: {
+            url: "https://api.weixin.qq.com/sns/userinfo",
+            async request({ tokens, provider }) {
+                if (!provider.userinfo)
+                    return;
+                const url = new URL(provider.userinfo.url);
+                url.searchParams.set("access_token", tokens.access_token);
+                url.searchParams.set("openid", String(tokens.openid));
+                url.searchParams.set("lang", "zh_CN");
+                const response = await fetch(url);
+                return response.json();
+            },
+        },
+        profile(profile) {
+            return {
+                id: profile.unionid,
+                name: profile.nickname,
+                email: null,
+                image: profile.headimgurl,
+            };
+        },
+        options,
+    };
+}

package/providers/wikimedia.d.ts

@@ -0,0 +1,99 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b> Wikimedia</b> integration.</span>
+ * <a href="https://mediawiki.org/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/wikimedia.svg" height="48" />
+ * </a>
+ * </div>
+ *
+ * @module providers/wikimedia
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js";
+export type WikimediaGroup = "*" | "user" | "autoconfirmed" | "extendedconfirmed" | "bot" | "sysop" | "bureaucrat" | "steward" | "accountcreator" | "import" | "transwiki" | "ipblock-exempt" | "oversight" | "rollbacker" | "propertycreator" | "wikidata-staff" | "flood" | "translationadmin" | "confirmed" | "flow-bot" | "checkuser";
+export type WikimediaGrant = "basic" | "blockusers" | "checkuser" | "createaccount" | "delete" | "editinterface" | "editmycssjs" | "editmyoptions" | "editmywatchlist" | "editpage" | "editprotected" | "editsiteconfig" | "globalblock" | "highvolume" | "import" | "mergehistory" | "oath" | "oversight" | "patrol" | "privateinfo" | "protect" | "rollback" | "sendemail" | "shortenurls" | "uploadfile" | "viewdeleted" | "viewmywatchlist";
+export type WikimediaRight = "abusefilter-log" | "apihighlimits" | "applychangetags" | "autoconfirmed" | "autopatrol" | "autoreview" | "bigdelete" | "block" | "blockemail" | "bot" | "browsearchive" | "changetags" | "checkuser" | "checkuser-log" | "createaccount" | "createpage" | "createpagemainns" | "createtalk" | "delete" | "delete-redirect" | "deletedhistory" | "deletedtext" | "deletelogentry" | "deleterevision" | "edit" | "edit-legal" | "editinterface" | "editmyoptions" | "editmyusercss" | "editmyuserjs" | "editmyuserjson" | "editmywatchlist" | "editprotected" | "editsemiprotected" | "editsitecss" | "editsitejs" | "editsitejson" | "editusercss" | "edituserjs" | "edituserjson" | "globalblock" | "import" | "importupload" | "ipblock-exempt" | "item-merge" | "item-redirect" | "item-term" | "markbotedits" | "massmessage" | "mergehistory" | "minoredit" | "move" | "move-subpages" | "movefile" | "movestable" | "mwoauth-authonlyprivate" | "nominornewtalk" | "noratelimit" | "nuke" | "patrol" | "patrolmarks" | "property-create" | "property-term" | "protect" | "purge" | "read" | "reupload" | "reupload-own" | "reupload-shared" | "rollback" | "sendemail" | "skipcaptcha" | "suppressionlog" | "tboverride" | "templateeditor" | "torunblocked" | "transcode-reset" | "translate" | "undelete" | "unwatchedpages" | "upload" | "upload_by_url" | "viewmywatchlist" | "viewsuppressed" | "writeapi";
+export interface WikimediaProfile extends Record<string, any> {
+    sub: string;
+    username: string;
+    editcount: number;
+    confirmed_email: boolean;
+    blocked: boolean;
+    registered: string;
+    groups: WikimediaGroup[];
+    rights: WikimediaRight[];
+    grants: WikimediaGrant[];
+    realname: string;
+    email: string;
+}
+/**
+ * Add Wikimedia login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/wikimedia
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import Wikimedia from "@auth/core/providers/wikimedia"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Wikimedia({
+ *       clientId: WIKIMEDIA_CLIENT_ID,
+ *       clientSecret: WIKIMEDIA_CLIENT_SECRET,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Wikimedia OAuth documentation](https://www.mediawiki.org/wiki/Extension:OAuth)
+ *
+ * ## Configuration steps
+ * - Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration
+ * - Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2
+ *   - Add the following redirect URL into the console: `http://<your-next-app-url>/api/auth/callback/wikimedia`
+ *   - Do not check the box next to This consumer is only for __your username__
+ *   - Unless you explicitly need a larger scope, feel free to select the radio button labelled User identity verification only - no ability to read pages or act on the users behalf.
+ *
+ * After registration, you can initially test your application only with your own Wikimedia account.
+ * You may have to wait several days for the application to be approved for it to be used by everyone.
+ *
+ * ### Notes
+ * This provider also supports all Wikimedia projects:
+ * - Wikipedia
+ * - Wikidata
+ * - Wikibooks
+ * - Wiktionary
+ * - etc..
+ *
+ * Please be aware that Wikimedia accounts do not have to have an associated email address. So you may want to add check if the user has an email address before allowing them to login.
+ *
+ * By default, Auth.js assumes that the Wikimedia provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Wikimedia provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/wikimedia.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Wikimedia<P extends WikimediaProfile>(options: OAuthUserConfig<P>): OAuthConfig<P>;
+//# sourceMappingURL=wikimedia.d.ts.map

package/providers/wikimedia.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wikimedia.d.ts","sourceRoot":"","sources":["../src/providers/wikimedia.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE9D,MAAM,MAAM,cAAc,GACtB,GAAG,GACH,MAAM,GACN,eAAe,GACf,mBAAmB,GACnB,KAAK,GACL,OAAO,GACP,YAAY,GACZ,SAAS,GACT,gBAAgB,GAChB,QAAQ,GACR,WAAW,GACX,gBAAgB,GAChB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,gBAAgB,GAChB,OAAO,GACP,kBAAkB,GAClB,WAAW,GACX,UAAU,GACV,WAAW,CAAA;AAEf,MAAM,MAAM,cAAc,GACtB,OAAO,GACP,YAAY,GACZ,WAAW,GACX,eAAe,GACf,QAAQ,GACR,eAAe,GACf,aAAa,GACb,eAAe,GACf,iBAAiB,GACjB,UAAU,GACV,eAAe,GACf,gBAAgB,GAChB,aAAa,GACb,YAAY,GACZ,QAAQ,GACR,cAAc,GACd,MAAM,GACN,WAAW,GACX,QAAQ,GACR,aAAa,GACb,SAAS,GACT,UAAU,GACV,WAAW,GACX,aAAa,GACb,YAAY,GACZ,aAAa,GACb,iBAAiB,CAAA;AAErB,MAAM,MAAM,cAAc,GACtB,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,eAAe,GACf,YAAY,GACZ,YAAY,GACZ,WAAW,GACX,OAAO,GACP,YAAY,GACZ,KAAK,GACL,eAAe,GACf,YAAY,GACZ,WAAW,GACX,eAAe,GACf,eAAe,GACf,YAAY,GACZ,kBAAkB,GAClB,YAAY,GACZ,QAAQ,GACR,iBAAiB,GACjB,gBAAgB,GAChB,aAAa,GACb,gBAAgB,GAChB,gBAAgB,GAChB,MAAM,GACN,YAAY,GACZ,eAAe,GACf,eAAe,GACf,eAAe,GACf,cAAc,GACd,gBAAgB,GAChB,iBAAiB,GACjB,eAAe,GACf,mBAAmB,GACnB,aAAa,GACb,YAAY,GACZ,cAAc,GACd,aAAa,GACb,YAAY,GACZ,cAAc,GACd,aAAa,GACb,QAAQ,GACR,cAAc,GACd,gBAAgB,GAChB,YAAY,GACZ,eAAe,GACf,WAAW,GACX,cAAc,GACd,aAAa,GACb,cAAc,GACd,WAAW,GACX,MAAM,GACN,eAAe,GACf,UAAU,GACV,YAAY,GACZ,yBAAyB,GACzB,gBAAgB,GAChB,aAAa,GACb,MAAM,GACN,QAAQ,GACR,aAAa,GACb,iBAAiB,GACjB,eAAe,GACf,SAAS,GACT,OAAO,GACP,MAAM,GACN,UAAU,GACV,cAAc,GACd,iBAAiB,GACjB,UAAU,GACV,WAAW,GACX,aAAa,GACb,gBAAgB,GAChB,YAAY,GACZ,gBAAgB,GAChB,cAAc,GACd,iBAAiB,GACjB,WAAW,GACX,UAAU,GACV,gBAAgB,GAChB,QAAQ,GACR,eAAe,GACf,iBAAiB,GACjB,gBAAgB,GAChB,UAAU,CAAA;AAEd,MAAM,WAAW,gBAAiB,SAAQ,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAC3D,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,eAAe,EAAE,OAAO,CAAA;IACxB,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,cAAc,EAAE,CAAA;IACxB,MAAM,EAAE,cAAc,EAAE,CAAA;IACxB,MAAM,EAAE,cAAc,EAAE,CAAA;IACxB,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;CACd;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqEG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,CAAC,SAAS,gBAAgB,EAC1D,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,GAC1B,WAAW,CAAC,CAAC,CAAC,CAoBhB"}

package/providers/wikimedia.js

@@ -0,0 +1,90 @@
+/**
+ * Add Wikimedia login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/wikimedia
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import Wikimedia from "@auth/core/providers/wikimedia"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Wikimedia({
+ *       clientId: WIKIMEDIA_CLIENT_ID,
+ *       clientSecret: WIKIMEDIA_CLIENT_SECRET,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Wikimedia OAuth documentation](https://www.mediawiki.org/wiki/Extension:OAuth)
+ *
+ * ## Configuration steps
+ * - Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration
+ * - Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2
+ *   - Add the following redirect URL into the console: `http://<your-next-app-url>/api/auth/callback/wikimedia`
+ *   - Do not check the box next to This consumer is only for __your username__
+ *   - Unless you explicitly need a larger scope, feel free to select the radio button labelled User identity verification only - no ability to read pages or act on the users behalf.
+ *
+ * After registration, you can initially test your application only with your own Wikimedia account.
+ * You may have to wait several days for the application to be approved for it to be used by everyone.
+ *
+ * ### Notes
+ * This provider also supports all Wikimedia projects:
+ * - Wikipedia
+ * - Wikidata
+ * - Wikibooks
+ * - Wiktionary
+ * - etc..
+ *
+ * Please be aware that Wikimedia accounts do not have to have an associated email address. So you may want to add check if the user has an email address before allowing them to login.
+ *
+ * By default, Auth.js assumes that the Wikimedia provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Wikimedia provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/wikimedia.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Wikimedia(options) {
+    return {
+        id: "wikimedia",
+        name: "Wikimedia",
+        type: "oauth",
+        token: "https://meta.wikimedia.org/w/rest.php/oauth2/access_token",
+        userinfo: "https://meta.wikimedia.org/w/rest.php/oauth2/resource/profile",
+        authorization: "https://meta.wikimedia.org/w/rest.php/oauth2/authorize?scope=",
+        profile(profile) {
+            return {
+                id: profile.sub,
+                name: profile.username,
+                email: profile.email,
+                image: null,
+            };
+        },
+        style: { bg: "#000", text: "#fff" },
+        options,
+    };
+}